@sprdv/hapi-spy v0.2.0
hapi-spy
Hapi plugin to easily benefit from passive fingerprinting.
Passive fingerprinting is browser fingerprinting based on characteristics observable in the contents of Web requests, without the use of any code executing on the client side.
This plugin parses and sets the following information:
- IP address
- Geolocation (based on IP address)
- User-Agent (browser, device and os)
- Accept Headers
However, the IP address isn't taken into account when building a browser fingerprint.
Installation
hapi-spy can be installed using npm
or yarn
.
npm install @sprdv/hapi-spy
Usage
This plugin can be registered like any other:
'use strict';
const Hapi = require('@hapi/hapi');
const init = async () => {
const server = Hapi.server();
await server.register({
plugin: require('@sprdv/hapi-spy')
});
await server.start();
console.log('Server running on %s', server.info.uri);
};
init();
Documentation
Getting client's information
To get a client's information, use the data
method:
server.route({
method: 'POST',
path: '/users/login',
options: {
async handler(req, h) {
const data = req.spy.data(); // { ip, geo, agent, accept }
// ...
}
}
});
The data object usually contains the following information about the client:
{
"ip": "85.1.213.48",
"geo": {
"range": [
1426183168,
1426183679
],
"country": "CH",
"region": "VD",
"eu": "0",
"timezone": "Europe/Zurich",
"city": "Bex",
"ll": [
46.2497,
7.0098
],
"metro": 0,
"area": 50
},
"agent": {
"ua": "Mozilla/5.0 (Linux; Android 10; SM-G973F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Mobile Safari/537.36",
"browser": {
"name": "Chrome",
"version": "80.0.3987.132",
"major": "80"
},
"engine": {
"name": "Blink",
"version": "80.0.3987.132"
},
"os": {
"name": "Android",
"version": "10"
},
"device": {
"vendor": "Samsung",
"model": "SM-G973F",
"type": "mobile"
},
"cpu": {
"architecture": "undefined"
}
},
"accept": {
"encoding": "gzip, deflate, br",
"language": "en-GB, en-US;"
}
}
Don't forget that this plugin won't always find 100% accurate results. The resulting properties may or may not be there, depending on the situation.
Parsing the client's information takes time. If you don't need all of this information, use the following methods instead:
const ip = req.spy.ip(); // 123.012.255.86
const geo = req.spy.geo(); // { city, country, ... }
const agent = req.spy.agent(); // { browser, device, ... }
const accept = req.spy.accept(); // { encoding, language, ... }
Getting client's fingerprint
To get a client's browser fingerprint, use the fingerprint
method:
const fingerprint = req.spy.fingerprint(); // he87602a7b0e...
This method generates a hash representing the client's browser fingerprint.