securenative/securenative-php

SecureNative的PHP绑定

维护者

详细信息

github.com/securenative/securenative-php

主页

源代码

问题

安装次数: 60

依赖项: 0

建议者: 0

安全: 0

星标: 0

关注者: 5

分支: 0

公开问题: 0

v1.1.1 2020-11-30 14:31 UTC

Requires

Requires (Dev)

MIT e0023fb9019ab6fd24c292f6bb0f5c214c05cb1d

securitymonitoringsdksecurenative

This package is auto-updated.

Last update: 2024-09-29 05:22:05 UTC

README

SecureNative Logo

现代应用程序的云原生安全监控和保护

Github Actions npm version

文档 | 快速入门 | 博客 | 在Slack上与我们交流!

SecureNative 通过分析用户与您应用程序的交互以及网络、设备、位置和访问模式等因素来执行用户监控,以阻止和预防账户接管攻击。

安装SDK

当使用Composer时,运行以下命令

$ composer require securenative/securenative-php

添加所需导入

require_once __DIR__ . '/vendor/autoload.php';

use SecureNative\sdk\SecureNative;
use SecureNative\sdk\SecureNativeOptions;
use SecureNative\sdk\EventTypes;
use SecureNative\sdk\SecureNativeContext;

初始化SDK

要获取您的API密钥,请登录您的SecureNative账户并转到项目设置页面

选项1:通过API_KEY和SecureNativeOptions初始化

$options = new SecureNativeOptions();
$options->setTimeout(100)
    ->setApiUrl("API URL")
    ->setDisable(false)
    ->setInterval(100)
    ->setAutoSend(true)
    ->setMaxEvents(10)
    ->setLogLevel('fatal');

// Passing `$options` is optional, will use default params
SecureNative::init("[API_KEY]", $options);

选项2:通过配置文件初始化

securenative.json文件附加到您的根目录

{
  "SECURENATIVE_API_KEY": "YOUR_API_KEY",
  "SECURENATIVE_APP_NAME": "APP_NAME",
  "SECURENATIVE_API_URL": "API_URL",
  "SECURENATIVE_INTERVAL": 1000,
  "SECURENATIVE_MAX_EVENTS": 100,
  "SECURENATIVE_TIMEOUT": 1500,
  "SECURENATIVE_AUTO_SEND": true,
  "SECURENATIVE_DISABLE": false,
  "SECURENATIVE_LOG_LEVEL": "fatal"
}

然后,调用SDK的init函数(不带props,发送props将覆盖JSON配置)。

SecureNative::init();

选项3:通过环境变量初始化

传递所需的环境变量(例如)

SECURENATIVE_API_KEY=TEST_KEY
SECURENATIVE_API_URL=http://url
SECURENATIVE_INTERVAL=100
SECURENATIVE_MAX_EVENTS=30
SECURENATIVE_TIMEOUT=1500
SECURENATIVE_AUTO_SEND=true
SECURENATIVE_DISABLE=false
SECURENATIVE_LOG_LEVEL=fatal

然后,调用SDK的init函数(不带props,发送props将覆盖JSON配置)。

SecureNative::init();

跟踪事件

一旦SDK已初始化,将通过SDK实例发送跟踪请求。

$clientToken = "[SECURED_CLIENT_TOKEN]";
$headers = (object)["user-agent" => "Mozilla/5.0 (iPad; U; CPU OS 3_2_1 like Mac OS X; en-us"];
$ip = "79.179.88.157";
$remoteIp = null;
$url = null;
$method = null;
$body = null;

$ctx = new SecureNativeContext($clientToken, $ip, $remoteIp, $headers, $url, $method, $body);

SecureNative::track(array(
    'event' => EventTypes::LOG_IN,
    'context' => $ctx,
    'userId' => '1234',
    'userTraits' => (object)[
        'name' => 'Your Name',
        'email' => 'name@gmail.com'
    ],
    // Custom properties
    'properties' => (object)[
        "custom_param1" => "CUSTOM_PARAM_VALUE",
        "custom_param2" => true,
        "custom_param3" => 3
    ]
));

您还可以从请求创建请求上下文

SecureNative::track(array(
   'event' => EventTypes::LOG_IN,
   'context' => SecureNative::contextFromContext(),
   'userId' => '1234',
   'userTraits' => (object)[
       'name' => 'Your Name',
       'email' => 'name@gmail.com'
   ],
   // Custom properties
   'properties' => (object)[
       "custom_param1" => "CUSTOM_PARAM_VALUE",
       "custom_param2" => true,
       "custom_param3" => 3
   ]
));

验证事件

示例

$options = new SecureNativeOptions();

$ver = SecureNative::verify(array(
    'event' => EventTypes::VERIFY,
    'userId' => '1234',
    'context' => SecureNative::fromRequest(),
    'userTraits' => (object)[
        'name' => 'Your Name',
        'email' => 'name@gmail.com'
    ]
));

print_r($ver->riskLevel);   // (Low, Medium, High)
print_r($ver->score);       // (0 - Very Low, 1 - Very High)
print_r($ver->triggers);    // (Example: ["TOR", "New IP", "New City"])

Webhook签名验证

应用我们的过滤器以验证请求来自我们,例如

$verified = SecureNative::getMiddleware()->verifySignature();

if ($verified) {
    // Request is trusted (coming from SecureNative) 
}

从云服务提供商提取代理头

您可以指定自定义头键以允许从不同提供商提取客户端IP。以下示例演示了从Cloudflare提取IP时使用代理头。

选项1:使用配置文件

{
    "SECURENATIVE_API_KEY": "YOUR_API_KEY",
    "SECURENATIVE_PROXY_HEADERS": ["CF-Connecting-IP"]
}

如上所示初始化SDK。

选项2:使用ConfigurationBuilder

$options = new SecureNativeOptions();
$options->setProxyHeaders(["CF-Connecting-IP"]);

SecureNative::init();

从头部删除PII数据

默认情况下,SecureNative SDK从接收到的请求中删除任何已知的PII头。我们还支持通过配置使用自定义PII头和正则表达式匹配,例如

选项1:使用配置文件

{
    "SECURENATIVE_API_KEY": "YOUR_API_KEY",
    "SECURENATIVE_PII_HEADERS": ["apiKey"]
}

如上所示初始化SDK。

选项2:使用ConfigurationBuilder

$options = new SecureNativeOptions();
$options->setPiiRegexPattern("/http_auth_/i");

SecureNative::init();