securenative/securenative-php

PHP bindings for SecureNative

Maintainers

Details

github.com/securenative/securenative-php

Homepage

Source

Issues

Installs: 54

Dependents: 0

Suggesters: 0

Security: 0

Stars: 0

Watchers: 5

Forks: 0

Open Issues: 0

v1.1.1 2020-11-30 14:31 UTC

Requires

Requires (Dev)

MIT e0023fb9019ab6fd24c292f6bb0f5c214c05cb1d

securitymonitoringsdksecurenative

This package is auto-updated.

Last update: 2021-07-29 02:02:45 UTC

README

SecureNative Logo

A Cloud-Native Security Monitoring and Protection for Modern Applications

Github Actions 68747470733a2f2f636f6465636f762e696f2f67682f7365637572656e61746976652f7365637572656e61746976652d7068702f6272616e63682f6d61737465722f67726170682f62616467652e737667 npm version

Documentation | Quick Start | Blog | Chat with us on Slack!

SecureNative performs user monitoring by analyzing user interactions with your application and various factors such as network, devices, locations and access patterns to stop and prevent account takeover attacks.

Install the SDK

When using Composer run the following command:

$ composer require securenative/securenative-php

Add required imports

require_once __DIR__ . '/vendor/autoload.php';

use SecureNative\sdk\SecureNative;
use SecureNative\sdk\SecureNativeOptions;
use SecureNative\sdk\EventTypes;
use SecureNative\sdk\SecureNativeContext;

Initialize the SDK

To get your API KEY, login to your SecureNative account and go to project settings page:

Option 1: Initialize via API_KEY and SecureNativeOptions

$options = new SecureNativeOptions();
$options->setTimeout(100)
    ->setApiUrl("API URL")
    ->setDisable(false)
    ->setInterval(100)
    ->setAutoSend(true)
    ->setMaxEvents(10)
    ->setLogLevel('fatal');

// Passing `$options` is optional, will use default params
SecureNative::init("[API_KEY]", $options);

Option 2: Initialize via configuration file

Attach securenative.json file to your root folder:

{
  "SECURENATIVE_API_KEY": "YOUR_API_KEY",
  "SECURENATIVE_APP_NAME": "APP_NAME",
  "SECURENATIVE_API_URL": "API_URL",
  "SECURENATIVE_INTERVAL": 1000,
  "SECURENATIVE_MAX_EVENTS": 100,
  "SECURENATIVE_TIMEOUT": 1500,
  "SECURENATIVE_AUTO_SEND": true,
  "SECURENATIVE_DISABLE": false,
  "SECURENATIVE_LOG_LEVEL": "fatal"
}

Then, call SDK's init function without props (sending props will override JSON configurations).

SecureNative::init();

Option 3: Initialize via environment variables

Pass desired environment variables (for example):

SECURENATIVE_API_KEY=TEST_KEY
SECURENATIVE_API_URL=http://url
SECURENATIVE_INTERVAL=100
SECURENATIVE_MAX_EVENTS=30
SECURENATIVE_TIMEOUT=1500
SECURENATIVE_AUTO_SEND=true
SECURENATIVE_DISABLE=false
SECURENATIVE_LOG_LEVEL=fatal

Then, call SDK's init function without props (sending props will override JSON configurations).

SecureNative::init();

Tracking events

Once the SDK has been initialized, tracking requests sent through the SDK instance.

$clientToken = "[SECURED_CLIENT_TOKEN]";
$headers = (object)["user-agent" => "Mozilla/5.0 (iPad; U; CPU OS 3_2_1 like Mac OS X; en-us"];
$ip = "79.179.88.157";
$remoteIp = null;
$url = null;
$method = null;
$body = null;

$ctx = new SecureNativeContext($clientToken, $ip, $remoteIp, $headers, $url, $method, $body);

SecureNative::track(array(
    'event' => EventTypes::LOG_IN,
    'context' => $ctx,
    'userId' => '1234',
    'userTraits' => (object)[
        'name' => 'Your Name',
        'email' => 'name@gmail.com'
    ],
    // Custom properties
    'properties' => (object)[
        "custom_param1" => "CUSTOM_PARAM_VALUE",
        "custom_param2" => true,
        "custom_param3" => 3
    ]
));

You can also create request context from request:

SecureNative::track(array(
   'event' => EventTypes::LOG_IN,
   'context' => SecureNative::contextFromContext(),
   'userId' => '1234',
   'userTraits' => (object)[
       'name' => 'Your Name',
       'email' => 'name@gmail.com'
   ],
   // Custom properties
   'properties' => (object)[
       "custom_param1" => "CUSTOM_PARAM_VALUE",
       "custom_param2" => true,
       "custom_param3" => 3
   ]
));

Verify events

Example

$options = new SecureNativeOptions();

$ver = SecureNative::verify(array(
    'event' => EventTypes::VERIFY,
    'userId' => '1234',
    'context' => SecureNative::fromRequest(),
    'userTraits' => (object)[
        'name' => 'Your Name',
        'email' => 'name@gmail.com'
    ]
));

print_r($ver->riskLevel);   // (Low, Medium, High)
print_r($ver->score);       // (0 - Very Low, 1 - Very High)
print_r($ver->triggers);    // (Example: ["TOR", "New IP", "New City"])

Webhook signature verification

Apply our filter to verify the request is from us, for example:

$verified = SecureNative::getMiddleware()->verifySignature();

if ($verified) {
    // Request is trusted (coming from SecureNative) 
}

Extract proxy headers from cloud providers

You can specify custom header keys to allow extraction of client ip from different providers. This example demonstrates the usage of proxy headers for ip extraction from Cloudflare.

Option 1: Using config file

{
    "SECURENATIVE_API_KEY": "YOUR_API_KEY",
    "SECURENATIVE_PROXY_HEADERS": ["CF-Connecting-IP"]
}

Initialize sdk as shown above.

Options 2: Using ConfigurationBuilder

$options = new SecureNativeOptions();
$options->setProxyHeaders(["CF-Connecting-IP"]);

SecureNative::init();

Remove PII Data From Headers

By default, SecureNative SDK remove any known pii headers from the received request. We also support using custom pii headers and regex matching via configuration, for example:

Option 1: Using config file

{
    "SECURENATIVE_API_KEY": "YOUR_API_KEY",
    "SECURENATIVE_PII_HEADERS": ["apiKey"]
}

Initialize sdk as shown above.

Options 2: Using ConfigurationBuilder

$options = new SecureNativeOptions();
$options->setPiiRegexPattern("/http_auth_/i");

SecureNative::init();