MTD: Update fraud prevention headers

closes #226
uzerpllp · Jul 6, 2021 · 6f7c747 · 6f7c747
1 parent d566331
commit 6f7c747
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 1 deletion.
diff --git a/lib/classes/standard/MTD.php b/lib/classes/standard/MTD.php
@@ -74,6 +74,12 @@ function __construct($client_fp_info='', $config_key='mtd-vat') {
             'Gov-Vendor-Version' => "uzerp={$uz_version}"
         ];
 
+        if (isset($oauth_config['productname']) && $oauth_config['productname'] !== '') {
+            $this->fraud_protection_headers['Gov-Vendor-Product-Name'] = rawurlencode($oauth_config['productname']);
+        } else {
+            $this->fraud_protection_headers['Gov-Vendor-Product-Name'] = 'uzERP';
+        }
+
         // Gov-Client-Public-IP
         // Gov-Client-Public-Port
         // Only if uzERP host is on the internet
@@ -100,6 +106,9 @@ function __construct($client_fp_info='', $config_key='mtd-vat') {
             $this->fraud_protection_headers['Gov-Client-Local-IPs'] = $ip;
         }
 
+        // Gov-Client-Local-IPs-Timestamp
+        $this->fraud_protection_headers['Gov-Client-Local-IPs-Timestamp'] = $this->client_fp_info->iptime;
+
         // Gov-Client-Screens
         // Gov-Client-Window-Size
         $this->fraud_protection_headers['Gov-Client-Screens'] = "width={$this->client_fp_info->screenWidth}&height={$this->client_fp_info->screenHeight}&scaling-factor={$this->client_fp_info->pixelRatio}&colour-depth={$this->client_fp_info->colorDepth}";
@@ -130,11 +139,14 @@ function __construct($client_fp_info='', $config_key='mtd-vat') {
             $this->fraud_protection_headers['Gov-Vendor-Public-IP'] = rawurlencode($server_ip);
         }
 
+        // Gov-Client-Public-IP-Timestamp
+        $this->fraud_protection_headers['Gov-Client-Public-IP-Timestamp'] = $utcTime->format('Y-m-d\TH:i:s\Z');
+
         // Gov-Vendor-Forwarded
         // A list that details hops over the internet between services that terminate Transport Layer Security (TLS).
         // Each key and value must be percent encoded (opens in a new tab). Do not percent encode separators (equal signs, ampersands and commas).
         // Public networks only
-        if (!self::ip_is_private($client_public_ip)) {
+        if (!self::ip_is_private($_SERVER['SERVER_ADDR'])) {
             $by_ip = rawurlencode($_SERVER['SERVER_ADDR']);
             $for_ip = rawurlencode($client_public_ip);
             $this->fraud_protection_headers['Gov-Vendor-Forwarded'] = "by={$by_ip}&for={$for_ip}";

diff --git a/modules/public_pages/erp/ledger/vat/resources/js/vat.js b/modules/public_pages/erp/ledger/vat/resources/js/vat.js
@@ -17,6 +17,7 @@ $(document).ready(function(){
 	// Fetch various information for MTD VAT fraud headers
 	var fp = {
 		ip: '',
+		iptime: new Date().toISOString(),
 		pixelRatio: '',
 		screenWidth: '',
 		screenHeight: '',
@@ -108,6 +109,7 @@ $(document).ready(function(){
 	}
 	fp.dnt = dnt;
 
+	console.log(fp);
 
 	// custom confirmation message
 	$(document).on('click', 'a.vat-confirm', {}, function(event){