✨ Introducing Radar, fraud detection
This commit is contained in:
Baptiste Arnaud
@@ -41,6 +41,7 @@ type UpdateTypebotPayload = Partial<
|
||||
| 'resultsTablePreferences'
|
||||
| 'isClosed'
|
||||
| 'whatsAppCredentialsId'
|
||||
| 'riskLevel'
|
||||
>
|
||||
>
|
||||
|
||||
|
||||
@@ -26,6 +26,7 @@ export const convertPublicTypebotToTypebot = (
|
||||
resultsTablePreferences: existingTypebot.resultsTablePreferences,
|
||||
selectedThemeTemplateId: existingTypebot.selectedThemeTemplateId,
|
||||
whatsAppCredentialsId: existingTypebot.whatsAppCredentialsId,
|
||||
riskLevel: existingTypebot.riskLevel,
|
||||
events: typebot.events,
|
||||
}
|
||||
}
|
||||
|
||||
@@ -19,6 +19,7 @@ import { migrateTypebot } from '@typebot.io/lib/migrations/migrateTypebot'
|
||||
const omittedProps = {
|
||||
id: true,
|
||||
whatsAppCredentialsId: true,
|
||||
riskLevel: true,
|
||||
isClosed: true,
|
||||
isArchived: true,
|
||||
createdAt: true,
|
||||
@@ -64,6 +65,7 @@ const migrateImportingTypebot = (
|
||||
whatsAppCredentialsId: null,
|
||||
publicId: null,
|
||||
folderId: null,
|
||||
riskLevel: null,
|
||||
} satisfies Typebot
|
||||
return migrateTypebot(fullTypebot)
|
||||
}
|
||||
|
||||
@@ -14,6 +14,8 @@ import { isWriteTypebotForbidden } from '../helpers/isWriteTypebotForbidden'
|
||||
import { sendTelemetryEvents } from '@typebot.io/lib/telemetry/sendTelemetryEvent'
|
||||
import { Plan } from '@typebot.io/prisma'
|
||||
import { InputBlockType } from '@typebot.io/schemas/features/blocks/inputs/constants'
|
||||
import { computeRiskLevel } from '@typebot.io/radar'
|
||||
import { env } from '@typebot.io/env'
|
||||
|
||||
export const publishTypebot = authenticatedProcedure
|
||||
.meta({
|
||||
@@ -78,6 +80,52 @@ export const publishTypebot = authenticatedProcedure
|
||||
})
|
||||
}
|
||||
|
||||
if (existingTypebot.riskLevel && existingTypebot.riskLevel > 80)
|
||||
throw new TRPCError({
|
||||
code: 'FORBIDDEN',
|
||||
message:
|
||||
'Radar detected a potential malicious typebot. This bot is being manually reviewed by Fraud Prevention team.',
|
||||
})
|
||||
|
||||
const riskLevel = computeRiskLevel({
|
||||
name: existingTypebot.name,
|
||||
groups: parseGroups(existingTypebot.groups, {
|
||||
typebotVersion: existingTypebot.version,
|
||||
}),
|
||||
})
|
||||
|
||||
if (riskLevel > 0) {
|
||||
if (env.MESSAGE_WEBHOOK_URL)
|
||||
await fetch(env.MESSAGE_WEBHOOK_URL, {
|
||||
method: 'POST',
|
||||
body: `🚨 *Radar detected a potential malicious typebot* 🚨\n\n*Typebot:* ${existingTypebot.name}\n*Risk level:* ${riskLevel}/100\n*Typebot ID:* ${existingTypebot.id}\n*Workspace ID:* ${existingTypebot.workspaceId}\n*User ID:* ${user.id}`,
|
||||
}).catch((err) => {
|
||||
console.error('Failed to send message', err)
|
||||
})
|
||||
|
||||
await prisma.typebot.updateMany({
|
||||
where: {
|
||||
id: existingTypebot.id,
|
||||
},
|
||||
data: {
|
||||
riskLevel,
|
||||
},
|
||||
})
|
||||
if (riskLevel > 80) {
|
||||
if (existingTypebot.publishedTypebot)
|
||||
await prisma.publicTypebot.deleteMany({
|
||||
where: {
|
||||
id: existingTypebot.publishedTypebot.id,
|
||||
},
|
||||
})
|
||||
throw new TRPCError({
|
||||
code: 'FORBIDDEN',
|
||||
message:
|
||||
'Radar detected a potential malicious typebot. This bot is being manually reviewed by Fraud Prevention team.',
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
if (existingTypebot.publishedTypebot)
|
||||
await prisma.publicTypebot.updateMany({
|
||||
where: {
|
||||
|
||||
@@ -35,6 +35,7 @@ const typebotUpdateSchemaPick = {
|
||||
customDomain: true,
|
||||
isClosed: true,
|
||||
whatsAppCredentialsId: true,
|
||||
riskLevel: true,
|
||||
events: true,
|
||||
} as const
|
||||
|
||||
|
||||
Reference in New Issue
Block a user