Security Features
Gameshield provides comprehensive security through game-based CAPTCHA challenges, risk scoring, and real-time analytics.
Core Security Features
Risk Scoring System
Gameshield employs a sophisticated risk scoring system that analyzes multiple factors:
typescript
interface RiskScore {
score: number; // 0-100, higher means more risky
factors: RiskFactor[];
confidence: number; // 0-1, confidence in the score
timestamp: number;
}
interface RiskFactor {
name: string; // Factor identifier
weight: number; // Impact on final score
value: number; // Factor-specific value
threshold: number; // Trigger threshold
}Behavioral Analysis
- Input patterns
- Movement precision
- Timing consistency
- Error patterns
- Game completion speed
Technical Indicators
- Browser fingerprinting
- Network patterns
- Client environment
- Device capabilities
- Session characteristics
Malicious Activity Detection
Real-time monitoring for suspicious behavior:
typescript
interface MaliciousActivity {
type: string;
timestamp: number;
riskScore: number;
evidence: {
behavioralFlags: string[];
technicalFlags: string[];
patterns: Pattern[];
};
response: {
action: 'block' | 'challenge' | 'monitor';
duration: number;
reason: string;
};
}Detection Capabilities
Bot Detection
- Automated input detection
- Pattern recognition
- Timing analysis
- Behavioral inconsistencies
Attack Prevention
- Brute force protection
- Rate limiting
- IP-based tracking
- Session validation
Token Security
Secure token generation and validation:
typescript
interface VerificationToken {
token: string; // Encrypted token
timestamp: number; // Generation time
metadata: {
gameType: string;
difficulty: string;
completionTime: number;
riskScore: number;
};
signature: string; // Digital signature
}Token Features
- Encrypted payload
- Time-based expiration
- Digital signatures
- Replay prevention
- Metadata validation
Implementation
Basic Security Setup
typescript
const captcha = new CaptchaSDK({
container: element,
security: {
riskScoring: true,
tokenExpiry: 300, // 5 minutes
maxAttempts: 3,
rateLimiting: true
}
});Advanced Configuration
typescript
const captcha = new CaptchaSDK({
container: element,
security: {
riskScoring: {
sensitivity: 'high',
customFactors: [{
name: 'custom_factor',
weight: 0.5,
threshold: 0.7
}]
},
maliciousDetection: {
autoBlock: true,
blockDuration: 3600,
notifyAdmin: true
},
tokenSecurity: {
algorithm: 'ES256',
rotateKeys: true,
keyRotationInterval: 86400
}
}
});Server-Side Verification
typescript
import { verifyToken, RiskAssessment } from '@gameshield/captcha-sdk/server';
async function validateRequest(token: string): Promise<boolean> {
try {
const result = await verifyToken(token);
if (!result.valid) {
return false;
}
// Check risk score
if (result.riskScore > 70) {
// High risk, require additional verification
return requireAdditionalVerification(result);
}
// Check for suspicious patterns
if (result.flags.length > 0) {
// Log suspicious activity
await logSuspiciousActivity(result);
}
return true;
} catch (error) {
console.error('Verification error:', error);
return false;
}
}Analytics Integration
Security Events
Monitor security-related events:
typescript
const analyticsProvider = new CustomAnalyticsProvider({
onSecurityEvent: (event) => {
switch (event.type) {
case 'high_risk_score':
notifyAdmin(event);
break;
case 'malicious_activity':
blockIP(event.data.ip);
break;
case 'token_validation_failure':
logFailure(event);
break;
}
}
});Reporting
Access security metrics and reports:
typescript
interface SecurityReport {
period: {
start: number;
end: number;
};
metrics: {
totalAttempts: number;
blockedAttempts: number;
averageRiskScore: number;
highRiskCount: number;
};
threats: {
type: string;
count: number;
trend: number;
}[];
}Best Practices
Configuration
- Enable risk scoring
- Set appropriate thresholds
- Configure rate limiting
- Implement token expiration
- Use secure token validation
Monitoring
- Track risk scores
- Monitor failed attempts
- Analyze traffic patterns
- Review security logs
- Set up alerts
Response
- Block high-risk traffic
- Implement progressive challenges
- Rate limit suspicious IPs
- Log security events
- Notify administrators
Security Headers
Recommended security headers:
typescript
// Express.js example
app.use(helmet());
app.use(helmet.contentSecurityPolicy({
directives: {
defaultSrc: ["'self'"],
scriptSrc: ["'self'", "'unsafe-inline'"],
styleSrc: ["'self'", "'unsafe-inline'"],
imgSrc: ["'self'", 'data:', 'https:'],
connectSrc: ["'self'", 'https://api.gameshield.dev']
}
}));Rate Limiting
Implement rate limiting:
typescript
// Express.js example
import rateLimit from 'express-rate-limit';
const limiter = rateLimit({
windowMs: 15 * 60 * 1000, // 15 minutes
max: 100, // limit each IP to 100 requests per windowMs
handler: (req, res) => {
res.status(429).json({
error: 'Too many requests',
retryAfter: res.getHeader('Retry-After')
});
}
});
app.use('/api/verify', limiter);Error Handling
Handle security-related errors:
typescript
function handleSecurityError(error: SecurityError) {
switch (error.code) {
case 'TOKEN_EXPIRED':
return {
status: 401,
message: 'Verification expired, please try again'
};
case 'INVALID_TOKEN':
return {
status: 400,
message: 'Invalid verification token'
};
case 'RATE_LIMITED':
return {
status: 429,
message: 'Too many attempts, please wait'
};
case 'HIGH_RISK':
return {
status: 403,
message: 'Additional verification required'
};
default:
return {
status: 500,
message: 'Security check failed'
};
}
}Next Steps
- Review Analytics Setup
- Configure Admin Dashboard
- Explore Integration Examples