{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Amazonka.WAFV2.Types.ChallengeAction
-- Copyright   : (c) 2013-2023 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
module Amazonka.WAFV2.Types.ChallengeAction where

import qualified Amazonka.Core as Core
import qualified Amazonka.Core.Lens.Internal as Lens
import qualified Amazonka.Data as Data
import qualified Amazonka.Prelude as Prelude
import Amazonka.WAFV2.Types.CustomRequestHandling

-- | Specifies that WAF should run a @Challenge@ check against the request to
-- verify that the request is coming from a legitimate client session:
--
-- -   If the request includes a valid, unexpired challenge token, WAF
--     applies any custom request handling and labels that you\'ve
--     configured and then allows the web request inspection to proceed to
--     the next rule, similar to a @CountAction@.
--
-- -   If the request doesn\'t include a valid, unexpired challenge token,
--     WAF discontinues the web ACL evaluation of the request and blocks it
--     from going to its intended destination.
--
--     WAF then generates a challenge response that it sends back to the
--     client, which includes the following:
--
--     -   The header @x-amzn-waf-action@ with a value of @challenge@.
--
--     -   The HTTP status code @202 Request Accepted@.
--
--     -   If the request contains an @Accept@ header with a value of
--         @text\/html@, the response includes a JavaScript page
--         interstitial with a challenge script.
--
--     Challenges run silent browser interrogations in the background, and
--     don\'t generally affect the end user experience.
--
--     A challenge enforces token acquisition using an interstitial
--     JavaScript challenge that inspects the client session for legitimate
--     behavior. The challenge blocks bots or at least increases the cost
--     of operating sophisticated bots.
--
--     After the client session successfully responds to the challenge, it
--     receives a new token from WAF, which the challenge script uses to
--     resubmit the original request.
--
-- You can configure the expiration time in the @ChallengeConfig@
-- @ImmunityTimeProperty@ setting at the rule and web ACL level. The rule
-- setting overrides the web ACL setting.
--
-- This action option is available for rules. It isn\'t available for web
-- ACL default actions.
--
-- /See:/ 'newChallengeAction' smart constructor.
data ChallengeAction = ChallengeAction'
  { -- | Defines custom handling for the web request, used when the challenge
    -- inspection determines that the request\'s token is valid and unexpired.
    --
    -- For information about customizing web requests and responses, see
    -- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html Customizing web requests and responses in WAF>
    -- in the
    -- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html WAF Developer Guide>.
    ChallengeAction -> Maybe CustomRequestHandling
customRequestHandling :: Prelude.Maybe CustomRequestHandling
  }
  deriving (ChallengeAction -> ChallengeAction -> Bool
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: ChallengeAction -> ChallengeAction -> Bool
$c/= :: ChallengeAction -> ChallengeAction -> Bool
== :: ChallengeAction -> ChallengeAction -> Bool
$c== :: ChallengeAction -> ChallengeAction -> Bool
Prelude.Eq, ReadPrec [ChallengeAction]
ReadPrec ChallengeAction
Int -> ReadS ChallengeAction
ReadS [ChallengeAction]
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [ChallengeAction]
$creadListPrec :: ReadPrec [ChallengeAction]
readPrec :: ReadPrec ChallengeAction
$creadPrec :: ReadPrec ChallengeAction
readList :: ReadS [ChallengeAction]
$creadList :: ReadS [ChallengeAction]
readsPrec :: Int -> ReadS ChallengeAction
$creadsPrec :: Int -> ReadS ChallengeAction
Prelude.Read, Int -> ChallengeAction -> ShowS
[ChallengeAction] -> ShowS
ChallengeAction -> String
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [ChallengeAction] -> ShowS
$cshowList :: [ChallengeAction] -> ShowS
show :: ChallengeAction -> String
$cshow :: ChallengeAction -> String
showsPrec :: Int -> ChallengeAction -> ShowS
$cshowsPrec :: Int -> ChallengeAction -> ShowS
Prelude.Show, forall x. Rep ChallengeAction x -> ChallengeAction
forall x. ChallengeAction -> Rep ChallengeAction x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x. Rep ChallengeAction x -> ChallengeAction
$cfrom :: forall x. ChallengeAction -> Rep ChallengeAction x
Prelude.Generic)

-- |
-- Create a value of 'ChallengeAction' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'customRequestHandling', 'challengeAction_customRequestHandling' - Defines custom handling for the web request, used when the challenge
-- inspection determines that the request\'s token is valid and unexpired.
--
-- For information about customizing web requests and responses, see
-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html Customizing web requests and responses in WAF>
-- in the
-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html WAF Developer Guide>.
newChallengeAction ::
  ChallengeAction
newChallengeAction :: ChallengeAction
newChallengeAction =
  ChallengeAction'
    { $sel:customRequestHandling:ChallengeAction' :: Maybe CustomRequestHandling
customRequestHandling =
        forall a. Maybe a
Prelude.Nothing
    }

-- | Defines custom handling for the web request, used when the challenge
-- inspection determines that the request\'s token is valid and unexpired.
--
-- For information about customizing web requests and responses, see
-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html Customizing web requests and responses in WAF>
-- in the
-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html WAF Developer Guide>.
challengeAction_customRequestHandling :: Lens.Lens' ChallengeAction (Prelude.Maybe CustomRequestHandling)
challengeAction_customRequestHandling :: Lens' ChallengeAction (Maybe CustomRequestHandling)
challengeAction_customRequestHandling = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\ChallengeAction' {Maybe CustomRequestHandling
customRequestHandling :: Maybe CustomRequestHandling
$sel:customRequestHandling:ChallengeAction' :: ChallengeAction -> Maybe CustomRequestHandling
customRequestHandling} -> Maybe CustomRequestHandling
customRequestHandling) (\s :: ChallengeAction
s@ChallengeAction' {} Maybe CustomRequestHandling
a -> ChallengeAction
s {$sel:customRequestHandling:ChallengeAction' :: Maybe CustomRequestHandling
customRequestHandling = Maybe CustomRequestHandling
a} :: ChallengeAction)

instance Data.FromJSON ChallengeAction where
  parseJSON :: Value -> Parser ChallengeAction
parseJSON =
    forall a. String -> (Object -> Parser a) -> Value -> Parser a
Data.withObject
      String
"ChallengeAction"
      ( \Object
x ->
          Maybe CustomRequestHandling -> ChallengeAction
ChallengeAction'
            forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> (Object
x forall a. FromJSON a => Object -> Key -> Parser (Maybe a)
Data..:? Key
"CustomRequestHandling")
      )

instance Prelude.Hashable ChallengeAction where
  hashWithSalt :: Int -> ChallengeAction -> Int
hashWithSalt Int
_salt ChallengeAction' {Maybe CustomRequestHandling
customRequestHandling :: Maybe CustomRequestHandling
$sel:customRequestHandling:ChallengeAction' :: ChallengeAction -> Maybe CustomRequestHandling
..} =
    Int
_salt forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Maybe CustomRequestHandling
customRequestHandling

instance Prelude.NFData ChallengeAction where
  rnf :: ChallengeAction -> ()
rnf ChallengeAction' {Maybe CustomRequestHandling
customRequestHandling :: Maybe CustomRequestHandling
$sel:customRequestHandling:ChallengeAction' :: ChallengeAction -> Maybe CustomRequestHandling
..} =
    forall a. NFData a => a -> ()
Prelude.rnf Maybe CustomRequestHandling
customRequestHandling

instance Data.ToJSON ChallengeAction where
  toJSON :: ChallengeAction -> Value
toJSON ChallengeAction' {Maybe CustomRequestHandling
customRequestHandling :: Maybe CustomRequestHandling
$sel:customRequestHandling:ChallengeAction' :: ChallengeAction -> Maybe CustomRequestHandling
..} =
    [Pair] -> Value
Data.object
      ( forall a. [Maybe a] -> [a]
Prelude.catMaybes
          [ (Key
"CustomRequestHandling" forall kv v. (KeyValue kv, ToJSON v) => Key -> v -> kv
Data..=)
              forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe CustomRequestHandling
customRequestHandling
          ]
      )