@beignet/core 0.0.1 → 0.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +11 -0
- package/README.md +149 -4
- package/dist/application/index.d.ts +93 -9
- package/dist/application/index.d.ts.map +1 -1
- package/dist/application/index.js +11 -11
- package/dist/application/index.js.map +1 -1
- package/dist/client/client.d.ts +73 -12
- package/dist/client/client.d.ts.map +1 -1
- package/dist/client/client.js +37 -12
- package/dist/client/client.js.map +1 -1
- package/dist/client/index.d.ts +12 -0
- package/dist/client/index.d.ts.map +1 -1
- package/dist/client/index.js +6 -0
- package/dist/client/index.js.map +1 -1
- package/dist/client/types.d.ts +69 -8
- package/dist/client/types.d.ts.map +1 -1
- package/dist/config/index.d.ts +84 -0
- package/dist/config/index.d.ts.map +1 -1
- package/dist/config/index.js +36 -0
- package/dist/config/index.js.map +1 -1
- package/dist/contracts/contract-builder.d.ts +49 -22
- package/dist/contracts/contract-builder.d.ts.map +1 -1
- package/dist/contracts/contract-builder.js +48 -21
- package/dist/contracts/contract-builder.js.map +1 -1
- package/dist/contracts/contract-group.d.ts +35 -19
- package/dist/contracts/contract-group.d.ts.map +1 -1
- package/dist/contracts/contract-group.js +35 -19
- package/dist/contracts/contract-group.js.map +1 -1
- package/dist/contracts/contract-like.d.ts +4 -4
- package/dist/contracts/contract-like.d.ts.map +1 -1
- package/dist/contracts/contract-like.js +2 -1
- package/dist/contracts/contract-like.js.map +1 -1
- package/dist/contracts/index.d.ts +28 -0
- package/dist/contracts/index.d.ts.map +1 -1
- package/dist/contracts/index.js +12 -0
- package/dist/contracts/index.js.map +1 -1
- package/dist/contracts/openapi-meta.d.ts +8 -8
- package/dist/contracts/openapi-meta.d.ts.map +1 -1
- package/dist/contracts/path-template.d.ts +27 -0
- package/dist/contracts/path-template.d.ts.map +1 -1
- package/dist/contracts/path-template.js +6 -0
- package/dist/contracts/path-template.js.map +1 -1
- package/dist/contracts/types.d.ts +104 -10
- package/dist/contracts/types.d.ts.map +1 -1
- package/dist/contracts/types.js +15 -0
- package/dist/contracts/types.js.map +1 -1
- package/dist/contracts/utils.d.ts +6 -0
- package/dist/contracts/utils.d.ts.map +1 -1
- package/dist/contracts/utils.js +6 -0
- package/dist/contracts/utils.js.map +1 -1
- package/dist/domain/entity.d.ts +22 -11
- package/dist/domain/entity.d.ts.map +1 -1
- package/dist/domain/entity.js +5 -1
- package/dist/domain/entity.js.map +1 -1
- package/dist/domain/events.d.ts +5 -2
- package/dist/domain/events.d.ts.map +1 -1
- package/dist/domain/events.js +4 -1
- package/dist/domain/events.js.map +1 -1
- package/dist/domain/value-object.d.ts +19 -9
- package/dist/domain/value-object.d.ts.map +1 -1
- package/dist/domain/value-object.js +5 -1
- package/dist/domain/value-object.js.map +1 -1
- package/dist/errors/catalog.d.ts +40 -16
- package/dist/errors/catalog.d.ts.map +1 -1
- package/dist/errors/catalog.js +18 -7
- package/dist/errors/catalog.js.map +1 -1
- package/dist/errors/response.d.ts +16 -4
- package/dist/errors/response.d.ts.map +1 -1
- package/dist/errors/response.js +3 -3
- package/dist/errors/response.js.map +1 -1
- package/dist/errors/validation.d.ts +10 -1
- package/dist/errors/validation.d.ts.map +1 -1
- package/dist/errors/validation.js +3 -0
- package/dist/errors/validation.js.map +1 -1
- package/dist/events/index.d.ts +133 -0
- package/dist/events/index.d.ts.map +1 -1
- package/dist/events/index.js +30 -0
- package/dist/events/index.js.map +1 -1
- package/dist/idempotency/index.d.ts +355 -0
- package/dist/idempotency/index.d.ts.map +1 -0
- package/dist/idempotency/index.js +360 -0
- package/dist/idempotency/index.js.map +1 -0
- package/dist/jobs/index.d.ts +110 -0
- package/dist/jobs/index.d.ts.map +1 -1
- package/dist/jobs/index.js +22 -0
- package/dist/jobs/index.js.map +1 -1
- package/dist/mail/index.d.ts +149 -0
- package/dist/mail/index.d.ts.map +1 -1
- package/dist/mail/index.js +30 -0
- package/dist/mail/index.js.map +1 -1
- package/dist/notifications/index.d.ts +369 -0
- package/dist/notifications/index.d.ts.map +1 -0
- package/dist/notifications/index.js +310 -0
- package/dist/notifications/index.js.map +1 -0
- package/dist/openapi/index.d.ts +132 -16
- package/dist/openapi/index.d.ts.map +1 -1
- package/dist/openapi/index.js +1 -1
- package/dist/openapi/index.js.map +1 -1
- package/dist/outbox/index.d.ts +469 -0
- package/dist/outbox/index.d.ts.map +1 -0
- package/dist/outbox/index.js +482 -0
- package/dist/outbox/index.js.map +1 -0
- package/dist/pagination/index.d.ts +166 -0
- package/dist/pagination/index.d.ts.map +1 -0
- package/dist/pagination/index.js +96 -0
- package/dist/pagination/index.js.map +1 -0
- package/dist/ports/audit.d.ts +271 -0
- package/dist/ports/audit.d.ts.map +1 -1
- package/dist/ports/audit.js +128 -0
- package/dist/ports/audit.js.map +1 -1
- package/dist/ports/auth.d.ts +70 -0
- package/dist/ports/auth.d.ts.map +1 -1
- package/dist/ports/auth.js +30 -0
- package/dist/ports/auth.js.map +1 -1
- package/dist/ports/cache.d.ts +41 -0
- package/dist/ports/cache.d.ts.map +1 -1
- package/dist/ports/cache.js +10 -0
- package/dist/ports/cache.js.map +1 -1
- package/dist/ports/clock.d.ts +38 -0
- package/dist/ports/clock.d.ts.map +1 -1
- package/dist/ports/clock.js +20 -0
- package/dist/ports/clock.js.map +1 -1
- package/dist/ports/id-generator.d.ts +37 -0
- package/dist/ports/id-generator.d.ts.map +1 -1
- package/dist/ports/id-generator.js +22 -0
- package/dist/ports/id-generator.js.map +1 -1
- package/dist/ports/index.d.ts +83 -0
- package/dist/ports/index.d.ts.map +1 -1
- package/dist/ports/index.js +41 -5
- package/dist/ports/index.js.map +1 -1
- package/dist/ports/logger.d.ts +56 -0
- package/dist/ports/logger.d.ts.map +1 -1
- package/dist/ports/logger.js +17 -0
- package/dist/ports/logger.js.map +1 -1
- package/dist/ports/policy.d.ts +132 -0
- package/dist/ports/policy.d.ts.map +1 -1
- package/dist/ports/policy.js +45 -0
- package/dist/ports/policy.js.map +1 -1
- package/dist/ports/rate-limit.d.ts +25 -0
- package/dist/ports/rate-limit.d.ts.map +1 -1
- package/dist/ports/rate-limit.js +10 -0
- package/dist/ports/rate-limit.js.map +1 -1
- package/dist/ports/redaction.d.ts +101 -0
- package/dist/ports/redaction.d.ts.map +1 -1
- package/dist/ports/redaction.js +59 -0
- package/dist/ports/redaction.js.map +1 -1
- package/dist/ports/storage.d.ts +100 -0
- package/dist/ports/storage.d.ts.map +1 -1
- package/dist/ports/storage.js +10 -0
- package/dist/ports/storage.js.map +1 -1
- package/dist/ports/testing.d.ts +47 -0
- package/dist/ports/testing.d.ts.map +1 -1
- package/dist/ports/testing.js +23 -0
- package/dist/ports/testing.js.map +1 -1
- package/dist/ports/unit-of-work.d.ts +60 -3
- package/dist/ports/unit-of-work.d.ts.map +1 -1
- package/dist/ports/unit-of-work.js +11 -2
- package/dist/ports/unit-of-work.js.map +1 -1
- package/dist/providers/instrumentation.d.ts +204 -0
- package/dist/providers/instrumentation.d.ts.map +1 -1
- package/dist/providers/instrumentation.js +14 -0
- package/dist/providers/instrumentation.js.map +1 -1
- package/dist/providers/provider.d.ts +14 -1
- package/dist/providers/provider.d.ts.map +1 -1
- package/dist/providers/provider.js.map +1 -1
- package/dist/schedules/index.d.ts +246 -0
- package/dist/schedules/index.d.ts.map +1 -1
- package/dist/schedules/index.js +27 -0
- package/dist/schedules/index.js.map +1 -1
- package/dist/server/health.d.ts +14 -5
- package/dist/server/health.d.ts.map +1 -1
- package/dist/server/health.js +5 -2
- package/dist/server/health.js.map +1 -1
- package/dist/server/hooks/auth.d.ts +57 -0
- package/dist/server/hooks/auth.d.ts.map +1 -1
- package/dist/server/hooks/auth.js.map +1 -1
- package/dist/server/hooks/cors.d.ts +27 -0
- package/dist/server/hooks/cors.d.ts.map +1 -1
- package/dist/server/hooks/cors.js +12 -0
- package/dist/server/hooks/cors.js.map +1 -1
- package/dist/server/hooks/errors.d.ts +15 -6
- package/dist/server/hooks/errors.d.ts.map +1 -1
- package/dist/server/hooks/errors.js.map +1 -1
- package/dist/server/hooks/index.d.ts +3 -0
- package/dist/server/hooks/index.d.ts.map +1 -1
- package/dist/server/hooks/index.js +3 -0
- package/dist/server/hooks/index.js.map +1 -1
- package/dist/server/hooks/logging.d.ts +36 -0
- package/dist/server/hooks/logging.d.ts.map +1 -1
- package/dist/server/hooks/logging.js +6 -0
- package/dist/server/hooks/logging.js.map +1 -1
- package/dist/server/hooks/rate-limit.d.ts +33 -0
- package/dist/server/hooks/rate-limit.d.ts.map +1 -1
- package/dist/server/hooks/rate-limit.js +11 -0
- package/dist/server/hooks/rate-limit.js.map +1 -1
- package/dist/server/http.d.ts +170 -0
- package/dist/server/http.d.ts.map +1 -1
- package/dist/server/index.d.ts +18 -0
- package/dist/server/index.d.ts.map +1 -1
- package/dist/server/index.js +6 -0
- package/dist/server/index.js.map +1 -1
- package/dist/server/openapi.d.ts +5 -3
- package/dist/server/openapi.d.ts.map +1 -1
- package/dist/server/openapi.js +4 -2
- package/dist/server/openapi.js.map +1 -1
- package/dist/server/providers/loadProviderConfig.d.ts +9 -0
- package/dist/server/providers/loadProviderConfig.d.ts.map +1 -1
- package/dist/server/providers/loadProviderConfig.js +9 -0
- package/dist/server/providers/loadProviderConfig.js.map +1 -1
- package/dist/server/server.d.ts +107 -8
- package/dist/server/server.d.ts.map +1 -1
- package/dist/server/server.js +27 -7
- package/dist/server/server.js.map +1 -1
- package/dist/testing/index.d.ts +167 -0
- package/dist/testing/index.d.ts.map +1 -0
- package/dist/testing/index.js +119 -0
- package/dist/testing/index.js.map +1 -0
- package/package.json +21 -1
- package/src/application/index.ts +85 -22
- package/src/client/client.ts +73 -12
- package/src/client/index.ts +12 -0
- package/src/client/types.ts +70 -9
- package/src/config/index.ts +86 -0
- package/src/contracts/contract-builder.ts +49 -22
- package/src/contracts/contract-group.ts +35 -19
- package/src/contracts/contract-like.ts +4 -4
- package/src/contracts/index.ts +28 -1
- package/src/contracts/openapi-meta.ts +8 -8
- package/src/contracts/path-template.ts +27 -0
- package/src/contracts/types.ts +111 -10
- package/src/contracts/utils.ts +6 -0
- package/src/domain/entity.ts +22 -11
- package/src/domain/events.ts +5 -2
- package/src/domain/value-object.ts +19 -9
- package/src/errors/catalog.ts +40 -16
- package/src/errors/response.ts +16 -4
- package/src/errors/validation.ts +10 -1
- package/src/events/index.ts +134 -0
- package/src/idempotency/index.ts +767 -0
- package/src/jobs/index.ts +111 -0
- package/src/mail/index.ts +149 -0
- package/src/notifications/index.ts +771 -0
- package/src/openapi/index.ts +133 -16
- package/src/outbox/index.ts +1024 -0
- package/src/pagination/index.ts +278 -0
- package/src/ports/audit.ts +271 -0
- package/src/ports/auth.ts +70 -0
- package/src/ports/cache.ts +41 -0
- package/src/ports/clock.ts +38 -0
- package/src/ports/id-generator.ts +37 -0
- package/src/ports/index.ts +106 -11
- package/src/ports/logger.ts +56 -0
- package/src/ports/policy.ts +133 -0
- package/src/ports/rate-limit.ts +25 -0
- package/src/ports/redaction.ts +101 -0
- package/src/ports/storage.ts +100 -0
- package/src/ports/testing.ts +47 -0
- package/src/ports/unit-of-work.ts +60 -3
- package/src/providers/instrumentation.ts +204 -0
- package/src/providers/provider.ts +14 -1
- package/src/schedules/index.ts +247 -0
- package/src/server/health.ts +14 -5
- package/src/server/hooks/auth.ts +58 -0
- package/src/server/hooks/cors.ts +27 -0
- package/src/server/hooks/errors.ts +15 -6
- package/src/server/hooks/index.ts +3 -0
- package/src/server/hooks/logging.ts +36 -0
- package/src/server/hooks/rate-limit.ts +33 -0
- package/src/server/http.ts +170 -1
- package/src/server/index.ts +18 -1
- package/src/server/openapi.ts +5 -3
- package/src/server/providers/loadProviderConfig.ts +9 -0
- package/src/server/server.ts +107 -9
- package/src/testing/index.ts +337 -0
package/dist/ports/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/ports/index.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/ports/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA8BG;AAWH;;;;;;;;;;;;;;;;;;;GAmBG;AACH,MAAM,UAAU,WAAW,CAAqB,KAAQ;IACtD,OAAO,KAAK,CAAC;AACf,CAAC;AA2ED;;GAEG;AACH,OAAO,EACL,oBAAoB,EACpB,oBAAoB,EACpB,sBAAsB,EACtB,kBAAkB,EAClB,iBAAiB,EACjB,YAAY,EACZ,eAAe,EACf,sBAAsB,EACtB,mBAAmB,GACpB,MAAM,SAAS,CAAC;AAUjB;;GAEG;AACH,OAAO,EACL,qBAAqB,EACrB,mBAAmB,EACnB,gBAAgB,GACjB,MAAM,QAAQ,CAAC;AAChB;;GAEG;AACH,OAAO,EACL,kBAAkB,GAGnB,MAAM,WAAW,CAAC;AAKnB;;GAEG;AACH,OAAO,EAAE,iBAAiB,EAAE,MAAM,SAAS,CAAC;AAK5C;;GAEG;AACH,OAAO,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,MAAM,SAAS,CAAC;AAgB/D;;GAEG;AACH,OAAO,EACL,yBAAyB,EACzB,qBAAqB,GACtB,MAAM,gBAAgB,CAAC;AAUxB;;GAEG;AACH,OAAO,EAAE,kBAAkB,EAAE,gBAAgB,EAAE,MAAM,UAAU,CAAC;AAmBhE;;GAEG;AACH,OAAO,EACL,KAAK,EACL,UAAU,EACV,YAAY,EACZ,IAAI,EACJ,sBAAsB,GACvB,MAAM,UAAU,CAAC;AASlB;;GAEG;AACH,OAAO,EAAE,uBAAuB,EAAE,MAAM,cAAc,CAAC;AACvD;;GAEG;AACH,OAAO,EACL,cAAc,EACd,sBAAsB,EACtB,sBAAsB,EACtB,2BAA2B,EAC3B,sBAAsB,EACtB,uBAAuB,EACvB,cAAc,EAKd,aAAa,EACb,WAAW,GACZ,MAAM,aAAa,CAAC;AAcrB;;GAEG;AACH,OAAO,EAAE,mBAAmB,EAAE,MAAM,WAAW,CAAC;AAChD;;GAEG;AACH,OAAO,EAEL,yBAAyB,EACzB,oBAAoB,GAMrB,MAAM,gBAAgB,CAAC"}
|
package/dist/ports/logger.d.ts
CHANGED
|
@@ -1,22 +1,78 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Supported structured logger levels.
|
|
3
|
+
*/
|
|
1
4
|
export type LogLevel = "trace" | "debug" | "info" | "warn" | "error" | "fatal";
|
|
5
|
+
/**
|
|
6
|
+
* App-facing structured logger port.
|
|
7
|
+
*
|
|
8
|
+
* Application code logs through this interface so production can use Pino,
|
|
9
|
+
* Datadog, or another adapter while tests can use no-op or memory loggers.
|
|
10
|
+
*/
|
|
2
11
|
export interface LoggerPort {
|
|
12
|
+
/**
|
|
13
|
+
* Log very detailed diagnostic information.
|
|
14
|
+
*/
|
|
3
15
|
trace(message: string, meta?: Record<string, unknown>): void;
|
|
16
|
+
/**
|
|
17
|
+
* Log debug-level diagnostic information.
|
|
18
|
+
*/
|
|
4
19
|
debug(message: string, meta?: Record<string, unknown>): void;
|
|
20
|
+
/**
|
|
21
|
+
* Log normal application progress.
|
|
22
|
+
*/
|
|
5
23
|
info(message: string, meta?: Record<string, unknown>): void;
|
|
24
|
+
/**
|
|
25
|
+
* Log recoverable problems or unusual conditions.
|
|
26
|
+
*/
|
|
6
27
|
warn(message: string, meta?: Record<string, unknown>): void;
|
|
28
|
+
/**
|
|
29
|
+
* Log failed operations.
|
|
30
|
+
*/
|
|
7
31
|
error(message: string, meta?: Record<string, unknown>): void;
|
|
32
|
+
/**
|
|
33
|
+
* Log unrecoverable failures.
|
|
34
|
+
*/
|
|
8
35
|
fatal(message: string, meta?: Record<string, unknown>): void;
|
|
36
|
+
/**
|
|
37
|
+
* Return a logger with additional structured bindings.
|
|
38
|
+
*/
|
|
9
39
|
child(bindings: Record<string, unknown>): LoggerPort;
|
|
10
40
|
}
|
|
41
|
+
/**
|
|
42
|
+
* Captured entry from `createMemoryLogger(...)`.
|
|
43
|
+
*/
|
|
11
44
|
export interface MemoryLogEntry {
|
|
12
45
|
level: LogLevel;
|
|
13
46
|
message: string;
|
|
14
47
|
meta?: Record<string, unknown>;
|
|
15
48
|
bindings: Record<string, unknown>;
|
|
16
49
|
}
|
|
50
|
+
/**
|
|
51
|
+
* In-memory logger port used by tests and local assertions.
|
|
52
|
+
*/
|
|
17
53
|
export interface MemoryLoggerPort extends LoggerPort {
|
|
54
|
+
/**
|
|
55
|
+
* Captured log entries in call order.
|
|
56
|
+
*/
|
|
18
57
|
entries: MemoryLogEntry[];
|
|
19
58
|
}
|
|
59
|
+
/**
|
|
60
|
+
* Create a logger that discards every log call.
|
|
61
|
+
*
|
|
62
|
+
* Use this in tests where logging is irrelevant.
|
|
63
|
+
*
|
|
64
|
+
* @returns A logger port whose methods are no-ops.
|
|
65
|
+
*/
|
|
20
66
|
export declare function createNoopLogger(): LoggerPort;
|
|
67
|
+
/**
|
|
68
|
+
* Create a logger that captures entries in memory.
|
|
69
|
+
*
|
|
70
|
+
* Child loggers inherit existing bindings and append new bindings to each
|
|
71
|
+
* captured entry.
|
|
72
|
+
*
|
|
73
|
+
* @param bindings - Structured bindings attached to every captured entry.
|
|
74
|
+
* @param entries - Optional shared entry array.
|
|
75
|
+
* @returns A logger port with an inspectable `entries` array.
|
|
76
|
+
*/
|
|
21
77
|
export declare function createMemoryLogger(bindings?: Record<string, unknown>, entries?: MemoryLogEntry[]): MemoryLoggerPort;
|
|
22
78
|
//# sourceMappingURL=logger.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"logger.d.ts","sourceRoot":"","sources":["../../src/ports/logger.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,QAAQ,GAAG,OAAO,GAAG,OAAO,GAAG,MAAM,GAAG,MAAM,GAAG,OAAO,GAAG,OAAO,CAAC;AAE/E,MAAM,WAAW,UAAU;IACzB,KAAK,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC;IAC7D,KAAK,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC;IAC7D,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC;IAC5D,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC;IAC5D,KAAK,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC;IAC7D,KAAK,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC;IAC7D,KAAK,CAAC,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,UAAU,CAAC;CACtD;AAED,MAAM,WAAW,cAAc;IAC7B,KAAK,EAAE,QAAQ,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC/B,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACnC;AAED,MAAM,WAAW,gBAAiB,SAAQ,UAAU;IAClD,OAAO,EAAE,cAAc,EAAE,CAAC;CAC3B;AAED,wBAAgB,gBAAgB,IAAI,UAAU,CAY7C;AAED,wBAAgB,kBAAkB,CAChC,QAAQ,GAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAM,EACtC,OAAO,GAAE,cAAc,EAAO,GAC7B,gBAAgB,CA0BlB"}
|
|
1
|
+
{"version":3,"file":"logger.d.ts","sourceRoot":"","sources":["../../src/ports/logger.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,MAAM,MAAM,QAAQ,GAAG,OAAO,GAAG,OAAO,GAAG,MAAM,GAAG,MAAM,GAAG,OAAO,GAAG,OAAO,CAAC;AAE/E;;;;;GAKG;AACH,MAAM,WAAW,UAAU;IACzB;;OAEG;IACH,KAAK,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC;IAC7D;;OAEG;IACH,KAAK,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC;IAC7D;;OAEG;IACH,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC;IAC5D;;OAEG;IACH,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC;IAC5D;;OAEG;IACH,KAAK,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC;IAC7D;;OAEG;IACH,KAAK,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC;IAC7D;;OAEG;IACH,KAAK,CAAC,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,UAAU,CAAC;CACtD;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,KAAK,EAAE,QAAQ,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC/B,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACnC;AAED;;GAEG;AACH,MAAM,WAAW,gBAAiB,SAAQ,UAAU;IAClD;;OAEG;IACH,OAAO,EAAE,cAAc,EAAE,CAAC;CAC3B;AAED;;;;;;GAMG;AACH,wBAAgB,gBAAgB,IAAI,UAAU,CAY7C;AAED;;;;;;;;;GASG;AACH,wBAAgB,kBAAkB,CAChC,QAAQ,GAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAM,EACtC,OAAO,GAAE,cAAc,EAAO,GAC7B,gBAAgB,CA0BlB"}
|
package/dist/ports/logger.js
CHANGED
|
@@ -1,3 +1,10 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Create a logger that discards every log call.
|
|
3
|
+
*
|
|
4
|
+
* Use this in tests where logging is irrelevant.
|
|
5
|
+
*
|
|
6
|
+
* @returns A logger port whose methods are no-ops.
|
|
7
|
+
*/
|
|
1
8
|
export function createNoopLogger() {
|
|
2
9
|
const logger = {
|
|
3
10
|
trace: () => { },
|
|
@@ -10,6 +17,16 @@ export function createNoopLogger() {
|
|
|
10
17
|
};
|
|
11
18
|
return logger;
|
|
12
19
|
}
|
|
20
|
+
/**
|
|
21
|
+
* Create a logger that captures entries in memory.
|
|
22
|
+
*
|
|
23
|
+
* Child loggers inherit existing bindings and append new bindings to each
|
|
24
|
+
* captured entry.
|
|
25
|
+
*
|
|
26
|
+
* @param bindings - Structured bindings attached to every captured entry.
|
|
27
|
+
* @param entries - Optional shared entry array.
|
|
28
|
+
* @returns A logger port with an inspectable `entries` array.
|
|
29
|
+
*/
|
|
13
30
|
export function createMemoryLogger(bindings = {}, entries = []) {
|
|
14
31
|
const capturedBindings = { ...bindings };
|
|
15
32
|
const record = (level, message, meta) => {
|
package/dist/ports/logger.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"logger.js","sourceRoot":"","sources":["../../src/ports/logger.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"logger.js","sourceRoot":"","sources":["../../src/ports/logger.ts"],"names":[],"mappings":"AA8DA;;;;;;GAMG;AACH,MAAM,UAAU,gBAAgB;IAC9B,MAAM,MAAM,GAAe;QACzB,KAAK,EAAE,GAAG,EAAE,GAAE,CAAC;QACf,KAAK,EAAE,GAAG,EAAE,GAAE,CAAC;QACf,IAAI,EAAE,GAAG,EAAE,GAAE,CAAC;QACd,IAAI,EAAE,GAAG,EAAE,GAAE,CAAC;QACd,KAAK,EAAE,GAAG,EAAE,GAAE,CAAC;QACf,KAAK,EAAE,GAAG,EAAE,GAAE,CAAC;QACf,KAAK,EAAE,GAAG,EAAE,CAAC,MAAM;KACpB,CAAC;IAEF,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,kBAAkB,CAChC,WAAoC,EAAE,EACtC,UAA4B,EAAE;IAE9B,MAAM,gBAAgB,GAAG,EAAE,GAAG,QAAQ,EAAE,CAAC;IACzC,MAAM,MAAM,GAAG,CACb,KAAe,EACf,OAAe,EACf,IAA8B,EAC9B,EAAE;QACF,OAAO,CAAC,IAAI,CAAC;YACX,KAAK;YACL,OAAO;YACP,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC,EAAE,GAAG,IAAI,EAAE,CAAC,CAAC,CAAC,SAAS;YACpC,QAAQ,EAAE,EAAE,GAAG,gBAAgB,EAAE;SAClC,CAAC,CAAC;IACL,CAAC,CAAC;IAEF,OAAO;QACL,OAAO;QACP,KAAK,EAAE,CAAC,OAAO,EAAE,IAAI,EAAE,EAAE,CAAC,MAAM,CAAC,OAAO,EAAE,OAAO,EAAE,IAAI,CAAC;QACxD,KAAK,EAAE,CAAC,OAAO,EAAE,IAAI,EAAE,EAAE,CAAC,MAAM,CAAC,OAAO,EAAE,OAAO,EAAE,IAAI,CAAC;QACxD,IAAI,EAAE,CAAC,OAAO,EAAE,IAAI,EAAE,EAAE,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,EAAE,IAAI,CAAC;QACtD,IAAI,EAAE,CAAC,OAAO,EAAE,IAAI,EAAE,EAAE,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,EAAE,IAAI,CAAC;QACtD,KAAK,EAAE,CAAC,OAAO,EAAE,IAAI,EAAE,EAAE,CAAC,MAAM,CAAC,OAAO,EAAE,OAAO,EAAE,IAAI,CAAC;QACxD,KAAK,EAAE,CAAC,OAAO,EAAE,IAAI,EAAE,EAAE,CAAC,MAAM,CAAC,OAAO,EAAE,OAAO,EAAE,IAAI,CAAC;QACxD,KAAK,EAAE,CAAC,aAAa,EAAE,EAAE,CACvB,kBAAkB,CAAC,EAAE,GAAG,gBAAgB,EAAE,GAAG,aAAa,EAAE,EAAE,OAAO,CAAC;KACzE,CAAC;AACJ,CAAC"}
|
package/dist/ports/policy.d.ts
CHANGED
|
@@ -1,53 +1,185 @@
|
|
|
1
1
|
type MaybePromise<T> = T | Promise<T>;
|
|
2
|
+
/**
|
|
3
|
+
* A policy decision that allows the requested ability.
|
|
4
|
+
*/
|
|
2
5
|
export type GateAllowedDecision = {
|
|
3
6
|
allowed: true;
|
|
4
7
|
};
|
|
8
|
+
/**
|
|
9
|
+
* A policy decision that denies the requested ability.
|
|
10
|
+
*
|
|
11
|
+
* Use `reason`, `code`, and `details` to preserve structured denial context for
|
|
12
|
+
* errors, audit logs, and tests.
|
|
13
|
+
*/
|
|
5
14
|
export type GateDeniedDecision = {
|
|
6
15
|
allowed: false;
|
|
7
16
|
reason?: string;
|
|
8
17
|
code?: string;
|
|
9
18
|
details?: unknown;
|
|
10
19
|
};
|
|
20
|
+
/**
|
|
21
|
+
* Normalized authorization decision returned by gate inspection.
|
|
22
|
+
*/
|
|
11
23
|
export type GateDecision = GateAllowedDecision | GateDeniedDecision;
|
|
24
|
+
/**
|
|
25
|
+
* Value a policy resolver may return.
|
|
26
|
+
*
|
|
27
|
+
* Returning `true`/`false` is convenient for simple policies. Return
|
|
28
|
+
* `allow()`/`deny(...)` when the caller needs a denial reason, code, or
|
|
29
|
+
* structured details.
|
|
30
|
+
*/
|
|
12
31
|
export type GatePolicyResult = boolean | GateDecision;
|
|
32
|
+
/**
|
|
33
|
+
* Function that decides whether a context can perform an ability.
|
|
34
|
+
*
|
|
35
|
+
* The first argument is always the application context. Policies that operate
|
|
36
|
+
* on a record receive that record as their second argument.
|
|
37
|
+
*/
|
|
13
38
|
export type PolicyResolver = (...args: never[]) => MaybePromise<GatePolicyResult>;
|
|
39
|
+
/**
|
|
40
|
+
* Typed collection of ability resolvers created by `definePolicy(...)`.
|
|
41
|
+
*/
|
|
14
42
|
export type PolicyDefinition<TPolicies extends Record<string, PolicyResolver> = Record<string, PolicyResolver>> = {
|
|
15
43
|
policies: TPolicies;
|
|
16
44
|
};
|
|
45
|
+
/**
|
|
46
|
+
* Infer the application context type from a policy resolver.
|
|
47
|
+
*/
|
|
17
48
|
export type PolicyContext<TResolver> = TResolver extends (ctx: infer Ctx, ...args: never[]) => MaybePromise<GatePolicyResult> ? Ctx : never;
|
|
49
|
+
/**
|
|
50
|
+
* Infer whether an ability needs a subject argument.
|
|
51
|
+
*/
|
|
18
52
|
export type PolicySubjectArgs<TResolver> = TResolver extends (...args: infer TArgs) => MaybePromise<GatePolicyResult> ? TArgs extends [unknown, infer Subject] ? [subject: Subject] : [] : [];
|
|
19
53
|
type UnionToIntersection<T> = (T extends unknown ? (value: T) => void : never) extends (value: infer U) => void ? U : never;
|
|
54
|
+
/**
|
|
55
|
+
* Merge the ability maps from multiple policy definitions.
|
|
56
|
+
*/
|
|
20
57
|
export type PolicyMapFromDefinitions<TPolicies extends readonly PolicyDefinition[]> = UnionToIntersection<TPolicies[number] extends PolicyDefinition<infer TPolicyMap> ? TPolicyMap : never>;
|
|
58
|
+
/**
|
|
59
|
+
* Infer the application context type shared by a list of policy definitions.
|
|
60
|
+
*/
|
|
21
61
|
export type PolicyContextFromDefinitions<TPolicies extends readonly PolicyDefinition[]> = PolicyContext<PolicyMapFromDefinitions<TPolicies>[keyof PolicyMapFromDefinitions<TPolicies>]>;
|
|
62
|
+
/**
|
|
63
|
+
* Gate bound to a specific application context.
|
|
64
|
+
*
|
|
65
|
+
* Apps commonly attach this to request context as `ctx.gate` so use cases can
|
|
66
|
+
* call `ctx.gate.authorize("posts.update", post)` without passing `ctx` back
|
|
67
|
+
* into every authorization call.
|
|
68
|
+
*/
|
|
22
69
|
export type BoundGate<TPolicies extends readonly PolicyDefinition[]> = {
|
|
70
|
+
/**
|
|
71
|
+
* Return only whether the ability is allowed.
|
|
72
|
+
*/
|
|
23
73
|
can<TAbility extends keyof PolicyMapFromDefinitions<TPolicies> & string>(ability: TAbility, ...subject: PolicySubjectArgs<PolicyMapFromDefinitions<TPolicies>[TAbility]>): Promise<boolean>;
|
|
74
|
+
/**
|
|
75
|
+
* Return the full allow/deny decision without throwing.
|
|
76
|
+
*/
|
|
24
77
|
inspect<TAbility extends keyof PolicyMapFromDefinitions<TPolicies> & string>(ability: TAbility, ...subject: PolicySubjectArgs<PolicyMapFromDefinitions<TPolicies>[TAbility]>): Promise<GateDecision>;
|
|
78
|
+
/**
|
|
79
|
+
* Return an allowed decision or throw for denied abilities.
|
|
80
|
+
*/
|
|
25
81
|
authorize<TAbility extends keyof PolicyMapFromDefinitions<TPolicies> & string>(ability: TAbility, ...subject: PolicySubjectArgs<PolicyMapFromDefinitions<TPolicies>[TAbility]>): Promise<GateAllowedDecision>;
|
|
26
82
|
};
|
|
83
|
+
/**
|
|
84
|
+
* App-facing authorization gate.
|
|
85
|
+
*
|
|
86
|
+
* The gate evaluates app-owned policies. It is not an authentication provider:
|
|
87
|
+
* authenticate at the HTTP boundary first, then pass the resulting actor/user
|
|
88
|
+
* data into policy context.
|
|
89
|
+
*/
|
|
27
90
|
export type GatePort<TContext, TPolicies extends readonly PolicyDefinition[] = readonly PolicyDefinition[]> = {
|
|
91
|
+
/**
|
|
92
|
+
* Bind this gate to a context, usually during `createContext`.
|
|
93
|
+
*/
|
|
28
94
|
bind(ctx: TContext): BoundGate<TPolicies>;
|
|
95
|
+
/**
|
|
96
|
+
* Return only whether the ability is allowed for a context.
|
|
97
|
+
*/
|
|
29
98
|
can<TAbility extends keyof PolicyMapFromDefinitions<TPolicies> & string>(ctx: TContext, ability: TAbility, ...subject: PolicySubjectArgs<PolicyMapFromDefinitions<TPolicies>[TAbility]>): Promise<boolean>;
|
|
99
|
+
/**
|
|
100
|
+
* Return the full allow/deny decision for a context without throwing.
|
|
101
|
+
*/
|
|
30
102
|
inspect<TAbility extends keyof PolicyMapFromDefinitions<TPolicies> & string>(ctx: TContext, ability: TAbility, ...subject: PolicySubjectArgs<PolicyMapFromDefinitions<TPolicies>[TAbility]>): Promise<GateDecision>;
|
|
103
|
+
/**
|
|
104
|
+
* Return an allowed decision or throw for denied abilities.
|
|
105
|
+
*/
|
|
31
106
|
authorize<TAbility extends keyof PolicyMapFromDefinitions<TPolicies> & string>(ctx: TContext, ability: TAbility, ...subject: PolicySubjectArgs<PolicyMapFromDefinitions<TPolicies>[TAbility]>): Promise<GateAllowedDecision>;
|
|
32
107
|
};
|
|
108
|
+
/**
|
|
109
|
+
* Hook used to convert a denied decision into an application-specific error.
|
|
110
|
+
*/
|
|
33
111
|
export type GateDenyHandler<TContext> = (decision: GateDeniedDecision, params: {
|
|
34
112
|
ctx: TContext;
|
|
35
113
|
ability: string;
|
|
36
114
|
subject?: unknown;
|
|
37
115
|
}) => MaybePromise<Error | undefined>;
|
|
116
|
+
/**
|
|
117
|
+
* Options for `createGate(...)`.
|
|
118
|
+
*/
|
|
38
119
|
export type CreateGateOptions<TContext, TPolicies extends readonly PolicyDefinition[]> = {
|
|
120
|
+
/**
|
|
121
|
+
* Policy definitions to register.
|
|
122
|
+
*/
|
|
39
123
|
policies: TPolicies;
|
|
124
|
+
/**
|
|
125
|
+
* Optional mapper for denied authorization decisions.
|
|
126
|
+
*/
|
|
40
127
|
onDeny?: GateDenyHandler<TContext>;
|
|
41
128
|
};
|
|
129
|
+
/**
|
|
130
|
+
* Default error thrown by `authorize(...)` when a policy denies access.
|
|
131
|
+
*/
|
|
42
132
|
export declare class GateAuthorizationError extends Error {
|
|
43
133
|
readonly code: string;
|
|
44
134
|
readonly status = 403;
|
|
45
135
|
readonly details?: unknown;
|
|
46
136
|
constructor(decision?: GateDeniedDecision);
|
|
47
137
|
}
|
|
138
|
+
/**
|
|
139
|
+
* Create an explicit allow decision.
|
|
140
|
+
*
|
|
141
|
+
* @returns A normalized gate decision with `allowed: true`.
|
|
142
|
+
*/
|
|
48
143
|
export declare function allow(): GateAllowedDecision;
|
|
144
|
+
/**
|
|
145
|
+
* Create an explicit deny decision.
|
|
146
|
+
*
|
|
147
|
+
* @example
|
|
148
|
+
* ```ts
|
|
149
|
+
* return deny("Only owners can edit this post");
|
|
150
|
+
* ```
|
|
151
|
+
*
|
|
152
|
+
* @param reasonOrDecision - Optional reason string or structured denial data.
|
|
153
|
+
* @returns A normalized gate decision with `allowed: false`.
|
|
154
|
+
*/
|
|
49
155
|
export declare function deny(reasonOrDecision?: string | Omit<GateDeniedDecision, "allowed">): GateDeniedDecision;
|
|
156
|
+
/**
|
|
157
|
+
* Define a typed group of authorization policies.
|
|
158
|
+
*
|
|
159
|
+
* Keep policy definitions near the feature that owns the business rule. The
|
|
160
|
+
* returned definition is registered with `createGate(...)`.
|
|
161
|
+
*
|
|
162
|
+
* @example
|
|
163
|
+
* ```ts
|
|
164
|
+
* export const postPolicy = definePolicy({
|
|
165
|
+
* "posts.update": (ctx, post: Post) => post.authorId === ctx.actor.id,
|
|
166
|
+
* });
|
|
167
|
+
* ```
|
|
168
|
+
*
|
|
169
|
+
* @param policies - Ability resolver map keyed by stable ability names.
|
|
170
|
+
* @returns A typed policy definition for registration with `createGate(...)`.
|
|
171
|
+
*/
|
|
50
172
|
export declare function definePolicy<const TPolicies extends Record<string, PolicyResolver>>(policies: TPolicies): PolicyDefinition<TPolicies>;
|
|
173
|
+
/**
|
|
174
|
+
* Create an authorization gate from app-owned policy definitions.
|
|
175
|
+
*
|
|
176
|
+
* Register the gate as a port, then bind it to the request/background context:
|
|
177
|
+
* `gate: ports.gate.bind(context)`. Use cases can then call
|
|
178
|
+
* `ctx.gate.authorize(...)` for business authorization.
|
|
179
|
+
*
|
|
180
|
+
* @param options - Policy definitions and optional denial mapper.
|
|
181
|
+
* @returns A gate port that can evaluate registered abilities.
|
|
182
|
+
*/
|
|
51
183
|
export declare function createGate<TContext, const TPolicies extends readonly PolicyDefinition[]>(options: CreateGateOptions<TContext, TPolicies>): GatePort<TContext, TPolicies>;
|
|
52
184
|
export {};
|
|
53
185
|
//# sourceMappingURL=policy.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"policy.d.ts","sourceRoot":"","sources":["../../src/ports/policy.ts"],"names":[],"mappings":"AAAA,KAAK,YAAY,CAAC,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;AAEtC,MAAM,MAAM,mBAAmB,GAAG;IAChC,OAAO,EAAE,IAAI,CAAC;CACf,CAAC;AAEF,MAAM,MAAM,kBAAkB,GAAG;IAC/B,OAAO,EAAE,KAAK,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB,CAAC;AAEF,MAAM,MAAM,YAAY,GAAG,mBAAmB,GAAG,kBAAkB,CAAC;
|
|
1
|
+
{"version":3,"file":"policy.d.ts","sourceRoot":"","sources":["../../src/ports/policy.ts"],"names":[],"mappings":"AAAA,KAAK,YAAY,CAAC,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;AAEtC;;GAEG;AACH,MAAM,MAAM,mBAAmB,GAAG;IAChC,OAAO,EAAE,IAAI,CAAC;CACf,CAAC;AAEF;;;;;GAKG;AACH,MAAM,MAAM,kBAAkB,GAAG;IAC/B,OAAO,EAAE,KAAK,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,YAAY,GAAG,mBAAmB,GAAG,kBAAkB,CAAC;AAEpE;;;;;;GAMG;AACH,MAAM,MAAM,gBAAgB,GAAG,OAAO,GAAG,YAAY,CAAC;AAEtD;;;;;GAKG;AACH,MAAM,MAAM,cAAc,GAAG,CAC3B,GAAG,IAAI,EAAE,KAAK,EAAE,KACb,YAAY,CAAC,gBAAgB,CAAC,CAAC;AAEpC;;GAEG;AACH,MAAM,MAAM,gBAAgB,CAC1B,SAAS,SAAS,MAAM,CAAC,MAAM,EAAE,cAAc,CAAC,GAAG,MAAM,CACvD,MAAM,EACN,cAAc,CACf,IACC;IACF,QAAQ,EAAE,SAAS,CAAC;CACrB,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,aAAa,CAAC,SAAS,IAAI,SAAS,SAAS,CACvD,GAAG,EAAE,MAAM,GAAG,EACd,GAAG,IAAI,EAAE,KAAK,EAAE,KACb,YAAY,CAAC,gBAAgB,CAAC,GAC/B,GAAG,GACH,KAAK,CAAC;AAEV;;GAEG;AACH,MAAM,MAAM,iBAAiB,CAAC,SAAS,IAAI,SAAS,SAAS,CAC3D,GAAG,IAAI,EAAE,MAAM,KAAK,KACjB,YAAY,CAAC,gBAAgB,CAAC,GAC/B,KAAK,SAAS,CAAC,OAAO,EAAE,MAAM,OAAO,CAAC,GACpC,CAAC,OAAO,EAAE,OAAO,CAAC,GAClB,EAAE,GACJ,EAAE,CAAC;AAEP,KAAK,mBAAmB,CAAC,CAAC,IAAI,CAC5B,CAAC,SAAS,OAAO,GACb,CAAC,KAAK,EAAE,CAAC,KAAK,IAAI,GAClB,KAAK,CACV,SAAS,CAAC,KAAK,EAAE,MAAM,CAAC,KAAK,IAAI,GAC9B,CAAC,GACD,KAAK,CAAC;AAEV;;GAEG;AACH,MAAM,MAAM,wBAAwB,CAClC,SAAS,SAAS,SAAS,gBAAgB,EAAE,IAC3C,mBAAmB,CACrB,SAAS,CAAC,MAAM,CAAC,SAAS,gBAAgB,CAAC,MAAM,UAAU,CAAC,GACxD,UAAU,GACV,KAAK,CACV,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,4BAA4B,CACtC,SAAS,SAAS,SAAS,gBAAgB,EAAE,IAC3C,aAAa,CACf,wBAAwB,CAAC,SAAS,CAAC,CAAC,MAAM,wBAAwB,CAAC,SAAS,CAAC,CAAC,CAC/E,CAAC;AAEF;;;;;;GAMG;AACH,MAAM,MAAM,SAAS,CAAC,SAAS,SAAS,SAAS,gBAAgB,EAAE,IAAI;IACrE;;OAEG;IACH,GAAG,CAAC,QAAQ,SAAS,MAAM,wBAAwB,CAAC,SAAS,CAAC,GAAG,MAAM,EACrE,OAAO,EAAE,QAAQ,EACjB,GAAG,OAAO,EAAE,iBAAiB,CAAC,wBAAwB,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAC,CAAC,GAC3E,OAAO,CAAC,OAAO,CAAC,CAAC;IACpB;;OAEG;IACH,OAAO,CAAC,QAAQ,SAAS,MAAM,wBAAwB,CAAC,SAAS,CAAC,GAAG,MAAM,EACzE,OAAO,EAAE,QAAQ,EACjB,GAAG,OAAO,EAAE,iBAAiB,CAAC,wBAAwB,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAC,CAAC,GAC3E,OAAO,CAAC,YAAY,CAAC,CAAC;IACzB;;OAEG;IACH,SAAS,CACP,QAAQ,SAAS,MAAM,wBAAwB,CAAC,SAAS,CAAC,GAAG,MAAM,EAEnE,OAAO,EAAE,QAAQ,EACjB,GAAG,OAAO,EAAE,iBAAiB,CAAC,wBAAwB,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAC,CAAC,GAC3E,OAAO,CAAC,mBAAmB,CAAC,CAAC;CACjC,CAAC;AAEF;;;;;;GAMG;AACH,MAAM,MAAM,QAAQ,CAClB,QAAQ,EACR,SAAS,SAAS,SAAS,gBAAgB,EAAE,GAAG,SAAS,gBAAgB,EAAE,IACzE;IACF;;OAEG;IACH,IAAI,CAAC,GAAG,EAAE,QAAQ,GAAG,SAAS,CAAC,SAAS,CAAC,CAAC;IAC1C;;OAEG;IACH,GAAG,CAAC,QAAQ,SAAS,MAAM,wBAAwB,CAAC,SAAS,CAAC,GAAG,MAAM,EACrE,GAAG,EAAE,QAAQ,EACb,OAAO,EAAE,QAAQ,EACjB,GAAG,OAAO,EAAE,iBAAiB,CAAC,wBAAwB,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAC,CAAC,GAC3E,OAAO,CAAC,OAAO,CAAC,CAAC;IACpB;;OAEG;IACH,OAAO,CAAC,QAAQ,SAAS,MAAM,wBAAwB,CAAC,SAAS,CAAC,GAAG,MAAM,EACzE,GAAG,EAAE,QAAQ,EACb,OAAO,EAAE,QAAQ,EACjB,GAAG,OAAO,EAAE,iBAAiB,CAAC,wBAAwB,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAC,CAAC,GAC3E,OAAO,CAAC,YAAY,CAAC,CAAC;IACzB;;OAEG;IACH,SAAS,CACP,QAAQ,SAAS,MAAM,wBAAwB,CAAC,SAAS,CAAC,GAAG,MAAM,EAEnE,GAAG,EAAE,QAAQ,EACb,OAAO,EAAE,QAAQ,EACjB,GAAG,OAAO,EAAE,iBAAiB,CAAC,wBAAwB,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAC,CAAC,GAC3E,OAAO,CAAC,mBAAmB,CAAC,CAAC;CACjC,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,eAAe,CAAC,QAAQ,IAAI,CACtC,QAAQ,EAAE,kBAAkB,EAC5B,MAAM,EAAE;IACN,GAAG,EAAE,QAAQ,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB,KACE,YAAY,CAAC,KAAK,GAAG,SAAS,CAAC,CAAC;AAErC;;GAEG;AACH,MAAM,MAAM,iBAAiB,CAC3B,QAAQ,EACR,SAAS,SAAS,SAAS,gBAAgB,EAAE,IAC3C;IACF;;OAEG;IACH,QAAQ,EAAE,SAAS,CAAC;IACpB;;OAEG;IACH,MAAM,CAAC,EAAE,eAAe,CAAC,QAAQ,CAAC,CAAC;CACpC,CAAC;AAEF;;GAEG;AACH,qBAAa,sBAAuB,SAAQ,KAAK;IAC/C,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,MAAM,OAAO;IACtB,QAAQ,CAAC,OAAO,CAAC,EAAE,OAAO,CAAC;gBAEf,QAAQ,GAAE,kBAA2B;CAMlD;AAED;;;;GAIG;AACH,wBAAgB,KAAK,IAAI,mBAAmB,CAE3C;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,IAAI,CAClB,gBAAgB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC,kBAAkB,EAAE,SAAS,CAAC,GAC9D,kBAAkB,CASpB;AAED;;;;;;;;;;;;;;;GAeG;AACH,wBAAgB,YAAY,CAC1B,KAAK,CAAC,SAAS,SAAS,MAAM,CAAC,MAAM,EAAE,cAAc,CAAC,EACtD,QAAQ,EAAE,SAAS,GAAG,gBAAgB,CAAC,SAAS,CAAC,CAElD;AAED;;;;;;;;;GASG;AACH,wBAAgB,UAAU,CACxB,QAAQ,EACR,KAAK,CAAC,SAAS,SAAS,SAAS,gBAAgB,EAAE,EAEnD,OAAO,EAAE,iBAAiB,CAAC,QAAQ,EAAE,SAAS,CAAC,GAC9C,QAAQ,CAAC,QAAQ,EAAE,SAAS,CAAC,CAgE/B"}
|
package/dist/ports/policy.js
CHANGED
|
@@ -1,3 +1,6 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Default error thrown by `authorize(...)` when a policy denies access.
|
|
3
|
+
*/
|
|
1
4
|
export class GateAuthorizationError extends Error {
|
|
2
5
|
code;
|
|
3
6
|
status = 403;
|
|
@@ -9,9 +12,25 @@ export class GateAuthorizationError extends Error {
|
|
|
9
12
|
this.details = decision.details;
|
|
10
13
|
}
|
|
11
14
|
}
|
|
15
|
+
/**
|
|
16
|
+
* Create an explicit allow decision.
|
|
17
|
+
*
|
|
18
|
+
* @returns A normalized gate decision with `allowed: true`.
|
|
19
|
+
*/
|
|
12
20
|
export function allow() {
|
|
13
21
|
return { allowed: true };
|
|
14
22
|
}
|
|
23
|
+
/**
|
|
24
|
+
* Create an explicit deny decision.
|
|
25
|
+
*
|
|
26
|
+
* @example
|
|
27
|
+
* ```ts
|
|
28
|
+
* return deny("Only owners can edit this post");
|
|
29
|
+
* ```
|
|
30
|
+
*
|
|
31
|
+
* @param reasonOrDecision - Optional reason string or structured denial data.
|
|
32
|
+
* @returns A normalized gate decision with `allowed: false`.
|
|
33
|
+
*/
|
|
15
34
|
export function deny(reasonOrDecision) {
|
|
16
35
|
if (typeof reasonOrDecision === "string") {
|
|
17
36
|
return { allowed: false, reason: reasonOrDecision };
|
|
@@ -21,9 +40,35 @@ export function deny(reasonOrDecision) {
|
|
|
21
40
|
...reasonOrDecision,
|
|
22
41
|
};
|
|
23
42
|
}
|
|
43
|
+
/**
|
|
44
|
+
* Define a typed group of authorization policies.
|
|
45
|
+
*
|
|
46
|
+
* Keep policy definitions near the feature that owns the business rule. The
|
|
47
|
+
* returned definition is registered with `createGate(...)`.
|
|
48
|
+
*
|
|
49
|
+
* @example
|
|
50
|
+
* ```ts
|
|
51
|
+
* export const postPolicy = definePolicy({
|
|
52
|
+
* "posts.update": (ctx, post: Post) => post.authorId === ctx.actor.id,
|
|
53
|
+
* });
|
|
54
|
+
* ```
|
|
55
|
+
*
|
|
56
|
+
* @param policies - Ability resolver map keyed by stable ability names.
|
|
57
|
+
* @returns A typed policy definition for registration with `createGate(...)`.
|
|
58
|
+
*/
|
|
24
59
|
export function definePolicy(policies) {
|
|
25
60
|
return { policies };
|
|
26
61
|
}
|
|
62
|
+
/**
|
|
63
|
+
* Create an authorization gate from app-owned policy definitions.
|
|
64
|
+
*
|
|
65
|
+
* Register the gate as a port, then bind it to the request/background context:
|
|
66
|
+
* `gate: ports.gate.bind(context)`. Use cases can then call
|
|
67
|
+
* `ctx.gate.authorize(...)` for business authorization.
|
|
68
|
+
*
|
|
69
|
+
* @param options - Policy definitions and optional denial mapper.
|
|
70
|
+
* @returns A gate port that can evaluate registered abilities.
|
|
71
|
+
*/
|
|
27
72
|
export function createGate(options) {
|
|
28
73
|
const registry = new Map();
|
|
29
74
|
for (const definition of options.policies) {
|
package/dist/ports/policy.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"policy.js","sourceRoot":"","sources":["../../src/ports/policy.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"policy.js","sourceRoot":"","sources":["../../src/ports/policy.ts"],"names":[],"mappings":"AAoNA;;GAEG;AACH,MAAM,OAAO,sBAAuB,SAAQ,KAAK;IACtC,IAAI,CAAS;IACb,MAAM,GAAG,GAAG,CAAC;IACb,OAAO,CAAW;IAE3B,YAAY,WAA+B,IAAI,EAAE;QAC/C,KAAK,CAAC,QAAQ,CAAC,MAAM,IAAI,WAAW,CAAC,CAAC;QACtC,IAAI,CAAC,IAAI,GAAG,wBAAwB,CAAC;QACrC,IAAI,CAAC,IAAI,GAAG,QAAQ,CAAC,IAAI,IAAI,WAAW,CAAC;QACzC,IAAI,CAAC,OAAO,GAAG,QAAQ,CAAC,OAAO,CAAC;IAClC,CAAC;CACF;AAED;;;;GAIG;AACH,MAAM,UAAU,KAAK;IACnB,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;AAC3B,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,UAAU,IAAI,CAClB,gBAA+D;IAE/D,IAAI,OAAO,gBAAgB,KAAK,QAAQ,EAAE,CAAC;QACzC,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,gBAAgB,EAAE,CAAC;IACtD,CAAC;IAED,OAAO;QACL,OAAO,EAAE,KAAK;QACd,GAAG,gBAAgB;KACpB,CAAC;AACJ,CAAC;AAED;;;;;;;;;;;;;;;GAeG;AACH,MAAM,UAAU,YAAY,CAE1B,QAAmB;IACnB,OAAO,EAAE,QAAQ,EAAE,CAAC;AACtB,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,UAAU,CAIxB,OAA+C;IAE/C,MAAM,QAAQ,GAAG,IAAI,GAAG,EAA0B,CAAC;IAEnD,KAAK,MAAM,UAAU,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;QAC1C,KAAK,MAAM,CAAC,OAAO,EAAE,QAAQ,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;YACtE,IAAI,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC1B,MAAM,IAAI,KAAK,CAAC,mBAAmB,OAAO,0BAA0B,CAAC,CAAC;YACxE,CAAC;YAED,QAAQ,CAAC,GAAG,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;QAClC,CAAC;IACH,CAAC;IAED,KAAK,UAAU,OAAO,CACpB,GAAa,EACb,OAAe,EACf,OAAiB;QAEjB,MAAM,QAAQ,GAAG,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QACvC,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,OAAO,IAAI,CAAC;gBACV,MAAM,EAAE,6BAA6B,OAAO,IAAI;gBAChD,IAAI,EAAE,kBAAkB;aACzB,CAAC,CAAC;QACL,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,GAAY,EAAE,OAAgB,CAAC,CAAC;QAC9D,OAAO,iBAAiB,CAAC,MAAM,CAAC,CAAC;IACnC,CAAC;IAED,KAAK,UAAU,SAAS,CACtB,GAAa,EACb,OAAe,EACf,OAAiB;QAEjB,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,GAAG,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;QACtD,IAAI,QAAQ,CAAC,OAAO;YAAE,OAAO,QAAQ,CAAC;QAEtC,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,EAAE,GAAG,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC,CAAC;QAC3E,MAAM,MAAM,IAAI,IAAI,sBAAsB,CAAC,QAAQ,CAAC,CAAC;IACvD,CAAC;IAED,SAAS,IAAI,CAAC,GAAa;QACzB,OAAO;YACL,GAAG,EAAE,KAAK,EAAE,OAAO,EAAE,GAAG,OAAO,EAAE,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC;YACtE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,GAAG,OAAO,EAAE,EAAE,CACrC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC;YACxC,SAAS,EAAE,KAAK,EAAE,OAAO,EAAE,GAAG,OAAO,EAAE,EAAE,CACvC,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC;SAC3C,CAAC;IACJ,CAAC;IAED,MAAM,IAAI,GAAkC;QAC1C,IAAI;QACJ,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE,OAAO,EAAE,GAAG,OAAO;YAChC,OAAO,CAAC,MAAM,OAAO,CAAC,GAAG,EAAE,OAAO,EAAE,YAAY,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC;QACtE,CAAC;QACD,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,OAAO,EAAE,EAAE,CAC1C,OAAO,CAAC,GAAG,EAAE,OAAO,EAAE,YAAY,CAAC,OAAO,CAAC,CAAC;QAC9C,SAAS,EAAE,KAAK,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,OAAO,EAAE,EAAE,CAC5C,SAAS,CAAC,GAAG,EAAE,OAAO,EAAE,YAAY,CAAC,OAAO,CAAC,CAAC;KACjD,CAAC;IAEF,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,iBAAiB,CAAC,MAAwB;IACjD,IAAI,OAAO,MAAM,KAAK,SAAS,EAAE,CAAC;QAChC,OAAO,MAAM,CAAC,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;IACnC,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,YAAY,CAAC,OAA2B;IAC/C,OAAO,OAAO,CAAC,CAAC,CAAC,CAAC;AACpB,CAAC"}
|
|
@@ -1,3 +1,6 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Input for a single rate-limit hit.
|
|
3
|
+
*/
|
|
1
4
|
export interface RateLimitHitOptions {
|
|
2
5
|
/**
|
|
3
6
|
* Unique key for this rate limit window.
|
|
@@ -14,6 +17,9 @@ export interface RateLimitHitOptions {
|
|
|
14
17
|
*/
|
|
15
18
|
windowSec: number;
|
|
16
19
|
}
|
|
20
|
+
/**
|
|
21
|
+
* Result of recording a rate-limit hit.
|
|
22
|
+
*/
|
|
17
23
|
export interface RateLimitResult {
|
|
18
24
|
/**
|
|
19
25
|
* True when the hit is within the configured limit.
|
|
@@ -34,8 +40,27 @@ export interface RateLimitResult {
|
|
|
34
40
|
*/
|
|
35
41
|
retryAfterSeconds: number | null;
|
|
36
42
|
}
|
|
43
|
+
/**
|
|
44
|
+
* App-facing rate limiting port.
|
|
45
|
+
*
|
|
46
|
+
* Implement this with an atomic shared store such as Redis for production.
|
|
47
|
+
* Hook helpers call `hit(...)` to decide whether a request should continue.
|
|
48
|
+
*/
|
|
37
49
|
export interface RateLimitPort {
|
|
50
|
+
/**
|
|
51
|
+
* Record one hit for a rate-limit key and return the current decision.
|
|
52
|
+
*/
|
|
38
53
|
hit(options: RateLimitHitOptions): Promise<RateLimitResult>;
|
|
39
54
|
}
|
|
55
|
+
/**
|
|
56
|
+
* Create an in-memory rate limiter for tests, examples, and single-process
|
|
57
|
+
* development.
|
|
58
|
+
*
|
|
59
|
+
* This adapter is not durable or distributed. Production apps should use a
|
|
60
|
+
* provider backed by a shared atomic store when multiple processes or regions
|
|
61
|
+
* can serve requests.
|
|
62
|
+
*
|
|
63
|
+
* @returns A rate-limit port backed by a local `Map`.
|
|
64
|
+
*/
|
|
40
65
|
export declare function createMemoryRateLimiter(): RateLimitPort;
|
|
41
66
|
//# sourceMappingURL=rate-limit.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"rate-limit.d.ts","sourceRoot":"","sources":["../../src/ports/rate-limit.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,mBAAmB;IAClC;;;;OAIG;IACH,GAAG,EAAE,MAAM,CAAC;IACZ;;OAEG;IACH,KAAK,EAAE,MAAM,CAAC;IACd;;OAEG;IACH,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,eAAe;IAC9B;;OAEG;IACH,OAAO,EAAE,OAAO,CAAC;IACjB;;;OAGG;IACH,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB;;OAEG;IACH,OAAO,EAAE,IAAI,GAAG,IAAI,CAAC;IACrB;;;OAGG;IACH,iBAAiB,EAAE,MAAM,GAAG,IAAI,CAAC;CAClC;AAED,MAAM,WAAW,aAAa;IAC5B,GAAG,CAAC,OAAO,EAAE,mBAAmB,GAAG,OAAO,CAAC,eAAe,CAAC,CAAC;CAC7D;AAiBD,wBAAgB,uBAAuB,IAAI,aAAa,CAiCvD"}
|
|
1
|
+
{"version":3,"file":"rate-limit.d.ts","sourceRoot":"","sources":["../../src/ports/rate-limit.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC;;;;OAIG;IACH,GAAG,EAAE,MAAM,CAAC;IACZ;;OAEG;IACH,KAAK,EAAE,MAAM,CAAC;IACd;;OAEG;IACH,SAAS,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B;;OAEG;IACH,OAAO,EAAE,OAAO,CAAC;IACjB;;;OAGG;IACH,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB;;OAEG;IACH,OAAO,EAAE,IAAI,GAAG,IAAI,CAAC;IACrB;;;OAGG;IACH,iBAAiB,EAAE,MAAM,GAAG,IAAI,CAAC;CAClC;AAED;;;;;GAKG;AACH,MAAM,WAAW,aAAa;IAC5B;;OAEG;IACH,GAAG,CAAC,OAAO,EAAE,mBAAmB,GAAG,OAAO,CAAC,eAAe,CAAC,CAAC;CAC7D;AAiBD;;;;;;;;;GASG;AACH,wBAAgB,uBAAuB,IAAI,aAAa,CAiCvD"}
|
package/dist/ports/rate-limit.js
CHANGED
|
@@ -6,6 +6,16 @@ function assertPositiveInteger(name, value) {
|
|
|
6
6
|
function toRetryAfterSeconds(resetAt) {
|
|
7
7
|
return Math.max(0, Math.ceil((resetAt - Date.now()) / 1000));
|
|
8
8
|
}
|
|
9
|
+
/**
|
|
10
|
+
* Create an in-memory rate limiter for tests, examples, and single-process
|
|
11
|
+
* development.
|
|
12
|
+
*
|
|
13
|
+
* This adapter is not durable or distributed. Production apps should use a
|
|
14
|
+
* provider backed by a shared atomic store when multiple processes or regions
|
|
15
|
+
* can serve requests.
|
|
16
|
+
*
|
|
17
|
+
* @returns A rate-limit port backed by a local `Map`.
|
|
18
|
+
*/
|
|
9
19
|
export function createMemoryRateLimiter() {
|
|
10
20
|
const windows = new Map();
|
|
11
21
|
return {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"rate-limit.js","sourceRoot":"","sources":["../../src/ports/rate-limit.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"rate-limit.js","sourceRoot":"","sources":["../../src/ports/rate-limit.ts"],"names":[],"mappings":"AA8DA,SAAS,qBAAqB,CAAC,IAAY,EAAE,KAAa;IACxD,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,CAAC,IAAI,KAAK,IAAI,CAAC,EAAE,CAAC;QAC3C,MAAM,IAAI,KAAK,CAAC,GAAG,IAAI,6BAA6B,CAAC,CAAC;IACxD,CAAC;AACH,CAAC;AAED,SAAS,mBAAmB,CAAC,OAAe;IAC1C,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC;AAC/D,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,uBAAuB;IACrC,MAAM,OAAO,GAAG,IAAI,GAAG,EAAiC,CAAC;IAEzD,OAAO;QACL,KAAK,CAAC,GAAG,CAAC,EAAE,GAAG,EAAE,KAAK,EAAE,SAAS,EAAE;YACjC,qBAAqB,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;YACtC,qBAAqB,CAAC,WAAW,EAAE,SAAS,CAAC,CAAC;YAE9C,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;YACvB,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YACjC,MAAM,MAAM,GACV,OAAO,IAAI,OAAO,CAAC,OAAO,GAAG,GAAG;gBAC9B,CAAC,CAAC,OAAO;gBACT,CAAC,CAAC;oBACE,KAAK,EAAE,CAAC;oBACR,OAAO,EAAE,GAAG,GAAG,SAAS,GAAG,IAAI;iBAChC,CAAC;YAER,MAAM,CAAC,KAAK,IAAI,CAAC,CAAC;YAClB,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;YAEzB,MAAM,OAAO,GAAG,MAAM,CAAC,KAAK,IAAI,KAAK,CAAC;YACtC,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;YACpD,MAAM,OAAO,GAAG,IAAI,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;YAEzC,OAAO;gBACL,OAAO;gBACP,SAAS;gBACT,OAAO;gBACP,iBAAiB,EAAE,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,mBAAmB,CAAC,MAAM,CAAC,OAAO,CAAC;aACxE,CAAC;QACJ,CAAC;KACF,CAAC;AACJ,CAAC"}
|
|
@@ -1,26 +1,127 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Default replacement used when a sensitive field is redacted.
|
|
3
|
+
*/
|
|
1
4
|
export declare const DEFAULT_REDACTED_VALUE = "[redacted]";
|
|
5
|
+
/**
|
|
6
|
+
* Default replacement used when recursive redaction exceeds `maxDepth`.
|
|
7
|
+
*/
|
|
2
8
|
export declare const DEFAULT_TRUNCATED_VALUE = "[truncated]";
|
|
9
|
+
/**
|
|
10
|
+
* Default replacement used when recursive redaction finds a circular object.
|
|
11
|
+
*/
|
|
3
12
|
export declare const DEFAULT_CIRCULAR_VALUE = "[circular]";
|
|
13
|
+
/**
|
|
14
|
+
* Exact header/object keys redacted by default.
|
|
15
|
+
*/
|
|
4
16
|
export declare const DEFAULT_SENSITIVE_KEYS: readonly ["authorization", "cookie", "set-cookie", "x-api-key", "api-key", "apikey", "access-token", "refresh-token", "credentials"];
|
|
17
|
+
/**
|
|
18
|
+
* Key substrings redacted by default.
|
|
19
|
+
*
|
|
20
|
+
* Matching is case-insensitive.
|
|
21
|
+
*/
|
|
5
22
|
export declare const DEFAULT_SENSITIVE_KEY_TERMS: readonly ["token", "password", "secret", "credential", "private-key", "privatekey"];
|
|
23
|
+
/**
|
|
24
|
+
* Context passed to custom redaction key decisions.
|
|
25
|
+
*/
|
|
6
26
|
export interface RedactionDecisionContext {
|
|
27
|
+
/**
|
|
28
|
+
* Current object/header key being evaluated.
|
|
29
|
+
*/
|
|
7
30
|
key: string;
|
|
31
|
+
/**
|
|
32
|
+
* Path to the current value from the root object.
|
|
33
|
+
*/
|
|
8
34
|
path: readonly string[];
|
|
35
|
+
/**
|
|
36
|
+
* Current value being evaluated.
|
|
37
|
+
*/
|
|
9
38
|
value: unknown;
|
|
10
39
|
}
|
|
40
|
+
/**
|
|
41
|
+
* Options that control recursive value and header redaction.
|
|
42
|
+
*/
|
|
11
43
|
export interface RedactionOptions {
|
|
44
|
+
/**
|
|
45
|
+
* Value used when a key is considered sensitive.
|
|
46
|
+
*/
|
|
12
47
|
replacement?: string;
|
|
48
|
+
/**
|
|
49
|
+
* Value used when recursion exceeds `maxDepth`.
|
|
50
|
+
*/
|
|
13
51
|
truncatedValue?: string;
|
|
52
|
+
/**
|
|
53
|
+
* Value used for circular references.
|
|
54
|
+
*/
|
|
14
55
|
circularValue?: string;
|
|
56
|
+
/**
|
|
57
|
+
* Maximum object/array depth to traverse before truncating.
|
|
58
|
+
*/
|
|
15
59
|
maxDepth?: number;
|
|
60
|
+
/**
|
|
61
|
+
* Additional exact keys to redact.
|
|
62
|
+
*/
|
|
16
63
|
sensitiveKeys?: readonly string[];
|
|
64
|
+
/**
|
|
65
|
+
* Additional case-insensitive key substrings to redact.
|
|
66
|
+
*/
|
|
17
67
|
sensitiveKeyTerms?: readonly string[];
|
|
68
|
+
/**
|
|
69
|
+
* Custom key-level redaction rule.
|
|
70
|
+
*/
|
|
18
71
|
shouldRedactKey?: (context: RedactionDecisionContext) => boolean;
|
|
19
72
|
}
|
|
73
|
+
/**
|
|
74
|
+
* Function that returns a redacted copy of a value.
|
|
75
|
+
*/
|
|
20
76
|
export type Redactor<T = unknown> = (value: T) => T;
|
|
77
|
+
/**
|
|
78
|
+
* Header input shapes accepted by `redactHeaders(...)`.
|
|
79
|
+
*/
|
|
21
80
|
export type RedactableHeaders = Headers | Iterable<readonly [string, unknown]> | Record<string, unknown>;
|
|
81
|
+
/**
|
|
82
|
+
* Return whether a key should be redacted.
|
|
83
|
+
*
|
|
84
|
+
* Checks default exact keys, default key terms, user-provided exact keys,
|
|
85
|
+
* user-provided key terms, and finally `shouldRedactKey`.
|
|
86
|
+
*
|
|
87
|
+
* @param key - Object or header key to evaluate.
|
|
88
|
+
* @param options - Optional redaction behavior.
|
|
89
|
+
* @param context - Optional path/value context for custom decisions.
|
|
90
|
+
* @returns `true` when the key should be replaced.
|
|
91
|
+
*/
|
|
22
92
|
export declare function isSensitiveKey(key: string, options?: RedactionOptions, context?: Omit<RedactionDecisionContext, "key">): boolean;
|
|
93
|
+
/**
|
|
94
|
+
* Recursively redact a value using Beignet's default sensitive-key rules plus
|
|
95
|
+
* any custom rules in `options`.
|
|
96
|
+
*
|
|
97
|
+
* This returns a copy for objects and arrays. Primitive values are returned as
|
|
98
|
+
* is unless they are under a sensitive key. Some runtime shapes are normalized:
|
|
99
|
+
* `bigint` becomes a string, `Error` becomes a plain object with `name`,
|
|
100
|
+
* `message`, and `stack`, and class instances are copied from enumerable
|
|
101
|
+
* entries.
|
|
102
|
+
*
|
|
103
|
+
* @param value - Value to redact.
|
|
104
|
+
* @param options - Optional redaction behavior.
|
|
105
|
+
* @returns A redacted value typed as the input type for caller convenience.
|
|
106
|
+
*/
|
|
23
107
|
export declare function redactValue<T = unknown>(value: T, options?: RedactionOptions): T;
|
|
108
|
+
/**
|
|
109
|
+
* Redact headers into a plain object.
|
|
110
|
+
*
|
|
111
|
+
* Sensitive header names such as `authorization`, `cookie`, and token-like keys
|
|
112
|
+
* are replaced. Non-sensitive values are passed through `redactValue(...)` so
|
|
113
|
+
* nested object values are still sanitized.
|
|
114
|
+
*
|
|
115
|
+
* @param headers - Headers object, iterable entries, or plain object.
|
|
116
|
+
* @param options - Optional redaction behavior.
|
|
117
|
+
* @returns A plain object with redacted header values.
|
|
118
|
+
*/
|
|
24
119
|
export declare function redactHeaders(headers: RedactableHeaders, options?: RedactionOptions): Record<string, unknown>;
|
|
120
|
+
/**
|
|
121
|
+
* Create a reusable redactor function from options.
|
|
122
|
+
*
|
|
123
|
+
* @param options - Redaction behavior to apply on each call.
|
|
124
|
+
* @returns A function that redacts values with the provided options.
|
|
125
|
+
*/
|
|
25
126
|
export declare function createRedactor<T = unknown>(options?: RedactionOptions): Redactor<T>;
|
|
26
127
|
//# sourceMappingURL=redaction.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"redaction.d.ts","sourceRoot":"","sources":["../../src/ports/redaction.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,sBAAsB,eAAe,CAAC;AACnD,eAAO,MAAM,uBAAuB,gBAAgB,CAAC;AACrD,eAAO,MAAM,sBAAsB,eAAe,CAAC;AAEnD,eAAO,MAAM,sBAAsB,sIAUzB,CAAC;AAEX,eAAO,MAAM,2BAA2B,qFAO9B,CAAC;AAEX,MAAM,WAAW,wBAAwB;IACvC,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,SAAS,MAAM,EAAE,CAAC;IACxB,KAAK,EAAE,OAAO,CAAC;CAChB;AAED,MAAM,WAAW,gBAAgB;IAC/B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,aAAa,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IAClC,iBAAiB,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IACtC,eAAe,CAAC,EAAE,CAAC,OAAO,EAAE,wBAAwB,KAAK,OAAO,CAAC;CAClE;AAED,MAAM,MAAM,QAAQ,CAAC,CAAC,GAAG,OAAO,IAAI,CAAC,KAAK,EAAE,CAAC,KAAK,CAAC,CAAC;AAEpD,MAAM,MAAM,iBAAiB,GACzB,OAAO,GACP,QAAQ,CAAC,SAAS,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,GACpC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;AAM5B,wBAAgB,cAAc,CAC5B,GAAG,EAAE,MAAM,EACX,OAAO,GAAE,gBAAqB,EAC9B,OAAO,CAAC,EAAE,IAAI,CAAC,wBAAwB,EAAE,KAAK,CAAC,GAC9C,OAAO,CAsBT;AAwED,wBAAgB,WAAW,CAAC,CAAC,GAAG,OAAO,EACrC,KAAK,EAAE,CAAC,EACR,OAAO,GAAE,gBAAqB,GAC7B,CAAC,CAEH;AAuBD,wBAAgB,aAAa,CAC3B,OAAO,EAAE,iBAAiB,EAC1B,OAAO,GAAE,gBAAqB,GAC7B,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAWzB;AAED,wBAAgB,cAAc,CAAC,CAAC,GAAG,OAAO,EACxC,OAAO,GAAE,gBAAqB,GAC7B,QAAQ,CAAC,CAAC,CAAC,CAEb"}
|
|
1
|
+
{"version":3,"file":"redaction.d.ts","sourceRoot":"","sources":["../../src/ports/redaction.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,eAAO,MAAM,sBAAsB,eAAe,CAAC;AACnD;;GAEG;AACH,eAAO,MAAM,uBAAuB,gBAAgB,CAAC;AACrD;;GAEG;AACH,eAAO,MAAM,sBAAsB,eAAe,CAAC;AAEnD;;GAEG;AACH,eAAO,MAAM,sBAAsB,sIAUzB,CAAC;AAEX;;;;GAIG;AACH,eAAO,MAAM,2BAA2B,qFAO9B,CAAC;AAEX;;GAEG;AACH,MAAM,WAAW,wBAAwB;IACvC;;OAEG;IACH,GAAG,EAAE,MAAM,CAAC;IACZ;;OAEG;IACH,IAAI,EAAE,SAAS,MAAM,EAAE,CAAC;IACxB;;OAEG;IACH,KAAK,EAAE,OAAO,CAAC;CAChB;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B;;OAEG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB;;OAEG;IACH,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB;;OAEG;IACH,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB;;OAEG;IACH,aAAa,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IAClC;;OAEG;IACH,iBAAiB,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IACtC;;OAEG;IACH,eAAe,CAAC,EAAE,CAAC,OAAO,EAAE,wBAAwB,KAAK,OAAO,CAAC;CAClE;AAED;;GAEG;AACH,MAAM,MAAM,QAAQ,CAAC,CAAC,GAAG,OAAO,IAAI,CAAC,KAAK,EAAE,CAAC,KAAK,CAAC,CAAC;AAEpD;;GAEG;AACH,MAAM,MAAM,iBAAiB,GACzB,OAAO,GACP,QAAQ,CAAC,SAAS,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,GACpC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;AAM5B;;;;;;;;;;GAUG;AACH,wBAAgB,cAAc,CAC5B,GAAG,EAAE,MAAM,EACX,OAAO,GAAE,gBAAqB,EAC9B,OAAO,CAAC,EAAE,IAAI,CAAC,wBAAwB,EAAE,KAAK,CAAC,GAC9C,OAAO,CAsBT;AAwED;;;;;;;;;;;;;GAaG;AACH,wBAAgB,WAAW,CAAC,CAAC,GAAG,OAAO,EACrC,KAAK,EAAE,CAAC,EACR,OAAO,GAAE,gBAAqB,GAC7B,CAAC,CAEH;AAuBD;;;;;;;;;;GAUG;AACH,wBAAgB,aAAa,CAC3B,OAAO,EAAE,iBAAiB,EAC1B,OAAO,GAAE,gBAAqB,GAC7B,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAWzB;AAED;;;;;GAKG;AACH,wBAAgB,cAAc,CAAC,CAAC,GAAG,OAAO,EACxC,OAAO,GAAE,gBAAqB,GAC7B,QAAQ,CAAC,CAAC,CAAC,CAEb"}
|