@cerebruminc/yates 1.1.1 → 2.0.0

package/CHANGELOG.md

@@ -1,5 +1,34 @@
 # Changelog
 
+## [2.0.0](https://github.com/cerebruminc/yates/compare/v1.2.0...v2.0.0) (2023-02-22)
+
+
+### ⚠ BREAKING CHANGES
+
+* Use client extensions instead of middleware
+
+### Features
+
+* Use client extensions instead of middleware ([f3fa1a3](https://github.com/cerebruminc/yates/commit/f3fa1a3d187d62031e2124d023ba726e7b810e39))
+
+
+### Bug Fixes
+
+* Explicity disconnect expression Prisma client ([ccceaa3](https://github.com/cerebruminc/yates/commit/ccceaa3f3baab26251b00b631962ae633deea714))
+* Strongly type context values in expressions ([ec5e266](https://github.com/cerebruminc/yates/commit/ec5e2668a0ba776ed4319ade0940cd2f8dc9cbed))
+
+## [1.2.0](https://github.com/cerebruminc/yates/compare/v1.1.1...v1.2.0) (2023-02-20)
+
+
+### Features
+
+* Add functionality for using Prisma as a query builder ([22d16a8](https://github.com/cerebruminc/yates/commit/22d16a8d21ea785256fe770747517e0a249e56c3))
+
+
+### Bug Fixes
+
+* Don't run integration tests when a PR is closed ([2b25093](https://github.com/cerebruminc/yates/commit/2b250937b0618d4ad7c7706286b74bca52603b22))
+
 ## [1.1.1](https://github.com/cerebruminc/yates/compare/v1.1.0...v1.1.1) (2023-01-30)
 
 

package/README.md

@@ -18,15 +18,29 @@
 Yates is a module for implementing role based access control with Prisma. It is designed to be used with the [Prisma Client](https://www.prisma.io/docs/reference/tools-and-interfaces/prisma-client) and [PostgreSQL](https://www.postgresql.org/).
 It uses the [Row Level Security](https://www.postgresql.org/docs/9.5/ddl-rowsecurity.html) feature of PostgreSQL to provide a simple and secure way to implement role based access control that allows you to define complex access control rules and have them apply to all of your Prisma queries automatically.
 
+## Prerequisites
+
+Yates requires the `prisma` package ate version 4.9.0 or greater and the `@prisma/client` package at version 4.0.0 or greater. Additionally it makes use of the [Prisma Client extensions](https://www.prisma.io/docs/concepts/components/prisma-client/client-extensions) preview feature to generate rules and add RLS checking, so you will need to enable this feature in your Prisma schema.
+
+````prisma
+generator client {
+  provider        = "prisma-client-js"
+  previewFeatures = ["clientExtensions"]
+}
+```
+
 ## Installation
 
 ```bash
 npm i @cerebruminc/yates
-```
+````
 
 ## Usage
 
-Once you've installed Yates, you can use it in your Prisma project by importing it and calling the `setup` function. This function takes a Prisma Client instance and a configuration object as arguments. Yates uses prisma middleware to intercept all queries and apply the appropriate row level security policies to them, so it's important that it is setup _after_ all other middleware has been applied to the Prisma client.
+Once you've installed Yates, you can use it in your Prisma project by importing it and calling the `setup` function. This function takes a Prisma Client instance and a configuration object as arguments and returns a client that can intercept all queries and apply the appropriate row level security policies to them.
+Yates uses client extensions to generate the RLS rules and add the RLS checking to the Prisma Client queries. This means that you can use the Prisma Client as you normally would, and Yates will automatically apply the appropriate RLS policies to each query. It also means that you will need to apply your middleware _before_ creating the Yates client, as middleware cannot be applied to an extended client.
+Client extensions share the same API as the Prisma Client, you can use the Yates client as a drop-in replacement for the Prisma Client in your application.
+Client extensions also share the same connection pool as the base client, which means that you can freely create new Yates clients with minimal performance impact.
 
 The `setup` function will generate CRUD abilities for each model in your Prisma schema, as well as any additional abilities that you have defined in your configuration. It will then create a new PG role for each ability and apply the appropriate row level security policies to each role. Finally, it will create a new PG role for each user role you specify and grant them the appropriate abilities.
 For Yates to be able to set the correct user role for each request, you must pass a function called `getContext` in the `setup` configuration that will return the user role for the current request. This function will be called for each request and the user role returned will be used to set the `role` in the current session. If you want to bypass RLS completely for a specific role, you can return `null` from the `getContext` function for that role.
@@ -39,16 +53,44 @@ import { PrismaClient } from "@prisma/client";
 
 const prisma = new PrismaClient();
 
-await setup({
+const client = await setup({
     prisma,
     // Define any custom abilities that you want to add to the system.
     customAbilities: () => ({
         USER: {
+            Post: {
+                insertOwnPost: {
+                    description: "Insert own post",
+                    // You can express the rule as a Prisma `where` clause.
+                    expression: (client, row, context) => {
+                      return {
+                        // This expression uses a context setting returned by the getContext function
+                        authorId: context('user.id')
+                      }
+                    },
+                    operation: "INSERT",
+                },
+            },
+            Comment: {
+                deleteOnOwnPost: {
+                    description: "Delete comment on own post",
+                    // You can also express the rule as a conventional Prisma query.
+                    expression: (client, row, context) => {
+                      return client.post.findFirst({
+                        where: {
+                          id: row('postId'),
+                          authorId: context('user.id')
+                        }
+                      })
+                    },
+                    operation: "DELETE",
+                },
+            }
             User: {
                 updateOwnUser: {
                     description: "Update own user",
-                    // This expression uses a context setting returned by the getContext function
-                    expression: `current_setting('context.user.id') = "id"`,
+                    // For low-level control you can also write expressions as a raw SQL string.
+                    expression: `current_setting('user.id') = "id"`,
                     operation: "UPDATE",
                 },
             }
@@ -82,11 +124,12 @@ await setup({
       return {
         role,
         context: {
-            // This context setting will be available in ability expressions using `current_setting('context.user.id')`
-          'context.user.id': user.id,
+            // This context setting will be available in ability expressions using `current_setting('user.id')`
+          'user.id': user.id,
         },
       };
     },
+});
 ```
 
 ## Configuration

package/dist/escape.d.ts

@@ -0,0 +1,2 @@
+export declare const escapeIdentifier: (str: string) => string;
+export declare const escapeLiteral: (str: string) => string;

package/dist/escape.js

@@ -0,0 +1,36 @@
+"use strict";
+// Source borrowed from node-postgrs (which borrows from PG itself)
+// https://github.com/brianc/node-postgres/blob/3f6760c62ee2a901d374b5e50c2f025b7d550315/packages/pg/lib/client.js#L408-L437
+// We need to manually escape strings because we're interpolating client values into SQL statements that don't support `PREPARE`, such as `CREATE POLICY`
+exports.__esModule = true;
+exports.escapeLiteral = exports.escapeIdentifier = void 0;
+// Ported from PostgreSQL 9.2.4 source code in src/interfaces/libpq/fe-exec.c
+var escapeIdentifier = function (str) {
+    return "\"".concat(str.replace(/"/g, '""'), "\"");
+};
+exports.escapeIdentifier = escapeIdentifier;
+// Ported from PostgreSQL 9.2.4 source code in src/interfaces/libpq/fe-exec.c
+var escapeLiteral = function (str) {
+    var hasBackslash = false;
+    var escaped = "'";
+    for (var i = 0; i < str.length; i++) {
+        var c = str[i];
+        if (c === "'") {
+            escaped += c + c;
+        }
+        else if (c === "\\") {
+            escaped += c + c;
+            hasBackslash = true;
+        }
+        else {
+            escaped += c;
+        }
+    }
+    escaped += "'";
+    if (hasBackslash === true) {
+        escaped = " E".concat(escaped);
+    }
+    return escaped;
+};
+exports.escapeLiteral = escapeLiteral;
+//# sourceMappingURL=escape.js.map

package/dist/escape.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"escape.js","sourceRoot":"","sources":["../src/escape.ts"],"names":[],"mappings":";AAAA,mEAAmE;AACnE,4HAA4H;AAC5H,yJAAyJ;;;AAEzJ,6EAA6E;AACtE,IAAM,gBAAgB,GAAG,UAAU,GAAW;IACpD,OAAO,YAAI,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,OAAG,CAAC;AACvC,CAAC,CAAC;AAFW,QAAA,gBAAgB,oBAE3B;AAEF,6EAA6E;AACtE,IAAM,aAAa,GAAG,UAAU,GAAW;IACjD,IAAI,YAAY,GAAG,KAAK,CAAC;IACzB,IAAI,OAAO,GAAG,GAAG,CAAC;IAElB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE;QACpC,IAAI,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC;QACf,IAAI,CAAC,KAAK,GAAG,EAAE;YACd,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC;SACjB;aAAM,IAAI,CAAC,KAAK,IAAI,EAAE;YACtB,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC;YACjB,YAAY,GAAG,IAAI,CAAC;SACpB;aAAM;YACN,OAAO,IAAI,CAAC,CAAC;SACb;KACD;IAED,OAAO,IAAI,GAAG,CAAC;IAEf,IAAI,YAAY,KAAK,IAAI,EAAE;QAC1B,OAAO,GAAG,YAAK,OAAO,CAAE,CAAC;KACzB;IAED,OAAO,OAAO,CAAC;AAChB,CAAC,CAAC;AAvBW,QAAA,aAAa,iBAuBxB"}

package/dist/expressions.d.ts

@@ -0,0 +1,5 @@
+import { PrismaClient } from "@prisma/client";
+export type Expression<ContextKeys extends string = string> = string | ((client: PrismaClient, row: (col: string) => any, context: (key: ContextKeys) => string) => Promise<any> | {
+    [col: string]: any;
+});
+export declare const expressionToSQL: (getExpression: Expression, table: string) => Promise<string>;

package/dist/expressions.js

@@ -0,0 +1,307 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __generator = (this && this.__generator) || function (thisArg, body) {
+    var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g;
+    return g = { next: verb(0), "throw": verb(1), "return": verb(2) }, typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
+    function verb(n) { return function (v) { return step([n, v]); }; }
+    function step(op) {
+        if (f) throw new TypeError("Generator is already executing.");
+        while (g && (g = 0, op[0] && (_ = 0)), _) try {
+            if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
+            if (y = 0, t) op = [op[0] & 2, t.value];
+            switch (op[0]) {
+                case 0: case 1: t = op; break;
+                case 4: _.label++; return { value: op[1], done: false };
+                case 5: _.label++; y = op[1]; op = [0]; continue;
+                case 7: op = _.ops.pop(); _.trys.pop(); continue;
+                default:
+                    if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }
+                    if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }
+                    if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }
+                    if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }
+                    if (t[2]) _.ops.pop();
+                    _.trys.pop(); continue;
+            }
+            op = body.call(thisArg, _);
+        } catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }
+        if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
+    }
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+exports.__esModule = true;
+exports.expressionToSQL = void 0;
+var client_1 = require("@prisma/client");
+var random_1 = __importDefault(require("lodash/random"));
+var matches_1 = __importDefault(require("lodash/matches"));
+var node_sql_parser_1 = require("@lucianbuzzo/node-sql-parser");
+var escape_1 = require("./escape");
+var PRISMA_NUMERIC_TYPES = ["Int", "BigInt", "Float", "Decimal"];
+var deepFind = function (obj, subObj) {
+    var matcher = (0, matches_1["default"])(subObj);
+    for (var key in obj) {
+        if (matcher(obj[key])) {
+            return obj[key];
+        }
+        else if (typeof obj[key] === "object") {
+            var result = deepFind(obj[key], subObj);
+            if (result) {
+                return result;
+            }
+        }
+    }
+};
+var expressionRowName = function (col) { return "___yates_row_".concat(col); };
+var expressionContext = function (context) { return "___yates_context_".concat(context); };
+// Generate a big 32bit signed integer to use as an ID
+var getLargeRandomInt = function () { return (0, random_1["default"])(1000000000, 2147483647); };
+var getDmmfMetaData = function (client, model, field) {
+    var modelData = client._baseDmmf.datamodel.models.find(function (m) { return m.name === model; });
+    if (!modelData) {
+        throw new Error("Could not retrieve model data from Prisma Client for model '".concat(model, "'"));
+    }
+    var fieldData = modelData.fields.find(function (f) { return f.name === field; });
+    return fieldData;
+};
+// Perform substitution of Ints so that Prisma doesn't throw an error due to mismatched type values
+// After we've captured the SQL, we can replace the Ints with the original values
+var tokenizeWhereExpression = function (
+/** The Prisma client to use for metadata */
+client, 
+/** The Prisma where expression to be tokenized */
+where, 
+/** The base table we are generating an expression for */
+table, 
+/** The model name being queried. e.g. 'User' */
+model, 
+/** The tokens object to add the new tokens to */
+tokens) {
+    if (tokens === void 0) { tokens = {}; }
+    for (var field in where) {
+        // Get field data from the prisma client for the model and field being queried
+        var fieldData = getDmmfMetaData(client, model, field);
+        var int = void 0;
+        // Small loop to make sure we get a unique int for the token key
+        do {
+            int = getLargeRandomInt();
+        } while (tokens[int]);
+        var astFragment = {};
+        var value = where[field];
+        var isNumeric = PRISMA_NUMERIC_TYPES.includes(fieldData.type);
+        var isColumnName = typeof value === "string" && !!value.match(/^___yates_row_/);
+        var isContext = typeof value === "string" && !!value.match(/^___yates_context_/);
+        switch (true) {
+            case isColumnName:
+                // Substiture the yates row placeholder for the actual column name
+                var column = value.replace(/^___yates_row_/, "");
+                if (!getDmmfMetaData(client, table, column)) {
+                    throw new Error("Invalid field name \"".concat(column, "\""));
+                }
+                astFragment = {
+                    type: "column_ref",
+                    schema: "public",
+                    table: table,
+                    column: column
+                };
+                break;
+            case isContext && isNumeric:
+                astFragment = {
+                    as: null,
+                    type: "cast",
+                    expr: {
+                        type: "function",
+                        name: "current_setting",
+                        args: {
+                            type: "expr_list",
+                            value: [
+                                {
+                                    type: "parameter",
+                                    value: (0, escape_1.escapeLiteral)(value.replace(/^___yates_context_/, ""))
+                                },
+                            ]
+                        }
+                    },
+                    symbol: "::",
+                    target: {
+                        dataType: "float",
+                        suffix: []
+                    }
+                };
+                break;
+            case isContext && !isNumeric:
+                astFragment = {
+                    type: "function",
+                    name: "current_setting",
+                    args: {
+                        type: "expr_list",
+                        value: [
+                            {
+                                type: "parameter",
+                                value: (0, escape_1.escapeLiteral)(value.replace(/^___yates_context_/, ""))
+                            },
+                        ]
+                    }
+                };
+                break;
+            case isNumeric:
+                if (typeof value !== "number") {
+                    throw new Error("Numeric fields can only be queried with numbers: querying field '".concat(field, "' with value '").concat(value, "'"));
+                }
+                astFragment = {
+                    type: "number",
+                    value: value
+                };
+                break;
+            // All other types are treated as strings
+            default:
+                astFragment = {
+                    type: "parameter",
+                    value: (0, escape_1.escapeLiteral)(value)
+                };
+                break;
+        }
+        tokens[int] = {
+            astFragment: astFragment
+        };
+        where[field] = isNumeric ? int : "".concat(int);
+    }
+    return {
+        tokens: tokens,
+        where: where
+    };
+};
+var expressionToSQL = function (getExpression, table) { return __awaiter(void 0, void 0, void 0, function () {
+    var baseClient, tokens, expressionClient, sql;
+    return __generator(this, function (_a) {
+        switch (_a.label) {
+            case 0:
+                if (typeof getExpression === "string") {
+                    return [2 /*return*/, getExpression];
+                }
+                baseClient = new client_1.PrismaClient({
+                    log: [{ level: "query", emit: "event" }]
+                });
+                tokens = {};
+                expressionClient = baseClient.$extends({
+                    name: "expressionClient",
+                    query: {
+                        $allModels: {
+                            $allOperations: function (_a) {
+                                var model = _a.model, operation = _a.operation, args = _a.args, query = _a.query;
+                                // if not findFirst or findUnique
+                                if (operation !== "findFirst" && operation !== "findUnique") {
+                                    throw new Error('Only "findFirst" and "findUnique" are supported in client expressions');
+                                }
+                                if ("where" in args && args.where) {
+                                    var where = tokenizeWhereExpression(baseClient, args.where, table, model, tokens).where;
+                                    args.where = where;
+                                }
+                                return query(args);
+                            }
+                        }
+                    }
+                });
+                return [4 /*yield*/, new Promise(
+                    // rome-ignore lint/suspicious/noAsyncPromiseExecutor: future cleanup
+                    function (resolve, reject) { return __awaiter(void 0, void 0, void 0, function () {
+                        var rawExpression, isSubselect, error_1;
+                        return __generator(this, function (_a) {
+                            switch (_a.label) {
+                                case 0:
+                                    rawExpression = getExpression(expressionClient, expressionRowName, expressionContext);
+                                    isSubselect = typeof rawExpression === "object" && typeof rawExpression.then === "function";
+                                    expressionClient.$on("query", function (e) {
+                                        try {
+                                            var parser = new node_sql_parser_1.Parser();
+                                            // Parse the query into an AST
+                                            var ast = parser.astify(e.query, {
+                                                database: "postgresql"
+                                            });
+                                            var params = JSON.parse(e.params);
+                                            // By default Prisma will use a parameter for the limit, for Yates, the value is always "1"
+                                            ast.limit = { seperator: "", value: [{ type: "number", value: 1 }] };
+                                            // Now that the SQL has been generated, we can replace the tokens with the original values
+                                            for (var i = 0; i < params.length; i++) {
+                                                var param = params[i];
+                                                var token = tokens[param];
+                                                if (!token) {
+                                                    continue;
+                                                }
+                                                var parameterizedStatement = deepFind(ast, {
+                                                    right: {
+                                                        type: "origin",
+                                                        value: "$".concat(i + 1)
+                                                    }
+                                                });
+                                                if (!parameterizedStatement) {
+                                                    continue;
+                                                }
+                                                parameterizedStatement.right = token.astFragment;
+                                            }
+                                            if (isSubselect) {
+                                                // For subselects, we need to convert the entire query and wrap in EXISTS so it converts to a binary expression
+                                                var subSelect = parser.sqlify(ast, {
+                                                    database: "postgresql"
+                                                });
+                                                resolve("EXISTS(".concat(subSelect, ")"));
+                                            }
+                                            else {
+                                                // For basic expressions, we're only interested in the WHERE clause and can convert just the WHERE clause into SQL
+                                                var where = parser.exprToSQL(ast.where, {
+                                                    database: "postgresql"
+                                                });
+                                                resolve(where);
+                                            }
+                                        }
+                                        catch (error) {
+                                            reject(error);
+                                        }
+                                    });
+                                    _a.label = 1;
+                                case 1:
+                                    _a.trys.push([1, 6, , 7]);
+                                    if (!isSubselect) return [3 /*break*/, 3];
+                                    return [4 /*yield*/, rawExpression];
+                                case 2:
+                                    _a.sent();
+                                    return [3 /*break*/, 5];
+                                case 3: return [4 /*yield*/, expressionClient[table].findFirst({
+                                        where: rawExpression
+                                    })];
+                                case 4:
+                                    _a.sent();
+                                    _a.label = 5;
+                                case 5: return [3 /*break*/, 7];
+                                case 6:
+                                    error_1 = _a.sent();
+                                    reject(error_1);
+                                    return [3 /*break*/, 7];
+                                case 7: return [2 /*return*/];
+                            }
+                        });
+                    }); })];
+            case 1:
+                sql = _a.sent();
+                // Close the client
+                return [4 /*yield*/, expressionClient.$disconnect()];
+            case 2:
+                // Close the client
+                _a.sent();
+                return [4 /*yield*/, baseClient.$disconnect()];
+            case 3:
+                _a.sent();
+                return [2 /*return*/, sql];
+        }
+    });
+}); };
+exports.expressionToSQL = expressionToSQL;
+//# sourceMappingURL=expressions.js.map

package/dist/expressions.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"expressions.js","sourceRoot":"","sources":["../src/expressions.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,yCAAsD;AAEtD,yDAAmC;AACnC,2DAAqC;AACrC,gEAAsD;AACtD,mCAA2D;AAE3D,IAAM,oBAAoB,GAAG,CAAC,KAAK,EAAE,QAAQ,EAAE,OAAO,EAAE,SAAS,CAAC,CAAC;AAEnE,IAAM,QAAQ,GAAG,UAAC,GAAQ,EAAE,MAAW;IACtC,IAAM,OAAO,GAAG,IAAA,oBAAO,EAAC,MAAM,CAAC,CAAC;IAChC,KAAK,IAAM,GAAG,IAAI,GAAG,EAAE;QACtB,IAAI,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE;YACtB,OAAO,GAAG,CAAC,GAAG,CAAC,CAAC;SAChB;aAAM,IAAI,OAAO,GAAG,CAAC,GAAG,CAAC,KAAK,QAAQ,EAAE;YACxC,IAAM,MAAM,GAAG,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,MAAM,CAAC,CAAC;YAC1C,IAAI,MAAM,EAAE;gBACX,OAAO,MAAM,CAAC;aACd;SACD;KACD;AACF,CAAC,CAAC;AAgBF,IAAM,iBAAiB,GAAG,UAAC,GAAW,IAAK,OAAA,uBAAgB,GAAG,CAAE,EAArB,CAAqB,CAAC;AACjE,IAAM,iBAAiB,GAAG,UAAC,OAAe,IAAK,OAAA,2BAAoB,OAAO,CAAE,EAA7B,CAA6B,CAAC;AAC7E,sDAAsD;AACtD,IAAM,iBAAiB,GAAG,cAAM,OAAA,IAAA,mBAAM,EAAC,UAAU,EAAE,UAAU,CAAC,EAA9B,CAA8B,CAAC;AAE/D,IAAM,eAAe,GAAG,UAAC,MAAoB,EAAE,KAAa,EAAE,KAAa;IAC1E,IAAM,SAAS,GAAI,MAAc,CAAC,SAAS,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,UAAC,CAAM,IAAK,OAAA,CAAC,CAAC,IAAI,KAAK,KAAK,EAAhB,CAAgB,CAAC,CAAC;IAChG,IAAI,CAAC,SAAS,EAAE;QACf,MAAM,IAAI,KAAK,CAAC,sEAA+D,KAAK,MAAG,CAAC,CAAC;KACzF;IACD,IAAM,SAAS,GAAG,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,UAAC,CAAM,IAAK,OAAA,CAAC,CAAC,IAAI,KAAK,KAAK,EAAhB,CAAgB,CAAC,CAAC;IAEtE,OAAO,SAAS,CAAC;AAClB,CAAC,CAAC;AAEF,mGAAmG;AACnG,iFAAiF;AACjF,IAAM,uBAAuB,GAAG;AAC/B,4CAA4C;AAC5C,MAAoB;AACpB,kDAAkD;AAClD,KAAsB;AACtB,yDAAyD;AACzD,KAAa;AACb,gDAAgD;AAChD,KAAa;AACb,iDAAiD;AACjD,MAAmB;IAAnB,uBAAA,EAAA,WAAmB;IAKnB,KAAK,IAAM,KAAK,IAAI,KAAK,EAAE;QAC1B,8EAA8E;QAC9E,IAAM,SAAS,GAAG,eAAe,CAAC,MAAM,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC;QACxD,IAAI,GAAG,SAAQ,CAAC;QAEhB,gEAAgE;QAChE,GAAG;YACF,GAAG,GAAG,iBAAiB,EAAE,CAAC;SAC1B,QAAQ,MAAM,CAAC,GAAG,CAAC,EAAE;QAEtB,IAAI,WAAW,GAAG,EAAE,CAAC;QAErB,IAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC;QAC3B,IAAM,SAAS,GAAG,oBAAoB,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;QAChE,IAAM,YAAY,GAAG,OAAO,KAAK,KAAK,QAAQ,IAAI,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;QAClF,IAAM,SAAS,GAAG,OAAO,KAAK,KAAK,QAAQ,IAAI,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAC;QAEnF,QAAQ,IAAI,EAAE;YACb,KAAK,YAAY;gBAChB,kEAAkE;gBAClE,IAAM,MAAM,GAAG,KAAK,CAAC,OAAO,CAAC,gBAAgB,EAAE,EAAE,CAAC,CAAC;gBACnD,IAAI,CAAC,eAAe,CAAC,MAAM,EAAE,KAAK,EAAE,MAAM,CAAC,EAAE;oBAC5C,MAAM,IAAI,KAAK,CAAC,+BAAuB,MAAM,OAAG,CAAC,CAAC;iBAClD;gBACD,WAAW,GAAG;oBACb,IAAI,EAAE,YAAY;oBAClB,MAAM,EAAE,QAAQ;oBAChB,KAAK,EAAE,KAAK;oBACZ,MAAM,EAAE,MAAM;iBACd,CAAC;gBACF,MAAM;YAEP,KAAK,SAAS,IAAI,SAAS;gBAC1B,WAAW,GAAG;oBACb,EAAE,EAAE,IAAI;oBACR,IAAI,EAAE,MAAM;oBACZ,IAAI,EAAE;wBACL,IAAI,EAAE,UAAU;wBAChB,IAAI,EAAE,iBAAiB;wBACvB,IAAI,EAAE;4BACL,IAAI,EAAE,WAAW;4BACjB,KAAK,EAAE;gCACN;oCACC,IAAI,EAAE,WAAW;oCACjB,KAAK,EAAE,IAAA,sBAAa,EAAC,KAAK,CAAC,OAAO,CAAC,oBAAoB,EAAE,EAAE,CAAC,CAAC;iCAC7D;6BACD;yBACD;qBACD;oBACD,MAAM,EAAE,IAAI;oBACZ,MAAM,EAAE;wBACP,QAAQ,EAAE,OAAO;wBACjB,MAAM,EAAE,EAAE;qBACV;iBACD,CAAC;gBACF,MAAM;YAEP,KAAK,SAAS,IAAI,CAAC,SAAS;gBAC3B,WAAW,GAAG;oBACb,IAAI,EAAE,UAAU;oBAChB,IAAI,EAAE,iBAAiB;oBACvB,IAAI,EAAE;wBACL,IAAI,EAAE,WAAW;wBACjB,KAAK,EAAE;4BACN;gCACC,IAAI,EAAE,WAAW;gCACjB,KAAK,EAAE,IAAA,sBAAa,EAAC,KAAK,CAAC,OAAO,CAAC,oBAAoB,EAAE,EAAE,CAAC,CAAC;6BAC7D;yBACD;qBACD;iBACD,CAAC;gBACF,MAAM;YAEP,KAAK,SAAS;gBACb,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE;oBAC9B,MAAM,IAAI,KAAK,CACd,2EAAoE,KAAK,2BAAiB,KAAK,MAAG,CAClG,CAAC;iBACF;gBACD,WAAW,GAAG;oBACb,IAAI,EAAE,QAAQ;oBACd,KAAK,OAAA;iBACL,CAAC;gBACF,MAAM;YAEP,yCAAyC;YACzC;gBACC,WAAW,GAAG;oBACb,IAAI,EAAE,WAAW;oBACjB,KAAK,EAAE,IAAA,sBAAa,EAAC,KAAK,CAAC;iBAC3B,CAAC;gBACF,MAAM;SACP;QAED,MAAM,CAAC,GAAG,CAAC,GAAG;YACb,WAAW,aAAA;SACX,CAAC;QAEF,KAAK,CAAC,KAAK,CAAC,GAAG,SAAS,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,UAAG,GAAG,CAAE,CAAC;KAC1C;IAED,OAAO;QACN,MAAM,QAAA;QACN,KAAK,OAAA;KACL,CAAC;AACH,CAAC,CAAC;AAEK,IAAM,eAAe,GAAG,UAAO,aAAyB,EAAE,KAAa;;;;;gBAC7E,IAAI,OAAO,aAAa,KAAK,QAAQ,EAAE;oBACtC,sBAAO,aAAa,EAAC;iBACrB;gBAEK,UAAU,GAAG,IAAI,qBAAY,CAAC;oBACnC,GAAG,EAAE,CAAC,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;iBACxC,CAAC,CAAC;gBAEG,MAAM,GAAW,EAAE,CAAC;gBAOpB,gBAAgB,GAAG,UAAU,CAAC,QAAQ,CAAC;oBAC5C,IAAI,EAAE,kBAAkB;oBACxB,KAAK,EAAE;wBACN,UAAU,EAAE;4BACX,cAAc,YAAC,EAAiC;oCAA/B,KAAK,WAAA,EAAE,SAAS,eAAA,EAAE,IAAI,UAAA,EAAE,KAAK,WAAA;gCAC7C,iCAAiC;gCACjC,IAAI,SAAS,KAAK,WAAW,IAAI,SAAS,KAAK,YAAY,EAAE;oCAC5D,MAAM,IAAI,KAAK,CAAC,uEAAuE,CAAC,CAAC;iCACzF;gCAED,IAAI,OAAO,IAAI,IAAI,IAAI,IAAI,CAAC,KAAK,EAAE;oCAC1B,IAAA,KAAK,GAAK,uBAAuB,CAAC,UAAU,EAAE,IAAI,CAAC,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,CAAC,MAA1E,CAA2E;oCACxF,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;iCACnB;gCAED,OAAO,KAAK,CAAC,IAAI,CAAC,CAAC;4BACpB,CAAC;yBACD;qBACD;iBACD,CAAC,CAAC;gBAES,qBAAM,IAAI,OAAO;oBAC5B,qEAAqE;oBACrE,UAAO,OAAO,EAAE,MAAM;;;;;oCACf,aAAa,GAAG,aAAa,CAClC,gBAAuC,EACvC,iBAAiB,EACjB,iBAAiB,CACjB,CAAC;oCAGI,WAAW,GAAG,OAAO,aAAa,KAAK,QAAQ,IAAI,OAAO,aAAa,CAAC,IAAI,KAAK,UAAU,CAAC;oCAElG,gBAAgB,CAAC,GAAG,CAAC,OAAO,EAAE,UAAC,CAAC;wCAC/B,IAAI;4CACH,IAAM,MAAM,GAAG,IAAI,wBAAM,EAAE,CAAC;4CAC5B,8BAA8B;4CAC9B,IAAM,GAAG,GAAQ,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,EAAE;gDACvC,QAAQ,EAAE,YAAY;6CACtB,CAAC,CAAC;4CAEH,IAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;4CAEpC,2FAA2F;4CAC3F,GAAG,CAAC,KAAK,GAAG,EAAE,SAAS,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC;4CAErE,0FAA0F;4CAC1F,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE;gDACvC,IAAI,KAAK,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;gDACtB,IAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;gDAE5B,IAAI,CAAC,KAAK,EAAE;oDACX,SAAS;iDACT;gDAED,IAAM,sBAAsB,GAAG,QAAQ,CAAC,GAAG,EAAE;oDAC5C,KAAK,EAAE;wDACN,IAAI,EAAE,QAAQ;wDACd,KAAK,EAAE,WAAI,CAAC,GAAG,CAAC,CAAE;qDAClB;iDACD,CAAC,CAAC;gDAEH,IAAI,CAAC,sBAAsB,EAAE;oDAC5B,SAAS;iDACT;gDAED,sBAAsB,CAAC,KAAK,GAAG,KAAK,CAAC,WAAW,CAAC;6CACjD;4CAED,IAAI,WAAW,EAAE;gDAChB,+GAA+G;gDAC/G,IAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,GAAG,EAAE;oDACpC,QAAQ,EAAE,YAAY;iDACtB,CAAC,CAAC;gDACH,OAAO,CAAC,iBAAU,SAAS,MAAG,CAAC,CAAC;6CAChC;iDAAM;gDACN,kHAAkH;gDAClH,IAAM,KAAK,GAAG,MAAM,CAAC,SAAS,CAAC,GAAG,CAAC,KAAK,EAAE;oDACzC,QAAQ,EAAE,YAAY;iDACtB,CAAC,CAAC;gDAEH,OAAO,CAAC,KAAK,CAAC,CAAC;6CACf;yCACD;wCAAC,OAAO,KAAK,EAAE;4CACf,MAAM,CAAC,KAAK,CAAC,CAAC;yCACd;oCACF,CAAC,CAAC,CAAC;;;;yCAIE,WAAW,EAAX,wBAAW;oCACd,qBAAM,aAAa,EAAA;;oCAAnB,SAAmB,CAAC;;wCAEpB,qBAAO,gBAAwB,CAAC,KAAK,CAAC,CAAC,SAAS,CAAC;wCAChD,KAAK,EAAE,aAAa;qCACpB,CAAC,EAAA;;oCAFF,SAEE,CAAC;;;;;oCAGJ,MAAM,CAAC,OAAK,CAAC,CAAC;;;;;yBAEf,CACD,EAAA;;gBAhFK,GAAG,GAAG,SAgFX;gBAED,mBAAmB;gBACnB,qBAAM,gBAAgB,CAAC,WAAW,EAAE,EAAA;;gBADpC,mBAAmB;gBACnB,SAAoC,CAAC;gBACrC,qBAAM,UAAU,CAAC,WAAW,EAAE,EAAA;;gBAA9B,SAA8B,CAAC;gBAE/B,sBAAO,GAAG,EAAC;;;KACX,CAAC;AA5HW,QAAA,eAAe,mBA4H1B"}

package/dist/index.d.ts

@@ -1,10 +1,11 @@
 import { Prisma, PrismaClient } from "@prisma/client";
+import { Expression } from "./expressions";
 declare const VALID_OPERATIONS: readonly ["SELECT", "UPDATE", "INSERT", "DELETE"];
 type Operation = typeof VALID_OPERATIONS[number];
 export type Models = Prisma.ModelName;
-export interface Ability {
+export interface Ability<ContextKeys extends string = string> {
     description?: string;
-    expression?: string;
+    expression?: Expression<ContextKeys>;
     operation: Operation;
     model?: Models;
     slug?: string;
@@ -15,28 +16,33 @@ export type DefaultAbilities = {
         [op in CRUDOperations]: Ability;
     };
 };
-export type CustomAbilities = {
+export type CustomAbilities<ContextKeys extends string = string> = {
     [model in Models]?: {
-        [op in string]?: Ability;
+        [op in string]?: Ability<ContextKeys>;
     };
 };
-export type GetContextFn = () => {
+export type GetContextFn<ContextKeys extends string = string> = () => {
     role: string;
     context?: {
-        [key: string]: string;
+        [key in ContextKeys]: string | number | string[];
     };
 } | null;
 export declare const createAbilityName: (model: string, ability: string) => string;
 export declare const createRoleName: (name: string) => string;
-export declare const setupMiddleware: (prisma: PrismaClient, getContext: GetContextFn) => void;
-export declare const createRoles: <K extends CustomAbilities = CustomAbilities, T = DefaultAbilities & K>({ prisma, customAbilities, getRoles, }: {
+export declare const createClient: (prisma: PrismaClient, getContext: GetContextFn) => Omit<PrismaClient<Prisma.PrismaClientOptions, never, Prisma.RejectOnNotFound | Prisma.RejectPerOperation | undefined, {
+    result: {} & Record<string, {}>;
+    model: {} & Record<string, {}>;
+    client: {};
+    query: {};
+}>, "$use"> & {};
+export declare const createRoles: <K extends CustomAbilities<string> = CustomAbilities<string>, T = DefaultAbilities & K>({ prisma, customAbilities, getRoles, }: {
     prisma: PrismaClient;
     customAbilities?: Partial<K> | undefined;
     getRoles: (abilities: T) => {
-        [key: string]: Ability[] | "*";
+        [key: string]: "*" | Ability<string>[];
     };
 }) => Promise<void>;
-export interface SetupParams<K extends CustomAbilities = CustomAbilities> {
+export interface SetupParams<ContextKeys extends string = string, K extends CustomAbilities<ContextKeys> = CustomAbilities<ContextKeys>> {
     /**
      * The Prisma client instance. Used for database queries and model introspection.
      */
@@ -58,7 +64,15 @@ export interface SetupParams<K extends CustomAbilities = CustomAbilities> {
      * You can also provide additional context here, which will be available in any RLS expressions you've defined.
      * Returning `null` will result in the permissions being skipped entirely.
      */
-    getContext: GetContextFn;
+    getContext: GetContextFn<ContextKeys>;
 }
-export declare const setup: <K extends CustomAbilities = CustomAbilities>(params: SetupParams<K>) => Promise<void>;
+/**
+ * Creates an extended client that sets contextual parameters and user role on every query
+ **/
+export declare const setup: <ContextKeys extends string = string, K extends CustomAbilities<ContextKeys> = CustomAbilities<ContextKeys>>(params: SetupParams<ContextKeys, K>) => Promise<Omit<PrismaClient<Prisma.PrismaClientOptions, never, Prisma.RejectOnNotFound | Prisma.RejectPerOperation | undefined, {
+    result: {} & Record<string, {}>;
+    model: {} & Record<string, {}>;
+    client: {};
+    query: {};
+}>, "$use"> & {}>;
 export {};

package/dist/index.js

@@ -50,6 +50,33 @@ var __generator = (this && this.__generator) || function (thisArg, body) {
         if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
     }
 };
+var __values = (this && this.__values) || function(o) {
+    var s = typeof Symbol === "function" && Symbol.iterator, m = s && o[s], i = 0;
+    if (m) return m.call(o);
+    if (o && typeof o.length === "number") return {
+        next: function () {
+            if (o && i >= o.length) o = void 0;
+            return { value: o && o[i++], done: !o };
+        }
+    };
+    throw new TypeError(s ? "Object is not iterable." : "Symbol.iterator is not defined.");
+};
+var __read = (this && this.__read) || function (o, n) {
+    var m = typeof Symbol === "function" && o[Symbol.iterator];
+    if (!m) return o;
+    var i = m.call(o), r, ar = [], e;
+    try {
+        while ((n === void 0 || n-- > 0) && !(r = i.next()).done) ar.push(r.value);
+    }
+    catch (error) { e = { error: error }; }
+    finally {
+        try {
+            if (r && !r.done && (m = i["return"])) m.call(i);
+        }
+        finally { if (e) throw e.error; }
+    }
+    return ar;
+};
 var __spreadArray = (this && this.__spreadArray) || function (to, from, pack) {
     if (pack || arguments.length === 2) for (var i = 0, l = from.length, ar; i < l; i++) {
         if (ar || !(i in from)) {
@@ -63,12 +90,12 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 exports.__esModule = true;
-exports.setup = exports.createRoles = exports.setupMiddleware = exports.createRoleName = exports.createAbilityName = void 0;
-var client_1 = require("@prisma/client");
+exports.setup = exports.createRoles = exports.createClient = exports.createRoleName = exports.createAbilityName = void 0;
 var difference_1 = __importDefault(require("lodash/difference"));
 var flatMap_1 = __importDefault(require("lodash/flatMap"));
 var map_1 = __importDefault(require("lodash/map"));
 var toPairs_1 = __importDefault(require("lodash/toPairs"));
+var expressions_1 = require("./expressions");
 var VALID_OPERATIONS = ["SELECT", "UPDATE", "INSERT", "DELETE"];
 /**
  * This function is used to take a lock that is automatically released at the end of the current transaction.
@@ -89,127 +116,131 @@ var createRoleName = function (name) {
     return sanitizeSlug("yates_role_".concat(name));
 };
 exports.createRoleName = createRoleName;
-// This middleware is used to set the role and context for the current user so that RLS can be applied
-// It must be the *last* middleware in the chain, as it will call the original function itself and return the value.
-var setupMiddleware = function (prisma, getContext) {
-    // Create a new admin client to use for unrestricted queries
-    // This is required because the middleware is applied to the client, and so if we use the same client, we will
-    // get an infinite loop and can trigger client middlewares multiple times
-    var adminClient = new client_1.PrismaClient();
-    prisma.$use(function (params, next) { return __awaiter(void 0, void 0, void 0, function () {
-        var ctx, role, context, pgRole, modelName, _i, _a, k, txResults, queryResults, selectKeys, e_1;
-        var _b;
-        return __generator(this, function (_c) {
-            switch (_c.label) {
-                case 0:
-                    if (!params.model) {
-                        return [2 /*return*/, next(params)];
-                    }
-                    ctx = getContext();
-                    // If ctx is null, the middleware is explicitly skipped
-                    if (ctx === null) {
-                        return [2 /*return*/, next(params)];
-                    }
-                    role = ctx.role, context = ctx.context;
-                    pgRole = (0, exports.createRoleName)(role);
-                    modelName = params.model.charAt(0).toLowerCase() + params.model.slice(1);
-                    if (context) {
-                        for (_i = 0, _a = Object.keys(context); _i < _a.length; _i++) {
-                            k = _a[_i];
-                            if (!k.match(/^[a-z_\.]+$/)) {
-                                throw new Error("Context variable \"".concat(k, "\" contains invalid characters. Context variables must only contain lowercase letters, numbers, periods and underscores."));
-                            }
-                            if (typeof context[k] !== "number" && typeof context[k] !== "string") {
-                                throw new Error("Context variable \"".concat(k, "\" must be a string or number. Got ").concat(typeof context[k]));
+// This uses client extensions to set the role and context for the current user so that RLS can be applied
+var createClient = function (prisma, getContext) {
+    var client = prisma.$extends({
+        name: "Yates client",
+        query: {
+            $allModels: {
+                $allOperations: function (_a) {
+                    var _b;
+                    var model = _a.model, args = _a.args, query = _a.query;
+                    return __awaiter(this, void 0, void 0, function () {
+                        var ctx, role, context, pgRole, _c, _d, k, txResults, queryResults, e_1;
+                        var e_2, _e;
+                        return __generator(this, function (_f) {
+                            switch (_f.label) {
+                                case 0:
+                                    if (!model) {
+                                        return [2 /*return*/, query(args)];
+                                    }
+                                    ctx = getContext();
+                                    // If ctx is null, the middleware is explicitly skipped
+                                    if (ctx === null) {
+                                        return [2 /*return*/, query(args)];
+                                    }
+                                    role = ctx.role, context = ctx.context;
+                                    pgRole = (0, exports.createRoleName)(role);
+                                    if (context) {
+                                        try {
+                                            for (_c = __values(Object.keys(context)), _d = _c.next(); !_d.done; _d = _c.next()) {
+                                                k = _d.value;
+                                                if (!k.match(/^[a-z_\.]+$/)) {
+                                                    throw new Error("Context variable \"".concat(k, "\" contains invalid characters. Context variables must only contain lowercase letters, numbers, periods and underscores."));
+                                                }
+                                                if (typeof context[k] !== "number" && typeof context[k] !== "string") {
+                                                    throw new Error("Context variable \"".concat(k, "\" must be a string or number. Got ").concat(typeof context[k]));
+                                                }
+                                            }
+                                        }
+                                        catch (e_2_1) { e_2 = { error: e_2_1 }; }
+                                        finally {
+                                            try {
+                                                if (_d && !_d.done && (_e = _c["return"])) _e.call(_c);
+                                            }
+                                            finally { if (e_2) throw e_2.error; }
+                                        }
+                                    }
+                                    _f.label = 1;
+                                case 1:
+                                    _f.trys.push([1, 3, , 4]);
+                                    return [4 /*yield*/, prisma.$transaction(__spreadArray(__spreadArray([
+                                            // Switch to the user role, We can't use a prepared statement here, due to limitations in PG not allowing prepared statements to be used in SET ROLE
+                                            prisma.$queryRawUnsafe("SET ROLE ".concat(pgRole))
+                                        ], __read((0, toPairs_1["default"])(context).map(function (_a) {
+                                            var _b = __read(_a, 2), key = _b[0], value = _b[1];
+                                            return prisma.$queryRaw(templateObject_1 || (templateObject_1 = __makeTemplateObject(["SELECT set_config(", ", ", ",  true);"], ["SELECT set_config(", ", ", ",  true);"])), key, value.toString());
+                                        })), false), [
+                                            // Now call original function
+                                            // Conveniently, the `query` function will happily run inside the transaction.
+                                            query(args),
+                                            // Switch role back to admin user
+                                            prisma.$queryRawUnsafe("SET ROLE none"),
+                                        ], false))];
+                                case 2:
+                                    txResults = _f.sent();
+                                    queryResults = txResults[txResults.length - 2];
+                                    return [2 /*return*/, queryResults];
+                                case 3:
+                                    e_1 = _f.sent();
+                                    // Normalize RLS errors to make them a bit more readable.
+                                    if ((_b = e_1.message) === null || _b === void 0 ? void 0 : _b.includes("new row violates row-level security policy for table")) {
+                                        throw new Error("You do not have permission to perform this action.");
+                                    }
+                                    throw e_1;
+                                case 4: return [2 /*return*/];
                             }
-                        }
-                    }
-                    _c.label = 1;
-                case 1:
-                    _c.trys.push([1, 3, , 4]);
-                    return [4 /*yield*/, adminClient.$transaction(__spreadArray(__spreadArray([
-                            // Switch to the user role, We can't use a prepared statement here, due to limitations in PG not allowing prepared statements to be used in SET ROLE
-                            adminClient.$queryRawUnsafe("SET ROLE ".concat(pgRole))
-                        ], (0, toPairs_1["default"])(context).map(function (_a) {
-                            var key = _a[0], value = _a[1];
-                            return adminClient.$queryRaw(templateObject_1 || (templateObject_1 = __makeTemplateObject(["SELECT set_config(", ", ", ",  true);"], ["SELECT set_config(", ", ", ",  true);"])), key, value);
-                        }), true), [
-                            // Now call original function
-                            // Assumptions:
-                            // - prisma model class is params.model in camelCase
-                            // - prisma function name is params.action
-                            adminClient[modelName][params.action](params.args),
-                            // Switch role back to admin user
-                            adminClient.$queryRawUnsafe("SET ROLE none"),
-                        ], false))];
-                case 2:
-                    txResults = _c.sent();
-                    queryResults = txResults[txResults.length - 2];
-                    // This heuristic is used to determine if this is a query for a related entity, and if so, unwraps the results.
-                    // This mimics the "native" prisma behaviour, where if you query for a related entity, it will return the related entity (or entities) directly, rather than an object with the related entity as a property.
-                    // See https://prisma.slack.com/archives/CA491RJH0/p1674126834205399
-                    if (params.args.select) {
-                        selectKeys = Object.keys(params.args.select);
-                        if (selectKeys.length === 1 &&
-                            params.dataPath.length > 0 &&
-                            selectKeys[0] === params.dataPath[params.dataPath.length - 1] &&
-                            selectKeys[0] === Object.keys(queryResults)[0]) {
-                            return [2 /*return*/, queryResults[selectKeys[0]]];
-                        }
-                    }
-                    return [2 /*return*/, queryResults];
-                case 3:
-                    e_1 = _c.sent();
-                    // Normalize RLS errors to make them a bit more readable.
-                    if ((_b = e_1.message) === null || _b === void 0 ? void 0 : _b.includes("new row violates row-level security policy for table")) {
-                        throw new Error("You do not have permission to perform this action.");
-                    }
-                    throw e_1;
-                case 4: return [2 /*return*/];
+                        });
+                    });
+                }
             }
-        });
-    }); });
+        }
+    });
+    return client;
 };
-exports.setupMiddleware = setupMiddleware;
-var setRLS = function (prisma, table, roleName, operation, expression) { return __awaiter(void 0, void 0, void 0, function () {
-    var policyName, rows;
+exports.createClient = createClient;
+var setRLS = function (prisma, table, roleName, operation, rawExpression) { return __awaiter(void 0, void 0, void 0, function () {
+    var expression, policyName, rows;
     return __generator(this, function (_a) {
         switch (_a.label) {
-            case 0:
+            case 0: return [4 /*yield*/, (0, expressions_1.expressionToSQL)(rawExpression, table)];
+            case 1:
+                expression = _a.sent();
                 policyName = "".concat(roleName, "_policy");
                 return [4 /*yield*/, prisma.$queryRawUnsafe("\n\t\tselect * from pg_catalog.pg_policies where tablename = '".concat(table, "' AND policyname = '").concat(policyName, "';\n\t"))];
-            case 1:
+            case 2:
                 rows = _a.sent();
-                if (!(rows.length === 0)) return [3 /*break*/, 6];
-                if (!(operation === "INSERT")) return [3 /*break*/, 3];
+                if (!(rows.length === 0)) return [3 /*break*/, 7];
+                if (!(operation === "INSERT")) return [3 /*break*/, 4];
                 return [4 /*yield*/, prisma.$queryRawUnsafe("\n        CREATE POLICY ".concat(policyName, " ON \"public\".\"").concat(table, "\" FOR ").concat(operation, " TO ").concat(roleName, " WITH CHECK (").concat(expression, ");\n      "))];
-            case 2:
+            case 3:
                 _a.sent();
-                return [3 /*break*/, 5];
-            case 3: return [4 /*yield*/, prisma.$queryRawUnsafe("\n        CREATE POLICY ".concat(policyName, " ON \"public\".\"").concat(table, "\" FOR ").concat(operation, " TO ").concat(roleName, " USING (").concat(expression, ");\n      "))];
-            case 4:
+                return [3 /*break*/, 6];
+            case 4: return [4 /*yield*/, prisma.$queryRawUnsafe("\n        CREATE POLICY ".concat(policyName, " ON \"public\".\"").concat(table, "\" FOR ").concat(operation, " TO ").concat(roleName, " USING (").concat(expression, ");\n      "))];
+            case 5:
                 _a.sent();
-                _a.label = 5;
-            case 5: return [3 /*break*/, 10];
-            case 6:
-                if (!(rows[0].qual !== expression)) return [3 /*break*/, 10];
-                if (!(operation === "INSERT")) return [3 /*break*/, 8];
-                return [4 /*yield*/, prisma.$queryRawUnsafe("\n        ALTER POLICY ".concat(policyName, " ON \"public\".\"").concat(table, "\" TO ").concat(roleName, " WITH CHECK (").concat(expression, ");\n      "))];
+                _a.label = 6;
+            case 6: return [3 /*break*/, 11];
             case 7:
+                if (!(rows[0].qual !== expression)) return [3 /*break*/, 11];
+                if (!(operation === "INSERT")) return [3 /*break*/, 9];
+                return [4 /*yield*/, prisma.$queryRawUnsafe("\n        ALTER POLICY ".concat(policyName, " ON \"public\".\"").concat(table, "\" TO ").concat(roleName, " WITH CHECK (").concat(expression, ");\n      "))];
+            case 8:
                 _a.sent();
-                return [3 /*break*/, 10];
-            case 8: return [4 /*yield*/, prisma.$queryRawUnsafe("\n        ALTER POLICY ".concat(policyName, " ON \"public\".\"").concat(table, "\" TO ").concat(roleName, " USING (").concat(expression, ");\n      "))];
-            case 9:
+                return [3 /*break*/, 11];
+            case 9: return [4 /*yield*/, prisma.$queryRawUnsafe("\n        ALTER POLICY ".concat(policyName, " ON \"public\".\"").concat(table, "\" TO ").concat(roleName, " USING (").concat(expression, ");\n      "))];
+            case 10:
                 _a.sent();
-                _a.label = 10;
-            case 10: return [2 /*return*/];
+                _a.label = 11;
+            case 11: return [2 /*return*/];
         }
     });
 }); };
 var createRoles = function (_a) {
     var prisma = _a.prisma, customAbilities = _a.customAbilities, getRoles = _a.getRoles;
     return __awaiter(void 0, void 0, void 0, function () {
-        var abilities, models, diff, _i, models_1, model, ability, operation, roles, _b, _c, _d, _e, model, table, _f, _g, _h, _j, slug, ability, roleName, _loop_1, _k, _l, _m, _o, key;
+        var abilities, models, diff, models_1, models_1_1, model, ability, operation, roles, _b, _c, _d, _i, model, table, _e, _f, _g, _h, slug, ability, roleName, _loop_1, _j, _k, _l, _m, key;
+        var e_3, _o;
         var _p;
         return __generator(this, function (_q) {
             switch (_q.label) {
@@ -222,57 +253,66 @@ var createRoles = function (_a) {
                             throw new Error("Invalid models in custom abilities: ".concat(diff.join(", ")));
                         }
                     }
-                    for (_i = 0, models_1 = models; _i < models_1.length; _i++) {
-                        model = models_1[_i];
-                        abilities[model] = {
-                            create: {
-                                description: "Create ".concat(model),
-                                expression: "true",
-                                operation: "INSERT",
-                                model: model,
-                                slug: "create"
-                            },
-                            read: {
-                                description: "Read ".concat(model),
-                                expression: "true",
-                                operation: "SELECT",
-                                model: model,
-                                slug: "read"
-                            },
-                            update: {
-                                description: "Update ".concat(model),
-                                expression: "true",
-                                operation: "UPDATE",
-                                model: model,
-                                slug: "update"
-                            },
-                            "delete": {
-                                description: "Delete ".concat(model),
-                                expression: "true",
-                                operation: "DELETE",
-                                model: model,
-                                slug: "delete"
-                            }
-                        };
-                        if (customAbilities === null || customAbilities === void 0 ? void 0 : customAbilities[model]) {
-                            for (ability in customAbilities[model]) {
-                                operation = (_p = customAbilities[model][ability]) === null || _p === void 0 ? void 0 : _p.operation;
-                                if (!operation)
-                                    continue;
-                                abilities[model][ability] = __assign(__assign({}, customAbilities[model][ability]), { operation: operation, model: model, slug: ability });
+                    try {
+                        for (models_1 = __values(models), models_1_1 = models_1.next(); !models_1_1.done; models_1_1 = models_1.next()) {
+                            model = models_1_1.value;
+                            abilities[model] = {
+                                create: {
+                                    description: "Create ".concat(model),
+                                    expression: "true",
+                                    operation: "INSERT",
+                                    model: model,
+                                    slug: "create"
+                                },
+                                read: {
+                                    description: "Read ".concat(model),
+                                    expression: "true",
+                                    operation: "SELECT",
+                                    model: model,
+                                    slug: "read"
+                                },
+                                update: {
+                                    description: "Update ".concat(model),
+                                    expression: "true",
+                                    operation: "UPDATE",
+                                    model: model,
+                                    slug: "update"
+                                },
+                                "delete": {
+                                    description: "Delete ".concat(model),
+                                    expression: "true",
+                                    operation: "DELETE",
+                                    model: model,
+                                    slug: "delete"
+                                }
+                            };
+                            if (customAbilities === null || customAbilities === void 0 ? void 0 : customAbilities[model]) {
+                                for (ability in customAbilities[model]) {
+                                    operation = (_p = customAbilities[model][ability]) === null || _p === void 0 ? void 0 : _p.operation;
+                                    if (!operation)
+                                        continue;
+                                    abilities[model][ability] = __assign(__assign({}, customAbilities[model][ability]), { operation: operation, model: model, slug: ability });
+                                }
                             }
                         }
                     }
+                    catch (e_3_1) { e_3 = { error: e_3_1 }; }
+                    finally {
+                        try {
+                            if (models_1_1 && !models_1_1.done && (_o = models_1["return"])) _o.call(models_1);
+                        }
+                        finally { if (e_3) throw e_3.error; }
+                    }
                     roles = getRoles(abilities);
                     _b = abilities;
                     _c = [];
                     for (_d in _b)
                         _c.push(_d);
-                    _e = 0;
+                    _i = 0;
                     _q.label = 1;
                 case 1:
-                    if (!(_e < _c.length)) return [3 /*break*/, 8];
-                    _d = _c[_e];
+                    if (!(_i < _c.length)) return [3 /*break*/, 8];
+                    _d = _c[_i];
                     if (!(_d in _b)) return [3 /*break*/, 7];
                     model = _d;
                     table = model;
@@ -282,17 +322,17 @@ var createRoles = function (_a) {
                         ])];
                 case 2:
                     _q.sent();
-                    _f = abilities[model];
-                    _g = [];
-                    for (_h in _f)
-                        _g.push(_h);
-                    _j = 0;
+                    _e = abilities[model];
+                    _f = [];
+                    for (_g in _e)
+                        _f.push(_g);
+                    _h = 0;
                     _q.label = 3;
                 case 3:
-                    if (!(_j < _g.length)) return [3 /*break*/, 7];
-                    _h = _g[_j];
-                    if (!(_h in _f)) return [3 /*break*/, 6];
-                    slug = _h;
+                    if (!(_h < _f.length)) return [3 /*break*/, 7];
+                    _g = _f[_h];
+                    if (!(_g in _e)) return [3 /*break*/, 6];
+                    slug = _g;
                     ability = abilities[model][slug];
                     if (!VALID_OPERATIONS.includes(ability.operation)) {
                         throw new Error("Invalid operation: ".concat(ability.operation));
@@ -313,10 +353,10 @@ var createRoles = function (_a) {
                     _q.sent();
                     _q.label = 6;
                 case 6:
-                    _j++;
+                    _h++;
                     return [3 /*break*/, 3];
                 case 7:
-                    _e++;
+                    _i++;
                     return [3 /*break*/, 1];
                 case 8:
                     _loop_1 = function (key) {
@@ -371,23 +411,23 @@ var createRoles = function (_a) {
                             }
                         });
                     };
-                    _k = roles;
-                    _l = [];
-                    for (_m in _k)
-                        _l.push(_m);
-                    _o = 0;
+                    _j = roles;
+                    _k = [];
+                    for (_l in _j)
+                        _k.push(_l);
+                    _m = 0;
                     _q.label = 9;
                 case 9:
-                    if (!(_o < _l.length)) return [3 /*break*/, 12];
-                    _m = _l[_o];
-                    if (!(_m in _k)) return [3 /*break*/, 11];
-                    key = _m;
+                    if (!(_m < _k.length)) return [3 /*break*/, 12];
+                    _l = _k[_m];
+                    if (!(_l in _j)) return [3 /*break*/, 11];
+                    key = _l;
                     return [5 /*yield**/, _loop_1(key)];
                 case 10:
                     _q.sent();
                     _q.label = 11;
                 case 11:
-                    _o++;
+                    _m++;
                     return [3 /*break*/, 9];
                 case 12: return [2 /*return*/];
             }
@@ -395,8 +435,11 @@ var createRoles = function (_a) {
     });
 };
 exports.createRoles = createRoles;
+/**
+ * Creates an extended client that sets contextual parameters and user role on every query
+ **/
 var setup = function (params) { return __awaiter(void 0, void 0, void 0, function () {
-    var prisma, customAbilities, getRoles, getContext;
+    var prisma, customAbilities, getRoles, getContext, client;
     return __generator(this, function (_a) {
         switch (_a.label) {
             case 0:
@@ -404,8 +447,8 @@ var setup = function (params) { return __awaiter(void 0, void 0, void 0, functio
                 return [4 /*yield*/, (0, exports.createRoles)({ prisma: prisma, customAbilities: customAbilities, getRoles: getRoles })];
             case 1:
                 _a.sent();
-                (0, exports.setupMiddleware)(prisma, getContext);
-                return [2 /*return*/];
+                client = (0, exports.createClient)(prisma, getContext);
+                return [2 /*return*/, client];
         }
     });
 }); };

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,yCAAsD;AACtD,iEAA2C;AAC3C,2DAAqC;AACrC,mDAA6B;AAC7B,2DAAqC;AAErC,IAAM,gBAAgB,GAAG,CAAC,QAAQ,EAAE,QAAQ,EAAE,QAAQ,EAAE,QAAQ,CAAU,CAAC;AA0B3E;;;GAGG;AACH,IAAM,QAAQ,GAAG,UAAC,MAAoB;IACrC,OAAA,MAAM,CAAC,iBAAiB,CAAC,oDAAoD,CAAC;AAA9E,CAA8E,CAAC;AAEhF,kGAAkG;AAClG,IAAM,YAAY,GAAG,UAAC,IAAY,IAAK,OAAA,IAAI,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,cAAc,EAAE,EAAE,CAAC,EAAhE,CAAgE,CAAC;AAEjG,IAAM,iBAAiB,GAAG,UAAC,KAAa,EAAE,OAAe;IAC/D,OAAO,YAAY,CAAC,wBAAiB,KAAK,cAAI,OAAO,UAAO,CAAC,CAAC;AAC/D,CAAC,CAAC;AAFW,QAAA,iBAAiB,qBAE5B;AAEK,IAAM,cAAc,GAAG,UAAC,IAAY;IAC1C,2EAA2E;IAC3E,qDAAqD;IACrD,OAAO,YAAY,CAAC,qBAAc,IAAI,CAAE,CAAC,CAAC;AAC3C,CAAC,CAAC;AAJW,QAAA,cAAc,kBAIzB;AAEF,sGAAsG;AACtG,oHAAoH;AAC7G,IAAM,eAAe,GAAG,UAAC,MAAoB,EAAE,UAAwB;IAC7E,4DAA4D;IAC5D,8GAA8G;IAC9G,yEAAyE;IACzE,IAAM,WAAW,GAAG,IAAI,qBAAY,EAAE,CAAC;IAEvC,MAAM,CAAC,IAAI,CAAC,UAAO,MAAM,EAAE,IAAI;;;;;;oBAC9B,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE;wBAClB,sBAAO,IAAI,CAAC,MAAM,CAAC,EAAC;qBACpB;oBAEK,GAAG,GAAG,UAAU,EAAE,CAAC;oBAEzB,uDAAuD;oBACvD,IAAI,GAAG,KAAK,IAAI,EAAE;wBACjB,sBAAO,IAAI,CAAC,MAAM,CAAC,EAAC;qBACpB;oBACO,IAAI,GAAc,GAAG,KAAjB,EAAE,OAAO,GAAK,GAAG,QAAR,CAAS;oBAExB,MAAM,GAAG,IAAA,sBAAc,EAAC,IAAI,CAAC,CAAC;oBAG9B,SAAS,GAAG,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,GAAG,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;oBAE/E,IAAI,OAAO,EAAE;wBACZ,WAAoC,EAApB,KAAA,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,EAApB,cAAoB,EAApB,IAAoB,EAAE;4BAA3B,CAAC;4BACX,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,aAAa,CAAC,EAAE;gCAC5B,MAAM,IAAI,KAAK,CACd,6BAAqB,CAAC,6HAAyH,CAC/I,CAAC;6BACF;4BACD,IAAI,OAAO,OAAO,CAAC,CAAC,CAAC,KAAK,QAAQ,IAAI,OAAO,OAAO,CAAC,CAAC,CAAC,KAAK,QAAQ,EAAE;gCACrE,MAAM,IAAI,KAAK,CAAC,6BAAqB,CAAC,gDAAqC,OAAO,OAAO,CAAC,CAAC,CAAC,CAAE,CAAC,CAAC;6BAChG;yBACD;qBACD;;;;oBAGkB,qBAAM,WAAW,CAAC,YAAY;4BAC/C,oJAAoJ;4BACpJ,WAAW,CAAC,eAAe,CAAC,mBAAY,MAAM,CAAE,CAAC;2BAE9C,IAAA,oBAAO,EAAC,OAAO,CAAC,CAAC,GAAG,CAAC,UAAC,EAAY;gCAAX,GAAG,QAAA,EAAE,KAAK,QAAA;4BACnC,OAAO,WAAW,CAAC,SAAS,0GAAA,oBAAqB,EAAG,IAAK,EAAK,WAAW,KAAxB,GAAG,EAAK,KAAK,EAAY;wBAC3E,CAAC,CAAC,SACC;4BACF,6BAA6B;4BAC7B,eAAe;4BACf,oDAAoD;4BACpD,0CAA0C;4BACzC,WAAmB,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC;4BAC3D,iCAAiC;4BACjC,WAAW,CAAC,eAAe,CAAC,eAAe,CAAC;yBAC5C,SACA,EAAA;;oBAhBI,SAAS,GAAG,SAgBhB;oBACI,YAAY,GAAG,SAAS,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;oBAErD,+GAA+G;oBAC/G,6MAA6M;oBAC7M,oEAAoE;oBACpE,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE;wBACjB,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;wBACnD,IACC,UAAU,CAAC,MAAM,KAAK,CAAC;4BACvB,MAAM,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC;4BAC1B,UAAU,CAAC,CAAC,CAAC,KAAK,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC;4BAC7D,UAAU,CAAC,CAAC,CAAC,KAAK,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,EAC7C;4BACD,sBAAO,YAAY,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,EAAC;yBACnC;qBACD;oBACD,sBAAO,YAAY,EAAC;;;oBAEpB,yDAAyD;oBACzD,IAAI,MAAA,GAAC,CAAC,OAAO,0CAAE,QAAQ,CAAC,sDAAsD,CAAC,EAAE;wBAChF,MAAM,IAAI,KAAK,CAAC,oDAAoD,CAAC,CAAC;qBACtE;oBAED,MAAM,GAAC,CAAC;;;;SAET,CAAC,CAAC;AACJ,CAAC,CAAC;AAjFW,QAAA,eAAe,mBAiF1B;AAEF,IAAM,MAAM,GAAG,UACd,MAAoB,EACpB,KAAa,EACb,QAAgB,EAChB,SAAoB,EACpB,UAAkB;;;;;gBAGZ,UAAU,GAAG,UAAG,QAAQ,YAAS,CAAC;gBACpB,qBAAM,MAAM,CAAC,eAAe,CAAC,wEACU,KAAK,iCAAuB,UAAU,WAChG,CAAC,EAAA;;gBAFI,IAAI,GAAU,SAElB;qBAEE,CAAA,IAAI,CAAC,MAAM,KAAK,CAAC,CAAA,EAAjB,wBAAiB;qBAEhB,CAAA,SAAS,KAAK,QAAQ,CAAA,EAAtB,wBAAsB;gBACzB,qBAAM,MAAM,CAAC,eAAe,CAAC,kCACR,UAAU,8BAAiB,KAAK,oBAAS,SAAS,iBAAO,QAAQ,0BAAgB,UAAU,eAC5G,CAAC,EAAA;;gBAFL,SAEK,CAAC;;oBAEN,qBAAM,MAAM,CAAC,eAAe,CAAC,kCACR,UAAU,8BAAiB,KAAK,oBAAS,SAAS,iBAAO,QAAQ,qBAAW,UAAU,eACvG,CAAC,EAAA;;gBAFL,SAEK,CAAC;;;;qBAEG,CAAA,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,KAAK,UAAU,CAAA,EAA3B,yBAA2B;qBACjC,CAAA,SAAS,KAAK,QAAQ,CAAA,EAAtB,wBAAsB;gBACzB,qBAAM,MAAM,CAAC,eAAe,CAAC,iCACT,UAAU,8BAAiB,KAAK,mBAAQ,QAAQ,0BAAgB,UAAU,eAC1F,CAAC,EAAA;;gBAFL,SAEK,CAAC;;oBAEN,qBAAM,MAAM,CAAC,eAAe,CAAC,iCACT,UAAU,8BAAiB,KAAK,mBAAQ,QAAQ,qBAAW,UAAU,eACrF,CAAC,EAAA;;gBAFL,SAEK,CAAC;;;;;KAGR,CAAC;AAEK,IAAM,WAAW,GAAG,UAA8E,EAUxG;QATA,MAAM,YAAA,EACN,eAAe,qBAAA,EACf,QAAQ,cAAA;;;;;;;oBAQF,SAAS,GAA8B,EAAE,CAAC;oBAE1C,MAAM,GAAI,MAAc,CAAC,SAAS,CAAC,SAAS,CAAC,MAAM,CAAC,GAAG,CAAC,UAAC,CAAM,IAAK,OAAA,CAAC,CAAC,IAAI,EAAN,CAAM,CAAa,CAAC;oBAC9F,IAAI,eAAe,EAAE;wBACd,IAAI,GAAG,IAAA,uBAAU,EAAC,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,EAAE,MAAM,CAAC,CAAC;wBAC9D,IAAI,IAAI,CAAC,MAAM,EAAE;4BAChB,MAAM,IAAI,KAAK,CAAC,8CAAuC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAE,CAAC,CAAC;yBAC1E;qBACD;oBACD,WAA0B,EAAN,iBAAM,EAAN,oBAAM,EAAN,IAAM,EAAE;wBAAjB,KAAK;wBACf,SAAS,CAAC,KAAK,CAAC,GAAG;4BAClB,MAAM,EAAE;gCACP,WAAW,EAAE,iBAAU,KAAK,CAAE;gCAC9B,UAAU,EAAE,MAAM;gCAClB,SAAS,EAAE,QAAQ;gCACnB,KAAK,OAAA;gCACL,IAAI,EAAE,QAAQ;6BACd;4BACD,IAAI,EAAE;gCACL,WAAW,EAAE,eAAQ,KAAK,CAAE;gCAC5B,UAAU,EAAE,MAAM;gCAClB,SAAS,EAAE,QAAQ;gCACnB,KAAK,OAAA;gCACL,IAAI,EAAE,MAAM;6BACZ;4BACD,MAAM,EAAE;gCACP,WAAW,EAAE,iBAAU,KAAK,CAAE;gCAC9B,UAAU,EAAE,MAAM;gCAClB,SAAS,EAAE,QAAQ;gCACnB,KAAK,OAAA;gCACL,IAAI,EAAE,QAAQ;6BACd;4BACD,QAAM,EAAE;gCACP,WAAW,EAAE,iBAAU,KAAK,CAAE;gCAC9B,UAAU,EAAE,MAAM;gCAClB,SAAS,EAAE,QAAQ;gCACnB,KAAK,OAAA;gCACL,IAAI,EAAE,QAAQ;6BACd;yBACD,CAAC;wBACF,IAAI,eAAe,aAAf,eAAe,uBAAf,eAAe,CAAG,KAAK,CAAC,EAAE;4BAC7B,KAAW,OAAO,IAAI,eAAe,CAAC,KAAK,CAAC,EAAE;gCACvC,SAAS,GAAG,MAAA,eAAe,CAAC,KAAK,CAAE,CAAC,OAAyB,CAAC,0CAAE,SAAS,CAAC;gCAChF,IAAI,CAAC,SAAS;oCAAE,SAAS;gCACzB,SAAS,CAAC,KAAK,CAAE,CAAC,OAAyB,CAAC,yBACxC,eAAe,CAAC,KAAK,CAAE,CAAC,OAAO,CAAC,KACnC,SAAS,WAAA,EACT,KAAK,OAAA,EACL,IAAI,EAAE,OAAO,GACb,CAAC;6BACF;yBACD;qBACD;oBAEK,KAAK,GAAG,QAAQ,CAAC,SAAc,CAAC,CAAC;yBAInB,SAAS;;;;;;;;;;;oBACtB,KAAK,GAAG,KAAK,CAAC;oBAEpB,qBAAM,MAAM,CAAC,YAAY,CAAC;4BACzB,QAAQ,CAAC,MAAM,CAAC;4BAChB,MAAM,CAAC,eAAe,CAAC,wBAAgB,KAAK,kCAA8B,CAAC;yBAC3E,CAAC,EAAA;;oBAHF,SAGE,CAAC;yBAEgB,SAAS,CAAC,KAA+B,CAAC;;;;;;;;;;;oBACtD,OAAO,GAAG,SAAS,CAAC,KAA+B,CAAE,CAAC,IAAsB,CAAC,CAAC;oBAEpF,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE;wBAClD,MAAM,IAAI,KAAK,CAAC,6BAAsB,OAAO,CAAC,SAAS,CAAE,CAAC,CAAC;qBAC3D;oBAEK,QAAQ,GAAG,IAAA,yBAAiB,EAAC,KAAK,EAAE,IAAI,CAAC,CAAC;oBAEhD,+BAA+B;oBAC/B,qBAAM,MAAM,CAAC,YAAY,CAAC;4BACzB,QAAQ,CAAC,MAAM,CAAC;4BAChB,MAAM,CAAC,eAAe,CAAC,qIAI8C,QAAQ,+CAC7D,QAAQ,6EAKvB,CAAC;4BACF,MAAM,CAAC,eAAe,CAAC,4BACd,OAAO,CAAC,SAAS,mBAAQ,KAAK,mBAAQ,QAAQ,gBACtD,CAAC;yBACF,CAAC,EAAA;;oBAjBF,+BAA+B;oBAC/B,SAgBE,CAAC;yBAEC,OAAO,CAAC,UAAU,EAAlB,wBAAkB;oBACrB,qBAAM,MAAM,CAAC,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,OAAO,CAAC,SAAS,EAAE,OAAO,CAAC,UAAU,CAAC,EAAA;;oBAA5E,SAA4E,CAAC;;;;;;;;;wCAQrE,GAAG;;;;;oCACP,IAAI,GAAG,IAAA,sBAAc,EAAC,GAAG,CAAC,CAAC;oCACjC,qBAAM,MAAM,CAAC,iBAAiB,CAAC,qHAIsC,IAAI,2CACzD,IAAI,yDAKnB,CAAC,EAAA;;oCAVF,SAUE,CAAC;oCAEG,iBAAiB,GAAG,IAAA,oBAAO,EAAC,SAAS,EAAE,UAAC,KAAK,EAAE,SAAS;wCAC7D,OAAO,IAAA,gBAAG,EAAC,KAAK,EAAE,UAAC,OAAO,EAAE,IAAI;4CAC/B,OAAO,IAAA,yBAAiB,EAAC,SAAS,EAAE,IAAI,CAAC,CAAC;wCAC3C,CAAC,CAAC,CAAC;oCACJ,CAAC,CAAC,CAAC;oCACG,aAAa,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC;oCAC3B,QAAQ,GACb,aAAa,KAAK,GAAG;wCACpB,CAAC,CAAC,iBAAiB;wCACnB,CAAC,CAAC,aAAa,CAAC,GAAG,CAAC,UAAC,OAAO,IAAK,OAAA,IAAA,yBAAiB,EAAC,OAAO,CAAC,KAAM,EAAE,OAAO,CAAC,IAAK,CAAC,EAAhD,CAAgD,CAAC,CAAC;oCAErF,4IAA4I;oCAC5I,+JAA+J;oCAC/J,qBAAM,MAAM,CAAC,YAAY,CAAC;4CACzB,QAAQ,CAAC,MAAM,CAAC;4CAChB,MAAM,CAAC,iBAAiB,CAAC,sDAA+C,IAAI,MAAG,CAAC;4CAChF,MAAM,CAAC,iBAAiB,CAAC,mEACyB,IAAI,cACrD,CAAC;4CACF,MAAM,CAAC,iBAAiB,CAAC,kDACQ,IAAI,cACpC,CAAC;4CACF,MAAM,CAAC,eAAe,CAAC,gBAAS,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,iBAAO,IAAI,CAAE,CAAC;yCACjE,CAAC,EAAA;;oCAZF,4IAA4I;oCAC5I,+JAA+J;oCAC/J,SAUE,CAAC;oCAGyD,qBAAM,MAAM,CAAC,eAAe,CAAC,6FAE3C,IAAI,0OAMkC,IAAI,aACvF,CAAC,EAAA;;oCATI,SAAS,GAA6C,SAS1D;oCAEI,QAAQ,GAAG,SAAS,CAAC,MAAM,CAAC,UAAC,EAAY;4CAAV,QAAQ,cAAA;wCAAO,OAAA,CAAC,QAAQ,CAAC,QAAQ,CAAC,QAAQ,CAAC;oCAA5B,CAA4B,CAAC,CAAC,GAAG,CAAC,UAAC,EAAY;4CAAV,QAAQ,cAAA;wCAAO,OAAA,QAAQ;oCAAR,CAAQ,CAAC,CAAC;yCAC9G,QAAQ,CAAC,MAAM,EAAf,wBAAe;oCAClB,0CAA0C;oCAC1C,qBAAM,MAAM,CAAC,iBAAiB,CAAC,iBAAU,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,mBAAS,IAAI,CAAE,CAAC,EAAA;;oCAD5E,0CAA0C;oCAC1C,SAA4E,CAAC;;;;;;yBAtD7D,KAAK;;;;;;;;;;;kDAAZ,GAAG;;;;;;;;;;;CAyDd,CAAC;AA3KW,QAAA,WAAW,eA2KtB;AA2BK,IAAM,KAAK,GAAG,UAAoD,MAAsB;;;;;gBACtF,MAAM,GAA4C,MAAM,OAAlD,EAAE,eAAe,GAA2B,MAAM,gBAAjC,EAAE,QAAQ,GAAiB,MAAM,SAAvB,EAAE,UAAU,GAAK,MAAM,WAAX,CAAY;gBACjE,qBAAM,IAAA,mBAAW,EAAI,EAAE,MAAM,QAAA,EAAE,eAAe,iBAAA,EAAE,QAAQ,UAAA,EAAE,CAAC,EAAA;;gBAA3D,SAA2D,CAAC;gBAC5D,IAAA,uBAAe,EAAC,MAAM,EAAE,UAAU,CAAC,CAAC;;;;KACpC,CAAC;AAJW,QAAA,KAAK,SAIhB"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AACA,iEAA2C;AAC3C,2DAAqC;AACrC,mDAA6B;AAC7B,2DAAqC;AACrC,6CAA4D;AAE5D,IAAM,gBAAgB,GAAG,CAAC,QAAQ,EAAE,QAAQ,EAAE,QAAQ,EAAE,QAAQ,CAAU,CAAC;AA0B3E;;;GAGG;AACH,IAAM,QAAQ,GAAG,UAAC,MAAoB;IACrC,OAAA,MAAM,CAAC,iBAAiB,CAAC,oDAAoD,CAAC;AAA9E,CAA8E,CAAC;AAEhF,kGAAkG;AAClG,IAAM,YAAY,GAAG,UAAC,IAAY,IAAK,OAAA,IAAI,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,cAAc,EAAE,EAAE,CAAC,EAAhE,CAAgE,CAAC;AAEjG,IAAM,iBAAiB,GAAG,UAAC,KAAa,EAAE,OAAe;IAC/D,OAAO,YAAY,CAAC,wBAAiB,KAAK,cAAI,OAAO,UAAO,CAAC,CAAC;AAC/D,CAAC,CAAC;AAFW,QAAA,iBAAiB,qBAE5B;AAEK,IAAM,cAAc,GAAG,UAAC,IAAY;IAC1C,2EAA2E;IAC3E,qDAAqD;IACrD,OAAO,YAAY,CAAC,qBAAc,IAAI,CAAE,CAAC,CAAC;AAC3C,CAAC,CAAC;AAJW,QAAA,cAAc,kBAIzB;AAEF,0GAA0G;AACnG,IAAM,YAAY,GAAG,UAAC,MAAoB,EAAE,UAAwB;IAC1E,IAAM,MAAM,GAAG,MAAM,CAAC,QAAQ,CAAC;QAC9B,IAAI,EAAE,cAAc;QACpB,KAAK,EAAE;YACN,UAAU,EAAE;gBACL,cAAc,YAAC,EAAsB;;wBAApB,KAAK,WAAA,EAAE,IAAI,UAAA,EAAE,KAAK,WAAA;;;;;;;oCACxC,IAAI,CAAC,KAAK,EAAE;wCACX,sBAAO,KAAK,CAAC,IAAI,CAAC,EAAC;qCACnB;oCAEK,GAAG,GAAG,UAAU,EAAE,CAAC;oCAEzB,uDAAuD;oCACvD,IAAI,GAAG,KAAK,IAAI,EAAE;wCACjB,sBAAO,KAAK,CAAC,IAAI,CAAC,EAAC;qCACnB;oCAEO,IAAI,GAAc,GAAG,KAAjB,EAAE,OAAO,GAAK,GAAG,QAAR,CAAS;oCAExB,MAAM,GAAG,IAAA,sBAAc,EAAC,IAAI,CAAC,CAAC;oCAEpC,IAAI,OAAO,EAAE;;4CACZ,KAAgB,KAAA,SAAA,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA,4CAAE;gDAA3B,CAAC;gDACX,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,aAAa,CAAC,EAAE;oDAC5B,MAAM,IAAI,KAAK,CACd,6BAAqB,CAAC,6HAAyH,CAC/I,CAAC;iDACF;gDACD,IAAI,OAAO,OAAO,CAAC,CAAC,CAAC,KAAK,QAAQ,IAAI,OAAO,OAAO,CAAC,CAAC,CAAC,KAAK,QAAQ,EAAE;oDACrE,MAAM,IAAI,KAAK,CAAC,6BAAqB,CAAC,gDAAqC,OAAO,OAAO,CAAC,CAAC,CAAC,CAAE,CAAC,CAAC;iDAChG;6CACD;;;;;;;;;qCACD;;;;oCAGyB,qBAAM,MAAM,CAAC,YAAY;4CACjD,oJAAoJ;4CACpJ,MAAM,CAAC,eAAe,CAAC,mBAAY,MAAM,CAAE,CAAC;kDAEzC,IAAA,oBAAO,EAAC,OAAO,CAAC,CAAC,GAAG,CAAC,UAAC,EAAY;gDAAZ,KAAA,aAAY,EAAX,GAAG,QAAA,EAAE,KAAK,QAAA;4CACnC,OAAO,MAAM,CAAC,SAAS,0GAAA,oBAAqB,EAAG,IAAK,EAAgB,WAAW,KAAnC,GAAG,EAAK,KAAK,CAAC,QAAQ,EAAE,EAAY;wCACjF,CAAC,CAAC,WACC;4CACF,6BAA6B;4CAC7B,8EAA8E;4CAC9E,KAAK,CAAC,IAAI,CAAC;4CACX,iCAAiC;4CACjC,MAAM,CAAC,eAAe,CAAC,eAAe,CAAC;yCACvC,SACA,EAAA;;oCAdI,SAAS,GAAU,SAcvB;oCACI,YAAY,GAAG,SAAS,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;oCAErD,sBAAO,YAAY,EAAC;;;oCAEpB,yDAAyD;oCACzD,IAAI,MAAA,GAAC,CAAC,OAAO,0CAAE,QAAQ,CAAC,sDAAsD,CAAC,EAAE;wCAChF,MAAM,IAAI,KAAK,CAAC,oDAAoD,CAAC,CAAC;qCACtE;oCAED,MAAM,GAAC,CAAC;;;;;iBAET;aACD;SACD;KACD,CAAC,CAAC;IAEH,OAAO,MAAM,CAAC;AACf,CAAC,CAAC;AAnEW,QAAA,YAAY,gBAmEvB;AAEF,IAAM,MAAM,GAAG,UACd,MAAoB,EACpB,KAAa,EACb,QAAgB,EAChB,SAAoB,EACpB,aAAyB;;;;oBAER,qBAAM,IAAA,6BAAe,EAAC,aAAa,EAAE,KAAK,CAAC,EAAA;;gBAAxD,UAAU,GAAG,SAA2C;gBAGtD,UAAU,GAAG,UAAG,QAAQ,YAAS,CAAC;gBACpB,qBAAM,MAAM,CAAC,eAAe,CAAC,wEACU,KAAK,iCAAuB,UAAU,WAChG,CAAC,EAAA;;gBAFI,IAAI,GAAU,SAElB;qBAEE,CAAA,IAAI,CAAC,MAAM,KAAK,CAAC,CAAA,EAAjB,wBAAiB;qBAEhB,CAAA,SAAS,KAAK,QAAQ,CAAA,EAAtB,wBAAsB;gBACzB,qBAAM,MAAM,CAAC,eAAe,CAAC,kCACR,UAAU,8BAAiB,KAAK,oBAAS,SAAS,iBAAO,QAAQ,0BAAgB,UAAU,eAC5G,CAAC,EAAA;;gBAFL,SAEK,CAAC;;oBAEN,qBAAM,MAAM,CAAC,eAAe,CAAC,kCACR,UAAU,8BAAiB,KAAK,oBAAS,SAAS,iBAAO,QAAQ,qBAAW,UAAU,eACvG,CAAC,EAAA;;gBAFL,SAEK,CAAC;;;;qBAEG,CAAA,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,KAAK,UAAU,CAAA,EAA3B,yBAA2B;qBACjC,CAAA,SAAS,KAAK,QAAQ,CAAA,EAAtB,wBAAsB;gBACzB,qBAAM,MAAM,CAAC,eAAe,CAAC,iCACT,UAAU,8BAAiB,KAAK,mBAAQ,QAAQ,0BAAgB,UAAU,eAC1F,CAAC,EAAA;;gBAFL,SAEK,CAAC;;oBAEN,qBAAM,MAAM,CAAC,eAAe,CAAC,iCACT,UAAU,8BAAiB,KAAK,mBAAQ,QAAQ,qBAAW,UAAU,eACrF,CAAC,EAAA;;gBAFL,SAEK,CAAC;;;;;KAGR,CAAC;AAEK,IAAM,WAAW,GAAG,UAA8E,EAUxG;QATA,MAAM,YAAA,EACN,eAAe,qBAAA,EACf,QAAQ,cAAA;;;;;;;;oBAQF,SAAS,GAA8B,EAAE,CAAC;oBAE1C,MAAM,GAAI,MAAc,CAAC,SAAS,CAAC,SAAS,CAAC,MAAM,CAAC,GAAG,CAAC,UAAC,CAAM,IAAK,OAAA,CAAC,CAAC,IAAI,EAAN,CAAM,CAAa,CAAC;oBAC9F,IAAI,eAAe,EAAE;wBACd,IAAI,GAAG,IAAA,uBAAU,EAAC,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,EAAE,MAAM,CAAC,CAAC;wBAC9D,IAAI,IAAI,CAAC,MAAM,EAAE;4BAChB,MAAM,IAAI,KAAK,CAAC,8CAAuC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAE,CAAC,CAAC;yBAC1E;qBACD;;wBACD,KAAoB,WAAA,SAAA,MAAM,CAAA,gFAAE;4BAAjB,KAAK;4BACf,SAAS,CAAC,KAAK,CAAC,GAAG;gCAClB,MAAM,EAAE;oCACP,WAAW,EAAE,iBAAU,KAAK,CAAE;oCAC9B,UAAU,EAAE,MAAM;oCAClB,SAAS,EAAE,QAAQ;oCACnB,KAAK,OAAA;oCACL,IAAI,EAAE,QAAQ;iCACd;gCACD,IAAI,EAAE;oCACL,WAAW,EAAE,eAAQ,KAAK,CAAE;oCAC5B,UAAU,EAAE,MAAM;oCAClB,SAAS,EAAE,QAAQ;oCACnB,KAAK,OAAA;oCACL,IAAI,EAAE,MAAM;iCACZ;gCACD,MAAM,EAAE;oCACP,WAAW,EAAE,iBAAU,KAAK,CAAE;oCAC9B,UAAU,EAAE,MAAM;oCAClB,SAAS,EAAE,QAAQ;oCACnB,KAAK,OAAA;oCACL,IAAI,EAAE,QAAQ;iCACd;gCACD,QAAM,EAAE;oCACP,WAAW,EAAE,iBAAU,KAAK,CAAE;oCAC9B,UAAU,EAAE,MAAM;oCAClB,SAAS,EAAE,QAAQ;oCACnB,KAAK,OAAA;oCACL,IAAI,EAAE,QAAQ;iCACd;6BACD,CAAC;4BACF,IAAI,eAAe,aAAf,eAAe,uBAAf,eAAe,CAAG,KAAK,CAAC,EAAE;gCAC7B,KAAW,OAAO,IAAI,eAAe,CAAC,KAAK,CAAC,EAAE;oCACvC,SAAS,GAAG,MAAA,eAAe,CAAC,KAAK,CAAE,CAAC,OAAyB,CAAC,0CAAE,SAAS,CAAC;oCAChF,IAAI,CAAC,SAAS;wCAAE,SAAS;oCACzB,SAAS,CAAC,KAAK,CAAE,CAAC,OAAyB,CAAC,yBACxC,eAAe,CAAC,KAAK,CAAE,CAAC,OAAO,CAAC,KACnC,SAAS,WAAA,EACT,KAAK,OAAA,EACL,IAAI,EAAE,OAAO,GACb,CAAC;iCACF;6BACD;yBACD;;;;;;;;;oBAEK,KAAK,GAAG,QAAQ,CAAC,SAAc,CAAC,CAAC;yBAInB,SAAS;;;;;;;;;;;oBACtB,KAAK,GAAG,KAAK,CAAC;oBAEpB,qBAAM,MAAM,CAAC,YAAY,CAAC;4BACzB,QAAQ,CAAC,MAAM,CAAC;4BAChB,MAAM,CAAC,eAAe,CAAC,wBAAgB,KAAK,kCAA8B,CAAC;yBAC3E,CAAC,EAAA;;oBAHF,SAGE,CAAC;yBAEgB,SAAS,CAAC,KAA+B,CAAC;;;;;;;;;;;oBACtD,OAAO,GAAG,SAAS,CAAC,KAA+B,CAAE,CAAC,IAAsB,CAAC,CAAC;oBAEpF,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE;wBAClD,MAAM,IAAI,KAAK,CAAC,6BAAsB,OAAO,CAAC,SAAS,CAAE,CAAC,CAAC;qBAC3D;oBAEK,QAAQ,GAAG,IAAA,yBAAiB,EAAC,KAAK,EAAE,IAAI,CAAC,CAAC;oBAEhD,+BAA+B;oBAC/B,qBAAM,MAAM,CAAC,YAAY,CAAC;4BACzB,QAAQ,CAAC,MAAM,CAAC;4BAChB,MAAM,CAAC,eAAe,CAAC,qIAI8C,QAAQ,+CAC7D,QAAQ,6EAKvB,CAAC;4BACF,MAAM,CAAC,eAAe,CAAC,4BACd,OAAO,CAAC,SAAS,mBAAQ,KAAK,mBAAQ,QAAQ,gBACtD,CAAC;yBACF,CAAC,EAAA;;oBAjBF,+BAA+B;oBAC/B,SAgBE,CAAC;yBAEC,OAAO,CAAC,UAAU,EAAlB,wBAAkB;oBACrB,qBAAM,MAAM,CAAC,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,OAAO,CAAC,SAAS,EAAE,OAAO,CAAC,UAAU,CAAC,EAAA;;oBAA5E,SAA4E,CAAC;;;;;;;;;wCAQrE,GAAG;;;;;oCACP,IAAI,GAAG,IAAA,sBAAc,EAAC,GAAG,CAAC,CAAC;oCACjC,qBAAM,MAAM,CAAC,iBAAiB,CAAC,qHAIsC,IAAI,2CACzD,IAAI,yDAKnB,CAAC,EAAA;;oCAVF,SAUE,CAAC;oCAEG,iBAAiB,GAAG,IAAA,oBAAO,EAAC,SAAS,EAAE,UAAC,KAAK,EAAE,SAAS;wCAC7D,OAAO,IAAA,gBAAG,EAAC,KAAK,EAAE,UAAC,OAAO,EAAE,IAAI;4CAC/B,OAAO,IAAA,yBAAiB,EAAC,SAAS,EAAE,IAAI,CAAC,CAAC;wCAC3C,CAAC,CAAC,CAAC;oCACJ,CAAC,CAAC,CAAC;oCACG,aAAa,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC;oCAC3B,QAAQ,GACb,aAAa,KAAK,GAAG;wCACpB,CAAC,CAAC,iBAAiB;wCACnB,CAAC,CAAC,aAAa,CAAC,GAAG,CAAC,UAAC,OAAO,IAAK,OAAA,IAAA,yBAAiB,EAAC,OAAO,CAAC,KAAM,EAAE,OAAO,CAAC,IAAK,CAAC,EAAhD,CAAgD,CAAC,CAAC;oCAErF,4IAA4I;oCAC5I,+JAA+J;oCAC/J,qBAAM,MAAM,CAAC,YAAY,CAAC;4CACzB,QAAQ,CAAC,MAAM,CAAC;4CAChB,MAAM,CAAC,iBAAiB,CAAC,sDAA+C,IAAI,MAAG,CAAC;4CAChF,MAAM,CAAC,iBAAiB,CAAC,mEACyB,IAAI,cACrD,CAAC;4CACF,MAAM,CAAC,iBAAiB,CAAC,kDACQ,IAAI,cACpC,CAAC;4CACF,MAAM,CAAC,eAAe,CAAC,gBAAS,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,iBAAO,IAAI,CAAE,CAAC;yCACjE,CAAC,EAAA;;oCAZF,4IAA4I;oCAC5I,+JAA+J;oCAC/J,SAUE,CAAC;oCAGyD,qBAAM,MAAM,CAAC,eAAe,CAAC,6FAE3C,IAAI,0OAMkC,IAAI,aACvF,CAAC,EAAA;;oCATI,SAAS,GAA6C,SAS1D;oCAEI,QAAQ,GAAG,SAAS,CAAC,MAAM,CAAC,UAAC,EAAY;4CAAV,QAAQ,cAAA;wCAAO,OAAA,CAAC,QAAQ,CAAC,QAAQ,CAAC,QAAQ,CAAC;oCAA5B,CAA4B,CAAC,CAAC,GAAG,CAAC,UAAC,EAAY;4CAAV,QAAQ,cAAA;wCAAO,OAAA,QAAQ;oCAAR,CAAQ,CAAC,CAAC;yCAC9G,QAAQ,CAAC,MAAM,EAAf,wBAAe;oCAClB,0CAA0C;oCAC1C,qBAAM,MAAM,CAAC,iBAAiB,CAAC,iBAAU,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,mBAAS,IAAI,CAAE,CAAC,EAAA;;oCAD5E,0CAA0C;oCAC1C,SAA4E,CAAC;;;;;;yBAtD7D,KAAK;;;;;;;;;;;kDAAZ,GAAG;;;;;;;;;;;CAyDd,CAAC;AA3KW,QAAA,WAAW,eA2KtB;AA8BF;;IAEI;AACG,IAAM,KAAK,GAAG,UAIpB,MAAmC;;;;;gBAE3B,MAAM,GAA4C,MAAM,OAAlD,EAAE,eAAe,GAA2B,MAAM,gBAAjC,EAAE,QAAQ,GAAiB,MAAM,SAAvB,EAAE,UAAU,GAAK,MAAM,WAAX,CAAY;gBACjE,qBAAM,IAAA,mBAAW,EAAI,EAAE,MAAM,QAAA,EAAE,eAAe,iBAAA,EAAE,QAAQ,UAAA,EAAE,CAAC,EAAA;;gBAA3D,SAA2D,CAAC;gBACtD,MAAM,GAAG,IAAA,oBAAY,EAAC,MAAM,EAAE,UAAU,CAAC,CAAC;gBAEhD,sBAAO,MAAM,EAAC;;;KACd,CAAC;AAXW,QAAA,KAAK,SAWhB"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@cerebruminc/yates",
-  "version": "1.1.1",
+  "version": "2.0.0",
   "description": "Role based access control for Prisma Apps",
   "main": "dist/index.js",
   "scripts": {
@@ -29,10 +29,11 @@
     "uuid": "^9.0.0"
   },
   "dependencies": {
+    "@lucianbuzzo/node-sql-parser": "^4.6.6",
     "lodash": "^4.17.21"
   },
   "peerDependencies": {
     "@prisma/client": "^4.0.0",
     "prisma": "^4.9.0"
   }
-}
+}