@cerebruminc/yates 1.2.0 → 2.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +25 -0
- package/README.md +9 -5
- package/dist/expressions.d.ts +1 -1
- package/dist/expressions.js +8 -0
- package/dist/expressions.js.map +1 -1
- package/dist/index.d.ts +25 -12
- package/dist/index.js +87 -94
- package/dist/index.js.map +1 -1
- package/package.json +1 -1
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,30 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
|
|
3
|
+
## [2.0.1](https://github.com/cerebruminc/yates/compare/v2.0.0...v2.0.1) (2023-02-28)
|
|
4
|
+
|
|
5
|
+
|
|
6
|
+
### Bug Fixes
|
|
7
|
+
|
|
8
|
+
* Fix broken formatting in README code blocks ([50434d7](https://github.com/cerebruminc/yates/commit/50434d7513e29f000a3b7ec22619da3b496e56c4))
|
|
9
|
+
* Improve error message thrown when an operation fails ([5b117c5](https://github.com/cerebruminc/yates/commit/5b117c5a5a3299bd5b2d7a21faded47df3ab288d))
|
|
10
|
+
|
|
11
|
+
## [2.0.0](https://github.com/cerebruminc/yates/compare/v1.2.0...v2.0.0) (2023-02-22)
|
|
12
|
+
|
|
13
|
+
|
|
14
|
+
### ⚠ BREAKING CHANGES
|
|
15
|
+
|
|
16
|
+
* Use client extensions instead of middleware
|
|
17
|
+
|
|
18
|
+
### Features
|
|
19
|
+
|
|
20
|
+
* Use client extensions instead of middleware ([f3fa1a3](https://github.com/cerebruminc/yates/commit/f3fa1a3d187d62031e2124d023ba726e7b810e39))
|
|
21
|
+
|
|
22
|
+
|
|
23
|
+
### Bug Fixes
|
|
24
|
+
|
|
25
|
+
* Explicity disconnect expression Prisma client ([ccceaa3](https://github.com/cerebruminc/yates/commit/ccceaa3f3baab26251b00b631962ae633deea714))
|
|
26
|
+
* Strongly type context values in expressions ([ec5e266](https://github.com/cerebruminc/yates/commit/ec5e2668a0ba776ed4319ade0940cd2f8dc9cbed))
|
|
27
|
+
|
|
3
28
|
## [1.2.0](https://github.com/cerebruminc/yates/compare/v1.1.1...v1.2.0) (2023-02-20)
|
|
4
29
|
|
|
5
30
|
|
package/README.md
CHANGED
|
@@ -20,9 +20,9 @@ It uses the [Row Level Security](https://www.postgresql.org/docs/9.5/ddl-rowsecu
|
|
|
20
20
|
|
|
21
21
|
## Prerequisites
|
|
22
22
|
|
|
23
|
-
Yates requires the `prisma` package ate version 4.9.0 or greater and the `@prisma/client` package at version 4.0.0 or greater. Additionally it makes use of the [Prisma Client extensions](https://www.prisma.io/docs/concepts/components/prisma-client/client-extensions) preview feature to generate rules, so you will need to enable this feature in your Prisma schema.
|
|
23
|
+
Yates requires the `prisma` package ate version 4.9.0 or greater and the `@prisma/client` package at version 4.0.0 or greater. Additionally it makes use of the [Prisma Client extensions](https://www.prisma.io/docs/concepts/components/prisma-client/client-extensions) preview feature to generate rules and add RLS checking, so you will need to enable this feature in your Prisma schema.
|
|
24
24
|
|
|
25
|
-
|
|
25
|
+
```prisma
|
|
26
26
|
generator client {
|
|
27
27
|
provider = "prisma-client-js"
|
|
28
28
|
previewFeatures = ["clientExtensions"]
|
|
@@ -33,11 +33,14 @@ generator client {
|
|
|
33
33
|
|
|
34
34
|
```bash
|
|
35
35
|
npm i @cerebruminc/yates
|
|
36
|
-
|
|
36
|
+
```
|
|
37
37
|
|
|
38
38
|
## Usage
|
|
39
39
|
|
|
40
|
-
Once you've installed Yates, you can use it in your Prisma project by importing it and calling the `setup` function. This function takes a Prisma Client instance and a configuration object as arguments
|
|
40
|
+
Once you've installed Yates, you can use it in your Prisma project by importing it and calling the `setup` function. This function takes a Prisma Client instance and a configuration object as arguments and returns a client that can intercept all queries and apply the appropriate row level security policies to them.
|
|
41
|
+
Yates uses client extensions to generate the RLS rules and add the RLS checking to the Prisma Client queries. This means that you can use the Prisma Client as you normally would, and Yates will automatically apply the appropriate RLS policies to each query. It also means that you will need to apply your middleware _before_ creating the Yates client, as middleware cannot be applied to an extended client.
|
|
42
|
+
Client extensions share the same API as the Prisma Client, you can use the Yates client as a drop-in replacement for the Prisma Client in your application.
|
|
43
|
+
Client extensions also share the same connection pool as the base client, which means that you can freely create new Yates clients with minimal performance impact.
|
|
41
44
|
|
|
42
45
|
The `setup` function will generate CRUD abilities for each model in your Prisma schema, as well as any additional abilities that you have defined in your configuration. It will then create a new PG role for each ability and apply the appropriate row level security policies to each role. Finally, it will create a new PG role for each user role you specify and grant them the appropriate abilities.
|
|
43
46
|
For Yates to be able to set the correct user role for each request, you must pass a function called `getContext` in the `setup` configuration that will return the user role for the current request. This function will be called for each request and the user role returned will be used to set the `role` in the current session. If you want to bypass RLS completely for a specific role, you can return `null` from the `getContext` function for that role.
|
|
@@ -50,7 +53,7 @@ import { PrismaClient } from "@prisma/client";
|
|
|
50
53
|
|
|
51
54
|
const prisma = new PrismaClient();
|
|
52
55
|
|
|
53
|
-
await setup({
|
|
56
|
+
const client = await setup({
|
|
54
57
|
prisma,
|
|
55
58
|
// Define any custom abilities that you want to add to the system.
|
|
56
59
|
customAbilities: () => ({
|
|
@@ -126,6 +129,7 @@ await setup({
|
|
|
126
129
|
},
|
|
127
130
|
};
|
|
128
131
|
},
|
|
132
|
+
});
|
|
129
133
|
```
|
|
130
134
|
|
|
131
135
|
## Configuration
|
package/dist/expressions.d.ts
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { PrismaClient } from "@prisma/client";
|
|
2
|
-
export type Expression = string | ((client: PrismaClient, row: (col: string) => any, context: (key:
|
|
2
|
+
export type Expression<ContextKeys extends string = string> = string | ((client: PrismaClient, row: (col: string) => any, context: (key: ContextKeys) => string) => Promise<any> | {
|
|
3
3
|
[col: string]: any;
|
|
4
4
|
});
|
|
5
5
|
export declare const expressionToSQL: (getExpression: Expression, table: string) => Promise<string>;
|
package/dist/expressions.js
CHANGED
|
@@ -291,6 +291,14 @@ var expressionToSQL = function (getExpression, table) { return __awaiter(void 0,
|
|
|
291
291
|
}); })];
|
|
292
292
|
case 1:
|
|
293
293
|
sql = _a.sent();
|
|
294
|
+
// Close the client
|
|
295
|
+
return [4 /*yield*/, expressionClient.$disconnect()];
|
|
296
|
+
case 2:
|
|
297
|
+
// Close the client
|
|
298
|
+
_a.sent();
|
|
299
|
+
return [4 /*yield*/, baseClient.$disconnect()];
|
|
300
|
+
case 3:
|
|
301
|
+
_a.sent();
|
|
294
302
|
return [2 /*return*/, sql];
|
|
295
303
|
}
|
|
296
304
|
});
|
package/dist/expressions.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"expressions.js","sourceRoot":"","sources":["../src/expressions.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,yCAAsD;AAEtD,yDAAmC;AACnC,2DAAqC;AACrC,gEAAsD;AACtD,mCAA2D;AAE3D,IAAM,oBAAoB,GAAG,CAAC,KAAK,EAAE,QAAQ,EAAE,OAAO,EAAE,SAAS,CAAC,CAAC;AAEnE,IAAM,QAAQ,GAAG,UAAC,GAAQ,EAAE,MAAW;IACtC,IAAM,OAAO,GAAG,IAAA,oBAAO,EAAC,MAAM,CAAC,CAAC;IAChC,KAAK,IAAM,GAAG,IAAI,GAAG,EAAE;QACtB,IAAI,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE;YACtB,OAAO,GAAG,CAAC,GAAG,CAAC,CAAC;SAChB;aAAM,IAAI,OAAO,GAAG,CAAC,GAAG,CAAC,KAAK,QAAQ,EAAE;YACxC,IAAM,MAAM,GAAG,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,MAAM,CAAC,CAAC;YAC1C,IAAI,MAAM,EAAE;gBACX,OAAO,MAAM,CAAC;aACd;SACD;KACD;AACF,CAAC,CAAC;AAgBF,IAAM,iBAAiB,GAAG,UAAC,GAAW,IAAK,OAAA,uBAAgB,GAAG,CAAE,EAArB,CAAqB,CAAC;AACjE,IAAM,iBAAiB,GAAG,UAAC,OAAe,IAAK,OAAA,2BAAoB,OAAO,CAAE,EAA7B,CAA6B,CAAC;AAC7E,sDAAsD;AACtD,IAAM,iBAAiB,GAAG,cAAM,OAAA,IAAA,mBAAM,EAAC,UAAU,EAAE,UAAU,CAAC,EAA9B,CAA8B,CAAC;AAE/D,IAAM,eAAe,GAAG,UAAC,MAAoB,EAAE,KAAa,EAAE,KAAa;IAC1E,IAAM,SAAS,GAAI,MAAc,CAAC,SAAS,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,UAAC,CAAM,IAAK,OAAA,CAAC,CAAC,IAAI,KAAK,KAAK,EAAhB,CAAgB,CAAC,CAAC;IAChG,IAAI,CAAC,SAAS,EAAE;QACf,MAAM,IAAI,KAAK,CAAC,sEAA+D,KAAK,MAAG,CAAC,CAAC;KACzF;IACD,IAAM,SAAS,GAAG,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,UAAC,CAAM,IAAK,OAAA,CAAC,CAAC,IAAI,KAAK,KAAK,EAAhB,CAAgB,CAAC,CAAC;IAEtE,OAAO,SAAS,CAAC;AAClB,CAAC,CAAC;AAEF,mGAAmG;AACnG,iFAAiF;AACjF,IAAM,uBAAuB,GAAG;AAC/B,4CAA4C;AAC5C,MAAoB;AACpB,kDAAkD;AAClD,KAAsB;AACtB,yDAAyD;AACzD,KAAa;AACb,gDAAgD;AAChD,KAAa;AACb,iDAAiD;AACjD,MAAmB;IAAnB,uBAAA,EAAA,WAAmB;IAKnB,KAAK,IAAM,KAAK,IAAI,KAAK,EAAE;QAC1B,8EAA8E;QAC9E,IAAM,SAAS,GAAG,eAAe,CAAC,MAAM,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC;QACxD,IAAI,GAAG,SAAQ,CAAC;QAEhB,gEAAgE;QAChE,GAAG;YACF,GAAG,GAAG,iBAAiB,EAAE,CAAC;SAC1B,QAAQ,MAAM,CAAC,GAAG,CAAC,EAAE;QAEtB,IAAI,WAAW,GAAG,EAAE,CAAC;QAErB,IAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC;QAC3B,IAAM,SAAS,GAAG,oBAAoB,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;QAChE,IAAM,YAAY,GAAG,OAAO,KAAK,KAAK,QAAQ,IAAI,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;QAClF,IAAM,SAAS,GAAG,OAAO,KAAK,KAAK,QAAQ,IAAI,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAC;QAEnF,QAAQ,IAAI,EAAE;YACb,KAAK,YAAY;gBAChB,kEAAkE;gBAClE,IAAM,MAAM,GAAG,KAAK,CAAC,OAAO,CAAC,gBAAgB,EAAE,EAAE,CAAC,CAAC;gBACnD,IAAI,CAAC,eAAe,CAAC,MAAM,EAAE,KAAK,EAAE,MAAM,CAAC,EAAE;oBAC5C,MAAM,IAAI,KAAK,CAAC,+BAAuB,MAAM,OAAG,CAAC,CAAC;iBAClD;gBACD,WAAW,GAAG;oBACb,IAAI,EAAE,YAAY;oBAClB,MAAM,EAAE,QAAQ;oBAChB,KAAK,EAAE,KAAK;oBACZ,MAAM,EAAE,MAAM;iBACd,CAAC;gBACF,MAAM;YAEP,KAAK,SAAS,IAAI,SAAS;gBAC1B,WAAW,GAAG;oBACb,EAAE,EAAE,IAAI;oBACR,IAAI,EAAE,MAAM;oBACZ,IAAI,EAAE;wBACL,IAAI,EAAE,UAAU;wBAChB,IAAI,EAAE,iBAAiB;wBACvB,IAAI,EAAE;4BACL,IAAI,EAAE,WAAW;4BACjB,KAAK,EAAE;gCACN;oCACC,IAAI,EAAE,WAAW;oCACjB,KAAK,EAAE,IAAA,sBAAa,EAAC,KAAK,CAAC,OAAO,CAAC,oBAAoB,EAAE,EAAE,CAAC,CAAC;iCAC7D;6BACD;yBACD;qBACD;oBACD,MAAM,EAAE,IAAI;oBACZ,MAAM,EAAE;wBACP,QAAQ,EAAE,OAAO;wBACjB,MAAM,EAAE,EAAE;qBACV;iBACD,CAAC;gBACF,MAAM;YAEP,KAAK,SAAS,IAAI,CAAC,SAAS;gBAC3B,WAAW,GAAG;oBACb,IAAI,EAAE,UAAU;oBAChB,IAAI,EAAE,iBAAiB;oBACvB,IAAI,EAAE;wBACL,IAAI,EAAE,WAAW;wBACjB,KAAK,EAAE;4BACN;gCACC,IAAI,EAAE,WAAW;gCACjB,KAAK,EAAE,IAAA,sBAAa,EAAC,KAAK,CAAC,OAAO,CAAC,oBAAoB,EAAE,EAAE,CAAC,CAAC;6BAC7D;yBACD;qBACD;iBACD,CAAC;gBACF,MAAM;YAEP,KAAK,SAAS;gBACb,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE;oBAC9B,MAAM,IAAI,KAAK,CACd,2EAAoE,KAAK,2BAAiB,KAAK,MAAG,CAClG,CAAC;iBACF;gBACD,WAAW,GAAG;oBACb,IAAI,EAAE,QAAQ;oBACd,KAAK,OAAA;iBACL,CAAC;gBACF,MAAM;YAEP,yCAAyC;YACzC;gBACC,WAAW,GAAG;oBACb,IAAI,EAAE,WAAW;oBACjB,KAAK,EAAE,IAAA,sBAAa,EAAC,KAAK,CAAC;iBAC3B,CAAC;gBACF,MAAM;SACP;QAED,MAAM,CAAC,GAAG,CAAC,GAAG;YACb,WAAW,aAAA;SACX,CAAC;QAEF,KAAK,CAAC,KAAK,CAAC,GAAG,SAAS,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,UAAG,GAAG,CAAE,CAAC;KAC1C;IAED,OAAO;QACN,MAAM,QAAA;QACN,KAAK,OAAA;KACL,CAAC;AACH,CAAC,CAAC;AAEK,IAAM,eAAe,GAAG,UAAO,aAAyB,EAAE,KAAa;;;;;gBAC7E,IAAI,OAAO,aAAa,KAAK,QAAQ,EAAE;oBACtC,sBAAO,aAAa,EAAC;iBACrB;gBAEK,UAAU,GAAG,IAAI,qBAAY,CAAC;oBACnC,GAAG,EAAE,CAAC,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;iBACxC,CAAC,CAAC;gBAEG,MAAM,GAAW,EAAE,CAAC;gBAOpB,gBAAgB,GAAG,UAAU,CAAC,QAAQ,CAAC;oBAC5C,IAAI,EAAE,kBAAkB;oBACxB,KAAK,EAAE;wBACN,UAAU,EAAE;4BACX,cAAc,YAAC,EAAiC;oCAA/B,KAAK,WAAA,EAAE,SAAS,eAAA,EAAE,IAAI,UAAA,EAAE,KAAK,WAAA;gCAC7C,iCAAiC;gCACjC,IAAI,SAAS,KAAK,WAAW,IAAI,SAAS,KAAK,YAAY,EAAE;oCAC5D,MAAM,IAAI,KAAK,CAAC,uEAAuE,CAAC,CAAC;iCACzF;gCAED,IAAI,OAAO,IAAI,IAAI,IAAI,IAAI,CAAC,KAAK,EAAE;oCAC1B,IAAA,KAAK,GAAK,uBAAuB,CAAC,UAAU,EAAE,IAAI,CAAC,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,CAAC,MAA1E,CAA2E;oCACxF,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;iCACnB;gCAED,OAAO,KAAK,CAAC,IAAI,CAAC,CAAC;4BACpB,CAAC;yBACD;qBACD;iBACD,CAAC,CAAC;gBAES,qBAAM,IAAI,OAAO;oBAC5B,qEAAqE;oBACrE,UAAO,OAAO,EAAE,MAAM;;;;;oCACf,aAAa,GAAG,aAAa,CAClC,gBAAuC,EACvC,iBAAiB,EACjB,iBAAiB,CACjB,CAAC;oCAGI,WAAW,GAAG,OAAO,aAAa,KAAK,QAAQ,IAAI,OAAO,aAAa,CAAC,IAAI,KAAK,UAAU,CAAC;oCAElG,gBAAgB,CAAC,GAAG,CAAC,OAAO,EAAE,UAAC,CAAC;wCAC/B,IAAI;4CACH,IAAM,MAAM,GAAG,IAAI,wBAAM,EAAE,CAAC;4CAC5B,8BAA8B;4CAC9B,IAAM,GAAG,GAAQ,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,EAAE;gDACvC,QAAQ,EAAE,YAAY;6CACtB,CAAC,CAAC;4CAEH,IAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;4CAEpC,2FAA2F;4CAC3F,GAAG,CAAC,KAAK,GAAG,EAAE,SAAS,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC;4CAErE,0FAA0F;4CAC1F,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE;gDACvC,IAAI,KAAK,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;gDACtB,IAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;gDAE5B,IAAI,CAAC,KAAK,EAAE;oDACX,SAAS;iDACT;gDAED,IAAM,sBAAsB,GAAG,QAAQ,CAAC,GAAG,EAAE;oDAC5C,KAAK,EAAE;wDACN,IAAI,EAAE,QAAQ;wDACd,KAAK,EAAE,WAAI,CAAC,GAAG,CAAC,CAAE;qDAClB;iDACD,CAAC,CAAC;gDAEH,IAAI,CAAC,sBAAsB,EAAE;oDAC5B,SAAS;iDACT;gDAED,sBAAsB,CAAC,KAAK,GAAG,KAAK,CAAC,WAAW,CAAC;6CACjD;4CAED,IAAI,WAAW,EAAE;gDAChB,+GAA+G;gDAC/G,IAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,GAAG,EAAE;oDACpC,QAAQ,EAAE,YAAY;iDACtB,CAAC,CAAC;gDACH,OAAO,CAAC,iBAAU,SAAS,MAAG,CAAC,CAAC;6CAChC;iDAAM;gDACN,kHAAkH;gDAClH,IAAM,KAAK,GAAG,MAAM,CAAC,SAAS,CAAC,GAAG,CAAC,KAAK,EAAE;oDACzC,QAAQ,EAAE,YAAY;iDACtB,CAAC,CAAC;gDAEH,OAAO,CAAC,KAAK,CAAC,CAAC;6CACf;yCACD;wCAAC,OAAO,KAAK,EAAE;4CACf,MAAM,CAAC,KAAK,CAAC,CAAC;yCACd;oCACF,CAAC,CAAC,CAAC;;;;yCAIE,WAAW,EAAX,wBAAW;oCACd,qBAAM,aAAa,EAAA;;oCAAnB,SAAmB,CAAC;;wCAEpB,qBAAO,gBAAwB,CAAC,KAAK,CAAC,CAAC,SAAS,CAAC;wCAChD,KAAK,EAAE,aAAa;qCACpB,CAAC,EAAA;;oCAFF,SAEE,CAAC;;;;;oCAGJ,MAAM,CAAC,OAAK,CAAC,CAAC;;;;;yBAEf,CACD,EAAA;;gBAhFK,GAAG,GAAG,SAgFX;gBAED,sBAAO,GAAG,EAAC;;;KACX,CAAC;
|
|
1
|
+
{"version":3,"file":"expressions.js","sourceRoot":"","sources":["../src/expressions.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,yCAAsD;AAEtD,yDAAmC;AACnC,2DAAqC;AACrC,gEAAsD;AACtD,mCAA2D;AAE3D,IAAM,oBAAoB,GAAG,CAAC,KAAK,EAAE,QAAQ,EAAE,OAAO,EAAE,SAAS,CAAC,CAAC;AAEnE,IAAM,QAAQ,GAAG,UAAC,GAAQ,EAAE,MAAW;IACtC,IAAM,OAAO,GAAG,IAAA,oBAAO,EAAC,MAAM,CAAC,CAAC;IAChC,KAAK,IAAM,GAAG,IAAI,GAAG,EAAE;QACtB,IAAI,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE;YACtB,OAAO,GAAG,CAAC,GAAG,CAAC,CAAC;SAChB;aAAM,IAAI,OAAO,GAAG,CAAC,GAAG,CAAC,KAAK,QAAQ,EAAE;YACxC,IAAM,MAAM,GAAG,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,MAAM,CAAC,CAAC;YAC1C,IAAI,MAAM,EAAE;gBACX,OAAO,MAAM,CAAC;aACd;SACD;KACD;AACF,CAAC,CAAC;AAgBF,IAAM,iBAAiB,GAAG,UAAC,GAAW,IAAK,OAAA,uBAAgB,GAAG,CAAE,EAArB,CAAqB,CAAC;AACjE,IAAM,iBAAiB,GAAG,UAAC,OAAe,IAAK,OAAA,2BAAoB,OAAO,CAAE,EAA7B,CAA6B,CAAC;AAC7E,sDAAsD;AACtD,IAAM,iBAAiB,GAAG,cAAM,OAAA,IAAA,mBAAM,EAAC,UAAU,EAAE,UAAU,CAAC,EAA9B,CAA8B,CAAC;AAE/D,IAAM,eAAe,GAAG,UAAC,MAAoB,EAAE,KAAa,EAAE,KAAa;IAC1E,IAAM,SAAS,GAAI,MAAc,CAAC,SAAS,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,UAAC,CAAM,IAAK,OAAA,CAAC,CAAC,IAAI,KAAK,KAAK,EAAhB,CAAgB,CAAC,CAAC;IAChG,IAAI,CAAC,SAAS,EAAE;QACf,MAAM,IAAI,KAAK,CAAC,sEAA+D,KAAK,MAAG,CAAC,CAAC;KACzF;IACD,IAAM,SAAS,GAAG,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,UAAC,CAAM,IAAK,OAAA,CAAC,CAAC,IAAI,KAAK,KAAK,EAAhB,CAAgB,CAAC,CAAC;IAEtE,OAAO,SAAS,CAAC;AAClB,CAAC,CAAC;AAEF,mGAAmG;AACnG,iFAAiF;AACjF,IAAM,uBAAuB,GAAG;AAC/B,4CAA4C;AAC5C,MAAoB;AACpB,kDAAkD;AAClD,KAAsB;AACtB,yDAAyD;AACzD,KAAa;AACb,gDAAgD;AAChD,KAAa;AACb,iDAAiD;AACjD,MAAmB;IAAnB,uBAAA,EAAA,WAAmB;IAKnB,KAAK,IAAM,KAAK,IAAI,KAAK,EAAE;QAC1B,8EAA8E;QAC9E,IAAM,SAAS,GAAG,eAAe,CAAC,MAAM,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC;QACxD,IAAI,GAAG,SAAQ,CAAC;QAEhB,gEAAgE;QAChE,GAAG;YACF,GAAG,GAAG,iBAAiB,EAAE,CAAC;SAC1B,QAAQ,MAAM,CAAC,GAAG,CAAC,EAAE;QAEtB,IAAI,WAAW,GAAG,EAAE,CAAC;QAErB,IAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC;QAC3B,IAAM,SAAS,GAAG,oBAAoB,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;QAChE,IAAM,YAAY,GAAG,OAAO,KAAK,KAAK,QAAQ,IAAI,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;QAClF,IAAM,SAAS,GAAG,OAAO,KAAK,KAAK,QAAQ,IAAI,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAC;QAEnF,QAAQ,IAAI,EAAE;YACb,KAAK,YAAY;gBAChB,kEAAkE;gBAClE,IAAM,MAAM,GAAG,KAAK,CAAC,OAAO,CAAC,gBAAgB,EAAE,EAAE,CAAC,CAAC;gBACnD,IAAI,CAAC,eAAe,CAAC,MAAM,EAAE,KAAK,EAAE,MAAM,CAAC,EAAE;oBAC5C,MAAM,IAAI,KAAK,CAAC,+BAAuB,MAAM,OAAG,CAAC,CAAC;iBAClD;gBACD,WAAW,GAAG;oBACb,IAAI,EAAE,YAAY;oBAClB,MAAM,EAAE,QAAQ;oBAChB,KAAK,EAAE,KAAK;oBACZ,MAAM,EAAE,MAAM;iBACd,CAAC;gBACF,MAAM;YAEP,KAAK,SAAS,IAAI,SAAS;gBAC1B,WAAW,GAAG;oBACb,EAAE,EAAE,IAAI;oBACR,IAAI,EAAE,MAAM;oBACZ,IAAI,EAAE;wBACL,IAAI,EAAE,UAAU;wBAChB,IAAI,EAAE,iBAAiB;wBACvB,IAAI,EAAE;4BACL,IAAI,EAAE,WAAW;4BACjB,KAAK,EAAE;gCACN;oCACC,IAAI,EAAE,WAAW;oCACjB,KAAK,EAAE,IAAA,sBAAa,EAAC,KAAK,CAAC,OAAO,CAAC,oBAAoB,EAAE,EAAE,CAAC,CAAC;iCAC7D;6BACD;yBACD;qBACD;oBACD,MAAM,EAAE,IAAI;oBACZ,MAAM,EAAE;wBACP,QAAQ,EAAE,OAAO;wBACjB,MAAM,EAAE,EAAE;qBACV;iBACD,CAAC;gBACF,MAAM;YAEP,KAAK,SAAS,IAAI,CAAC,SAAS;gBAC3B,WAAW,GAAG;oBACb,IAAI,EAAE,UAAU;oBAChB,IAAI,EAAE,iBAAiB;oBACvB,IAAI,EAAE;wBACL,IAAI,EAAE,WAAW;wBACjB,KAAK,EAAE;4BACN;gCACC,IAAI,EAAE,WAAW;gCACjB,KAAK,EAAE,IAAA,sBAAa,EAAC,KAAK,CAAC,OAAO,CAAC,oBAAoB,EAAE,EAAE,CAAC,CAAC;6BAC7D;yBACD;qBACD;iBACD,CAAC;gBACF,MAAM;YAEP,KAAK,SAAS;gBACb,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE;oBAC9B,MAAM,IAAI,KAAK,CACd,2EAAoE,KAAK,2BAAiB,KAAK,MAAG,CAClG,CAAC;iBACF;gBACD,WAAW,GAAG;oBACb,IAAI,EAAE,QAAQ;oBACd,KAAK,OAAA;iBACL,CAAC;gBACF,MAAM;YAEP,yCAAyC;YACzC;gBACC,WAAW,GAAG;oBACb,IAAI,EAAE,WAAW;oBACjB,KAAK,EAAE,IAAA,sBAAa,EAAC,KAAK,CAAC;iBAC3B,CAAC;gBACF,MAAM;SACP;QAED,MAAM,CAAC,GAAG,CAAC,GAAG;YACb,WAAW,aAAA;SACX,CAAC;QAEF,KAAK,CAAC,KAAK,CAAC,GAAG,SAAS,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,UAAG,GAAG,CAAE,CAAC;KAC1C;IAED,OAAO;QACN,MAAM,QAAA;QACN,KAAK,OAAA;KACL,CAAC;AACH,CAAC,CAAC;AAEK,IAAM,eAAe,GAAG,UAAO,aAAyB,EAAE,KAAa;;;;;gBAC7E,IAAI,OAAO,aAAa,KAAK,QAAQ,EAAE;oBACtC,sBAAO,aAAa,EAAC;iBACrB;gBAEK,UAAU,GAAG,IAAI,qBAAY,CAAC;oBACnC,GAAG,EAAE,CAAC,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;iBACxC,CAAC,CAAC;gBAEG,MAAM,GAAW,EAAE,CAAC;gBAOpB,gBAAgB,GAAG,UAAU,CAAC,QAAQ,CAAC;oBAC5C,IAAI,EAAE,kBAAkB;oBACxB,KAAK,EAAE;wBACN,UAAU,EAAE;4BACX,cAAc,YAAC,EAAiC;oCAA/B,KAAK,WAAA,EAAE,SAAS,eAAA,EAAE,IAAI,UAAA,EAAE,KAAK,WAAA;gCAC7C,iCAAiC;gCACjC,IAAI,SAAS,KAAK,WAAW,IAAI,SAAS,KAAK,YAAY,EAAE;oCAC5D,MAAM,IAAI,KAAK,CAAC,uEAAuE,CAAC,CAAC;iCACzF;gCAED,IAAI,OAAO,IAAI,IAAI,IAAI,IAAI,CAAC,KAAK,EAAE;oCAC1B,IAAA,KAAK,GAAK,uBAAuB,CAAC,UAAU,EAAE,IAAI,CAAC,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,CAAC,MAA1E,CAA2E;oCACxF,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;iCACnB;gCAED,OAAO,KAAK,CAAC,IAAI,CAAC,CAAC;4BACpB,CAAC;yBACD;qBACD;iBACD,CAAC,CAAC;gBAES,qBAAM,IAAI,OAAO;oBAC5B,qEAAqE;oBACrE,UAAO,OAAO,EAAE,MAAM;;;;;oCACf,aAAa,GAAG,aAAa,CAClC,gBAAuC,EACvC,iBAAiB,EACjB,iBAAiB,CACjB,CAAC;oCAGI,WAAW,GAAG,OAAO,aAAa,KAAK,QAAQ,IAAI,OAAO,aAAa,CAAC,IAAI,KAAK,UAAU,CAAC;oCAElG,gBAAgB,CAAC,GAAG,CAAC,OAAO,EAAE,UAAC,CAAC;wCAC/B,IAAI;4CACH,IAAM,MAAM,GAAG,IAAI,wBAAM,EAAE,CAAC;4CAC5B,8BAA8B;4CAC9B,IAAM,GAAG,GAAQ,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,EAAE;gDACvC,QAAQ,EAAE,YAAY;6CACtB,CAAC,CAAC;4CAEH,IAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;4CAEpC,2FAA2F;4CAC3F,GAAG,CAAC,KAAK,GAAG,EAAE,SAAS,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC;4CAErE,0FAA0F;4CAC1F,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE;gDACvC,IAAI,KAAK,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;gDACtB,IAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;gDAE5B,IAAI,CAAC,KAAK,EAAE;oDACX,SAAS;iDACT;gDAED,IAAM,sBAAsB,GAAG,QAAQ,CAAC,GAAG,EAAE;oDAC5C,KAAK,EAAE;wDACN,IAAI,EAAE,QAAQ;wDACd,KAAK,EAAE,WAAI,CAAC,GAAG,CAAC,CAAE;qDAClB;iDACD,CAAC,CAAC;gDAEH,IAAI,CAAC,sBAAsB,EAAE;oDAC5B,SAAS;iDACT;gDAED,sBAAsB,CAAC,KAAK,GAAG,KAAK,CAAC,WAAW,CAAC;6CACjD;4CAED,IAAI,WAAW,EAAE;gDAChB,+GAA+G;gDAC/G,IAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,GAAG,EAAE;oDACpC,QAAQ,EAAE,YAAY;iDACtB,CAAC,CAAC;gDACH,OAAO,CAAC,iBAAU,SAAS,MAAG,CAAC,CAAC;6CAChC;iDAAM;gDACN,kHAAkH;gDAClH,IAAM,KAAK,GAAG,MAAM,CAAC,SAAS,CAAC,GAAG,CAAC,KAAK,EAAE;oDACzC,QAAQ,EAAE,YAAY;iDACtB,CAAC,CAAC;gDAEH,OAAO,CAAC,KAAK,CAAC,CAAC;6CACf;yCACD;wCAAC,OAAO,KAAK,EAAE;4CACf,MAAM,CAAC,KAAK,CAAC,CAAC;yCACd;oCACF,CAAC,CAAC,CAAC;;;;yCAIE,WAAW,EAAX,wBAAW;oCACd,qBAAM,aAAa,EAAA;;oCAAnB,SAAmB,CAAC;;wCAEpB,qBAAO,gBAAwB,CAAC,KAAK,CAAC,CAAC,SAAS,CAAC;wCAChD,KAAK,EAAE,aAAa;qCACpB,CAAC,EAAA;;oCAFF,SAEE,CAAC;;;;;oCAGJ,MAAM,CAAC,OAAK,CAAC,CAAC;;;;;yBAEf,CACD,EAAA;;gBAhFK,GAAG,GAAG,SAgFX;gBAED,mBAAmB;gBACnB,qBAAM,gBAAgB,CAAC,WAAW,EAAE,EAAA;;gBADpC,mBAAmB;gBACnB,SAAoC,CAAC;gBACrC,qBAAM,UAAU,CAAC,WAAW,EAAE,EAAA;;gBAA9B,SAA8B,CAAC;gBAE/B,sBAAO,GAAG,EAAC;;;KACX,CAAC;AA5HW,QAAA,eAAe,mBA4H1B"}
|
package/dist/index.d.ts
CHANGED
|
@@ -3,9 +3,9 @@ import { Expression } from "./expressions";
|
|
|
3
3
|
declare const VALID_OPERATIONS: readonly ["SELECT", "UPDATE", "INSERT", "DELETE"];
|
|
4
4
|
type Operation = typeof VALID_OPERATIONS[number];
|
|
5
5
|
export type Models = Prisma.ModelName;
|
|
6
|
-
export interface Ability {
|
|
6
|
+
export interface Ability<ContextKeys extends string = string> {
|
|
7
7
|
description?: string;
|
|
8
|
-
expression?: Expression
|
|
8
|
+
expression?: Expression<ContextKeys>;
|
|
9
9
|
operation: Operation;
|
|
10
10
|
model?: Models;
|
|
11
11
|
slug?: string;
|
|
@@ -16,28 +16,33 @@ export type DefaultAbilities = {
|
|
|
16
16
|
[op in CRUDOperations]: Ability;
|
|
17
17
|
};
|
|
18
18
|
};
|
|
19
|
-
export type CustomAbilities = {
|
|
19
|
+
export type CustomAbilities<ContextKeys extends string = string> = {
|
|
20
20
|
[model in Models]?: {
|
|
21
|
-
[op in string]?: Ability
|
|
21
|
+
[op in string]?: Ability<ContextKeys>;
|
|
22
22
|
};
|
|
23
23
|
};
|
|
24
|
-
export type GetContextFn = () => {
|
|
24
|
+
export type GetContextFn<ContextKeys extends string = string> = () => {
|
|
25
25
|
role: string;
|
|
26
26
|
context?: {
|
|
27
|
-
[key
|
|
27
|
+
[key in ContextKeys]: string | number | string[];
|
|
28
28
|
};
|
|
29
29
|
} | null;
|
|
30
30
|
export declare const createAbilityName: (model: string, ability: string) => string;
|
|
31
31
|
export declare const createRoleName: (name: string) => string;
|
|
32
|
-
export declare const
|
|
33
|
-
|
|
32
|
+
export declare const createClient: (prisma: PrismaClient, getContext: GetContextFn) => Omit<PrismaClient<Prisma.PrismaClientOptions, never, Prisma.RejectOnNotFound | Prisma.RejectPerOperation | undefined, {
|
|
33
|
+
result: {} & Record<string, {}>;
|
|
34
|
+
model: {} & Record<string, {}>;
|
|
35
|
+
client: {};
|
|
36
|
+
query: {};
|
|
37
|
+
}>, "$use"> & {};
|
|
38
|
+
export declare const createRoles: <K extends CustomAbilities<string> = CustomAbilities<string>, T = DefaultAbilities & K>({ prisma, customAbilities, getRoles, }: {
|
|
34
39
|
prisma: PrismaClient;
|
|
35
40
|
customAbilities?: Partial<K> | undefined;
|
|
36
41
|
getRoles: (abilities: T) => {
|
|
37
|
-
[key: string]: "*" | Ability[];
|
|
42
|
+
[key: string]: "*" | Ability<string>[];
|
|
38
43
|
};
|
|
39
44
|
}) => Promise<void>;
|
|
40
|
-
export interface SetupParams<K extends CustomAbilities = CustomAbilities
|
|
45
|
+
export interface SetupParams<ContextKeys extends string = string, K extends CustomAbilities<ContextKeys> = CustomAbilities<ContextKeys>> {
|
|
41
46
|
/**
|
|
42
47
|
* The Prisma client instance. Used for database queries and model introspection.
|
|
43
48
|
*/
|
|
@@ -59,7 +64,15 @@ export interface SetupParams<K extends CustomAbilities = CustomAbilities> {
|
|
|
59
64
|
* You can also provide additional context here, which will be available in any RLS expressions you've defined.
|
|
60
65
|
* Returning `null` will result in the permissions being skipped entirely.
|
|
61
66
|
*/
|
|
62
|
-
getContext: GetContextFn
|
|
67
|
+
getContext: GetContextFn<ContextKeys>;
|
|
63
68
|
}
|
|
64
|
-
|
|
69
|
+
/**
|
|
70
|
+
* Creates an extended client that sets contextual parameters and user role on every query
|
|
71
|
+
**/
|
|
72
|
+
export declare const setup: <ContextKeys extends string = string, K extends CustomAbilities<ContextKeys> = CustomAbilities<ContextKeys>>(params: SetupParams<ContextKeys, K>) => Promise<Omit<PrismaClient<Prisma.PrismaClientOptions, never, Prisma.RejectOnNotFound | Prisma.RejectPerOperation | undefined, {
|
|
73
|
+
result: {} & Record<string, {}>;
|
|
74
|
+
model: {} & Record<string, {}>;
|
|
75
|
+
client: {};
|
|
76
|
+
query: {};
|
|
77
|
+
}>, "$use"> & {}>;
|
|
65
78
|
export {};
|
package/dist/index.js
CHANGED
|
@@ -90,8 +90,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
|
90
90
|
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
91
91
|
};
|
|
92
92
|
exports.__esModule = true;
|
|
93
|
-
exports.setup = exports.createRoles = exports.
|
|
94
|
-
var client_1 = require("@prisma/client");
|
|
93
|
+
exports.setup = exports.createRoles = exports.createClient = exports.createRoleName = exports.createAbilityName = void 0;
|
|
95
94
|
var difference_1 = __importDefault(require("lodash/difference"));
|
|
96
95
|
var flatMap_1 = __importDefault(require("lodash/flatMap"));
|
|
97
96
|
var map_1 = __importDefault(require("lodash/map"));
|
|
@@ -117,98 +116,89 @@ var createRoleName = function (name) {
|
|
|
117
116
|
return sanitizeSlug("yates_role_".concat(name));
|
|
118
117
|
};
|
|
119
118
|
exports.createRoleName = createRoleName;
|
|
120
|
-
// This
|
|
121
|
-
|
|
122
|
-
var
|
|
123
|
-
|
|
124
|
-
|
|
125
|
-
|
|
126
|
-
|
|
127
|
-
|
|
128
|
-
|
|
129
|
-
|
|
130
|
-
|
|
131
|
-
|
|
132
|
-
|
|
133
|
-
|
|
134
|
-
|
|
135
|
-
|
|
136
|
-
|
|
137
|
-
|
|
138
|
-
|
|
139
|
-
|
|
140
|
-
|
|
141
|
-
|
|
142
|
-
|
|
143
|
-
|
|
144
|
-
|
|
145
|
-
|
|
146
|
-
|
|
147
|
-
|
|
148
|
-
|
|
149
|
-
|
|
150
|
-
|
|
151
|
-
|
|
152
|
-
|
|
153
|
-
|
|
154
|
-
|
|
155
|
-
|
|
156
|
-
|
|
157
|
-
|
|
158
|
-
|
|
159
|
-
|
|
160
|
-
|
|
119
|
+
// This uses client extensions to set the role and context for the current user so that RLS can be applied
|
|
120
|
+
var createClient = function (prisma, getContext) {
|
|
121
|
+
var client = prisma.$extends({
|
|
122
|
+
name: "Yates client",
|
|
123
|
+
query: {
|
|
124
|
+
$allModels: {
|
|
125
|
+
$allOperations: function (_a) {
|
|
126
|
+
var _b;
|
|
127
|
+
var model = _a.model, args = _a.args, query = _a.query, operation = _a.operation;
|
|
128
|
+
return __awaiter(this, void 0, void 0, function () {
|
|
129
|
+
var ctx, role, context, pgRole, _c, _d, k, txResults, queryResults, e_1;
|
|
130
|
+
var e_2, _e;
|
|
131
|
+
return __generator(this, function (_f) {
|
|
132
|
+
switch (_f.label) {
|
|
133
|
+
case 0:
|
|
134
|
+
if (!model) {
|
|
135
|
+
return [2 /*return*/, query(args)];
|
|
136
|
+
}
|
|
137
|
+
ctx = getContext();
|
|
138
|
+
// If ctx is null, the middleware is explicitly skipped
|
|
139
|
+
if (ctx === null) {
|
|
140
|
+
return [2 /*return*/, query(args)];
|
|
141
|
+
}
|
|
142
|
+
role = ctx.role, context = ctx.context;
|
|
143
|
+
pgRole = (0, exports.createRoleName)(role);
|
|
144
|
+
if (context) {
|
|
145
|
+
try {
|
|
146
|
+
for (_c = __values(Object.keys(context)), _d = _c.next(); !_d.done; _d = _c.next()) {
|
|
147
|
+
k = _d.value;
|
|
148
|
+
if (!k.match(/^[a-z_\.]+$/)) {
|
|
149
|
+
throw new Error("Context variable \"".concat(k, "\" contains invalid characters. Context variables must only contain lowercase letters, numbers, periods and underscores."));
|
|
150
|
+
}
|
|
151
|
+
if (typeof context[k] !== "number" && typeof context[k] !== "string") {
|
|
152
|
+
throw new Error("Context variable \"".concat(k, "\" must be a string or number. Got ").concat(typeof context[k]));
|
|
153
|
+
}
|
|
154
|
+
}
|
|
155
|
+
}
|
|
156
|
+
catch (e_2_1) { e_2 = { error: e_2_1 }; }
|
|
157
|
+
finally {
|
|
158
|
+
try {
|
|
159
|
+
if (_d && !_d.done && (_e = _c["return"])) _e.call(_c);
|
|
160
|
+
}
|
|
161
|
+
finally { if (e_2) throw e_2.error; }
|
|
162
|
+
}
|
|
163
|
+
}
|
|
164
|
+
_f.label = 1;
|
|
165
|
+
case 1:
|
|
166
|
+
_f.trys.push([1, 3, , 4]);
|
|
167
|
+
return [4 /*yield*/, prisma.$transaction(__spreadArray(__spreadArray([
|
|
168
|
+
// Switch to the user role, We can't use a prepared statement here, due to limitations in PG not allowing prepared statements to be used in SET ROLE
|
|
169
|
+
prisma.$queryRawUnsafe("SET ROLE ".concat(pgRole))
|
|
170
|
+
], __read((0, toPairs_1["default"])(context).map(function (_a) {
|
|
171
|
+
var _b = __read(_a, 2), key = _b[0], value = _b[1];
|
|
172
|
+
return prisma.$queryRaw(templateObject_1 || (templateObject_1 = __makeTemplateObject(["SELECT set_config(", ", ", ", true);"], ["SELECT set_config(", ", ", ", true);"])), key, value.toString());
|
|
173
|
+
})), false), [
|
|
174
|
+
// Now call original function
|
|
175
|
+
// Conveniently, the `query` function will happily run inside the transaction.
|
|
176
|
+
query(args),
|
|
177
|
+
// Switch role back to admin user
|
|
178
|
+
prisma.$queryRawUnsafe("SET ROLE none"),
|
|
179
|
+
], false))];
|
|
180
|
+
case 2:
|
|
181
|
+
txResults = _f.sent();
|
|
182
|
+
queryResults = txResults[txResults.length - 2];
|
|
183
|
+
return [2 /*return*/, queryResults];
|
|
184
|
+
case 3:
|
|
185
|
+
e_1 = _f.sent();
|
|
186
|
+
// Normalize RLS errors to make them a bit more readable.
|
|
187
|
+
if ((_b = e_1.message) === null || _b === void 0 ? void 0 : _b.includes("new row violates row-level security policy for table")) {
|
|
188
|
+
throw new Error("You do not have permission to perform this action: ".concat(model, ".").concat(operation, "(...)"));
|
|
189
|
+
}
|
|
190
|
+
throw e_1;
|
|
191
|
+
case 4: return [2 /*return*/];
|
|
161
192
|
}
|
|
162
|
-
|
|
163
|
-
|
|
164
|
-
|
|
165
|
-
_e.label = 1;
|
|
166
|
-
case 1:
|
|
167
|
-
_e.trys.push([1, 3, , 4]);
|
|
168
|
-
return [4 /*yield*/, adminClient.$transaction(__spreadArray(__spreadArray([
|
|
169
|
-
// Switch to the user role, We can't use a prepared statement here, due to limitations in PG not allowing prepared statements to be used in SET ROLE
|
|
170
|
-
adminClient.$queryRawUnsafe("SET ROLE ".concat(pgRole))
|
|
171
|
-
], __read((0, toPairs_1["default"])(context).map(function (_a) {
|
|
172
|
-
var _b = __read(_a, 2), key = _b[0], value = _b[1];
|
|
173
|
-
return adminClient.$queryRaw(templateObject_1 || (templateObject_1 = __makeTemplateObject(["SELECT set_config(", ", ", ", true);"], ["SELECT set_config(", ", ", ", true);"])), key, value.toString());
|
|
174
|
-
})), false), [
|
|
175
|
-
// Now call original function
|
|
176
|
-
// Assumptions:
|
|
177
|
-
// - prisma model class is params.model in camelCase
|
|
178
|
-
// - prisma function name is params.action
|
|
179
|
-
adminClient[modelName][params.action](params.args),
|
|
180
|
-
// Switch role back to admin user
|
|
181
|
-
adminClient.$queryRawUnsafe("SET ROLE none"),
|
|
182
|
-
], false))];
|
|
183
|
-
case 2:
|
|
184
|
-
txResults = _e.sent();
|
|
185
|
-
queryResults = txResults[txResults.length - 2];
|
|
186
|
-
// This heuristic is used to determine if this is a query for a related entity, and if so, unwraps the results.
|
|
187
|
-
// This mimics the "native" prisma behaviour, where if you query for a related entity, it will return the related entity (or entities) directly, rather than an object with the related entity as a property.
|
|
188
|
-
// See https://prisma.slack.com/archives/CA491RJH0/p1674126834205399
|
|
189
|
-
if (params.args.select) {
|
|
190
|
-
selectKeys = Object.keys(params.args.select);
|
|
191
|
-
if (selectKeys.length === 1 &&
|
|
192
|
-
params.dataPath.length > 0 &&
|
|
193
|
-
selectKeys[0] === params.dataPath[params.dataPath.length - 1] &&
|
|
194
|
-
selectKeys[0] === Object.keys(queryResults)[0]) {
|
|
195
|
-
return [2 /*return*/, queryResults[selectKeys[0]]];
|
|
196
|
-
}
|
|
197
|
-
}
|
|
198
|
-
return [2 /*return*/, queryResults];
|
|
199
|
-
case 3:
|
|
200
|
-
e_1 = _e.sent();
|
|
201
|
-
// Normalize RLS errors to make them a bit more readable.
|
|
202
|
-
if ((_d = e_1.message) === null || _d === void 0 ? void 0 : _d.includes("new row violates row-level security policy for table")) {
|
|
203
|
-
throw new Error("You do not have permission to perform this action.");
|
|
204
|
-
}
|
|
205
|
-
throw e_1;
|
|
206
|
-
case 4: return [2 /*return*/];
|
|
193
|
+
});
|
|
194
|
+
});
|
|
195
|
+
}
|
|
207
196
|
}
|
|
208
|
-
}
|
|
209
|
-
});
|
|
197
|
+
}
|
|
198
|
+
});
|
|
199
|
+
return client;
|
|
210
200
|
};
|
|
211
|
-
exports.
|
|
201
|
+
exports.createClient = createClient;
|
|
212
202
|
var setRLS = function (prisma, table, roleName, operation, rawExpression) { return __awaiter(void 0, void 0, void 0, function () {
|
|
213
203
|
var expression, policyName, rows;
|
|
214
204
|
return __generator(this, function (_a) {
|
|
@@ -445,8 +435,11 @@ var createRoles = function (_a) {
|
|
|
445
435
|
});
|
|
446
436
|
};
|
|
447
437
|
exports.createRoles = createRoles;
|
|
438
|
+
/**
|
|
439
|
+
* Creates an extended client that sets contextual parameters and user role on every query
|
|
440
|
+
**/
|
|
448
441
|
var setup = function (params) { return __awaiter(void 0, void 0, void 0, function () {
|
|
449
|
-
var prisma, customAbilities, getRoles, getContext;
|
|
442
|
+
var prisma, customAbilities, getRoles, getContext, client;
|
|
450
443
|
return __generator(this, function (_a) {
|
|
451
444
|
switch (_a.label) {
|
|
452
445
|
case 0:
|
|
@@ -454,8 +447,8 @@ var setup = function (params) { return __awaiter(void 0, void 0, void 0, functio
|
|
|
454
447
|
return [4 /*yield*/, (0, exports.createRoles)({ prisma: prisma, customAbilities: customAbilities, getRoles: getRoles })];
|
|
455
448
|
case 1:
|
|
456
449
|
_a.sent();
|
|
457
|
-
(0, exports.
|
|
458
|
-
return [2 /*return
|
|
450
|
+
client = (0, exports.createClient)(prisma, getContext);
|
|
451
|
+
return [2 /*return*/, client];
|
|
459
452
|
}
|
|
460
453
|
});
|
|
461
454
|
}); };
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AACA,iEAA2C;AAC3C,2DAAqC;AACrC,mDAA6B;AAC7B,2DAAqC;AACrC,6CAA4D;AAE5D,IAAM,gBAAgB,GAAG,CAAC,QAAQ,EAAE,QAAQ,EAAE,QAAQ,EAAE,QAAQ,CAAU,CAAC;AA0B3E;;;GAGG;AACH,IAAM,QAAQ,GAAG,UAAC,MAAoB;IACrC,OAAA,MAAM,CAAC,iBAAiB,CAAC,oDAAoD,CAAC;AAA9E,CAA8E,CAAC;AAEhF,kGAAkG;AAClG,IAAM,YAAY,GAAG,UAAC,IAAY,IAAK,OAAA,IAAI,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,cAAc,EAAE,EAAE,CAAC,EAAhE,CAAgE,CAAC;AAEjG,IAAM,iBAAiB,GAAG,UAAC,KAAa,EAAE,OAAe;IAC/D,OAAO,YAAY,CAAC,wBAAiB,KAAK,cAAI,OAAO,UAAO,CAAC,CAAC;AAC/D,CAAC,CAAC;AAFW,QAAA,iBAAiB,qBAE5B;AAEK,IAAM,cAAc,GAAG,UAAC,IAAY;IAC1C,2EAA2E;IAC3E,qDAAqD;IACrD,OAAO,YAAY,CAAC,qBAAc,IAAI,CAAE,CAAC,CAAC;AAC3C,CAAC,CAAC;AAJW,QAAA,cAAc,kBAIzB;AAEF,0GAA0G;AACnG,IAAM,YAAY,GAAG,UAAC,MAAoB,EAAE,UAAwB;IAC1E,IAAM,MAAM,GAAG,MAAM,CAAC,QAAQ,CAAC;QAC9B,IAAI,EAAE,cAAc;QACpB,KAAK,EAAE;YACN,UAAU,EAAE;gBACL,cAAc,YAAC,EAAiC;;wBAA/B,KAAK,WAAA,EAAE,IAAI,UAAA,EAAE,KAAK,WAAA,EAAE,SAAS,eAAA;;;;;;;oCACnD,IAAI,CAAC,KAAK,EAAE;wCACX,sBAAO,KAAK,CAAC,IAAI,CAAC,EAAC;qCACnB;oCAEK,GAAG,GAAG,UAAU,EAAE,CAAC;oCAEzB,uDAAuD;oCACvD,IAAI,GAAG,KAAK,IAAI,EAAE;wCACjB,sBAAO,KAAK,CAAC,IAAI,CAAC,EAAC;qCACnB;oCAEO,IAAI,GAAc,GAAG,KAAjB,EAAE,OAAO,GAAK,GAAG,QAAR,CAAS;oCAExB,MAAM,GAAG,IAAA,sBAAc,EAAC,IAAI,CAAC,CAAC;oCAEpC,IAAI,OAAO,EAAE;;4CACZ,KAAgB,KAAA,SAAA,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA,4CAAE;gDAA3B,CAAC;gDACX,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,aAAa,CAAC,EAAE;oDAC5B,MAAM,IAAI,KAAK,CACd,6BAAqB,CAAC,6HAAyH,CAC/I,CAAC;iDACF;gDACD,IAAI,OAAO,OAAO,CAAC,CAAC,CAAC,KAAK,QAAQ,IAAI,OAAO,OAAO,CAAC,CAAC,CAAC,KAAK,QAAQ,EAAE;oDACrE,MAAM,IAAI,KAAK,CAAC,6BAAqB,CAAC,gDAAqC,OAAO,OAAO,CAAC,CAAC,CAAC,CAAE,CAAC,CAAC;iDAChG;6CACD;;;;;;;;;qCACD;;;;oCAGyB,qBAAM,MAAM,CAAC,YAAY;4CACjD,oJAAoJ;4CACpJ,MAAM,CAAC,eAAe,CAAC,mBAAY,MAAM,CAAE,CAAC;kDAEzC,IAAA,oBAAO,EAAC,OAAO,CAAC,CAAC,GAAG,CAAC,UAAC,EAAY;gDAAZ,KAAA,aAAY,EAAX,GAAG,QAAA,EAAE,KAAK,QAAA;4CACnC,OAAO,MAAM,CAAC,SAAS,0GAAA,oBAAqB,EAAG,IAAK,EAAgB,WAAW,KAAnC,GAAG,EAAK,KAAK,CAAC,QAAQ,EAAE,EAAY;wCACjF,CAAC,CAAC,WACC;4CACF,6BAA6B;4CAC7B,8EAA8E;4CAC9E,KAAK,CAAC,IAAI,CAAC;4CACX,iCAAiC;4CACjC,MAAM,CAAC,eAAe,CAAC,eAAe,CAAC;yCACvC,SACA,EAAA;;oCAdI,SAAS,GAAU,SAcvB;oCACI,YAAY,GAAG,SAAS,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;oCAErD,sBAAO,YAAY,EAAC;;;oCAEpB,yDAAyD;oCACzD,IAAI,MAAA,GAAC,CAAC,OAAO,0CAAE,QAAQ,CAAC,sDAAsD,CAAC,EAAE;wCAChF,MAAM,IAAI,KAAK,CAAC,6DAAsD,KAAK,cAAI,SAAS,UAAO,CAAC,CAAC;qCACjG;oCAED,MAAM,GAAC,CAAC;;;;;iBAET;aACD;SACD;KACD,CAAC,CAAC;IAEH,OAAO,MAAM,CAAC;AACf,CAAC,CAAC;AAnEW,QAAA,YAAY,gBAmEvB;AAEF,IAAM,MAAM,GAAG,UACd,MAAoB,EACpB,KAAa,EACb,QAAgB,EAChB,SAAoB,EACpB,aAAyB;;;;oBAER,qBAAM,IAAA,6BAAe,EAAC,aAAa,EAAE,KAAK,CAAC,EAAA;;gBAAxD,UAAU,GAAG,SAA2C;gBAGtD,UAAU,GAAG,UAAG,QAAQ,YAAS,CAAC;gBACpB,qBAAM,MAAM,CAAC,eAAe,CAAC,wEACU,KAAK,iCAAuB,UAAU,WAChG,CAAC,EAAA;;gBAFI,IAAI,GAAU,SAElB;qBAEE,CAAA,IAAI,CAAC,MAAM,KAAK,CAAC,CAAA,EAAjB,wBAAiB;qBAEhB,CAAA,SAAS,KAAK,QAAQ,CAAA,EAAtB,wBAAsB;gBACzB,qBAAM,MAAM,CAAC,eAAe,CAAC,kCACR,UAAU,8BAAiB,KAAK,oBAAS,SAAS,iBAAO,QAAQ,0BAAgB,UAAU,eAC5G,CAAC,EAAA;;gBAFL,SAEK,CAAC;;oBAEN,qBAAM,MAAM,CAAC,eAAe,CAAC,kCACR,UAAU,8BAAiB,KAAK,oBAAS,SAAS,iBAAO,QAAQ,qBAAW,UAAU,eACvG,CAAC,EAAA;;gBAFL,SAEK,CAAC;;;;qBAEG,CAAA,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,KAAK,UAAU,CAAA,EAA3B,yBAA2B;qBACjC,CAAA,SAAS,KAAK,QAAQ,CAAA,EAAtB,wBAAsB;gBACzB,qBAAM,MAAM,CAAC,eAAe,CAAC,iCACT,UAAU,8BAAiB,KAAK,mBAAQ,QAAQ,0BAAgB,UAAU,eAC1F,CAAC,EAAA;;gBAFL,SAEK,CAAC;;oBAEN,qBAAM,MAAM,CAAC,eAAe,CAAC,iCACT,UAAU,8BAAiB,KAAK,mBAAQ,QAAQ,qBAAW,UAAU,eACrF,CAAC,EAAA;;gBAFL,SAEK,CAAC;;;;;KAGR,CAAC;AAEK,IAAM,WAAW,GAAG,UAA8E,EAUxG;QATA,MAAM,YAAA,EACN,eAAe,qBAAA,EACf,QAAQ,cAAA;;;;;;;;oBAQF,SAAS,GAA8B,EAAE,CAAC;oBAE1C,MAAM,GAAI,MAAc,CAAC,SAAS,CAAC,SAAS,CAAC,MAAM,CAAC,GAAG,CAAC,UAAC,CAAM,IAAK,OAAA,CAAC,CAAC,IAAI,EAAN,CAAM,CAAa,CAAC;oBAC9F,IAAI,eAAe,EAAE;wBACd,IAAI,GAAG,IAAA,uBAAU,EAAC,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,EAAE,MAAM,CAAC,CAAC;wBAC9D,IAAI,IAAI,CAAC,MAAM,EAAE;4BAChB,MAAM,IAAI,KAAK,CAAC,8CAAuC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAE,CAAC,CAAC;yBAC1E;qBACD;;wBACD,KAAoB,WAAA,SAAA,MAAM,CAAA,gFAAE;4BAAjB,KAAK;4BACf,SAAS,CAAC,KAAK,CAAC,GAAG;gCAClB,MAAM,EAAE;oCACP,WAAW,EAAE,iBAAU,KAAK,CAAE;oCAC9B,UAAU,EAAE,MAAM;oCAClB,SAAS,EAAE,QAAQ;oCACnB,KAAK,OAAA;oCACL,IAAI,EAAE,QAAQ;iCACd;gCACD,IAAI,EAAE;oCACL,WAAW,EAAE,eAAQ,KAAK,CAAE;oCAC5B,UAAU,EAAE,MAAM;oCAClB,SAAS,EAAE,QAAQ;oCACnB,KAAK,OAAA;oCACL,IAAI,EAAE,MAAM;iCACZ;gCACD,MAAM,EAAE;oCACP,WAAW,EAAE,iBAAU,KAAK,CAAE;oCAC9B,UAAU,EAAE,MAAM;oCAClB,SAAS,EAAE,QAAQ;oCACnB,KAAK,OAAA;oCACL,IAAI,EAAE,QAAQ;iCACd;gCACD,QAAM,EAAE;oCACP,WAAW,EAAE,iBAAU,KAAK,CAAE;oCAC9B,UAAU,EAAE,MAAM;oCAClB,SAAS,EAAE,QAAQ;oCACnB,KAAK,OAAA;oCACL,IAAI,EAAE,QAAQ;iCACd;6BACD,CAAC;4BACF,IAAI,eAAe,aAAf,eAAe,uBAAf,eAAe,CAAG,KAAK,CAAC,EAAE;gCAC7B,KAAW,OAAO,IAAI,eAAe,CAAC,KAAK,CAAC,EAAE;oCACvC,SAAS,GAAG,MAAA,eAAe,CAAC,KAAK,CAAE,CAAC,OAAyB,CAAC,0CAAE,SAAS,CAAC;oCAChF,IAAI,CAAC,SAAS;wCAAE,SAAS;oCACzB,SAAS,CAAC,KAAK,CAAE,CAAC,OAAyB,CAAC,yBACxC,eAAe,CAAC,KAAK,CAAE,CAAC,OAAO,CAAC,KACnC,SAAS,WAAA,EACT,KAAK,OAAA,EACL,IAAI,EAAE,OAAO,GACb,CAAC;iCACF;6BACD;yBACD;;;;;;;;;oBAEK,KAAK,GAAG,QAAQ,CAAC,SAAc,CAAC,CAAC;yBAInB,SAAS;;;;;;;;;;;oBACtB,KAAK,GAAG,KAAK,CAAC;oBAEpB,qBAAM,MAAM,CAAC,YAAY,CAAC;4BACzB,QAAQ,CAAC,MAAM,CAAC;4BAChB,MAAM,CAAC,eAAe,CAAC,wBAAgB,KAAK,kCAA8B,CAAC;yBAC3E,CAAC,EAAA;;oBAHF,SAGE,CAAC;yBAEgB,SAAS,CAAC,KAA+B,CAAC;;;;;;;;;;;oBACtD,OAAO,GAAG,SAAS,CAAC,KAA+B,CAAE,CAAC,IAAsB,CAAC,CAAC;oBAEpF,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE;wBAClD,MAAM,IAAI,KAAK,CAAC,6BAAsB,OAAO,CAAC,SAAS,CAAE,CAAC,CAAC;qBAC3D;oBAEK,QAAQ,GAAG,IAAA,yBAAiB,EAAC,KAAK,EAAE,IAAI,CAAC,CAAC;oBAEhD,+BAA+B;oBAC/B,qBAAM,MAAM,CAAC,YAAY,CAAC;4BACzB,QAAQ,CAAC,MAAM,CAAC;4BAChB,MAAM,CAAC,eAAe,CAAC,qIAI8C,QAAQ,+CAC7D,QAAQ,6EAKvB,CAAC;4BACF,MAAM,CAAC,eAAe,CAAC,4BACd,OAAO,CAAC,SAAS,mBAAQ,KAAK,mBAAQ,QAAQ,gBACtD,CAAC;yBACF,CAAC,EAAA;;oBAjBF,+BAA+B;oBAC/B,SAgBE,CAAC;yBAEC,OAAO,CAAC,UAAU,EAAlB,wBAAkB;oBACrB,qBAAM,MAAM,CAAC,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,OAAO,CAAC,SAAS,EAAE,OAAO,CAAC,UAAU,CAAC,EAAA;;oBAA5E,SAA4E,CAAC;;;;;;;;;wCAQrE,GAAG;;;;;oCACP,IAAI,GAAG,IAAA,sBAAc,EAAC,GAAG,CAAC,CAAC;oCACjC,qBAAM,MAAM,CAAC,iBAAiB,CAAC,qHAIsC,IAAI,2CACzD,IAAI,yDAKnB,CAAC,EAAA;;oCAVF,SAUE,CAAC;oCAEG,iBAAiB,GAAG,IAAA,oBAAO,EAAC,SAAS,EAAE,UAAC,KAAK,EAAE,SAAS;wCAC7D,OAAO,IAAA,gBAAG,EAAC,KAAK,EAAE,UAAC,OAAO,EAAE,IAAI;4CAC/B,OAAO,IAAA,yBAAiB,EAAC,SAAS,EAAE,IAAI,CAAC,CAAC;wCAC3C,CAAC,CAAC,CAAC;oCACJ,CAAC,CAAC,CAAC;oCACG,aAAa,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC;oCAC3B,QAAQ,GACb,aAAa,KAAK,GAAG;wCACpB,CAAC,CAAC,iBAAiB;wCACnB,CAAC,CAAC,aAAa,CAAC,GAAG,CAAC,UAAC,OAAO,IAAK,OAAA,IAAA,yBAAiB,EAAC,OAAO,CAAC,KAAM,EAAE,OAAO,CAAC,IAAK,CAAC,EAAhD,CAAgD,CAAC,CAAC;oCAErF,4IAA4I;oCAC5I,+JAA+J;oCAC/J,qBAAM,MAAM,CAAC,YAAY,CAAC;4CACzB,QAAQ,CAAC,MAAM,CAAC;4CAChB,MAAM,CAAC,iBAAiB,CAAC,sDAA+C,IAAI,MAAG,CAAC;4CAChF,MAAM,CAAC,iBAAiB,CAAC,mEACyB,IAAI,cACrD,CAAC;4CACF,MAAM,CAAC,iBAAiB,CAAC,kDACQ,IAAI,cACpC,CAAC;4CACF,MAAM,CAAC,eAAe,CAAC,gBAAS,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,iBAAO,IAAI,CAAE,CAAC;yCACjE,CAAC,EAAA;;oCAZF,4IAA4I;oCAC5I,+JAA+J;oCAC/J,SAUE,CAAC;oCAGyD,qBAAM,MAAM,CAAC,eAAe,CAAC,6FAE3C,IAAI,0OAMkC,IAAI,aACvF,CAAC,EAAA;;oCATI,SAAS,GAA6C,SAS1D;oCAEI,QAAQ,GAAG,SAAS,CAAC,MAAM,CAAC,UAAC,EAAY;4CAAV,QAAQ,cAAA;wCAAO,OAAA,CAAC,QAAQ,CAAC,QAAQ,CAAC,QAAQ,CAAC;oCAA5B,CAA4B,CAAC,CAAC,GAAG,CAAC,UAAC,EAAY;4CAAV,QAAQ,cAAA;wCAAO,OAAA,QAAQ;oCAAR,CAAQ,CAAC,CAAC;yCAC9G,QAAQ,CAAC,MAAM,EAAf,wBAAe;oCAClB,0CAA0C;oCAC1C,qBAAM,MAAM,CAAC,iBAAiB,CAAC,iBAAU,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,mBAAS,IAAI,CAAE,CAAC,EAAA;;oCAD5E,0CAA0C;oCAC1C,SAA4E,CAAC;;;;;;yBAtD7D,KAAK;;;;;;;;;;;kDAAZ,GAAG;;;;;;;;;;;CAyDd,CAAC;AA3KW,QAAA,WAAW,eA2KtB;AA8BF;;IAEI;AACG,IAAM,KAAK,GAAG,UAIpB,MAAmC;;;;;gBAE3B,MAAM,GAA4C,MAAM,OAAlD,EAAE,eAAe,GAA2B,MAAM,gBAAjC,EAAE,QAAQ,GAAiB,MAAM,SAAvB,EAAE,UAAU,GAAK,MAAM,WAAX,CAAY;gBACjE,qBAAM,IAAA,mBAAW,EAAI,EAAE,MAAM,QAAA,EAAE,eAAe,iBAAA,EAAE,QAAQ,UAAA,EAAE,CAAC,EAAA;;gBAA3D,SAA2D,CAAC;gBACtD,MAAM,GAAG,IAAA,oBAAY,EAAC,MAAM,EAAE,UAAU,CAAC,CAAC;gBAEhD,sBAAO,MAAM,EAAC;;;KACd,CAAC;AAXW,QAAA,KAAK,SAWhB"}
|