npm - @daltonr/authwrite-loader-db - Versions diffs - 0.1.0 - Mend

@daltonr/authwrite-loader-db 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/index.d.ts ADDED Viewed

@@ -0,0 +1,21 @@
+import type { AuthContext, PolicyLoader, Resource, Subject } from '@daltonr/authwrite-core';
+export interface RuleFn<S extends Subject = Subject, R extends Resource = Resource> {
+    match: (ctx: AuthContext<S, R>) => boolean;
+    condition?: (ctx: AuthContext<S, R>) => boolean;
+}
+export type RuleRegistry<S extends Subject = Subject, R extends Resource = Resource> = Record<string, RuleFn<S, R>>;
+export interface DbLoaderConfig<S extends Subject = Subject, R extends Resource = Resource> {
+    /**
+     * Called on each load/poll to fetch raw policy data from the database.
+     * Must return an object matching the serializable policy schema.
+     */
+    query: () => Promise<unknown>;
+    /** Maps rule IDs (from the query result) to their match/condition implementations. */
+    rules: RuleRegistry<S, R>;
+    /**
+     * How often to poll for policy changes, in milliseconds.
+     * @default 30000
+     */
+    pollInterval?: number;
+}
+export declare function createDbLoader<S extends Subject = Subject, R extends Resource = Resource>(config: DbLoaderConfig<S, R>): PolicyLoader<S, R>;

package/dist/index.js ADDED Viewed

@@ -0,0 +1,92 @@
+// ─── Internal helpers ─────────────────────────────────────────────────────────
+function validate(raw) {
+    if (!raw || typeof raw !== 'object') {
+        throw new Error('Policy data must be an object');
+    }
+    const p = raw;
+    if (typeof p['id'] !== 'string' || !p['id']) {
+        throw new Error('Policy data must have a string "id" field');
+    }
+    if (p['defaultEffect'] !== 'allow' && p['defaultEffect'] !== 'deny') {
+        throw new Error(`"defaultEffect" must be "allow" or "deny", got: ${JSON.stringify(p['defaultEffect'])}`);
+    }
+    if (!Array.isArray(p['rules'])) {
+        throw new Error('Policy data must have a "rules" array');
+    }
+    return p;
+}
+function mergeRules(serializableRules, registry) {
+    return serializableRules.map(sr => {
+        const fn = registry[sr.id];
+        if (!fn) {
+            throw new Error(`Rule "${sr.id}" has no implementation in the registry. ` +
+                `Add an entry for "${sr.id}" to the rules registry.`);
+        }
+        const rule = {
+            id: sr.id,
+            match: fn.match,
+            allow: sr.allow,
+            deny: sr.deny,
+        };
+        if (sr.description !== undefined)
+            rule.description = sr.description;
+        if (sr.priority !== undefined)
+            rule.priority = sr.priority;
+        if (fn.condition !== undefined)
+            rule.condition = fn.condition;
+        return rule;
+    });
+}
+function mergeFieldRules(serializableFieldRules, registry) {
+    return serializableFieldRules.map(sfr => {
+        const fn = registry[sfr.id];
+        if (!fn) {
+            throw new Error(`FieldRule "${sfr.id}" has no implementation in the registry. ` +
+                `Add an entry for "${sfr.id}" to the rules registry.`);
+        }
+        return {
+            id: sfr.id,
+            match: fn.match,
+            expose: sfr.expose,
+            redact: sfr.redact,
+        };
+    });
+}
+function buildPolicy(raw, registry) {
+    const serializable = validate(raw);
+    const policy = {
+        id: serializable.id,
+        defaultEffect: serializable.defaultEffect,
+        rules: mergeRules(serializable.rules, registry),
+    };
+    if (serializable.version !== undefined)
+        policy.version = serializable.version;
+    if (serializable.description !== undefined)
+        policy.description = serializable.description;
+    if (serializable.fieldRules && serializable.fieldRules.length > 0) {
+        policy.fieldRules = mergeFieldRules(serializable.fieldRules, registry);
+    }
+    return policy;
+}
+// ─── Factory ──────────────────────────────────────────────────────────────────
+export function createDbLoader(config) {
+    const pollInterval = config.pollInterval ?? 30_000;
+    async function load() {
+        const raw = await config.query();
+        return buildPolicy(raw, config.rules);
+    }
+    function watch(cb) {
+        setInterval(async () => {
+            try {
+                const policy = await load();
+                cb(policy);
+            }
+            catch {
+                // Swallow errors during polling — transient DB failures should not
+                // crash the watch loop. The next interval will retry automatically.
+            }
+        }, pollInterval);
+    }
+    return { load, watch };
+}
+//# sourceMappingURL=index.js.map

package/dist/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AA0EA,iFAAiF;AAEjF,SAAS,QAAQ,CAAC,GAAY;IAC5B,IAAI,CAAC,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;QACpC,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAA;IAClD,CAAC;IAED,MAAM,CAAC,GAAG,GAA8B,CAAA;IAExC,IAAI,OAAO,CAAC,CAAC,IAAI,CAAC,KAAK,QAAQ,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC;QAC5C,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAA;IAC9D,CAAC;IACD,IAAI,CAAC,CAAC,eAAe,CAAC,KAAK,OAAO,IAAI,CAAC,CAAC,eAAe,CAAC,KAAK,MAAM,EAAE,CAAC;QACpE,MAAM,IAAI,KAAK,CAAC,mDAAmD,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,EAAE,CAAC,CAAA;IAC1G,CAAC;IACD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC;QAC/B,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAA;IAC1D,CAAC;IAED,OAAO,CAAkC,CAAA;AAC3C,CAAC;AAED,SAAS,UAAU,CACjB,iBAAqC,EACrC,QAA4B;IAE5B,OAAO,iBAAiB,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE;QAChC,MAAM,EAAE,GAAG,QAAQ,CAAC,EAAE,CAAC,EAAE,CAAC,CAAA;QAC1B,IAAI,CAAC,EAAE,EAAE,CAAC;YACR,MAAM,IAAI,KAAK,CACb,SAAS,EAAE,CAAC,EAAE,2CAA2C;gBACzD,qBAAqB,EAAE,CAAC,EAAE,0BAA0B,CACrD,CAAA;QACH,CAAC;QACD,MAAM,IAAI,GAAqB;YAC7B,EAAE,EAAK,EAAE,CAAC,EAAE;YACZ,KAAK,EAAE,EAAE,CAAC,KAAK;YACf,KAAK,EAAE,EAAE,CAAC,KAAK;YACf,IAAI,EAAG,EAAE,CAAC,IAAI;SACf,CAAA;QACD,IAAI,EAAE,CAAC,WAAW,KAAK,SAAS;YAAE,IAAI,CAAC,WAAW,GAAG,EAAE,CAAC,WAAW,CAAA;QACnE,IAAI,EAAE,CAAC,QAAQ,KAAQ,SAAS;YAAE,IAAI,CAAC,QAAQ,GAAM,EAAE,CAAC,QAAQ,CAAA;QAChE,IAAI,EAAE,CAAC,SAAS,KAAO,SAAS;YAAE,IAAI,CAAC,SAAS,GAAK,EAAE,CAAC,SAAS,CAAA;QACjE,OAAO,IAAI,CAAA;IACb,CAAC,CAAC,CAAA;AACJ,CAAC;AAED,SAAS,eAAe,CACtB,sBAA+C,EAC/C,QAA4B;IAE5B,OAAO,sBAAsB,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE;QACtC,MAAM,EAAE,GAAG,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC,CAAA;QAC3B,IAAI,CAAC,EAAE,EAAE,CAAC;YACR,MAAM,IAAI,KAAK,CACb,cAAc,GAAG,CAAC,EAAE,2CAA2C;gBAC/D,qBAAqB,GAAG,CAAC,EAAE,0BAA0B,CACtD,CAAA;QACH,CAAC;QACD,OAAO;YACL,EAAE,EAAM,GAAG,CAAC,EAAE;YACd,KAAK,EAAG,EAAE,CAAC,KAAK;YAChB,MAAM,EAAE,GAAG,CAAC,MAAM;YAClB,MAAM,EAAE,GAAG,CAAC,MAAM;SACnB,CAAA;IACH,CAAC,CAAC,CAAA;AACJ,CAAC;AAED,SAAS,WAAW,CAClB,GAAY,EACZ,QAA4B;IAE5B,MAAM,YAAY,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAA;IAElC,MAAM,MAAM,GAA2B;QACrC,EAAE,EAAa,YAAY,CAAC,EAAE;QAC9B,aAAa,EAAE,YAAY,CAAC,aAAa;QACzC,KAAK,EAAU,UAAU,CAAC,YAAY,CAAC,KAAK,EAAE,QAAQ,CAAC;KACxD,CAAA;IAED,IAAI,YAAY,CAAC,OAAO,KAAS,SAAS;QAAE,MAAM,CAAC,OAAO,GAAO,YAAY,CAAC,OAAO,CAAA;IACrF,IAAI,YAAY,CAAC,WAAW,KAAK,SAAS;QAAE,MAAM,CAAC,WAAW,GAAG,YAAY,CAAC,WAAW,CAAA;IAEzF,IAAI,YAAY,CAAC,UAAU,IAAI,YAAY,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAClE,MAAM,CAAC,UAAU,GAAG,eAAe,CAAC,YAAY,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAA;IACxE,CAAC;IAED,OAAO,MAAM,CAAA;AACf,CAAC;AAED,iFAAiF;AAEjF,MAAM,UAAU,cAAc,CAG5B,MAA4B;IAC5B,MAAM,YAAY,GAAG,MAAM,CAAC,YAAY,IAAI,MAAM,CAAA;IAElD,KAAK,UAAU,IAAI;QACjB,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,KAAK,EAAE,CAAA;QAChC,OAAO,WAAW,CAAC,GAAG,EAAE,MAAM,CAAC,KAAK,CAAC,CAAA;IACvC,CAAC;IAED,SAAS,KAAK,CAAC,EAA4C;QACzD,WAAW,CAAC,KAAK,IAAI,EAAE;YACrB,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,IAAI,EAAE,CAAA;gBAC3B,EAAE,CAAC,MAAM,CAAC,CAAA;YACZ,CAAC;YAAC,MAAM,CAAC;gBACP,mEAAmE;gBACnE,oEAAoE;YACtE,CAAC;QACH,CAAC,EAAE,YAAY,CAAC,CAAA;IAClB,CAAC;IAED,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,CAAA;AACxB,CAAC"}

package/package.json ADDED Viewed

@@ -0,0 +1,34 @@
+{
+  "name": "@daltonr/authwrite-loader-db",
+  "version": "0.1.0",
+  "type": "module",
+  "license": "MIT",
+  "description": "Hot-reloadable database policy loader for AuthEngine.",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/richardadalton/authwrite.git",
+    "directory": "packages/loader-db"
+  },
+  "keywords": ["authorization", "authz", "loader", "policy", "hot-reload"],
+  "sideEffects": false,
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js"
+    }
+  },
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "files": ["dist", "src", "README.md", "LICENSE"],
+  "scripts": {
+    "build": "tsc -p tsconfig.json",
+    "clean": "rm -rf dist tsconfig.tsbuildinfo",
+    "prepublishOnly": "test -d dist && echo 'dist already built, skipping' || (npm run clean && npm run build)"
+  },
+  "dependencies": {
+    "@daltonr/authwrite-core": "*"
+  },
+  "publishConfig": {
+    "access": "public"
+  }
+}

package/src/index.ts ADDED Viewed

@@ -0,0 +1,191 @@
+import type {
+  Action,
+  AuthContext,
+  FieldRule,
+  PolicyDefinition,
+  PolicyLoader,
+  PolicyRule,
+  Resource,
+  Subject,
+} from '@daltonr/authwrite-core'
+// ─── Serializable schema ──────────────────────────────────────────────────────
+//
+// Rules returned by the query contain everything EXCEPT functions.
+// The match/condition functions are provided through the RuleRegistry.
+interface SerializableRule {
+  id: string
+  description?: string
+  priority?: number
+  allow?: Action[]
+  deny?: Action[]
+}
+interface SerializableFieldRule {
+  id: string
+  expose: string[]
+  redact: string[]
+}
+interface SerializablePolicy {
+  id: string
+  version?: string
+  description?: string
+  defaultEffect: 'allow' | 'deny'
+  rules: SerializableRule[]
+  fieldRules?: SerializableFieldRule[]
+}
+// ─── Rule registry ────────────────────────────────────────────────────────────
+export interface RuleFn<
+  S extends Subject = Subject,
+  R extends Resource = Resource,
+> {
+  match: (ctx: AuthContext<S, R>) => boolean
+  condition?: (ctx: AuthContext<S, R>) => boolean
+}
+export type RuleRegistry<
+  S extends Subject = Subject,
+  R extends Resource = Resource,
+> = Record<string, RuleFn<S, R>>
+// ─── Config ───────────────────────────────────────────────────────────────────
+export interface DbLoaderConfig<
+  S extends Subject = Subject,
+  R extends Resource = Resource,
+> {
+  /**
+   * Called on each load/poll to fetch raw policy data from the database.
+   * Must return an object matching the serializable policy schema.
+   */
+  query: () => Promise<unknown>
+  /** Maps rule IDs (from the query result) to their match/condition implementations. */
+  rules: RuleRegistry<S, R>
+  /**
+   * How often to poll for policy changes, in milliseconds.
+   * @default 30000
+   */
+  pollInterval?: number
+}
+// ─── Internal helpers ─────────────────────────────────────────────────────────
+function validate(raw: unknown): SerializablePolicy {
+  if (!raw || typeof raw !== 'object') {
+    throw new Error('Policy data must be an object')
+  }
+  const p = raw as Record<string, unknown>
+  if (typeof p['id'] !== 'string' || !p['id']) {
+    throw new Error('Policy data must have a string "id" field')
+  }
+  if (p['defaultEffect'] !== 'allow' && p['defaultEffect'] !== 'deny') {
+    throw new Error(`"defaultEffect" must be "allow" or "deny", got: ${JSON.stringify(p['defaultEffect'])}`)
+  }
+  if (!Array.isArray(p['rules'])) {
+    throw new Error('Policy data must have a "rules" array')
+  }
+  return p as unknown as SerializablePolicy
+}
+function mergeRules<S extends Subject, R extends Resource>(
+  serializableRules: SerializableRule[],
+  registry: RuleRegistry<S, R>,
+): PolicyRule<S, R>[] {
+  return serializableRules.map(sr => {
+    const fn = registry[sr.id]
+    if (!fn) {
+      throw new Error(
+        `Rule "${sr.id}" has no implementation in the registry. ` +
+        `Add an entry for "${sr.id}" to the rules registry.`
+      )
+    }
+    const rule: PolicyRule<S, R> = {
+      id:    sr.id,
+      match: fn.match,
+      allow: sr.allow,
+      deny:  sr.deny,
+    }
+    if (sr.description !== undefined) rule.description = sr.description
+    if (sr.priority    !== undefined) rule.priority    = sr.priority
+    if (fn.condition   !== undefined) rule.condition   = fn.condition
+    return rule
+  })
+}
+function mergeFieldRules<S extends Subject, R extends Resource>(
+  serializableFieldRules: SerializableFieldRule[],
+  registry: RuleRegistry<S, R>,
+): FieldRule<S, R>[] {
+  return serializableFieldRules.map(sfr => {
+    const fn = registry[sfr.id]
+    if (!fn) {
+      throw new Error(
+        `FieldRule "${sfr.id}" has no implementation in the registry. ` +
+        `Add an entry for "${sfr.id}" to the rules registry.`
+      )
+    }
+    return {
+      id:     sfr.id,
+      match:  fn.match,
+      expose: sfr.expose,
+      redact: sfr.redact,
+    }
+  })
+}
+function buildPolicy<S extends Subject, R extends Resource>(
+  raw: unknown,
+  registry: RuleRegistry<S, R>,
+): PolicyDefinition<S, R> {
+  const serializable = validate(raw)
+  const policy: PolicyDefinition<S, R> = {
+    id:            serializable.id,
+    defaultEffect: serializable.defaultEffect,
+    rules:         mergeRules(serializable.rules, registry),
+  }
+  if (serializable.version     !== undefined) policy.version     = serializable.version
+  if (serializable.description !== undefined) policy.description = serializable.description
+  if (serializable.fieldRules && serializable.fieldRules.length > 0) {
+    policy.fieldRules = mergeFieldRules(serializable.fieldRules, registry)
+  }
+  return policy
+}
+// ─── Factory ──────────────────────────────────────────────────────────────────
+export function createDbLoader<
+  S extends Subject = Subject,
+  R extends Resource = Resource,
+>(config: DbLoaderConfig<S, R>): PolicyLoader<S, R> {
+  const pollInterval = config.pollInterval ?? 30_000
+  async function load(): Promise<PolicyDefinition<S, R>> {
+    const raw = await config.query()
+    return buildPolicy(raw, config.rules)
+  }
+  function watch(cb: (policy: PolicyDefinition<S, R>) => void): void {
+    setInterval(async () => {
+      try {
+        const policy = await load()
+        cb(policy)
+      } catch {
+        // Swallow errors during polling — transient DB failures should not
+        // crash the watch loop. The next interval will retry automatically.
+      }
+    }, pollInterval)
+  }
+  return { load, watch }
+}