@edgebasejs/core 0.1.7 → 0.1.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +15 -0
- package/dist/core/src/access-rules/column-security.d.ts +80 -0
- package/dist/core/src/access-rules/column-security.d.ts.map +1 -0
- package/dist/core/src/access-rules/column-security.js +191 -0
- package/dist/core/src/access-rules/column-security.js.map +1 -0
- package/dist/core/src/access-rules/engine.d.ts.map +1 -1
- package/dist/core/src/access-rules/engine.js +2 -1
- package/dist/core/src/access-rules/engine.js.map +1 -1
- package/dist/core/src/audit/audit-manager.d.ts +108 -0
- package/dist/core/src/audit/audit-manager.d.ts.map +1 -0
- package/dist/core/src/audit/audit-manager.js +265 -0
- package/dist/core/src/audit/audit-manager.js.map +1 -0
- package/dist/core/src/encryption/encryption-manager.d.ts +97 -0
- package/dist/core/src/encryption/encryption-manager.d.ts.map +1 -0
- package/dist/core/src/encryption/encryption-manager.js +224 -0
- package/dist/core/src/encryption/encryption-manager.js.map +1 -0
- package/dist/core/src/index.d.ts +12 -0
- package/dist/core/src/index.d.ts.map +1 -1
- package/dist/core/src/index.js +12 -0
- package/dist/core/src/index.js.map +1 -1
- package/dist/core/src/realtime/change-notifier.d.ts +50 -0
- package/dist/core/src/realtime/change-notifier.d.ts.map +1 -0
- package/dist/core/src/realtime/change-notifier.js +145 -0
- package/dist/core/src/realtime/change-notifier.js.map +1 -0
- package/dist/core/src/realtime/message-types.d.ts +39 -0
- package/dist/core/src/realtime/message-types.d.ts.map +1 -0
- package/dist/core/src/realtime/message-types.js +5 -0
- package/dist/core/src/realtime/message-types.js.map +1 -0
- package/dist/core/src/realtime/subscription-manager.d.ts +67 -0
- package/dist/core/src/realtime/subscription-manager.d.ts.map +1 -0
- package/dist/core/src/realtime/subscription-manager.js +229 -0
- package/dist/core/src/realtime/subscription-manager.js.map +1 -0
- package/dist/core/src/search/search-manager.d.ts +93 -0
- package/dist/core/src/search/search-manager.d.ts.map +1 -0
- package/dist/core/src/search/search-manager.js +258 -0
- package/dist/core/src/search/search-manager.js.map +1 -0
- package/dist/core/src/storage/file-manager.d.ts +138 -0
- package/dist/core/src/storage/file-manager.d.ts.map +1 -0
- package/dist/core/src/storage/file-manager.js +224 -0
- package/dist/core/src/storage/file-manager.js.map +1 -0
- package/dist/core/src/sync/batch-processor.d.ts +97 -0
- package/dist/core/src/sync/batch-processor.d.ts.map +1 -0
- package/dist/core/src/sync/batch-processor.js +313 -0
- package/dist/core/src/sync/batch-processor.js.map +1 -0
- package/dist/core/src/sync/csv-processor.d.ts +66 -0
- package/dist/core/src/sync/csv-processor.d.ts.map +1 -0
- package/dist/core/src/sync/csv-processor.js +223 -0
- package/dist/core/src/sync/csv-processor.js.map +1 -0
- package/dist/core/src/sync/sync-engine.d.ts +22 -0
- package/dist/core/src/sync/sync-engine.d.ts.map +1 -1
- package/dist/core/src/sync/sync-engine.js +123 -10
- package/dist/core/src/sync/sync-engine.js.map +1 -1
- package/dist/core/src/sync/transaction-manager.d.ts +83 -0
- package/dist/core/src/sync/transaction-manager.d.ts.map +1 -0
- package/dist/core/src/sync/transaction-manager.js +227 -0
- package/dist/core/src/sync/transaction-manager.js.map +1 -0
- package/dist/core/src/webhooks/webhook-manager.d.ts +137 -0
- package/dist/core/src/webhooks/webhook-manager.d.ts.map +1 -0
- package/dist/core/src/webhooks/webhook-manager.js +334 -0
- package/dist/core/src/webhooks/webhook-manager.js.map +1 -0
- package/dist/index.d.ts +0 -1
- package/dist/index.js +0 -1
- package/package.json +2 -2
package/README.md
ADDED
|
@@ -0,0 +1,80 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Column-level security for field access control
|
|
3
|
+
* Supports role-based visibility and selective field encryption
|
|
4
|
+
*/
|
|
5
|
+
import type { User } from '@edgebasejs/types';
|
|
6
|
+
export interface ColumnRule {
|
|
7
|
+
column: string;
|
|
8
|
+
visible?: boolean | ((context: ColumnAccessContext) => boolean | Promise<boolean>);
|
|
9
|
+
readable?: boolean | ((context: ColumnAccessContext) => boolean | Promise<boolean>);
|
|
10
|
+
writable?: boolean | ((context: ColumnAccessContext) => boolean | Promise<boolean>);
|
|
11
|
+
roles?: string[];
|
|
12
|
+
encrypted?: boolean;
|
|
13
|
+
maskValue?: any;
|
|
14
|
+
}
|
|
15
|
+
export interface ColumnAccessContext {
|
|
16
|
+
user: User;
|
|
17
|
+
operation: 'read' | 'write' | 'create' | 'update';
|
|
18
|
+
record?: Record<string, any>;
|
|
19
|
+
column: string;
|
|
20
|
+
value?: any;
|
|
21
|
+
}
|
|
22
|
+
export interface ColumnSecurityRules {
|
|
23
|
+
entity: string;
|
|
24
|
+
columns: Map<string, ColumnRule>;
|
|
25
|
+
defaultVisible?: boolean;
|
|
26
|
+
defaultReadable?: boolean;
|
|
27
|
+
defaultWritable?: boolean;
|
|
28
|
+
}
|
|
29
|
+
/**
|
|
30
|
+
* Column-level security manager
|
|
31
|
+
*/
|
|
32
|
+
export declare class ColumnSecurityManager {
|
|
33
|
+
private rules;
|
|
34
|
+
/**
|
|
35
|
+
* Register column security rules for an entity
|
|
36
|
+
*/
|
|
37
|
+
registerRules(entityName: string, rules: ColumnSecurityRules): void;
|
|
38
|
+
/**
|
|
39
|
+
* Get rules for an entity
|
|
40
|
+
*/
|
|
41
|
+
getRules(entityName: string): ColumnSecurityRules | undefined;
|
|
42
|
+
/**
|
|
43
|
+
* Check if a user can read a specific column
|
|
44
|
+
*/
|
|
45
|
+
canReadColumn(entityName: string, columnName: string, user: User, record?: Record<string, any>): Promise<boolean>;
|
|
46
|
+
/**
|
|
47
|
+
* Check if a user can write to a specific column
|
|
48
|
+
*/
|
|
49
|
+
canWriteColumn(entityName: string, columnName: string, user: User, value?: any, record?: Record<string, any>): Promise<boolean>;
|
|
50
|
+
/**
|
|
51
|
+
* Filter record columns based on read permissions
|
|
52
|
+
* Returns a new record with only accessible columns
|
|
53
|
+
*/
|
|
54
|
+
filterReadableColumns(entityName: string, record: Record<string, any>, user: User): Promise<Record<string, any>>;
|
|
55
|
+
/**
|
|
56
|
+
* Filter write data based on write permissions
|
|
57
|
+
* Returns a new object with only writable columns
|
|
58
|
+
*/
|
|
59
|
+
filterWritableColumns(entityName: string, data: Record<string, any>, user: User, existingRecord?: Record<string, any>): Promise<{
|
|
60
|
+
filtered: Record<string, any>;
|
|
61
|
+
rejected: string[];
|
|
62
|
+
}>;
|
|
63
|
+
/**
|
|
64
|
+
* Get list of encrypted columns for an entity
|
|
65
|
+
*/
|
|
66
|
+
getEncryptedColumns(entityName: string): string[];
|
|
67
|
+
/**
|
|
68
|
+
* Get all column rules for an entity
|
|
69
|
+
*/
|
|
70
|
+
getAllColumnRules(entityName: string): Map<string, ColumnRule> | undefined;
|
|
71
|
+
/**
|
|
72
|
+
* Clear all rules
|
|
73
|
+
*/
|
|
74
|
+
clear(): void;
|
|
75
|
+
}
|
|
76
|
+
/**
|
|
77
|
+
* Global column security manager instance
|
|
78
|
+
*/
|
|
79
|
+
export declare const columnSecurityManager: ColumnSecurityManager;
|
|
80
|
+
//# sourceMappingURL=column-security.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"column-security.d.ts","sourceRoot":"","sources":["../../../../src/access-rules/column-security.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,mBAAmB,CAAC;AAE9C,MAAM,WAAW,UAAU;IACzB,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,CAAC,EAAE,OAAO,GAAG,CAAC,CAAC,OAAO,EAAE,mBAAmB,KAAK,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC;IACnF,QAAQ,CAAC,EAAE,OAAO,GAAG,CAAC,CAAC,OAAO,EAAE,mBAAmB,KAAK,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC;IACpF,QAAQ,CAAC,EAAE,OAAO,GAAG,CAAC,CAAC,OAAO,EAAE,mBAAmB,KAAK,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC;IACpF,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;IACjB,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,SAAS,CAAC,EAAE,GAAG,CAAC;CACjB;AAED,MAAM,WAAW,mBAAmB;IAClC,IAAI,EAAE,IAAI,CAAC;IACX,SAAS,EAAE,MAAM,GAAG,OAAO,GAAG,QAAQ,GAAG,QAAQ,CAAC;IAClD,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAC7B,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,CAAC,EAAE,GAAG,CAAC;CACb;AAED,MAAM,WAAW,mBAAmB;IAClC,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,GAAG,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;IACjC,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,eAAe,CAAC,EAAE,OAAO,CAAC;CAC3B;AAED;;GAEG;AACH,qBAAa,qBAAqB;IAChC,OAAO,CAAC,KAAK,CAA+C;IAE5D;;OAEG;IACH,aAAa,CAAC,UAAU,EAAE,MAAM,EAAE,KAAK,EAAE,mBAAmB,GAAG,IAAI;IAInE;;OAEG;IACH,QAAQ,CAAC,UAAU,EAAE,MAAM,GAAG,mBAAmB,GAAG,SAAS;IAI7D;;OAEG;IACG,aAAa,CACjB,UAAU,EAAE,MAAM,EAClB,UAAU,EAAE,MAAM,EAClB,IAAI,EAAE,IAAI,EACV,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GAC3B,OAAO,CAAC,OAAO,CAAC;IAoDnB;;OAEG;IACG,cAAc,CAClB,UAAU,EAAE,MAAM,EAClB,UAAU,EAAE,MAAM,EAClB,IAAI,EAAE,IAAI,EACV,KAAK,CAAC,EAAE,GAAG,EACX,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GAC3B,OAAO,CAAC,OAAO,CAAC;IAsCnB;;;OAGG;IACG,qBAAqB,CACzB,UAAU,EAAE,MAAM,EAClB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,EAC3B,IAAI,EAAE,IAAI,GACT,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IA0B/B;;;OAGG;IACG,qBAAqB,CACzB,UAAU,EAAE,MAAM,EAClB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,EACzB,IAAI,EAAE,IAAI,EACV,cAAc,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GACnC,OAAO,CAAC;QAAE,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;QAAC,QAAQ,EAAE,MAAM,EAAE,CAAA;KAAE,CAAC;IAsBjE;;OAEG;IACH,mBAAmB,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM,EAAE;IAgBjD;;OAEG;IACH,iBAAiB,CAAC,UAAU,EAAE,MAAM,GAAG,GAAG,CAAC,MAAM,EAAE,UAAU,CAAC,GAAG,SAAS;IAK1E;;OAEG;IACH,KAAK,IAAI,IAAI;CAGd;AAED;;GAEG;AACH,eAAO,MAAM,qBAAqB,uBAA8B,CAAC"}
|
|
@@ -0,0 +1,191 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Column-level security for field access control
|
|
3
|
+
* Supports role-based visibility and selective field encryption
|
|
4
|
+
*/
|
|
5
|
+
/**
|
|
6
|
+
* Column-level security manager
|
|
7
|
+
*/
|
|
8
|
+
export class ColumnSecurityManager {
|
|
9
|
+
constructor() {
|
|
10
|
+
this.rules = new Map();
|
|
11
|
+
}
|
|
12
|
+
/**
|
|
13
|
+
* Register column security rules for an entity
|
|
14
|
+
*/
|
|
15
|
+
registerRules(entityName, rules) {
|
|
16
|
+
this.rules.set(entityName, rules);
|
|
17
|
+
}
|
|
18
|
+
/**
|
|
19
|
+
* Get rules for an entity
|
|
20
|
+
*/
|
|
21
|
+
getRules(entityName) {
|
|
22
|
+
return this.rules.get(entityName);
|
|
23
|
+
}
|
|
24
|
+
/**
|
|
25
|
+
* Check if a user can read a specific column
|
|
26
|
+
*/
|
|
27
|
+
async canReadColumn(entityName, columnName, user, record) {
|
|
28
|
+
const rules = this.rules.get(entityName);
|
|
29
|
+
if (!rules) {
|
|
30
|
+
return true; // No rules = allow all
|
|
31
|
+
}
|
|
32
|
+
const columnRule = rules.columns.get(columnName);
|
|
33
|
+
if (!columnRule) {
|
|
34
|
+
return rules.defaultReadable ?? true; // Use default or allow
|
|
35
|
+
}
|
|
36
|
+
// Check role requirements
|
|
37
|
+
if (columnRule.roles && columnRule.roles.length > 0) {
|
|
38
|
+
const userRoles = user.roles || [];
|
|
39
|
+
const hasRole = columnRule.roles.some((role) => userRoles.includes(role));
|
|
40
|
+
if (!hasRole) {
|
|
41
|
+
return false;
|
|
42
|
+
}
|
|
43
|
+
}
|
|
44
|
+
// Check readable predicate
|
|
45
|
+
if (columnRule.readable !== undefined) {
|
|
46
|
+
if (typeof columnRule.readable === 'function') {
|
|
47
|
+
const context = {
|
|
48
|
+
user,
|
|
49
|
+
operation: 'read',
|
|
50
|
+
record,
|
|
51
|
+
column: columnName,
|
|
52
|
+
value: record?.[columnName],
|
|
53
|
+
};
|
|
54
|
+
return await columnRule.readable(context);
|
|
55
|
+
}
|
|
56
|
+
return columnRule.readable;
|
|
57
|
+
}
|
|
58
|
+
// Check visible predicate
|
|
59
|
+
if (columnRule.visible !== undefined) {
|
|
60
|
+
if (typeof columnRule.visible === 'function') {
|
|
61
|
+
const context = {
|
|
62
|
+
user,
|
|
63
|
+
operation: 'read',
|
|
64
|
+
record,
|
|
65
|
+
column: columnName,
|
|
66
|
+
};
|
|
67
|
+
return await columnRule.visible(context);
|
|
68
|
+
}
|
|
69
|
+
return columnRule.visible;
|
|
70
|
+
}
|
|
71
|
+
return true;
|
|
72
|
+
}
|
|
73
|
+
/**
|
|
74
|
+
* Check if a user can write to a specific column
|
|
75
|
+
*/
|
|
76
|
+
async canWriteColumn(entityName, columnName, user, value, record) {
|
|
77
|
+
const rules = this.rules.get(entityName);
|
|
78
|
+
if (!rules) {
|
|
79
|
+
return true; // No rules = allow all
|
|
80
|
+
}
|
|
81
|
+
const columnRule = rules.columns.get(columnName);
|
|
82
|
+
if (!columnRule) {
|
|
83
|
+
return rules.defaultWritable ?? true; // Use default or allow
|
|
84
|
+
}
|
|
85
|
+
// Check role requirements
|
|
86
|
+
if (columnRule.roles && columnRule.roles.length > 0) {
|
|
87
|
+
const userRoles = user.roles || [];
|
|
88
|
+
const hasRole = columnRule.roles.some((role) => userRoles.includes(role));
|
|
89
|
+
if (!hasRole) {
|
|
90
|
+
return false;
|
|
91
|
+
}
|
|
92
|
+
}
|
|
93
|
+
// Check writable predicate
|
|
94
|
+
if (columnRule.writable !== undefined) {
|
|
95
|
+
if (typeof columnRule.writable === 'function') {
|
|
96
|
+
const context = {
|
|
97
|
+
user,
|
|
98
|
+
operation: 'write',
|
|
99
|
+
record,
|
|
100
|
+
column: columnName,
|
|
101
|
+
value,
|
|
102
|
+
};
|
|
103
|
+
return await columnRule.writable(context);
|
|
104
|
+
}
|
|
105
|
+
return columnRule.writable;
|
|
106
|
+
}
|
|
107
|
+
return true;
|
|
108
|
+
}
|
|
109
|
+
/**
|
|
110
|
+
* Filter record columns based on read permissions
|
|
111
|
+
* Returns a new record with only accessible columns
|
|
112
|
+
*/
|
|
113
|
+
async filterReadableColumns(entityName, record, user) {
|
|
114
|
+
const rules = this.rules.get(entityName);
|
|
115
|
+
if (!rules) {
|
|
116
|
+
return record; // No rules = return all columns
|
|
117
|
+
}
|
|
118
|
+
const filtered = {};
|
|
119
|
+
for (const [columnName, value] of Object.entries(record)) {
|
|
120
|
+
const canRead = await this.canReadColumn(entityName, columnName, user, record);
|
|
121
|
+
if (canRead) {
|
|
122
|
+
filtered[columnName] = value;
|
|
123
|
+
}
|
|
124
|
+
else {
|
|
125
|
+
// Apply mask value if defined
|
|
126
|
+
const columnRule = rules.columns.get(columnName);
|
|
127
|
+
if (columnRule?.maskValue !== undefined) {
|
|
128
|
+
filtered[columnName] = columnRule.maskValue;
|
|
129
|
+
}
|
|
130
|
+
// Otherwise, omit the column entirely
|
|
131
|
+
}
|
|
132
|
+
}
|
|
133
|
+
return filtered;
|
|
134
|
+
}
|
|
135
|
+
/**
|
|
136
|
+
* Filter write data based on write permissions
|
|
137
|
+
* Returns a new object with only writable columns
|
|
138
|
+
*/
|
|
139
|
+
async filterWritableColumns(entityName, data, user, existingRecord) {
|
|
140
|
+
const rules = this.rules.get(entityName);
|
|
141
|
+
if (!rules) {
|
|
142
|
+
return { filtered: data, rejected: [] }; // No rules = allow all
|
|
143
|
+
}
|
|
144
|
+
const filtered = {};
|
|
145
|
+
const rejected = [];
|
|
146
|
+
for (const [columnName, value] of Object.entries(data)) {
|
|
147
|
+
const canWrite = await this.canWriteColumn(entityName, columnName, user, value, existingRecord);
|
|
148
|
+
if (canWrite) {
|
|
149
|
+
filtered[columnName] = value;
|
|
150
|
+
}
|
|
151
|
+
else {
|
|
152
|
+
rejected.push(columnName);
|
|
153
|
+
}
|
|
154
|
+
}
|
|
155
|
+
return { filtered, rejected };
|
|
156
|
+
}
|
|
157
|
+
/**
|
|
158
|
+
* Get list of encrypted columns for an entity
|
|
159
|
+
*/
|
|
160
|
+
getEncryptedColumns(entityName) {
|
|
161
|
+
const rules = this.rules.get(entityName);
|
|
162
|
+
if (!rules) {
|
|
163
|
+
return [];
|
|
164
|
+
}
|
|
165
|
+
const encrypted = [];
|
|
166
|
+
for (const [columnName, rule] of rules.columns.entries()) {
|
|
167
|
+
if (rule.encrypted) {
|
|
168
|
+
encrypted.push(columnName);
|
|
169
|
+
}
|
|
170
|
+
}
|
|
171
|
+
return encrypted;
|
|
172
|
+
}
|
|
173
|
+
/**
|
|
174
|
+
* Get all column rules for an entity
|
|
175
|
+
*/
|
|
176
|
+
getAllColumnRules(entityName) {
|
|
177
|
+
const rules = this.rules.get(entityName);
|
|
178
|
+
return rules?.columns;
|
|
179
|
+
}
|
|
180
|
+
/**
|
|
181
|
+
* Clear all rules
|
|
182
|
+
*/
|
|
183
|
+
clear() {
|
|
184
|
+
this.rules.clear();
|
|
185
|
+
}
|
|
186
|
+
}
|
|
187
|
+
/**
|
|
188
|
+
* Global column security manager instance
|
|
189
|
+
*/
|
|
190
|
+
export const columnSecurityManager = new ColumnSecurityManager();
|
|
191
|
+
//# sourceMappingURL=column-security.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"column-security.js","sourceRoot":"","sources":["../../../../src/access-rules/column-security.ts"],"names":[],"mappings":"AAAA;;;GAGG;AA8BH;;GAEG;AACH,MAAM,OAAO,qBAAqB;IAAlC;QACU,UAAK,GAAqC,IAAI,GAAG,EAAE,CAAC;IA6N9D,CAAC;IA3NC;;OAEG;IACH,aAAa,CAAC,UAAkB,EAAE,KAA0B;QAC1D,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC;IACpC,CAAC;IAED;;OAEG;IACH,QAAQ,CAAC,UAAkB;QACzB,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IACpC,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,aAAa,CACjB,UAAkB,EAClB,UAAkB,EAClB,IAAU,EACV,MAA4B;QAE5B,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QACzC,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,OAAO,IAAI,CAAC,CAAC,uBAAuB;QACtC,CAAC;QAED,MAAM,UAAU,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QACjD,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,OAAO,KAAK,CAAC,eAAe,IAAI,IAAI,CAAC,CAAC,uBAAuB;QAC/D,CAAC;QAED,0BAA0B;QAC1B,IAAI,UAAU,CAAC,KAAK,IAAI,UAAU,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACpD,MAAM,SAAS,GAAI,IAAY,CAAC,KAAK,IAAI,EAAE,CAAC;YAC5C,MAAM,OAAO,GAAG,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,SAAS,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC;YAC1E,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;QAED,2BAA2B;QAC3B,IAAI,UAAU,CAAC,QAAQ,KAAK,SAAS,EAAE,CAAC;YACtC,IAAI,OAAO,UAAU,CAAC,QAAQ,KAAK,UAAU,EAAE,CAAC;gBAC9C,MAAM,OAAO,GAAwB;oBACnC,IAAI;oBACJ,SAAS,EAAE,MAAM;oBACjB,MAAM;oBACN,MAAM,EAAE,UAAU;oBAClB,KAAK,EAAE,MAAM,EAAE,CAAC,UAAU,CAAC;iBAC5B,CAAC;gBACF,OAAO,MAAM,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;YAC5C,CAAC;YACD,OAAO,UAAU,CAAC,QAAQ,CAAC;QAC7B,CAAC;QAED,0BAA0B;QAC1B,IAAI,UAAU,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;YACrC,IAAI,OAAO,UAAU,CAAC,OAAO,KAAK,UAAU,EAAE,CAAC;gBAC7C,MAAM,OAAO,GAAwB;oBACnC,IAAI;oBACJ,SAAS,EAAE,MAAM;oBACjB,MAAM;oBACN,MAAM,EAAE,UAAU;iBACnB,CAAC;gBACF,OAAO,MAAM,UAAU,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;YAC3C,CAAC;YACD,OAAO,UAAU,CAAC,OAAO,CAAC;QAC5B,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,cAAc,CAClB,UAAkB,EAClB,UAAkB,EAClB,IAAU,EACV,KAAW,EACX,MAA4B;QAE5B,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QACzC,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,OAAO,IAAI,CAAC,CAAC,uBAAuB;QACtC,CAAC;QAED,MAAM,UAAU,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QACjD,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,OAAO,KAAK,CAAC,eAAe,IAAI,IAAI,CAAC,CAAC,uBAAuB;QAC/D,CAAC;QAED,0BAA0B;QAC1B,IAAI,UAAU,CAAC,KAAK,IAAI,UAAU,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACpD,MAAM,SAAS,GAAI,IAAY,CAAC,KAAK,IAAI,EAAE,CAAC;YAC5C,MAAM,OAAO,GAAG,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,SAAS,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC;YAC1E,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;QAED,2BAA2B;QAC3B,IAAI,UAAU,CAAC,QAAQ,KAAK,SAAS,EAAE,CAAC;YACtC,IAAI,OAAO,UAAU,CAAC,QAAQ,KAAK,UAAU,EAAE,CAAC;gBAC9C,MAAM,OAAO,GAAwB;oBACnC,IAAI;oBACJ,SAAS,EAAE,OAAO;oBAClB,MAAM;oBACN,MAAM,EAAE,UAAU;oBAClB,KAAK;iBACN,CAAC;gBACF,OAAO,MAAM,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;YAC5C,CAAC;YACD,OAAO,UAAU,CAAC,QAAQ,CAAC;QAC7B,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,qBAAqB,CACzB,UAAkB,EAClB,MAA2B,EAC3B,IAAU;QAEV,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QACzC,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,OAAO,MAAM,CAAC,CAAC,gCAAgC;QACjD,CAAC;QAED,MAAM,QAAQ,GAAwB,EAAE,CAAC;QAEzC,KAAK,MAAM,CAAC,UAAU,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;YACzD,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,UAAU,EAAE,UAAU,EAAE,IAAI,EAAE,MAAM,CAAC,CAAC;YAE/E,IAAI,OAAO,EAAE,CAAC;gBACZ,QAAQ,CAAC,UAAU,CAAC,GAAG,KAAK,CAAC;YAC/B,CAAC;iBAAM,CAAC;gBACN,8BAA8B;gBAC9B,MAAM,UAAU,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;gBACjD,IAAI,UAAU,EAAE,SAAS,KAAK,SAAS,EAAE,CAAC;oBACxC,QAAQ,CAAC,UAAU,CAAC,GAAG,UAAU,CAAC,SAAS,CAAC;gBAC9C,CAAC;gBACD,sCAAsC;YACxC,CAAC;QACH,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,qBAAqB,CACzB,UAAkB,EAClB,IAAyB,EACzB,IAAU,EACV,cAAoC;QAEpC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QACzC,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC,CAAC,uBAAuB;QAClE,CAAC;QAED,MAAM,QAAQ,GAAwB,EAAE,CAAC;QACzC,MAAM,QAAQ,GAAa,EAAE,CAAC;QAE9B,KAAK,MAAM,CAAC,UAAU,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;YACvD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,UAAU,EAAE,UAAU,EAAE,IAAI,EAAE,KAAK,EAAE,cAAc,CAAC,CAAC;YAEhG,IAAI,QAAQ,EAAE,CAAC;gBACb,QAAQ,CAAC,UAAU,CAAC,GAAG,KAAK,CAAC;YAC/B,CAAC;iBAAM,CAAC;gBACN,QAAQ,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YAC5B,CAAC;QACH,CAAC;QAED,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC;IAChC,CAAC;IAED;;OAEG;IACH,mBAAmB,CAAC,UAAkB;QACpC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QACzC,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,MAAM,SAAS,GAAa,EAAE,CAAC;QAC/B,KAAK,MAAM,CAAC,UAAU,EAAE,IAAI,CAAC,IAAI,KAAK,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC;YACzD,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;gBACnB,SAAS,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YAC7B,CAAC;QACH,CAAC;QAED,OAAO,SAAS,CAAC;IACnB,CAAC;IAED;;OAEG;IACH,iBAAiB,CAAC,UAAkB;QAClC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QACzC,OAAO,KAAK,EAAE,OAAO,CAAC;IACxB,CAAC;IAED;;OAEG;IACH,KAAK;QACH,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;IACrB,CAAC;CACF;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,qBAAqB,GAAG,IAAI,qBAAqB,EAAE,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"engine.d.ts","sourceRoot":"","sources":["../../../../src/access-rules/engine.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,IAAI,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAE3D,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,IAAI,CAAC;IACX,SAAS,EAAE,QAAQ,GAAG,MAAM,GAAG,QAAQ,GAAG,QAAQ,CAAC;IACnD,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAC1B,YAAY,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;CACpC;AAED,MAAM,WAAW,cAAc;IAC7B,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED;;GAEG;AACH,qBAAa,iBAAiB;IAC5B;;OAEG;WACU,QAAQ,CAAC,OAAO,EAAE,aAAa,EAAE,KAAK,CAAC,EAAE,WAAW,GAAG,OAAO,CAAC,cAAc,CAAC;
|
|
1
|
+
{"version":3,"file":"engine.d.ts","sourceRoot":"","sources":["../../../../src/access-rules/engine.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,IAAI,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAE3D,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,IAAI,CAAC;IACX,SAAS,EAAE,QAAQ,GAAG,MAAM,GAAG,QAAQ,GAAG,QAAQ,CAAC;IACnD,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAC1B,YAAY,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;CACpC;AAED,MAAM,WAAW,cAAc;IAC7B,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED;;GAEG;AACH,qBAAa,iBAAiB;IAC5B;;OAEG;WACU,QAAQ,CAAC,OAAO,EAAE,aAAa,EAAE,KAAK,CAAC,EAAE,WAAW,GAAG,OAAO,CAAC,cAAc,CAAC;IA4D3F;;OAEG;WACU,aAAa,CACxB,QAAQ,EAAE,aAAa,EAAE,EACzB,KAAK,CAAC,EAAE,WAAW,GAClB,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;CAWxC;AAED,eAAe,iBAAiB,CAAC"}
|
|
@@ -44,7 +44,8 @@ export class AccessRulesEngine {
|
|
|
44
44
|
if (!rules.delete) {
|
|
45
45
|
return { allowed: true };
|
|
46
46
|
}
|
|
47
|
-
const
|
|
47
|
+
const deleteData = context.existingData || context.data;
|
|
48
|
+
const deleteAllowed = await Promise.resolve(rules.delete(context.user, deleteData));
|
|
48
49
|
return {
|
|
49
50
|
allowed: deleteAllowed,
|
|
50
51
|
reason: deleteAllowed ? undefined : 'Delete denied by access rules',
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"engine.js","sourceRoot":"","sources":["../../../../src/access-rules/engine.ts"],"names":[],"mappings":"AAAA,iCAAiC;AAgBjC;;GAEG;AACH,MAAM,OAAO,iBAAiB;IAC5B;;OAEG;IACH,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,OAAsB,EAAE,KAAmB;QAC/D,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,8BAA8B;YAC9B,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;QAC3B,CAAC;QAED,IAAI,CAAC;YACH,QAAQ,OAAO,CAAC,SAAS,EAAE,CAAC;gBAC1B,KAAK,QAAQ;oBACX,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC;wBAClB,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,kBAAkB;oBAC9C,CAAC;oBACD,MAAM,aAAa,GAAG,MAAM,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;oBACtF,OAAO;wBACL,OAAO,EAAE,aAAa;wBACtB,MAAM,EAAE,aAAa,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,+BAA+B;qBACpE,CAAC;gBAEJ,KAAK,MAAM;oBACT,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;wBAChB,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;oBAC3B,CAAC;oBACD,MAAM,WAAW,GAAG,MAAM,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;oBAClF,OAAO;wBACL,OAAO,EAAE,WAAW;wBACpB,MAAM,EAAE,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,6BAA6B;qBAChE,CAAC;gBAEJ,KAAK,QAAQ;oBACX,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC;wBAClB,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;oBAC3B,CAAC;oBACD,MAAM,aAAa,GAAG,MAAM,OAAO,CAAC,OAAO,CACzC,KAAK,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,YAAY,IAAI,EAAE,EAAE,OAAO,CAAC,IAAI,CAAC,CACrE,CAAC;oBACF,OAAO;wBACL,OAAO,EAAE,aAAa;wBACtB,MAAM,EAAE,aAAa,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,+BAA+B;qBACpE,CAAC;gBAEJ,KAAK,QAAQ;oBACX,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC;wBAClB,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;oBAC3B,CAAC;oBACD,MAAM,aAAa,GAAG,MAAM,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,
|
|
1
|
+
{"version":3,"file":"engine.js","sourceRoot":"","sources":["../../../../src/access-rules/engine.ts"],"names":[],"mappings":"AAAA,iCAAiC;AAgBjC;;GAEG;AACH,MAAM,OAAO,iBAAiB;IAC5B;;OAEG;IACH,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,OAAsB,EAAE,KAAmB;QAC/D,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,8BAA8B;YAC9B,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;QAC3B,CAAC;QAED,IAAI,CAAC;YACH,QAAQ,OAAO,CAAC,SAAS,EAAE,CAAC;gBAC1B,KAAK,QAAQ;oBACX,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC;wBAClB,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,kBAAkB;oBAC9C,CAAC;oBACD,MAAM,aAAa,GAAG,MAAM,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;oBACtF,OAAO;wBACL,OAAO,EAAE,aAAa;wBACtB,MAAM,EAAE,aAAa,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,+BAA+B;qBACpE,CAAC;gBAEJ,KAAK,MAAM;oBACT,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;wBAChB,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;oBAC3B,CAAC;oBACD,MAAM,WAAW,GAAG,MAAM,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;oBAClF,OAAO;wBACL,OAAO,EAAE,WAAW;wBACpB,MAAM,EAAE,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,6BAA6B;qBAChE,CAAC;gBAEJ,KAAK,QAAQ;oBACX,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC;wBAClB,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;oBAC3B,CAAC;oBACD,MAAM,aAAa,GAAG,MAAM,OAAO,CAAC,OAAO,CACzC,KAAK,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,YAAY,IAAI,EAAE,EAAE,OAAO,CAAC,IAAI,CAAC,CACrE,CAAC;oBACF,OAAO;wBACL,OAAO,EAAE,aAAa;wBACtB,MAAM,EAAE,aAAa,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,+BAA+B;qBACpE,CAAC;gBAEJ,KAAK,QAAQ;oBACX,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC;wBAClB,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;oBAC3B,CAAC;oBACD,MAAM,UAAU,GAAG,OAAO,CAAC,YAAY,IAAI,OAAO,CAAC,IAAI,CAAC;oBACxD,MAAM,aAAa,GAAG,MAAM,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC,CAAC;oBACpF,OAAO;wBACL,OAAO,EAAE,aAAa;wBACtB,MAAM,EAAE,aAAa,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,+BAA+B;qBACpE,CAAC;gBAEJ;oBACE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;YAC3D,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CAAC,+BAA+B,EAAE,KAAK,CAAC,CAAC;YACtD,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,+BAA+B,EAAE,CAAC;QACrE,CAAC;IACH,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,KAAK,CAAC,aAAa,CACxB,QAAyB,EACzB,KAAmB;QAEnB,MAAM,OAAO,GAAG,IAAI,GAAG,EAA0B,CAAC;QAElD,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;YAC/B,MAAM,SAAS,GAAG,GAAG,OAAO,CAAC,SAAS,IAAI,OAAO,CAAC,IAAI,CAAC,EAAE,IAAI,SAAS,EAAE,CAAC;YACzE,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;YACrD,OAAO,CAAC,GAAG,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;QACnC,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;CACF;AAED,eAAe,iBAAiB,CAAC"}
|
|
@@ -0,0 +1,108 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Audit trail manager for change tracking and compliance
|
|
3
|
+
* Tracks all data changes with user attribution and timestamps
|
|
4
|
+
*/
|
|
5
|
+
import type { User } from '@edgebasejs/types';
|
|
6
|
+
export interface AuditLog {
|
|
7
|
+
id: string;
|
|
8
|
+
userId: string;
|
|
9
|
+
entity: string;
|
|
10
|
+
recordId: string;
|
|
11
|
+
operation: 'create' | 'update' | 'delete';
|
|
12
|
+
before?: Record<string, any>;
|
|
13
|
+
after?: Record<string, any>;
|
|
14
|
+
changes?: Array<{
|
|
15
|
+
field: string;
|
|
16
|
+
before: any;
|
|
17
|
+
after: any;
|
|
18
|
+
}>;
|
|
19
|
+
metadata?: Record<string, any>;
|
|
20
|
+
createdAt: number;
|
|
21
|
+
}
|
|
22
|
+
export interface AuditQuery {
|
|
23
|
+
entity?: string;
|
|
24
|
+
recordId?: string;
|
|
25
|
+
userId?: string;
|
|
26
|
+
operation?: 'create' | 'update' | 'delete';
|
|
27
|
+
startDate?: number;
|
|
28
|
+
endDate?: number;
|
|
29
|
+
limit?: number;
|
|
30
|
+
offset?: number;
|
|
31
|
+
}
|
|
32
|
+
export interface AuditResponse {
|
|
33
|
+
logs: AuditLog[];
|
|
34
|
+
total: number;
|
|
35
|
+
hasMore: boolean;
|
|
36
|
+
}
|
|
37
|
+
export interface AuditDatabase {
|
|
38
|
+
run(sql: string, params: any[]): Promise<any>;
|
|
39
|
+
getOne(sql: string, params: any[]): Promise<any>;
|
|
40
|
+
getAll(sql: string, params: any[]): Promise<any[]>;
|
|
41
|
+
}
|
|
42
|
+
export interface AuditOptions {
|
|
43
|
+
trackBefore?: boolean;
|
|
44
|
+
trackAfter?: boolean;
|
|
45
|
+
trackChanges?: boolean;
|
|
46
|
+
excludeFields?: string[];
|
|
47
|
+
maxRetentionDays?: number;
|
|
48
|
+
}
|
|
49
|
+
/**
|
|
50
|
+
* Audit manager for tracking data changes
|
|
51
|
+
*/
|
|
52
|
+
export declare class AuditManager {
|
|
53
|
+
private db;
|
|
54
|
+
private options;
|
|
55
|
+
constructor(db: AuditDatabase, options?: AuditOptions);
|
|
56
|
+
/**
|
|
57
|
+
* Log a data change
|
|
58
|
+
*/
|
|
59
|
+
logChange(user: User, entity: string, recordId: string, operation: 'create' | 'update' | 'delete', before?: Record<string, any>, after?: Record<string, any>, metadata?: Record<string, any>): Promise<AuditLog>;
|
|
60
|
+
/**
|
|
61
|
+
* Query audit logs
|
|
62
|
+
*/
|
|
63
|
+
queryLogs(query: AuditQuery): Promise<AuditResponse>;
|
|
64
|
+
/**
|
|
65
|
+
* Get audit log by ID
|
|
66
|
+
*/
|
|
67
|
+
getLog(auditId: string): Promise<AuditLog | null>;
|
|
68
|
+
/**
|
|
69
|
+
* Get audit history for a specific record
|
|
70
|
+
*/
|
|
71
|
+
getRecordHistory(entity: string, recordId: string): Promise<AuditLog[]>;
|
|
72
|
+
/**
|
|
73
|
+
* Get summary statistics for audit logs
|
|
74
|
+
*/
|
|
75
|
+
getStatistics(options?: {
|
|
76
|
+
entity?: string;
|
|
77
|
+
userId?: string;
|
|
78
|
+
startDate?: number;
|
|
79
|
+
endDate?: number;
|
|
80
|
+
}): Promise<{
|
|
81
|
+
totalChanges: number;
|
|
82
|
+
changesByOperation: {
|
|
83
|
+
operation: string;
|
|
84
|
+
count: number;
|
|
85
|
+
}[];
|
|
86
|
+
changesByEntity: {
|
|
87
|
+
entity: string;
|
|
88
|
+
count: number;
|
|
89
|
+
}[];
|
|
90
|
+
changesByUser: {
|
|
91
|
+
userId: string;
|
|
92
|
+
count: number;
|
|
93
|
+
}[];
|
|
94
|
+
}>;
|
|
95
|
+
/**
|
|
96
|
+
* Clean up old audit logs based on retention policy
|
|
97
|
+
*/
|
|
98
|
+
cleanupOldLogs(): Promise<number>;
|
|
99
|
+
/**
|
|
100
|
+
* Filter sensitive fields from data
|
|
101
|
+
*/
|
|
102
|
+
private filterSensitiveFields;
|
|
103
|
+
/**
|
|
104
|
+
* Calculate field-level changes between before and after states
|
|
105
|
+
*/
|
|
106
|
+
private calculateChanges;
|
|
107
|
+
}
|
|
108
|
+
//# sourceMappingURL=audit-manager.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"audit-manager.d.ts","sourceRoot":"","sources":["../../../../src/audit/audit-manager.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,mBAAmB,CAAC;AAE9C,MAAM,WAAW,QAAQ;IACvB,EAAE,EAAE,MAAM,CAAC;IACX,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,QAAQ,GAAG,QAAQ,GAAG,QAAQ,CAAC;IAC1C,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAC7B,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAC5B,OAAO,CAAC,EAAE,KAAK,CAAC;QACd,KAAK,EAAE,MAAM,CAAC;QACd,MAAM,EAAE,GAAG,CAAC;QACZ,KAAK,EAAE,GAAG,CAAC;KACZ,CAAC,CAAC;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAC/B,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,UAAU;IACzB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,QAAQ,GAAG,QAAQ,GAAG,QAAQ,CAAC;IAC3C,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,QAAQ,EAAE,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,OAAO,CAAC;CAClB;AAED,MAAM,WAAW,aAAa;IAC5B,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC;IAC9C,MAAM,CAAC,GAAG,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC;IACjD,MAAM,CAAC,GAAG,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,GAAG,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;CACpD;AAED,MAAM,WAAW,YAAY;IAC3B,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;IACzB,gBAAgB,CAAC,EAAE,MAAM,CAAC;CAC3B;AAED;;GAEG;AACH,qBAAa,YAAY;IACvB,OAAO,CAAC,EAAE,CAAgB;IAC1B,OAAO,CAAC,OAAO,CAAyB;gBAE5B,EAAE,EAAE,aAAa,EAAE,OAAO,CAAC,EAAE,YAAY;IAWrD;;OAEG;IACG,SAAS,CACb,IAAI,EAAE,IAAI,EACV,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,MAAM,EAChB,SAAS,EAAE,QAAQ,GAAG,QAAQ,GAAG,QAAQ,EACzC,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,EAC5B,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,EAC3B,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GAC7B,OAAO,CAAC,QAAQ,CAAC;IAgDpB;;OAEG;IACG,SAAS,CAAC,KAAK,EAAE,UAAU,GAAG,OAAO,CAAC,aAAa,CAAC;IA+E1D;;OAEG;IACG,MAAM,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC;IAqBvD;;OAEG;IACG,gBAAgB,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,QAAQ,EAAE,CAAC;IAoB7E;;OAEG;IACG,aAAa,CAAC,OAAO,CAAC,EAAE;QAC5B,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,OAAO,CAAC,EAAE,MAAM,CAAC;KAClB,GAAG,OAAO,CAAC;QACV,YAAY,EAAE,MAAM,CAAC;QACrB,kBAAkB,EAAE;YAAE,SAAS,EAAE,MAAM,CAAC;YAAC,KAAK,EAAE,MAAM,CAAA;SAAE,EAAE,CAAC;QAC3D,eAAe,EAAE;YAAE,MAAM,EAAE,MAAM,CAAC;YAAC,KAAK,EAAE,MAAM,CAAA;SAAE,EAAE,CAAC;QACrD,aAAa,EAAE;YAAE,MAAM,EAAE,MAAM,CAAC;YAAC,KAAK,EAAE,MAAM,CAAA;SAAE,EAAE,CAAC;KACpD,CAAC;IAoEF;;OAEG;IACG,cAAc,IAAI,OAAO,CAAC,MAAM,CAAC;IAavC;;OAEG;IACH,OAAO,CAAC,qBAAqB;IAY7B;;OAEG;IACH,OAAO,CAAC,gBAAgB;CAyBzB"}
|