@edgebasejs/react-native 0.1.7 → 0.1.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +18 -0
- package/dist/client-core/src/index.d.ts +4 -0
- package/dist/client-core/src/index.d.ts.map +1 -1
- package/dist/client-core/src/index.js +4 -0
- package/dist/client-core/src/index.js.map +1 -1
- package/dist/client-core/src/mutations/batch-processor-client.d.ts +67 -0
- package/dist/client-core/src/mutations/batch-processor-client.d.ts.map +1 -0
- package/dist/client-core/src/mutations/batch-processor-client.js +64 -0
- package/dist/client-core/src/mutations/batch-processor-client.js.map +1 -0
- package/dist/client-core/src/mutations/transaction-hook.d.ts +80 -0
- package/dist/client-core/src/mutations/transaction-hook.d.ts.map +1 -0
- package/dist/client-core/src/mutations/transaction-hook.js +204 -0
- package/dist/client-core/src/mutations/transaction-hook.js.map +1 -0
- package/dist/client-core/src/realtime/realtime-sync-manager.d.ts +55 -0
- package/dist/client-core/src/realtime/realtime-sync-manager.d.ts.map +1 -0
- package/dist/client-core/src/realtime/realtime-sync-manager.js +208 -0
- package/dist/client-core/src/realtime/realtime-sync-manager.js.map +1 -0
- package/dist/client-core/src/realtime/subscription-handler.d.ts +74 -0
- package/dist/client-core/src/realtime/subscription-handler.d.ts.map +1 -0
- package/dist/client-core/src/realtime/subscription-handler.js +224 -0
- package/dist/client-core/src/realtime/subscription-handler.js.map +1 -0
- package/dist/client-core/src/sync/sync-engine.d.ts +10 -0
- package/dist/client-core/src/sync/sync-engine.d.ts.map +1 -1
- package/dist/client-core/src/sync/sync-engine.js +37 -5
- package/dist/client-core/src/sync/sync-engine.js.map +1 -1
- package/dist/client-react-native/src/hooks/index.d.ts +10 -0
- package/dist/client-react-native/src/hooks/index.d.ts.map +1 -1
- package/dist/client-react-native/src/hooks/index.js +8 -0
- package/dist/client-react-native/src/hooks/index.js.map +1 -1
- package/dist/client-react-native/src/hooks/use-audit.d.ts +65 -0
- package/dist/client-react-native/src/hooks/use-audit.d.ts.map +1 -0
- package/dist/client-react-native/src/hooks/use-audit.js +201 -0
- package/dist/client-react-native/src/hooks/use-audit.js.map +1 -0
- package/dist/client-react-native/src/hooks/use-batch-mutation.d.ts +56 -0
- package/dist/client-react-native/src/hooks/use-batch-mutation.d.ts.map +1 -0
- package/dist/client-react-native/src/hooks/use-batch-mutation.js +95 -0
- package/dist/client-react-native/src/hooks/use-batch-mutation.js.map +1 -0
- package/dist/client-react-native/src/hooks/use-encryption.d.ts +45 -0
- package/dist/client-react-native/src/hooks/use-encryption.d.ts.map +1 -0
- package/dist/client-react-native/src/hooks/use-encryption.js +143 -0
- package/dist/client-react-native/src/hooks/use-encryption.js.map +1 -0
- package/dist/client-react-native/src/hooks/use-file-manager.d.ts +38 -0
- package/dist/client-react-native/src/hooks/use-file-manager.d.ts.map +1 -0
- package/dist/client-react-native/src/hooks/use-file-manager.js +174 -0
- package/dist/client-react-native/src/hooks/use-file-manager.js.map +1 -0
- package/dist/client-react-native/src/hooks/use-file-upload.d.ts +34 -0
- package/dist/client-react-native/src/hooks/use-file-upload.d.ts.map +1 -0
- package/dist/client-react-native/src/hooks/use-file-upload.js +85 -0
- package/dist/client-react-native/src/hooks/use-file-upload.js.map +1 -0
- package/dist/client-react-native/src/hooks/use-mutation.d.ts.map +1 -1
- package/dist/client-react-native/src/hooks/use-mutation.js +34 -6
- package/dist/client-react-native/src/hooks/use-mutation.js.map +1 -1
- package/dist/client-react-native/src/hooks/use-search.d.ts +33 -0
- package/dist/client-react-native/src/hooks/use-search.d.ts.map +1 -0
- package/dist/client-react-native/src/hooks/use-search.js +174 -0
- package/dist/client-react-native/src/hooks/use-search.js.map +1 -0
- package/dist/client-react-native/src/hooks/use-subscribe.d.ts +14 -0
- package/dist/client-react-native/src/hooks/use-subscribe.d.ts.map +1 -0
- package/dist/client-react-native/src/hooks/use-subscribe.js +165 -0
- package/dist/client-react-native/src/hooks/use-subscribe.js.map +1 -0
- package/dist/client-react-native/src/hooks/use-transaction.d.ts +27 -0
- package/dist/client-react-native/src/hooks/use-transaction.d.ts.map +1 -0
- package/dist/client-react-native/src/hooks/use-transaction.js +160 -0
- package/dist/client-react-native/src/hooks/use-transaction.js.map +1 -0
- package/dist/client-react-native/src/provider.d.ts +5 -2
- package/dist/client-react-native/src/provider.d.ts.map +1 -1
- package/dist/client-react-native/src/provider.js +23 -23
- package/dist/client-react-native/src/provider.js.map +1 -1
- package/dist/core/src/access-rules/column-security.d.ts +80 -0
- package/dist/core/src/access-rules/column-security.d.ts.map +1 -0
- package/dist/core/src/access-rules/column-security.js +191 -0
- package/dist/core/src/access-rules/column-security.js.map +1 -0
- package/dist/core/src/access-rules/engine.d.ts +26 -0
- package/dist/core/src/access-rules/engine.d.ts.map +1 -0
- package/dist/core/src/access-rules/engine.js +76 -0
- package/dist/core/src/access-rules/engine.js.map +1 -0
- package/dist/core/src/access-rules/index.d.ts +3 -0
- package/dist/core/src/access-rules/index.d.ts.map +1 -0
- package/dist/core/src/access-rules/index.js +3 -0
- package/dist/core/src/access-rules/index.js.map +1 -0
- package/dist/core/src/audit/audit-manager.d.ts +108 -0
- package/dist/core/src/audit/audit-manager.d.ts.map +1 -0
- package/dist/core/src/audit/audit-manager.js +265 -0
- package/dist/core/src/audit/audit-manager.js.map +1 -0
- package/dist/core/src/auth/auth-service.d.ts +71 -0
- package/dist/core/src/auth/auth-service.d.ts.map +1 -0
- package/dist/core/src/auth/auth-service.js +177 -0
- package/dist/core/src/auth/auth-service.js.map +1 -0
- package/dist/core/src/auth/index.d.ts +4 -0
- package/dist/core/src/auth/index.d.ts.map +1 -0
- package/dist/core/src/auth/index.js +4 -0
- package/dist/core/src/auth/index.js.map +1 -0
- package/dist/core/src/encryption/encryption-manager.d.ts +97 -0
- package/dist/core/src/encryption/encryption-manager.d.ts.map +1 -0
- package/dist/core/src/encryption/encryption-manager.js +224 -0
- package/dist/core/src/encryption/encryption-manager.js.map +1 -0
- package/dist/core/src/index.d.ts +16 -0
- package/dist/core/src/index.d.ts.map +1 -0
- package/dist/core/src/index.js +16 -0
- package/dist/core/src/index.js.map +1 -0
- package/dist/core/src/realtime/change-notifier.d.ts +50 -0
- package/dist/core/src/realtime/change-notifier.d.ts.map +1 -0
- package/dist/core/src/realtime/change-notifier.js +145 -0
- package/dist/core/src/realtime/change-notifier.js.map +1 -0
- package/dist/core/src/realtime/message-types.d.ts +39 -0
- package/dist/core/src/realtime/message-types.d.ts.map +1 -0
- package/dist/core/src/realtime/message-types.js +5 -0
- package/dist/core/src/realtime/message-types.js.map +1 -0
- package/dist/core/src/realtime/subscription-manager.d.ts +67 -0
- package/dist/core/src/realtime/subscription-manager.d.ts.map +1 -0
- package/dist/core/src/realtime/subscription-manager.js +229 -0
- package/dist/core/src/realtime/subscription-manager.js.map +1 -0
- package/dist/core/src/search/search-manager.d.ts +93 -0
- package/dist/core/src/search/search-manager.d.ts.map +1 -0
- package/dist/core/src/search/search-manager.js +258 -0
- package/dist/core/src/search/search-manager.js.map +1 -0
- package/dist/core/src/storage/file-manager.d.ts +138 -0
- package/dist/core/src/storage/file-manager.d.ts.map +1 -0
- package/dist/core/src/storage/file-manager.js +224 -0
- package/dist/core/src/storage/file-manager.js.map +1 -0
- package/dist/core/src/sync/batch-processor.d.ts +97 -0
- package/dist/core/src/sync/batch-processor.d.ts.map +1 -0
- package/dist/core/src/sync/batch-processor.js +313 -0
- package/dist/core/src/sync/batch-processor.js.map +1 -0
- package/dist/core/src/sync/csv-processor.d.ts +66 -0
- package/dist/core/src/sync/csv-processor.d.ts.map +1 -0
- package/dist/core/src/sync/csv-processor.js +223 -0
- package/dist/core/src/sync/csv-processor.js.map +1 -0
- package/dist/core/src/sync/index.d.ts +3 -0
- package/dist/core/src/sync/index.d.ts.map +1 -0
- package/dist/core/src/sync/index.js +3 -0
- package/dist/core/src/sync/index.js.map +1 -0
- package/dist/core/src/sync/sync-engine.d.ts +68 -0
- package/dist/core/src/sync/sync-engine.d.ts.map +1 -0
- package/dist/core/src/sync/sync-engine.js +317 -0
- package/dist/core/src/sync/sync-engine.js.map +1 -0
- package/dist/core/src/sync/transaction-manager.d.ts +83 -0
- package/dist/core/src/sync/transaction-manager.d.ts.map +1 -0
- package/dist/core/src/sync/transaction-manager.js +227 -0
- package/dist/core/src/sync/transaction-manager.js.map +1 -0
- package/dist/core/src/webhooks/webhook-manager.d.ts +137 -0
- package/dist/core/src/webhooks/webhook-manager.d.ts.map +1 -0
- package/dist/core/src/webhooks/webhook-manager.js +334 -0
- package/dist/core/src/webhooks/webhook-manager.js.map +1 -0
- package/dist/index.d.ts +0 -1
- package/dist/index.js +0 -1
- package/package.json +4 -6
|
@@ -1,14 +1,12 @@
|
|
|
1
|
-
import { jsx as _jsx, jsxs as _jsxs } from "react/jsx-runtime";
|
|
2
1
|
import React, { useEffect, useState } from 'react';
|
|
3
|
-
import {
|
|
4
|
-
import { AuthManager, ClientSyncEngine, OutboxManager, MemoryStorageAdapter, } from '@edgebasejs/client-core';
|
|
2
|
+
import { AuthManager, ClientSyncEngine, OutboxManager, MemoryStorageAdapter, ClientSubscriptionHandler, } from '@edgebasejs/client-core';
|
|
5
3
|
import AsyncStorageAdapter from './storage/async-storage-adapter';
|
|
6
4
|
export const EdgeBaseContext = React.createContext(null);
|
|
7
5
|
/**
|
|
8
6
|
* EdgeBase provider component
|
|
9
7
|
* Wraps the app to provide EdgeBase functionality via context
|
|
10
8
|
*/
|
|
11
|
-
export function EdgeBaseProvider({ apiUrl, children, useMemoryStorage = false, }) {
|
|
9
|
+
export function EdgeBaseProvider({ apiUrl, children, useMemoryStorage = false, autoSync = true, }) {
|
|
12
10
|
const [value, setValue] = useState(null);
|
|
13
11
|
const [isInitializing, setIsInitializing] = useState(true);
|
|
14
12
|
const [initError, setInitError] = useState(null);
|
|
@@ -33,6 +31,7 @@ export function EdgeBaseProvider({ apiUrl, children, useMemoryStorage = false, }
|
|
|
33
31
|
accessToken: accessToken || '',
|
|
34
32
|
storage,
|
|
35
33
|
outboxManager,
|
|
34
|
+
autoSync,
|
|
36
35
|
onConflict: (entity, recordId, serverData) => {
|
|
37
36
|
console.log(`Conflict on ${entity}:${recordId}, accepting server version`);
|
|
38
37
|
},
|
|
@@ -41,6 +40,15 @@ export function EdgeBaseProvider({ apiUrl, children, useMemoryStorage = false, }
|
|
|
41
40
|
},
|
|
42
41
|
});
|
|
43
42
|
await syncEngine.init();
|
|
43
|
+
// Create subscription handler for real-time updates
|
|
44
|
+
const wsUrl = apiUrl.replace(/^http/, 'ws');
|
|
45
|
+
const subscriptionHandler = new ClientSubscriptionHandler({
|
|
46
|
+
url: wsUrl,
|
|
47
|
+
token: accessToken || '',
|
|
48
|
+
reconnectAttempts: 5,
|
|
49
|
+
reconnectDelay: 1000,
|
|
50
|
+
heartbeatInterval: 30000,
|
|
51
|
+
});
|
|
44
52
|
// Subscribe to auth state changes to update sync engine token
|
|
45
53
|
authManager.subscribe((state) => {
|
|
46
54
|
if (state.accessToken) {
|
|
@@ -48,10 +56,12 @@ export function EdgeBaseProvider({ apiUrl, children, useMemoryStorage = false, }
|
|
|
48
56
|
}
|
|
49
57
|
});
|
|
50
58
|
setValue({
|
|
59
|
+
apiUrl,
|
|
51
60
|
storage,
|
|
52
61
|
authManager,
|
|
53
62
|
syncEngine,
|
|
54
63
|
outboxManager,
|
|
64
|
+
subscriptionHandler,
|
|
55
65
|
isInitialized: true,
|
|
56
66
|
});
|
|
57
67
|
}
|
|
@@ -65,28 +75,18 @@ export function EdgeBaseProvider({ apiUrl, children, useMemoryStorage = false, }
|
|
|
65
75
|
}
|
|
66
76
|
})();
|
|
67
77
|
}, [apiUrl, useMemoryStorage]);
|
|
78
|
+
useEffect(() => {
|
|
79
|
+
if (!value?.syncEngine) {
|
|
80
|
+
return;
|
|
81
|
+
}
|
|
82
|
+
value.syncEngine.setAutoSync(autoSync);
|
|
83
|
+
}, [autoSync, value]);
|
|
68
84
|
if (isInitializing) {
|
|
69
|
-
return
|
|
70
|
-
flex: 1,
|
|
71
|
-
justifyContent: 'center',
|
|
72
|
-
alignItems: 'center',
|
|
73
|
-
backgroundColor: '#f5f5f5',
|
|
74
|
-
}, children: [_jsx(ActivityIndicator, { size: "large", color: "#007AFF" }), _jsx(Text, { style: { marginTop: 12, fontSize: 14, color: '#666' }, children: "Initializing EdgeBase..." })] }));
|
|
85
|
+
return null;
|
|
75
86
|
}
|
|
76
87
|
if (initError) {
|
|
77
|
-
return
|
|
78
|
-
flex: 1,
|
|
79
|
-
justifyContent: 'center',
|
|
80
|
-
alignItems: 'center',
|
|
81
|
-
backgroundColor: '#f5f5f5',
|
|
82
|
-
}, children: [_jsx(Text, { style: { fontSize: 16, color: '#ff6b6b', fontWeight: 'bold' }, children: "Initialization Error" }), _jsx(Text, { style: {
|
|
83
|
-
marginTop: 8,
|
|
84
|
-
fontSize: 12,
|
|
85
|
-
color: '#666',
|
|
86
|
-
paddingHorizontal: 20,
|
|
87
|
-
textAlign: 'center',
|
|
88
|
-
}, children: initError.message })] }));
|
|
88
|
+
return null;
|
|
89
89
|
}
|
|
90
|
-
return
|
|
90
|
+
return <EdgeBaseContext.Provider value={value}>{children}</EdgeBaseContext.Provider>;
|
|
91
91
|
}
|
|
92
92
|
//# sourceMappingURL=provider.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"provider.js","sourceRoot":"","sources":["../../../src/provider.tsx"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"provider.js","sourceRoot":"","sources":["../../../src/provider.tsx"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,OAAO,CAAC;AACnD,OAAO,EACL,WAAW,EACX,gBAAgB,EAChB,aAAa,EACb,oBAAoB,EACpB,yBAAyB,GAE1B,MAAM,yBAAyB,CAAC;AACjC,OAAO,mBAAmB,MAAM,iCAAiC,CAAC;AAYlE,MAAM,CAAC,MAAM,eAAe,GAAG,KAAK,CAAC,aAAa,CAA8B,IAAI,CAAC,CAAC;AAStF;;;GAGG;AACH,MAAM,UAAU,gBAAgB,CAAC,EAC/B,MAAM,EACN,QAAQ,EACR,gBAAgB,GAAG,KAAK,EACxB,QAAQ,GAAG,IAAI,GACO;IACtB,MAAM,CAAC,KAAK,EAAE,QAAQ,CAAC,GAAG,QAAQ,CAA8B,IAAI,CAAC,CAAC;IACtE,MAAM,CAAC,cAAc,EAAE,iBAAiB,CAAC,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC;IAC3D,MAAM,CAAC,SAAS,EAAE,YAAY,CAAC,GAAG,QAAQ,CAAe,IAAI,CAAC,CAAC;IAE/D,SAAS,CAAC,GAAG,EAAE;QACb,CAAC,KAAK,IAAI,EAAE;YACV,IAAI,CAAC;gBACH,iBAAiB;gBACjB,MAAM,OAAO,GAAG,gBAAgB,CAAC,CAAC,CAAC,IAAI,oBAAoB,EAAE,CAAC,CAAC,CAAC,IAAI,mBAAmB,EAAE,CAAC;gBAE1F,sBAAsB;gBACtB,MAAM,WAAW,GAAG,IAAI,WAAW,CAAC;oBAClC,MAAM;oBACN,OAAO;iBACR,CAAC,CAAC;gBACH,MAAM,WAAW,CAAC,IAAI,EAAE,CAAC;gBAEzB,wBAAwB;gBACxB,MAAM,aAAa,GAAG,IAAI,aAAa,CAAC,OAAO,CAAC,CAAC;gBACjD,MAAM,aAAa,CAAC,IAAI,EAAE,CAAC;gBAE3B,qBAAqB;gBACrB,MAAM,WAAW,GAAG,WAAW,CAAC,cAAc,EAAE,CAAC;gBACjD,MAAM,UAAU,GAAG,IAAI,gBAAgB,CAAC;oBACtC,MAAM;oBACN,WAAW,EAAE,WAAW,IAAI,EAAE;oBAC9B,OAAO;oBACP,aAAa;oBACb,QAAQ;oBACR,UAAU,EAAE,CAAC,MAAM,EAAE,QAAQ,EAAE,UAAU,EAAE,EAAE;wBAC3C,OAAO,CAAC,GAAG,CAAC,eAAe,MAAM,IAAI,QAAQ,4BAA4B,CAAC,CAAC;oBAC7E,CAAC;oBACD,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE;wBACjB,OAAO,CAAC,KAAK,CAAC,aAAa,EAAE,KAAK,CAAC,CAAC;oBACtC,CAAC;iBACF,CAAC,CAAC;gBACH,MAAM,UAAU,CAAC,IAAI,EAAE,CAAC;gBAExB,oDAAoD;gBACpD,MAAM,KAAK,GAAG,MAAM,CAAC,OAAO,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;gBAC5C,MAAM,mBAAmB,GAAG,IAAI,yBAAyB,CAAC;oBACxD,GAAG,EAAE,KAAK;oBACV,KAAK,EAAE,WAAW,IAAI,EAAE;oBACxB,iBAAiB,EAAE,CAAC;oBACpB,cAAc,EAAE,IAAI;oBACpB,iBAAiB,EAAE,KAAK;iBACzB,CAAC,CAAC;gBAEH,8DAA8D;gBAC9D,WAAW,CAAC,SAAS,CAAC,CAAC,KAAK,EAAE,EAAE;oBAC9B,IAAI,KAAK,CAAC,WAAW,EAAE,CAAC;wBACtB,UAAU,CAAC,cAAc,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;oBAC/C,CAAC;gBACH,CAAC,CAAC,CAAC;gBAEH,QAAQ,CAAC;oBACP,MAAM;oBACN,OAAO;oBACP,WAAW;oBACX,UAAU;oBACV,aAAa;oBACb,mBAAmB;oBACnB,aAAa,EAAE,IAAI;iBACpB,CAAC,CAAC;YACL,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,MAAM,GAAG,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;gBAChF,OAAO,CAAC,KAAK,CAAC,gCAAgC,EAAE,GAAG,CAAC,CAAC;gBACrD,YAAY,CAAC,GAAG,CAAC,CAAC;YACpB,CAAC;oBAAS,CAAC;gBACT,iBAAiB,CAAC,KAAK,CAAC,CAAC;YAC3B,CAAC;QACH,CAAC,CAAC,EAAE,CAAC;IACP,CAAC,EAAE,CAAC,MAAM,EAAE,gBAAgB,CAAC,CAAC,CAAC;IAE/B,SAAS,CAAC,GAAG,EAAE;QACb,IAAI,CAAC,KAAK,EAAE,UAAU,EAAE,CAAC;YACvB,OAAO;QACT,CAAC;QACD,KAAK,CAAC,UAAU,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;IACzC,CAAC,EAAE,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC;IAEtB,IAAI,cAAc,EAAE,CAAC;QACnB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,SAAS,EAAE,CAAC;QACd,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,CAAC,eAAe,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,KAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,eAAe,CAAC,QAAQ,CAAC,CAAC;AACxF,CAAC"}
|
|
@@ -0,0 +1,80 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Column-level security for field access control
|
|
3
|
+
* Supports role-based visibility and selective field encryption
|
|
4
|
+
*/
|
|
5
|
+
import type { User } from '@edgebasejs/types';
|
|
6
|
+
export interface ColumnRule {
|
|
7
|
+
column: string;
|
|
8
|
+
visible?: boolean | ((context: ColumnAccessContext) => boolean | Promise<boolean>);
|
|
9
|
+
readable?: boolean | ((context: ColumnAccessContext) => boolean | Promise<boolean>);
|
|
10
|
+
writable?: boolean | ((context: ColumnAccessContext) => boolean | Promise<boolean>);
|
|
11
|
+
roles?: string[];
|
|
12
|
+
encrypted?: boolean;
|
|
13
|
+
maskValue?: any;
|
|
14
|
+
}
|
|
15
|
+
export interface ColumnAccessContext {
|
|
16
|
+
user: User;
|
|
17
|
+
operation: 'read' | 'write' | 'create' | 'update';
|
|
18
|
+
record?: Record<string, any>;
|
|
19
|
+
column: string;
|
|
20
|
+
value?: any;
|
|
21
|
+
}
|
|
22
|
+
export interface ColumnSecurityRules {
|
|
23
|
+
entity: string;
|
|
24
|
+
columns: Map<string, ColumnRule>;
|
|
25
|
+
defaultVisible?: boolean;
|
|
26
|
+
defaultReadable?: boolean;
|
|
27
|
+
defaultWritable?: boolean;
|
|
28
|
+
}
|
|
29
|
+
/**
|
|
30
|
+
* Column-level security manager
|
|
31
|
+
*/
|
|
32
|
+
export declare class ColumnSecurityManager {
|
|
33
|
+
private rules;
|
|
34
|
+
/**
|
|
35
|
+
* Register column security rules for an entity
|
|
36
|
+
*/
|
|
37
|
+
registerRules(entityName: string, rules: ColumnSecurityRules): void;
|
|
38
|
+
/**
|
|
39
|
+
* Get rules for an entity
|
|
40
|
+
*/
|
|
41
|
+
getRules(entityName: string): ColumnSecurityRules | undefined;
|
|
42
|
+
/**
|
|
43
|
+
* Check if a user can read a specific column
|
|
44
|
+
*/
|
|
45
|
+
canReadColumn(entityName: string, columnName: string, user: User, record?: Record<string, any>): Promise<boolean>;
|
|
46
|
+
/**
|
|
47
|
+
* Check if a user can write to a specific column
|
|
48
|
+
*/
|
|
49
|
+
canWriteColumn(entityName: string, columnName: string, user: User, value?: any, record?: Record<string, any>): Promise<boolean>;
|
|
50
|
+
/**
|
|
51
|
+
* Filter record columns based on read permissions
|
|
52
|
+
* Returns a new record with only accessible columns
|
|
53
|
+
*/
|
|
54
|
+
filterReadableColumns(entityName: string, record: Record<string, any>, user: User): Promise<Record<string, any>>;
|
|
55
|
+
/**
|
|
56
|
+
* Filter write data based on write permissions
|
|
57
|
+
* Returns a new object with only writable columns
|
|
58
|
+
*/
|
|
59
|
+
filterWritableColumns(entityName: string, data: Record<string, any>, user: User, existingRecord?: Record<string, any>): Promise<{
|
|
60
|
+
filtered: Record<string, any>;
|
|
61
|
+
rejected: string[];
|
|
62
|
+
}>;
|
|
63
|
+
/**
|
|
64
|
+
* Get list of encrypted columns for an entity
|
|
65
|
+
*/
|
|
66
|
+
getEncryptedColumns(entityName: string): string[];
|
|
67
|
+
/**
|
|
68
|
+
* Get all column rules for an entity
|
|
69
|
+
*/
|
|
70
|
+
getAllColumnRules(entityName: string): Map<string, ColumnRule> | undefined;
|
|
71
|
+
/**
|
|
72
|
+
* Clear all rules
|
|
73
|
+
*/
|
|
74
|
+
clear(): void;
|
|
75
|
+
}
|
|
76
|
+
/**
|
|
77
|
+
* Global column security manager instance
|
|
78
|
+
*/
|
|
79
|
+
export declare const columnSecurityManager: ColumnSecurityManager;
|
|
80
|
+
//# sourceMappingURL=column-security.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"column-security.d.ts","sourceRoot":"","sources":["../../../../../core/src/access-rules/column-security.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,mBAAmB,CAAC;AAE9C,MAAM,WAAW,UAAU;IACzB,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,CAAC,EAAE,OAAO,GAAG,CAAC,CAAC,OAAO,EAAE,mBAAmB,KAAK,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC;IACnF,QAAQ,CAAC,EAAE,OAAO,GAAG,CAAC,CAAC,OAAO,EAAE,mBAAmB,KAAK,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC;IACpF,QAAQ,CAAC,EAAE,OAAO,GAAG,CAAC,CAAC,OAAO,EAAE,mBAAmB,KAAK,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC;IACpF,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;IACjB,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,SAAS,CAAC,EAAE,GAAG,CAAC;CACjB;AAED,MAAM,WAAW,mBAAmB;IAClC,IAAI,EAAE,IAAI,CAAC;IACX,SAAS,EAAE,MAAM,GAAG,OAAO,GAAG,QAAQ,GAAG,QAAQ,CAAC;IAClD,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAC7B,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,CAAC,EAAE,GAAG,CAAC;CACb;AAED,MAAM,WAAW,mBAAmB;IAClC,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,GAAG,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;IACjC,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,eAAe,CAAC,EAAE,OAAO,CAAC;CAC3B;AAED;;GAEG;AACH,qBAAa,qBAAqB;IAChC,OAAO,CAAC,KAAK,CAA+C;IAE5D;;OAEG;IACH,aAAa,CAAC,UAAU,EAAE,MAAM,EAAE,KAAK,EAAE,mBAAmB,GAAG,IAAI;IAInE;;OAEG;IACH,QAAQ,CAAC,UAAU,EAAE,MAAM,GAAG,mBAAmB,GAAG,SAAS;IAI7D;;OAEG;IACG,aAAa,CACjB,UAAU,EAAE,MAAM,EAClB,UAAU,EAAE,MAAM,EAClB,IAAI,EAAE,IAAI,EACV,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GAC3B,OAAO,CAAC,OAAO,CAAC;IAoDnB;;OAEG;IACG,cAAc,CAClB,UAAU,EAAE,MAAM,EAClB,UAAU,EAAE,MAAM,EAClB,IAAI,EAAE,IAAI,EACV,KAAK,CAAC,EAAE,GAAG,EACX,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GAC3B,OAAO,CAAC,OAAO,CAAC;IAsCnB;;;OAGG;IACG,qBAAqB,CACzB,UAAU,EAAE,MAAM,EAClB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,EAC3B,IAAI,EAAE,IAAI,GACT,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IA0B/B;;;OAGG;IACG,qBAAqB,CACzB,UAAU,EAAE,MAAM,EAClB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,EACzB,IAAI,EAAE,IAAI,EACV,cAAc,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GACnC,OAAO,CAAC;QAAE,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;QAAC,QAAQ,EAAE,MAAM,EAAE,CAAA;KAAE,CAAC;IAsBjE;;OAEG;IACH,mBAAmB,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM,EAAE;IAgBjD;;OAEG;IACH,iBAAiB,CAAC,UAAU,EAAE,MAAM,GAAG,GAAG,CAAC,MAAM,EAAE,UAAU,CAAC,GAAG,SAAS;IAK1E;;OAEG;IACH,KAAK,IAAI,IAAI;CAGd;AAED;;GAEG;AACH,eAAO,MAAM,qBAAqB,uBAA8B,CAAC"}
|
|
@@ -0,0 +1,191 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Column-level security for field access control
|
|
3
|
+
* Supports role-based visibility and selective field encryption
|
|
4
|
+
*/
|
|
5
|
+
/**
|
|
6
|
+
* Column-level security manager
|
|
7
|
+
*/
|
|
8
|
+
export class ColumnSecurityManager {
|
|
9
|
+
constructor() {
|
|
10
|
+
this.rules = new Map();
|
|
11
|
+
}
|
|
12
|
+
/**
|
|
13
|
+
* Register column security rules for an entity
|
|
14
|
+
*/
|
|
15
|
+
registerRules(entityName, rules) {
|
|
16
|
+
this.rules.set(entityName, rules);
|
|
17
|
+
}
|
|
18
|
+
/**
|
|
19
|
+
* Get rules for an entity
|
|
20
|
+
*/
|
|
21
|
+
getRules(entityName) {
|
|
22
|
+
return this.rules.get(entityName);
|
|
23
|
+
}
|
|
24
|
+
/**
|
|
25
|
+
* Check if a user can read a specific column
|
|
26
|
+
*/
|
|
27
|
+
async canReadColumn(entityName, columnName, user, record) {
|
|
28
|
+
const rules = this.rules.get(entityName);
|
|
29
|
+
if (!rules) {
|
|
30
|
+
return true; // No rules = allow all
|
|
31
|
+
}
|
|
32
|
+
const columnRule = rules.columns.get(columnName);
|
|
33
|
+
if (!columnRule) {
|
|
34
|
+
return rules.defaultReadable ?? true; // Use default or allow
|
|
35
|
+
}
|
|
36
|
+
// Check role requirements
|
|
37
|
+
if (columnRule.roles && columnRule.roles.length > 0) {
|
|
38
|
+
const userRoles = user.roles || [];
|
|
39
|
+
const hasRole = columnRule.roles.some((role) => userRoles.includes(role));
|
|
40
|
+
if (!hasRole) {
|
|
41
|
+
return false;
|
|
42
|
+
}
|
|
43
|
+
}
|
|
44
|
+
// Check readable predicate
|
|
45
|
+
if (columnRule.readable !== undefined) {
|
|
46
|
+
if (typeof columnRule.readable === 'function') {
|
|
47
|
+
const context = {
|
|
48
|
+
user,
|
|
49
|
+
operation: 'read',
|
|
50
|
+
record,
|
|
51
|
+
column: columnName,
|
|
52
|
+
value: record?.[columnName],
|
|
53
|
+
};
|
|
54
|
+
return await columnRule.readable(context);
|
|
55
|
+
}
|
|
56
|
+
return columnRule.readable;
|
|
57
|
+
}
|
|
58
|
+
// Check visible predicate
|
|
59
|
+
if (columnRule.visible !== undefined) {
|
|
60
|
+
if (typeof columnRule.visible === 'function') {
|
|
61
|
+
const context = {
|
|
62
|
+
user,
|
|
63
|
+
operation: 'read',
|
|
64
|
+
record,
|
|
65
|
+
column: columnName,
|
|
66
|
+
};
|
|
67
|
+
return await columnRule.visible(context);
|
|
68
|
+
}
|
|
69
|
+
return columnRule.visible;
|
|
70
|
+
}
|
|
71
|
+
return true;
|
|
72
|
+
}
|
|
73
|
+
/**
|
|
74
|
+
* Check if a user can write to a specific column
|
|
75
|
+
*/
|
|
76
|
+
async canWriteColumn(entityName, columnName, user, value, record) {
|
|
77
|
+
const rules = this.rules.get(entityName);
|
|
78
|
+
if (!rules) {
|
|
79
|
+
return true; // No rules = allow all
|
|
80
|
+
}
|
|
81
|
+
const columnRule = rules.columns.get(columnName);
|
|
82
|
+
if (!columnRule) {
|
|
83
|
+
return rules.defaultWritable ?? true; // Use default or allow
|
|
84
|
+
}
|
|
85
|
+
// Check role requirements
|
|
86
|
+
if (columnRule.roles && columnRule.roles.length > 0) {
|
|
87
|
+
const userRoles = user.roles || [];
|
|
88
|
+
const hasRole = columnRule.roles.some((role) => userRoles.includes(role));
|
|
89
|
+
if (!hasRole) {
|
|
90
|
+
return false;
|
|
91
|
+
}
|
|
92
|
+
}
|
|
93
|
+
// Check writable predicate
|
|
94
|
+
if (columnRule.writable !== undefined) {
|
|
95
|
+
if (typeof columnRule.writable === 'function') {
|
|
96
|
+
const context = {
|
|
97
|
+
user,
|
|
98
|
+
operation: 'write',
|
|
99
|
+
record,
|
|
100
|
+
column: columnName,
|
|
101
|
+
value,
|
|
102
|
+
};
|
|
103
|
+
return await columnRule.writable(context);
|
|
104
|
+
}
|
|
105
|
+
return columnRule.writable;
|
|
106
|
+
}
|
|
107
|
+
return true;
|
|
108
|
+
}
|
|
109
|
+
/**
|
|
110
|
+
* Filter record columns based on read permissions
|
|
111
|
+
* Returns a new record with only accessible columns
|
|
112
|
+
*/
|
|
113
|
+
async filterReadableColumns(entityName, record, user) {
|
|
114
|
+
const rules = this.rules.get(entityName);
|
|
115
|
+
if (!rules) {
|
|
116
|
+
return record; // No rules = return all columns
|
|
117
|
+
}
|
|
118
|
+
const filtered = {};
|
|
119
|
+
for (const [columnName, value] of Object.entries(record)) {
|
|
120
|
+
const canRead = await this.canReadColumn(entityName, columnName, user, record);
|
|
121
|
+
if (canRead) {
|
|
122
|
+
filtered[columnName] = value;
|
|
123
|
+
}
|
|
124
|
+
else {
|
|
125
|
+
// Apply mask value if defined
|
|
126
|
+
const columnRule = rules.columns.get(columnName);
|
|
127
|
+
if (columnRule?.maskValue !== undefined) {
|
|
128
|
+
filtered[columnName] = columnRule.maskValue;
|
|
129
|
+
}
|
|
130
|
+
// Otherwise, omit the column entirely
|
|
131
|
+
}
|
|
132
|
+
}
|
|
133
|
+
return filtered;
|
|
134
|
+
}
|
|
135
|
+
/**
|
|
136
|
+
* Filter write data based on write permissions
|
|
137
|
+
* Returns a new object with only writable columns
|
|
138
|
+
*/
|
|
139
|
+
async filterWritableColumns(entityName, data, user, existingRecord) {
|
|
140
|
+
const rules = this.rules.get(entityName);
|
|
141
|
+
if (!rules) {
|
|
142
|
+
return { filtered: data, rejected: [] }; // No rules = allow all
|
|
143
|
+
}
|
|
144
|
+
const filtered = {};
|
|
145
|
+
const rejected = [];
|
|
146
|
+
for (const [columnName, value] of Object.entries(data)) {
|
|
147
|
+
const canWrite = await this.canWriteColumn(entityName, columnName, user, value, existingRecord);
|
|
148
|
+
if (canWrite) {
|
|
149
|
+
filtered[columnName] = value;
|
|
150
|
+
}
|
|
151
|
+
else {
|
|
152
|
+
rejected.push(columnName);
|
|
153
|
+
}
|
|
154
|
+
}
|
|
155
|
+
return { filtered, rejected };
|
|
156
|
+
}
|
|
157
|
+
/**
|
|
158
|
+
* Get list of encrypted columns for an entity
|
|
159
|
+
*/
|
|
160
|
+
getEncryptedColumns(entityName) {
|
|
161
|
+
const rules = this.rules.get(entityName);
|
|
162
|
+
if (!rules) {
|
|
163
|
+
return [];
|
|
164
|
+
}
|
|
165
|
+
const encrypted = [];
|
|
166
|
+
for (const [columnName, rule] of rules.columns.entries()) {
|
|
167
|
+
if (rule.encrypted) {
|
|
168
|
+
encrypted.push(columnName);
|
|
169
|
+
}
|
|
170
|
+
}
|
|
171
|
+
return encrypted;
|
|
172
|
+
}
|
|
173
|
+
/**
|
|
174
|
+
* Get all column rules for an entity
|
|
175
|
+
*/
|
|
176
|
+
getAllColumnRules(entityName) {
|
|
177
|
+
const rules = this.rules.get(entityName);
|
|
178
|
+
return rules?.columns;
|
|
179
|
+
}
|
|
180
|
+
/**
|
|
181
|
+
* Clear all rules
|
|
182
|
+
*/
|
|
183
|
+
clear() {
|
|
184
|
+
this.rules.clear();
|
|
185
|
+
}
|
|
186
|
+
}
|
|
187
|
+
/**
|
|
188
|
+
* Global column security manager instance
|
|
189
|
+
*/
|
|
190
|
+
export const columnSecurityManager = new ColumnSecurityManager();
|
|
191
|
+
//# sourceMappingURL=column-security.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"column-security.js","sourceRoot":"","sources":["../../../../../core/src/access-rules/column-security.ts"],"names":[],"mappings":"AAAA;;;GAGG;AA8BH;;GAEG;AACH,MAAM,OAAO,qBAAqB;IAAlC;QACU,UAAK,GAAqC,IAAI,GAAG,EAAE,CAAC;IA6N9D,CAAC;IA3NC;;OAEG;IACH,aAAa,CAAC,UAAkB,EAAE,KAA0B;QAC1D,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC;IACpC,CAAC;IAED;;OAEG;IACH,QAAQ,CAAC,UAAkB;QACzB,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IACpC,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,aAAa,CACjB,UAAkB,EAClB,UAAkB,EAClB,IAAU,EACV,MAA4B;QAE5B,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QACzC,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,OAAO,IAAI,CAAC,CAAC,uBAAuB;QACtC,CAAC;QAED,MAAM,UAAU,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QACjD,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,OAAO,KAAK,CAAC,eAAe,IAAI,IAAI,CAAC,CAAC,uBAAuB;QAC/D,CAAC;QAED,0BAA0B;QAC1B,IAAI,UAAU,CAAC,KAAK,IAAI,UAAU,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACpD,MAAM,SAAS,GAAI,IAAY,CAAC,KAAK,IAAI,EAAE,CAAC;YAC5C,MAAM,OAAO,GAAG,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,SAAS,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC;YAC1E,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;QAED,2BAA2B;QAC3B,IAAI,UAAU,CAAC,QAAQ,KAAK,SAAS,EAAE,CAAC;YACtC,IAAI,OAAO,UAAU,CAAC,QAAQ,KAAK,UAAU,EAAE,CAAC;gBAC9C,MAAM,OAAO,GAAwB;oBACnC,IAAI;oBACJ,SAAS,EAAE,MAAM;oBACjB,MAAM;oBACN,MAAM,EAAE,UAAU;oBAClB,KAAK,EAAE,MAAM,EAAE,CAAC,UAAU,CAAC;iBAC5B,CAAC;gBACF,OAAO,MAAM,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;YAC5C,CAAC;YACD,OAAO,UAAU,CAAC,QAAQ,CAAC;QAC7B,CAAC;QAED,0BAA0B;QAC1B,IAAI,UAAU,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;YACrC,IAAI,OAAO,UAAU,CAAC,OAAO,KAAK,UAAU,EAAE,CAAC;gBAC7C,MAAM,OAAO,GAAwB;oBACnC,IAAI;oBACJ,SAAS,EAAE,MAAM;oBACjB,MAAM;oBACN,MAAM,EAAE,UAAU;iBACnB,CAAC;gBACF,OAAO,MAAM,UAAU,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;YAC3C,CAAC;YACD,OAAO,UAAU,CAAC,OAAO,CAAC;QAC5B,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,cAAc,CAClB,UAAkB,EAClB,UAAkB,EAClB,IAAU,EACV,KAAW,EACX,MAA4B;QAE5B,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QACzC,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,OAAO,IAAI,CAAC,CAAC,uBAAuB;QACtC,CAAC;QAED,MAAM,UAAU,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QACjD,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,OAAO,KAAK,CAAC,eAAe,IAAI,IAAI,CAAC,CAAC,uBAAuB;QAC/D,CAAC;QAED,0BAA0B;QAC1B,IAAI,UAAU,CAAC,KAAK,IAAI,UAAU,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACpD,MAAM,SAAS,GAAI,IAAY,CAAC,KAAK,IAAI,EAAE,CAAC;YAC5C,MAAM,OAAO,GAAG,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,SAAS,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC;YAC1E,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;QAED,2BAA2B;QAC3B,IAAI,UAAU,CAAC,QAAQ,KAAK,SAAS,EAAE,CAAC;YACtC,IAAI,OAAO,UAAU,CAAC,QAAQ,KAAK,UAAU,EAAE,CAAC;gBAC9C,MAAM,OAAO,GAAwB;oBACnC,IAAI;oBACJ,SAAS,EAAE,OAAO;oBAClB,MAAM;oBACN,MAAM,EAAE,UAAU;oBAClB,KAAK;iBACN,CAAC;gBACF,OAAO,MAAM,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;YAC5C,CAAC;YACD,OAAO,UAAU,CAAC,QAAQ,CAAC;QAC7B,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,qBAAqB,CACzB,UAAkB,EAClB,MAA2B,EAC3B,IAAU;QAEV,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QACzC,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,OAAO,MAAM,CAAC,CAAC,gCAAgC;QACjD,CAAC;QAED,MAAM,QAAQ,GAAwB,EAAE,CAAC;QAEzC,KAAK,MAAM,CAAC,UAAU,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;YACzD,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,UAAU,EAAE,UAAU,EAAE,IAAI,EAAE,MAAM,CAAC,CAAC;YAE/E,IAAI,OAAO,EAAE,CAAC;gBACZ,QAAQ,CAAC,UAAU,CAAC,GAAG,KAAK,CAAC;YAC/B,CAAC;iBAAM,CAAC;gBACN,8BAA8B;gBAC9B,MAAM,UAAU,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;gBACjD,IAAI,UAAU,EAAE,SAAS,KAAK,SAAS,EAAE,CAAC;oBACxC,QAAQ,CAAC,UAAU,CAAC,GAAG,UAAU,CAAC,SAAS,CAAC;gBAC9C,CAAC;gBACD,sCAAsC;YACxC,CAAC;QACH,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,qBAAqB,CACzB,UAAkB,EAClB,IAAyB,EACzB,IAAU,EACV,cAAoC;QAEpC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QACzC,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC,CAAC,uBAAuB;QAClE,CAAC;QAED,MAAM,QAAQ,GAAwB,EAAE,CAAC;QACzC,MAAM,QAAQ,GAAa,EAAE,CAAC;QAE9B,KAAK,MAAM,CAAC,UAAU,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;YACvD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,UAAU,EAAE,UAAU,EAAE,IAAI,EAAE,KAAK,EAAE,cAAc,CAAC,CAAC;YAEhG,IAAI,QAAQ,EAAE,CAAC;gBACb,QAAQ,CAAC,UAAU,CAAC,GAAG,KAAK,CAAC;YAC/B,CAAC;iBAAM,CAAC;gBACN,QAAQ,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YAC5B,CAAC;QACH,CAAC;QAED,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC;IAChC,CAAC;IAED;;OAEG;IACH,mBAAmB,CAAC,UAAkB;QACpC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QACzC,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,MAAM,SAAS,GAAa,EAAE,CAAC;QAC/B,KAAK,MAAM,CAAC,UAAU,EAAE,IAAI,CAAC,IAAI,KAAK,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC;YACzD,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;gBACnB,SAAS,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YAC7B,CAAC;QACH,CAAC;QAED,OAAO,SAAS,CAAC;IACnB,CAAC;IAED;;OAEG;IACH,iBAAiB,CAAC,UAAkB;QAClC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QACzC,OAAO,KAAK,EAAE,OAAO,CAAC;IACxB,CAAC;IAED;;OAEG;IACH,KAAK;QACH,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;IACrB,CAAC;CACF;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,qBAAqB,GAAG,IAAI,qBAAqB,EAAE,CAAC"}
|
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
import type { User, AccessRules } from '@edgebasejs/types';
|
|
2
|
+
export interface AccessContext {
|
|
3
|
+
user: User;
|
|
4
|
+
operation: 'create' | 'read' | 'update' | 'delete';
|
|
5
|
+
data: Record<string, any>;
|
|
6
|
+
existingData?: Record<string, any>;
|
|
7
|
+
}
|
|
8
|
+
export interface AccessDecision {
|
|
9
|
+
allowed: boolean;
|
|
10
|
+
reason?: string;
|
|
11
|
+
}
|
|
12
|
+
/**
|
|
13
|
+
* Access rules engine
|
|
14
|
+
*/
|
|
15
|
+
export declare class AccessRulesEngine {
|
|
16
|
+
/**
|
|
17
|
+
* Evaluate access rules for an operation
|
|
18
|
+
*/
|
|
19
|
+
static evaluate(context: AccessContext, rules?: AccessRules): Promise<AccessDecision>;
|
|
20
|
+
/**
|
|
21
|
+
* Batch evaluate access for multiple records
|
|
22
|
+
*/
|
|
23
|
+
static evaluateBatch(contexts: AccessContext[], rules?: AccessRules): Promise<Map<string, AccessDecision>>;
|
|
24
|
+
}
|
|
25
|
+
export default AccessRulesEngine;
|
|
26
|
+
//# sourceMappingURL=engine.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"engine.d.ts","sourceRoot":"","sources":["../../../../../core/src/access-rules/engine.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,IAAI,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAE3D,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,IAAI,CAAC;IACX,SAAS,EAAE,QAAQ,GAAG,MAAM,GAAG,QAAQ,GAAG,QAAQ,CAAC;IACnD,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAC1B,YAAY,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;CACpC;AAED,MAAM,WAAW,cAAc;IAC7B,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED;;GAEG;AACH,qBAAa,iBAAiB;IAC5B;;OAEG;WACU,QAAQ,CAAC,OAAO,EAAE,aAAa,EAAE,KAAK,CAAC,EAAE,WAAW,GAAG,OAAO,CAAC,cAAc,CAAC;IA4D3F;;OAEG;WACU,aAAa,CACxB,QAAQ,EAAE,aAAa,EAAE,EACzB,KAAK,CAAC,EAAE,WAAW,GAClB,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;CAWxC;AAED,eAAe,iBAAiB,CAAC"}
|
|
@@ -0,0 +1,76 @@
|
|
|
1
|
+
// Access rules evaluation engine
|
|
2
|
+
/**
|
|
3
|
+
* Access rules engine
|
|
4
|
+
*/
|
|
5
|
+
export class AccessRulesEngine {
|
|
6
|
+
/**
|
|
7
|
+
* Evaluate access rules for an operation
|
|
8
|
+
*/
|
|
9
|
+
static async evaluate(context, rules) {
|
|
10
|
+
if (!rules) {
|
|
11
|
+
// No rules = allow all access
|
|
12
|
+
return { allowed: true };
|
|
13
|
+
}
|
|
14
|
+
try {
|
|
15
|
+
switch (context.operation) {
|
|
16
|
+
case 'create':
|
|
17
|
+
if (!rules.create) {
|
|
18
|
+
return { allowed: true }; // No rule = allow
|
|
19
|
+
}
|
|
20
|
+
const createAllowed = await Promise.resolve(rules.create(context.user, context.data));
|
|
21
|
+
return {
|
|
22
|
+
allowed: createAllowed,
|
|
23
|
+
reason: createAllowed ? undefined : 'Create denied by access rules',
|
|
24
|
+
};
|
|
25
|
+
case 'read':
|
|
26
|
+
if (!rules.read) {
|
|
27
|
+
return { allowed: true };
|
|
28
|
+
}
|
|
29
|
+
const readAllowed = await Promise.resolve(rules.read(context.user, context.data));
|
|
30
|
+
return {
|
|
31
|
+
allowed: readAllowed,
|
|
32
|
+
reason: readAllowed ? undefined : 'Read denied by access rules',
|
|
33
|
+
};
|
|
34
|
+
case 'update':
|
|
35
|
+
if (!rules.update) {
|
|
36
|
+
return { allowed: true };
|
|
37
|
+
}
|
|
38
|
+
const updateAllowed = await Promise.resolve(rules.update(context.user, context.existingData || {}, context.data));
|
|
39
|
+
return {
|
|
40
|
+
allowed: updateAllowed,
|
|
41
|
+
reason: updateAllowed ? undefined : 'Update denied by access rules',
|
|
42
|
+
};
|
|
43
|
+
case 'delete':
|
|
44
|
+
if (!rules.delete) {
|
|
45
|
+
return { allowed: true };
|
|
46
|
+
}
|
|
47
|
+
const deleteData = context.existingData || context.data;
|
|
48
|
+
const deleteAllowed = await Promise.resolve(rules.delete(context.user, deleteData));
|
|
49
|
+
return {
|
|
50
|
+
allowed: deleteAllowed,
|
|
51
|
+
reason: deleteAllowed ? undefined : 'Delete denied by access rules',
|
|
52
|
+
};
|
|
53
|
+
default:
|
|
54
|
+
return { allowed: false, reason: 'Unknown operation' };
|
|
55
|
+
}
|
|
56
|
+
}
|
|
57
|
+
catch (error) {
|
|
58
|
+
console.error('Access rule evaluation error:', error);
|
|
59
|
+
return { allowed: false, reason: 'Access rule evaluation failed' };
|
|
60
|
+
}
|
|
61
|
+
}
|
|
62
|
+
/**
|
|
63
|
+
* Batch evaluate access for multiple records
|
|
64
|
+
*/
|
|
65
|
+
static async evaluateBatch(contexts, rules) {
|
|
66
|
+
const results = new Map();
|
|
67
|
+
for (const context of contexts) {
|
|
68
|
+
const recordKey = `${context.operation}:${context.data.id || 'unknown'}`;
|
|
69
|
+
const decision = await this.evaluate(context, rules);
|
|
70
|
+
results.set(recordKey, decision);
|
|
71
|
+
}
|
|
72
|
+
return results;
|
|
73
|
+
}
|
|
74
|
+
}
|
|
75
|
+
export default AccessRulesEngine;
|
|
76
|
+
//# sourceMappingURL=engine.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"engine.js","sourceRoot":"","sources":["../../../../../core/src/access-rules/engine.ts"],"names":[],"mappings":"AAAA,iCAAiC;AAgBjC;;GAEG;AACH,MAAM,OAAO,iBAAiB;IAC5B;;OAEG;IACH,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,OAAsB,EAAE,KAAmB;QAC/D,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,8BAA8B;YAC9B,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;QAC3B,CAAC;QAED,IAAI,CAAC;YACH,QAAQ,OAAO,CAAC,SAAS,EAAE,CAAC;gBAC1B,KAAK,QAAQ;oBACX,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC;wBAClB,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,kBAAkB;oBAC9C,CAAC;oBACD,MAAM,aAAa,GAAG,MAAM,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;oBACtF,OAAO;wBACL,OAAO,EAAE,aAAa;wBACtB,MAAM,EAAE,aAAa,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,+BAA+B;qBACpE,CAAC;gBAEJ,KAAK,MAAM;oBACT,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;wBAChB,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;oBAC3B,CAAC;oBACD,MAAM,WAAW,GAAG,MAAM,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;oBAClF,OAAO;wBACL,OAAO,EAAE,WAAW;wBACpB,MAAM,EAAE,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,6BAA6B;qBAChE,CAAC;gBAEJ,KAAK,QAAQ;oBACX,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC;wBAClB,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;oBAC3B,CAAC;oBACD,MAAM,aAAa,GAAG,MAAM,OAAO,CAAC,OAAO,CACzC,KAAK,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,YAAY,IAAI,EAAE,EAAE,OAAO,CAAC,IAAI,CAAC,CACrE,CAAC;oBACF,OAAO;wBACL,OAAO,EAAE,aAAa;wBACtB,MAAM,EAAE,aAAa,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,+BAA+B;qBACpE,CAAC;gBAEJ,KAAK,QAAQ;oBACX,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC;wBAClB,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;oBAC3B,CAAC;oBACD,MAAM,UAAU,GAAG,OAAO,CAAC,YAAY,IAAI,OAAO,CAAC,IAAI,CAAC;oBACxD,MAAM,aAAa,GAAG,MAAM,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC,CAAC;oBACpF,OAAO;wBACL,OAAO,EAAE,aAAa;wBACtB,MAAM,EAAE,aAAa,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,+BAA+B;qBACpE,CAAC;gBAEJ;oBACE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;YAC3D,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CAAC,+BAA+B,EAAE,KAAK,CAAC,CAAC;YACtD,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,+BAA+B,EAAE,CAAC;QACrE,CAAC;IACH,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,KAAK,CAAC,aAAa,CACxB,QAAyB,EACzB,KAAmB;QAEnB,MAAM,OAAO,GAAG,IAAI,GAAG,EAA0B,CAAC;QAElD,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;YAC/B,MAAM,SAAS,GAAG,GAAG,OAAO,CAAC,SAAS,IAAI,OAAO,CAAC,IAAI,CAAC,EAAE,IAAI,SAAS,EAAE,CAAC;YACzE,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;YACrD,OAAO,CAAC,GAAG,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;QACnC,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;CACF;AAED,eAAe,iBAAiB,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../core/src/access-rules/index.ts"],"names":[],"mappings":"AAAA,cAAc,UAAU,CAAC;AACzB,OAAO,EAAE,OAAO,IAAI,iBAAiB,EAAE,MAAM,UAAU,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../core/src/access-rules/index.ts"],"names":[],"mappings":"AAAA,cAAc,UAAU,CAAC;AACzB,OAAO,EAAE,OAAO,IAAI,iBAAiB,EAAE,MAAM,UAAU,CAAC"}
|
|
@@ -0,0 +1,108 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Audit trail manager for change tracking and compliance
|
|
3
|
+
* Tracks all data changes with user attribution and timestamps
|
|
4
|
+
*/
|
|
5
|
+
import type { User } from '@edgebasejs/types';
|
|
6
|
+
export interface AuditLog {
|
|
7
|
+
id: string;
|
|
8
|
+
userId: string;
|
|
9
|
+
entity: string;
|
|
10
|
+
recordId: string;
|
|
11
|
+
operation: 'create' | 'update' | 'delete';
|
|
12
|
+
before?: Record<string, any>;
|
|
13
|
+
after?: Record<string, any>;
|
|
14
|
+
changes?: Array<{
|
|
15
|
+
field: string;
|
|
16
|
+
before: any;
|
|
17
|
+
after: any;
|
|
18
|
+
}>;
|
|
19
|
+
metadata?: Record<string, any>;
|
|
20
|
+
createdAt: number;
|
|
21
|
+
}
|
|
22
|
+
export interface AuditQuery {
|
|
23
|
+
entity?: string;
|
|
24
|
+
recordId?: string;
|
|
25
|
+
userId?: string;
|
|
26
|
+
operation?: 'create' | 'update' | 'delete';
|
|
27
|
+
startDate?: number;
|
|
28
|
+
endDate?: number;
|
|
29
|
+
limit?: number;
|
|
30
|
+
offset?: number;
|
|
31
|
+
}
|
|
32
|
+
export interface AuditResponse {
|
|
33
|
+
logs: AuditLog[];
|
|
34
|
+
total: number;
|
|
35
|
+
hasMore: boolean;
|
|
36
|
+
}
|
|
37
|
+
export interface AuditDatabase {
|
|
38
|
+
run(sql: string, params: any[]): Promise<any>;
|
|
39
|
+
getOne(sql: string, params: any[]): Promise<any>;
|
|
40
|
+
getAll(sql: string, params: any[]): Promise<any[]>;
|
|
41
|
+
}
|
|
42
|
+
export interface AuditOptions {
|
|
43
|
+
trackBefore?: boolean;
|
|
44
|
+
trackAfter?: boolean;
|
|
45
|
+
trackChanges?: boolean;
|
|
46
|
+
excludeFields?: string[];
|
|
47
|
+
maxRetentionDays?: number;
|
|
48
|
+
}
|
|
49
|
+
/**
|
|
50
|
+
* Audit manager for tracking data changes
|
|
51
|
+
*/
|
|
52
|
+
export declare class AuditManager {
|
|
53
|
+
private db;
|
|
54
|
+
private options;
|
|
55
|
+
constructor(db: AuditDatabase, options?: AuditOptions);
|
|
56
|
+
/**
|
|
57
|
+
* Log a data change
|
|
58
|
+
*/
|
|
59
|
+
logChange(user: User, entity: string, recordId: string, operation: 'create' | 'update' | 'delete', before?: Record<string, any>, after?: Record<string, any>, metadata?: Record<string, any>): Promise<AuditLog>;
|
|
60
|
+
/**
|
|
61
|
+
* Query audit logs
|
|
62
|
+
*/
|
|
63
|
+
queryLogs(query: AuditQuery): Promise<AuditResponse>;
|
|
64
|
+
/**
|
|
65
|
+
* Get audit log by ID
|
|
66
|
+
*/
|
|
67
|
+
getLog(auditId: string): Promise<AuditLog | null>;
|
|
68
|
+
/**
|
|
69
|
+
* Get audit history for a specific record
|
|
70
|
+
*/
|
|
71
|
+
getRecordHistory(entity: string, recordId: string): Promise<AuditLog[]>;
|
|
72
|
+
/**
|
|
73
|
+
* Get summary statistics for audit logs
|
|
74
|
+
*/
|
|
75
|
+
getStatistics(options?: {
|
|
76
|
+
entity?: string;
|
|
77
|
+
userId?: string;
|
|
78
|
+
startDate?: number;
|
|
79
|
+
endDate?: number;
|
|
80
|
+
}): Promise<{
|
|
81
|
+
totalChanges: number;
|
|
82
|
+
changesByOperation: {
|
|
83
|
+
operation: string;
|
|
84
|
+
count: number;
|
|
85
|
+
}[];
|
|
86
|
+
changesByEntity: {
|
|
87
|
+
entity: string;
|
|
88
|
+
count: number;
|
|
89
|
+
}[];
|
|
90
|
+
changesByUser: {
|
|
91
|
+
userId: string;
|
|
92
|
+
count: number;
|
|
93
|
+
}[];
|
|
94
|
+
}>;
|
|
95
|
+
/**
|
|
96
|
+
* Clean up old audit logs based on retention policy
|
|
97
|
+
*/
|
|
98
|
+
cleanupOldLogs(): Promise<number>;
|
|
99
|
+
/**
|
|
100
|
+
* Filter sensitive fields from data
|
|
101
|
+
*/
|
|
102
|
+
private filterSensitiveFields;
|
|
103
|
+
/**
|
|
104
|
+
* Calculate field-level changes between before and after states
|
|
105
|
+
*/
|
|
106
|
+
private calculateChanges;
|
|
107
|
+
}
|
|
108
|
+
//# sourceMappingURL=audit-manager.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"audit-manager.d.ts","sourceRoot":"","sources":["../../../../../core/src/audit/audit-manager.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,mBAAmB,CAAC;AAE9C,MAAM,WAAW,QAAQ;IACvB,EAAE,EAAE,MAAM,CAAC;IACX,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,QAAQ,GAAG,QAAQ,GAAG,QAAQ,CAAC;IAC1C,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAC7B,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAC5B,OAAO,CAAC,EAAE,KAAK,CAAC;QACd,KAAK,EAAE,MAAM,CAAC;QACd,MAAM,EAAE,GAAG,CAAC;QACZ,KAAK,EAAE,GAAG,CAAC;KACZ,CAAC,CAAC;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAC/B,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,UAAU;IACzB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,QAAQ,GAAG,QAAQ,GAAG,QAAQ,CAAC;IAC3C,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,QAAQ,EAAE,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,OAAO,CAAC;CAClB;AAED,MAAM,WAAW,aAAa;IAC5B,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC;IAC9C,MAAM,CAAC,GAAG,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC;IACjD,MAAM,CAAC,GAAG,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,GAAG,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;CACpD;AAED,MAAM,WAAW,YAAY;IAC3B,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;IACzB,gBAAgB,CAAC,EAAE,MAAM,CAAC;CAC3B;AAED;;GAEG;AACH,qBAAa,YAAY;IACvB,OAAO,CAAC,EAAE,CAAgB;IAC1B,OAAO,CAAC,OAAO,CAAyB;gBAE5B,EAAE,EAAE,aAAa,EAAE,OAAO,CAAC,EAAE,YAAY;IAWrD;;OAEG;IACG,SAAS,CACb,IAAI,EAAE,IAAI,EACV,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,MAAM,EAChB,SAAS,EAAE,QAAQ,GAAG,QAAQ,GAAG,QAAQ,EACzC,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,EAC5B,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,EAC3B,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GAC7B,OAAO,CAAC,QAAQ,CAAC;IAgDpB;;OAEG;IACG,SAAS,CAAC,KAAK,EAAE,UAAU,GAAG,OAAO,CAAC,aAAa,CAAC;IA+E1D;;OAEG;IACG,MAAM,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC;IAqBvD;;OAEG;IACG,gBAAgB,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,QAAQ,EAAE,CAAC;IAoB7E;;OAEG;IACG,aAAa,CAAC,OAAO,CAAC,EAAE;QAC5B,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,OAAO,CAAC,EAAE,MAAM,CAAC;KAClB,GAAG,OAAO,CAAC;QACV,YAAY,EAAE,MAAM,CAAC;QACrB,kBAAkB,EAAE;YAAE,SAAS,EAAE,MAAM,CAAC;YAAC,KAAK,EAAE,MAAM,CAAA;SAAE,EAAE,CAAC;QAC3D,eAAe,EAAE;YAAE,MAAM,EAAE,MAAM,CAAC;YAAC,KAAK,EAAE,MAAM,CAAA;SAAE,EAAE,CAAC;QACrD,aAAa,EAAE;YAAE,MAAM,EAAE,MAAM,CAAC;YAAC,KAAK,EAAE,MAAM,CAAA;SAAE,EAAE,CAAC;KACpD,CAAC;IAoEF;;OAEG;IACG,cAAc,IAAI,OAAO,CAAC,MAAM,CAAC;IAavC;;OAEG;IACH,OAAO,CAAC,qBAAqB;IAY7B;;OAEG;IACH,OAAO,CAAC,gBAAgB;CAyBzB"}
|