npm - @intellegens/cornerstone-client - Versions diffs - 0.0.9999-alpha-8 → 0.0.9999-alpha-10 - Mend

@intellegens/cornerstone-client 0.0.9999-alpha-8 → 0.0.9999-alpha-10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (227) hide show

package/src/services/api/HttpService/README.md ADDED Viewed

@@ -0,0 +1,106 @@
+# HTTP Service Abstraction
+This module provides an abstraction layer for HTTP requests, allowing you to plug in different HTTP client implementations (Fetch API, Angular HttpClient, etc.) while maintaining the same interface.
+## Overview
+The HTTP service abstraction consists of:
+- `IHttpService` - Interface that all HTTP implementations must follow
+- `FetchHttpService` - Default implementation using the Fetch API
+- `AngularHttpService` - Implementation using Angular's HttpClient
+## Usage
+### Using the Default Fetch Implementation
+```typescript
+import { ApiReadControllerClient, defaultHttpService } from '@services';
+// Uses FetchHttpService by default
+const client = new ApiReadControllerClient('/api/users');
+// Or explicitly pass the default service
+const client2 = new ApiReadControllerClient('/api/users', defaultHttpService);
+```
+### Using Angular HttpClient Implementation
+```typescript
+import { inject } from '@angular/core';
+import { HttpClient } from '@angular/common/http';
+import { ApiReadControllerClient, AngularHttpService } from '@services';
+const httpClient = inject<HttpClient>();
+const angularHttpService = new AngularHttpService(httpClient);
+// Set Angular HTTP service globaly
+await apiInitializationService.initialize({ httpService: angularHttpService });
+// Or for an explicitly chosen client
+const apiClient = new ApiReadControllerClient('/api/users', angularHttpService);
+```
+> **📦 For complete Angular integration guide, see [@intellegens/cornerstone-client-angular README](../../../../..//angular/README.md)**
+## Creating Custom HTTP Service
+You can create your own HTTP service implementation by implementing the `IHttpService` interface:
+```typescript
+import { IHttpService, HttpRequestConfig, HttpResponse } from '@services';
+export class CustomHttpService implements IHttpService {
+  async request<T = any>(url: string, config?: HttpRequestConfig): Promise<HttpResponse<T>> {
+    // Your custom HTTP implementation here
+    const response = await yourCustomHttpClient.request({
+      url,
+      method: config?.method || 'GET',
+      headers: config?.headers,
+      data: config?.body,
+      withCredentials: config?.credentials === 'include',
+    });
+    return {
+      ok: response.status >= 200 && response.status < 300,
+      status: response.status,
+      statusText: response.statusText,
+      headers: response.headers,
+      json: async () => response.data,
+      text: async () => JSON.stringify(response.data),
+    };
+  }
+}
+```
+## API Reference
+### IHttpService Interface
+```typescript
+interface IHttpService {
+  request<T = any>(url: string, config?: HttpRequestConfig): Promise<HttpResponse<T>>;
+}
+```
+### HttpRequestConfig Interface
+```typescript
+interface HttpRequestConfig {
+  method?: 'GET' | 'POST' | 'PUT' | 'DELETE' | 'PATCH';
+  headers?: Record<string, string>;
+  body?: string;
+  credentials?: RequestCredentials;
+}
+```
+### HttpResponse Interface
+```typescript
+interface HttpResponse<T = any> {
+  ok: boolean;
+  status: number;
+  statusText: string;
+  headers: Record<string, string>;
+  json(): Promise<T>;
+  text(): Promise<string>;
+}

package/src/services/api/HttpService/index.ts ADDED Viewed

@@ -0,0 +1,12 @@
+import { FetchHttpService } from './FetchHttpService';
+/**
+ * Default HTTP service instance
+ */
+export const defaultHttpService = new FetchHttpService();
+// Export additional HTTP service implementations
+export * from './FetchHttpService';
+export * from './HttpRequestConfig';
+export * from './HttpResponse';
+export * from './IHttpService';

package/src/services/api/UserManagementControllerClient/index.ts ADDED Viewed

@@ -0,0 +1,160 @@
+import { ApiCrudControllerClient } from '../ApiCrudControllerClient';
+import { apiInitializationService } from '../ApiInitializationService';
+import { IHttpService } from '../HttpService';
+import { ApiErrorResponseDto, ApiResponseDto, ApiSuccessResponseDto, ClaimDto, EmptyMetadataDto, ErrorCode, ReadMetadataDto, UserDto } from '@data';
+import { fail, ok } from '@utils/result';
+/**
+ * Client for user management operations
+ *
+ * @export
+ * @class UserManagementControllerClient
+ * @template TKey - Type of the entity key (e.g., number, string, GUID, etc.)
+ * @template TUser - Data Transfer Object representing the user entity
+ */
+export class UserManagementControllerClient<TKey, TUser extends UserDto<TKey>> extends ApiCrudControllerClient<TKey, TUser> {
+  /**
+   * Constructor
+   * @param baseControllerPath Base path to API controller
+   * @param httpService HTTP service implementation to use for requests
+   */
+  constructor(baseControllerPath: string, httpService?: IHttpService) {
+    super(baseControllerPath, httpService);
+  }
+  /**
+   * Gets the roles assigned to a user
+   * @param id - The ID of the user
+   * @param {AbortSignal} [signal] - Optional cancellation signal
+   * @returns List of role names assigned to the user
+   */
+  public async getUserRoles(id: TKey, signal?: AbortSignal): Promise<ApiResponseDto<string[], ReadMetadataDto>> {
+    try {
+      const url = await apiInitializationService.getApiUrl(this.baseControllerPath, 'GetUserRoles', encodeURIComponent(String(id)));
+      const res = await this.httpService.request(url, {
+        method: 'GET',
+        credentials: 'include',
+        signal,
+      });
+      if (!res.ok) {
+        return fail<ApiSuccessResponseDto<string[], ReadMetadataDto>, ApiErrorResponseDto>(await res.json());
+      }
+      return ok<ApiSuccessResponseDto<string[], ReadMetadataDto>, ApiErrorResponseDto>(await res.json());
+    } catch (err) {
+      console.error(err);
+      return fail<ApiSuccessResponseDto<string[], ReadMetadataDto>, ApiErrorResponseDto>({
+        error: {
+          code: ErrorCode.UnknownError,
+          message: 'Unknown error while fetching user roles',
+          metadata: {} as EmptyMetadataDto,
+        },
+      });
+    }
+  }
+  /**
+   * Gets the claims assigned to a user
+   * @param id - The ID of the user
+   * @param {AbortSignal} [signal] - Optional cancellation signal
+   * @returns List of claims assigned to the user
+   */
+  public async getUserClaims(id: TKey, signal?: AbortSignal): Promise<ApiResponseDto<ClaimDto[], ReadMetadataDto>> {
+    try {
+      const url = await apiInitializationService.getApiUrl(this.baseControllerPath, 'GetUserClaims', encodeURIComponent(String(id)));
+      const res = await this.httpService.request(url, {
+        method: 'GET',
+        credentials: 'include',
+        signal,
+      });
+      if (!res.ok) {
+        return fail<ApiSuccessResponseDto<ClaimDto[], ReadMetadataDto>, ApiErrorResponseDto>(await res.json());
+      }
+      return ok<ApiSuccessResponseDto<ClaimDto[], ReadMetadataDto>, ApiErrorResponseDto>(await res.json());
+    } catch (err) {
+      console.error(err);
+      return fail<ApiSuccessResponseDto<ClaimDto[], ReadMetadataDto>, ApiErrorResponseDto>({
+        error: {
+          code: ErrorCode.UnknownError,
+          message: 'Unknown error while fetching user claims',
+          metadata: {} as EmptyMetadataDto,
+        },
+      });
+    }
+  }
+  /**
+   * Gets all available roles in the system
+   * @param {AbortSignal} [signal] - Optional cancellation signal
+   * @returns List of all role names
+   */
+  public async getAllRoles(signal?: AbortSignal): Promise<ApiResponseDto<string[], ReadMetadataDto>> {
+    try {
+      const url = await apiInitializationService.getApiUrl(this.baseControllerPath, 'GetAllRoles');
+      const res = await this.httpService.request(url, {
+        method: 'GET',
+        credentials: 'include',
+        signal,
+      });
+      if (!res.ok) {
+        return fail<ApiSuccessResponseDto<string[], ReadMetadataDto>, ApiErrorResponseDto>(await res.json());
+      }
+      return ok<ApiSuccessResponseDto<string[], ReadMetadataDto>, ApiErrorResponseDto>(await res.json());
+    } catch (err) {
+      console.error(err);
+      return fail<ApiSuccessResponseDto<string[], ReadMetadataDto>, ApiErrorResponseDto>({
+        error: {
+          code: ErrorCode.UnknownError,
+          message: 'Unknown error while fetching all roles',
+          metadata: {} as EmptyMetadataDto,
+        },
+      });
+    }
+  }
+  /**
+   * Changes the password for a user
+   * @param id - The ID of the user
+   * @param newPassword - The new password to set
+   * @param {AbortSignal} [signal] - Optional cancellation signal
+   * @returns Promise that resolves when the password is changed successfully
+   */
+  public async changePassword(id: TKey, newPassword: string, signal?: AbortSignal): Promise<ApiResponseDto<undefined, EmptyMetadataDto>> {
+    try {
+      const url = await apiInitializationService.getApiUrl(this.baseControllerPath, 'ChangePassword', encodeURIComponent(String(id)));
+      const res = await this.httpService.request(url, {
+        method: 'POST',
+        headers: {
+          'Content-Type': 'application/json',
+        },
+        body: JSON.stringify(newPassword),
+        credentials: 'include',
+        signal,
+      });
+      if (!res.ok) {
+        return fail<ApiSuccessResponseDto<undefined, EmptyMetadataDto>, ApiErrorResponseDto>(await res.json());
+      }
+      return ok<ApiSuccessResponseDto<undefined, EmptyMetadataDto>, ApiErrorResponseDto>(undefined);
+    } catch (err) {
+      console.error(err);
+      return fail<ApiSuccessResponseDto<undefined, EmptyMetadataDto>, ApiErrorResponseDto>({
+        error: {
+          code: ErrorCode.UnknownError,
+          message: 'Unknown error while changing password',
+          metadata: {} as EmptyMetadataDto,
+        },
+      });
+    }
+  }
+}

package/src/services/api/index.ts ADDED Viewed

@@ -0,0 +1,5 @@
+export * from './HttpService';
+export * from './ApiInitializationService';
+export * from './ApiReadControllerClient';
+export * from './ApiCrudControllerClient';
+export * from './UserManagementControllerClient';

package/src/services/auth/client/AuthService/index.ts ADDED Viewed

@@ -0,0 +1,187 @@
+import { apiInitializationService, IHttpService } from '@services';
+import { ApiErrorResponseDto, ApiResponseDto, ApiSuccessResponseDto, EmptyMetadataDto, ErrorCode, IPolicy, PolicyBase, UserDto, UserInfoDto } from '@data';
+import { fail, ok } from '@utils';
+export { UserDto, UserInfoDto };
+/**
+ * AuthService class is responsible for managing user authentication operations.
+ * It supports login, logout, and checking the current user's details.
+ *
+ * @export
+ * @class AuthService
+ */
+export class AuthService<TKey, TUser extends UserDto<TKey> = UserDto<TKey>> {
+  /**
+   * Constructor
+   * @param baseControllerPath Base path to Auth API controller
+   * @param httpService HTTP service implementation to use for requests
+   */
+  constructor(
+    protected readonly baseControllerPath: string = 'Auth',
+    httpService?: IHttpService,
+  ) {
+    this._httpService = httpService;
+  }
+  // #region HTTP service
+  private readonly _httpService?: IHttpService = undefined;
+  /**
+   * Gets globally selected HTTP service
+   */
+  protected get httpService(): IHttpService {
+    return this._httpService || apiInitializationService._getHttpService();
+  }
+  // #endregion
+  /**
+   * Holds currently authenticated user's details
+   */
+  public user: TUser | undefined = undefined;
+  /**
+   * Initializes the Authentication status by checking with the API if the current user is authenticated or not
+   *
+   * @async
+   * @return {Promise<void>} Resolves when initialization is complete.
+   */
+  public async initialize(): Promise<void> {
+    // Check user's authentication status
+    await this.whoAmI();
+  }
+  /**
+   * Checks if user is authenticated and retrieves the current user's details if they are
+   *
+   * @return {Promise<UserInfoDto<TKey, TUser>>} Currently logged in user's details
+   * @throws {Error} Error if fetch fails
+   */
+  public async whoAmI(): Promise<ApiResponseDto<UserInfoDto<TKey, TUser>, EmptyMetadataDto>> {
+    try {
+      const url = await apiInitializationService.getApiUrl(this.baseControllerPath, '/whoami');
+      const res = await this.httpService.request(url, { credentials: 'include' });
+      if (!res.ok) {
+        this.user = undefined;
+        return fail<ApiSuccessResponseDto<UserInfoDto<TKey, TUser>, EmptyMetadataDto>, ApiErrorResponseDto>(await res.json());
+      }
+      const response = ok<ApiSuccessResponseDto<UserInfoDto<TKey, TUser>, EmptyMetadataDto>, ApiErrorResponseDto>(await res.json());
+      if (!response.ok) {
+        this.user = undefined;
+        return response;
+      }
+      this.user = response.result.user;
+      return response;
+    } catch (err) {
+      console.error(err);
+      return fail<ApiSuccessResponseDto<UserInfoDto<TKey, TUser>, EmptyMetadataDto>, ApiErrorResponseDto>({
+        error: {
+          code: ErrorCode.UnknownError,
+          message: 'Failed checking authentication status',
+          metadata: {} as EmptyMetadataDto,
+        },
+      });
+    }
+  }
+  /**
+   * Authenticates a user using their username and password, and retrieves user's details
+   *
+   * @param {string} username Login credentials: username
+   * @param {string} password Login credentials: password
+   * @return {Promise<TUser>} Currently logged in user's details
+   * @throws {Error} Error if fetch fails
+   */
+  public async signIn(username: string, password: string): Promise<ApiResponseDto<TUser, EmptyMetadataDto>> {
+    try {
+      const url = await apiInitializationService.getApiUrl(this.baseControllerPath, '/signin');
+      const res = await this.httpService.request(url, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({ username, password }),
+        credentials: 'include',
+      });
+      if (!res.ok) {
+        return fail<ApiSuccessResponseDto<TUser, EmptyMetadataDto>, ApiErrorResponseDto>(await res.json());
+      }
+      // TODO: Handle tokens if not using cookies
+      const whoAmIRes = await this.whoAmI();
+      if (!whoAmIRes.ok) {
+        return whoAmIRes;
+      }
+      return ok<ApiSuccessResponseDto<TUser, EmptyMetadataDto>, ApiErrorResponseDto>({
+        result: whoAmIRes.result.user,
+        metadata: whoAmIRes.metadata,
+      });
+    } catch (err) {
+      console.error(err);
+      return fail<ApiSuccessResponseDto<TUser, EmptyMetadataDto>, ApiErrorResponseDto>({
+        error: {
+          code: ErrorCode.UnknownError,
+          message: 'Failed signing in',
+          metadata: {} as EmptyMetadataDto,
+        },
+      });
+    }
+  }
+  /**
+   * Deauthenticates current user
+   *
+   * @return {Promise<void>}
+   * @throws {Error} Error if fetch fails
+   */
+  public async signOut(): Promise<ApiResponseDto<undefined, EmptyMetadataDto>> {
+    try {
+      const url = await apiInitializationService.getApiUrl(this.baseControllerPath, '/signout');
+      const res = await this.httpService.request(url, { credentials: 'include' });
+      if (!res.ok) {
+        return fail<ApiSuccessResponseDto<undefined, EmptyMetadataDto>, ApiErrorResponseDto>(await res.json());
+      }
+      this.user = undefined;
+      return ok<ApiSuccessResponseDto<undefined, EmptyMetadataDto>, ApiErrorResponseDto>(await res.json());
+    } catch (err) {
+      console.error(err);
+      return fail<ApiSuccessResponseDto<undefined, EmptyMetadataDto>, ApiErrorResponseDto>({
+        error: {
+          code: ErrorCode.UnknownError,
+          message: 'Failed signing out',
+          metadata: {} as EmptyMetadataDto,
+        },
+      });
+    }
+  }
+  /**
+   * If any API response returns an "Unauthenticated" response, call this method
+   * to update local authentication state to unauthenticated
+   */
+  public handleNoAuthApiResponse(): void {
+    this.user = undefined;
+  }
+  // #region Client-side authorization helpers
+  /**
+   * True if a user is currently loaded (post whoAmI/signIn)
+   */
+  public isAuthenticated(): boolean {
+    return !!this.user;
+  }
+}

package/src/services/auth/client/AuthorizationManagementControllerClient/index.ts ADDED Viewed

@@ -0,0 +1,165 @@
+import { apiInitializationService, IHttpService } from '@services';
+import { ApiErrorResponseDto, ApiResponseDto, ApiSuccessResponseDto, EmptyMetadataDto, ErrorCode, ReadMetadataDto, RoleDto } from '@data';
+import { fail, ok } from '@utils/result';
+/**
+ * Client for authorization management operations
+ *
+ * @export
+ * @class AuthorizationManagementControllerClient
+ */
+export class AuthorizationManagementControllerClient {
+  /**
+   * Constructor
+   * @param baseControllerPath Base path to API controller
+   * @param httpService HTTP service implementation to use for requests
+   */
+  constructor(
+    protected readonly baseControllerPath: string = 'AuthorizationManagement',
+    httpService?: IHttpService,
+  ) {
+    this._httpService = httpService;
+  }
+  // #region HTTP service
+  private readonly _httpService?: IHttpService = undefined;
+  /**
+   * Gets globally selected HTTP service
+   */
+  protected get httpService(): IHttpService {
+    return this._httpService || apiInitializationService._getHttpService();
+  }
+  // #endregion
+  /**
+   * Gets all roles in the system
+   * @param includeClaims - Whether to include claims in the response
+   * @param signal - Optional cancellation signal
+   * @returns List of all roles
+   */
+  public async getAllRoles(includeClaims: boolean, signal?: AbortSignal): Promise<ApiResponseDto<RoleDto[], ReadMetadataDto>> {
+    try {
+      const url = await apiInitializationService.getApiUrl(this.baseControllerPath, `/GetAllRoles?includeClaims=${includeClaims}`);
+      const res = await this.httpService.request(url, {
+        credentials: 'include',
+        signal,
+      });
+      if (!res.ok) {
+        return fail<ApiSuccessResponseDto<RoleDto[], ReadMetadataDto>, ApiErrorResponseDto>(await res.json());
+      }
+      return ok<ApiSuccessResponseDto<RoleDto[], ReadMetadataDto>, ApiErrorResponseDto>(await res.json());
+    } catch (err) {
+      console.error(err);
+      return fail<ApiSuccessResponseDto<RoleDto[], ReadMetadataDto>, ApiErrorResponseDto>({
+        error: {
+          code: ErrorCode.UnknownError,
+          message: 'Unknown error fetching all roles',
+          metadata: {} as EmptyMetadataDto,
+        },
+      });
+    }
+  }
+  /**
+   * Gets a role with its claims
+   * @param roleName - The name of the role
+   * @param signal
+   * @returns The role with its claims
+   */
+  public async getRoleWithClaims(roleName: string, signal?: AbortSignal): Promise<ApiResponseDto<RoleDto, ReadMetadataDto>> {
+    try {
+      const url = await apiInitializationService.getApiUrl(this.baseControllerPath, `/GetRoleWithClaims/${encodeURIComponent(roleName)}`);
+      const res = await this.httpService.request(url, {
+        credentials: 'include',
+        signal,
+      });
+      if (!res.ok) {
+        return fail<ApiSuccessResponseDto<RoleDto, ReadMetadataDto>, ApiErrorResponseDto>(await res.json());
+      }
+      return ok<ApiSuccessResponseDto<RoleDto, ReadMetadataDto>, ApiErrorResponseDto>(await res.json());
+    } catch (err) {
+      console.error(err);
+      return fail<ApiSuccessResponseDto<RoleDto, ReadMetadataDto>, ApiErrorResponseDto>({
+        error: {
+          code: ErrorCode.UnknownError,
+          message: 'Unknown error fetching role with claims',
+          metadata: {} as EmptyMetadataDto,
+        },
+      });
+    }
+  }
+  /**
+   * Creates or updates a role
+   * @param roleDto - The role to create or update
+   * @returns The created or updated role
+   */
+  public async upsertRole(roleDto: RoleDto): Promise<ApiResponseDto<RoleDto, EmptyMetadataDto>> {
+    try {
+      const url = await apiInitializationService.getApiUrl(this.baseControllerPath, `/UpsertRole`);
+      const res = await this.httpService.request(url, {
+        method: 'PUT',
+        headers: {
+          'Content-Type': 'application/json',
+        },
+        body: JSON.stringify(roleDto),
+        credentials: 'include',
+      });
+      if (!res.ok) {
+        return fail<ApiSuccessResponseDto<RoleDto, EmptyMetadataDto>, ApiErrorResponseDto>(await res.json());
+      }
+      return ok<ApiSuccessResponseDto<RoleDto, EmptyMetadataDto>, ApiErrorResponseDto>(await res.json());
+    } catch (err) {
+      console.error(err);
+      return fail<ApiSuccessResponseDto<RoleDto, EmptyMetadataDto>, ApiErrorResponseDto>({
+        error: {
+          code: ErrorCode.UnknownError,
+          message: 'Unknown error upserting role',
+          metadata: {} as EmptyMetadataDto,
+        },
+      });
+    }
+  }
+  /**
+   * Deletes a role
+   * @param roleName - The name of the role to delete
+   * @returns Promise that resolves when the role is deleted successfully
+   */
+  public async deleteRole(roleName: string): Promise<ApiResponseDto<undefined, EmptyMetadataDto>> {
+    try {
+      const url = await apiInitializationService.getApiUrl(this.baseControllerPath, `/DeleteRole/${encodeURIComponent(roleName)}`);
+      const res = await this.httpService.request(url, {
+        method: 'DELETE',
+        credentials: 'include',
+      });
+      if (!res.ok) {
+        return fail<ApiSuccessResponseDto<undefined, EmptyMetadataDto>, ApiErrorResponseDto>(await res.json());
+      }
+      return ok<ApiSuccessResponseDto<undefined, EmptyMetadataDto>, ApiErrorResponseDto>(undefined);
+    } catch (err) {
+      console.error(err);
+      return fail<ApiSuccessResponseDto<undefined, EmptyMetadataDto>, ApiErrorResponseDto>({
+        error: {
+          code: ErrorCode.UnknownError,
+          message: `Unknown error while deleting the role ${roleName}`,
+          metadata: {} as EmptyMetadataDto,
+        },
+      });
+    }
+  }
+}

package/src/services/auth/client/index.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export * from './AuthorizationManagementControllerClient';
2	+ export * from './AuthService';

package/src/services/auth/index.ts ADDED Viewed

	@@ -0,0 +1 @@
1	+ export * from './client';

package/src/services/index.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export * from './api';
2	+ export * from './auth';

package/src/utils/authorization/index.ts ADDED Viewed

@@ -0,0 +1,47 @@
+import { IPolicy, PolicyBase } from '@data';
+/**
+ * Checks if a policy is valid for the given parameters.
+ *
+ * @param policy Policy to check, either an instance or a class.
+ * @param params Parameters to pass to the policy check function.
+ * @returns A promise that resolves if the policy is valid, rejects otherwise.
+ */
+export async function check<TParams extends unknown[]>(policy: IPolicy<TParams> | (new () => IPolicy<TParams>), ...params: TParams): Promise<boolean> {
+  // If passed an instance of a policy
+  if (policy instanceof PolicyBase) {
+    return (policy as IPolicy<TParams>).check(...params);
+  }
+  // If passed a policy class
+  else {
+    return new (policy as new () => IPolicy<TParams>)().check(...params);
+  }
+}
+/**
+ * Composes multiple policies into a single policy.
+ *
+ * @param composition Composition method, either 'AND' or 'OR'.
+ * @param policies Policies to compose.
+ * @returns A new policy that represents the composition of the policies.
+ */
+export function compose<TParams extends unknown[]>(composition: 'AND' | 'OR', ...policies: IPolicy<TParams>[]): IPolicy<TParams> {
+  return {
+    check: async (...params: TParams): Promise<boolean> => {
+      // Check all policies
+      if (composition === 'AND') {
+        const results = await Promise.allSettled(policies.map(policy => policy.check(...params)));
+        return results.every(result => result);
+      }
+      // Check any policies, exit as soon as any are true
+      else if (composition === 'OR') {
+        const results = await Promise.allSettled(policies.map(policy => policy.check(...params)));
+        return results.some(result => result);
+      }
+      // Invalid composition
+      else {
+        throw new Error('Invalid composition');
+      }
+    },
+  };
+}