@mathrunet/masamune_cloudflare 3.1.6 → 3.1.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +1 -1
- package/README.md +45 -1
- package/dist/index.d.ts +6 -0
- package/dist/index.js +6 -0
- package/dist/index.js.map +1 -1
- package/dist/lib/adapters/rules_middleware.d.ts +45 -0
- package/dist/lib/adapters/rules_middleware.js +42 -0
- package/dist/lib/adapters/rules_middleware.js.map +1 -0
- package/dist/lib/middlewares/index.d.ts +3 -2
- package/dist/lib/middlewares/index.js +7 -2
- package/dist/lib/middlewares/index.js.map +1 -1
- package/dist/lib/middlewares/rules_middleware.d.ts +29 -0
- package/dist/lib/middlewares/rules_middleware.js +36 -0
- package/dist/lib/middlewares/rules_middleware.js.map +1 -0
- package/dist/lib/src/rules/path_matcher.d.ts +33 -0
- package/dist/lib/src/rules/path_matcher.js +127 -0
- package/dist/lib/src/rules/path_matcher.js.map +1 -0
- package/dist/lib/src/rules/rules_engine.d.ts +182 -0
- package/dist/lib/src/rules/rules_engine.js +523 -0
- package/dist/lib/src/rules/rules_engine.js.map +1 -0
- package/dist/lib/src/rules/rules_loader.d.ts +93 -0
- package/dist/lib/src/rules/rules_loader.js +125 -0
- package/dist/lib/src/rules/rules_loader.js.map +1 -0
- package/dist/lib/src/worker_adapter_base.d.ts +14 -0
- package/dist/lib/src/worker_adapter_base.js +12 -0
- package/dist/lib/src/worker_adapter_base.js.map +1 -0
- package/dist/lib/src/workers_auth_adapter_base.d.ts +3 -8
- package/dist/lib/src/workers_auth_adapter_base.js +2 -1
- package/dist/lib/src/workers_auth_adapter_base.js.map +1 -1
- package/dist/lib/src/workers_base.d.ts +32 -0
- package/dist/lib/src/workers_base.js +41 -3
- package/dist/lib/src/workers_base.js.map +1 -1
- package/dist/lib/src/workers_rule_adapter_base.d.ts +27 -0
- package/dist/lib/src/workers_rule_adapter_base.js +28 -0
- package/dist/lib/src/workers_rule_adapter_base.js.map +1 -0
- package/package.json +1 -1
package/CHANGELOG.md
CHANGED
package/README.md
CHANGED
|
@@ -60,8 +60,52 @@ export default m.deploy(
|
|
|
60
60
|
);
|
|
61
61
|
```
|
|
62
62
|
|
|
63
|
+
# Rules
|
|
64
|
+
|
|
65
|
+
`WorkersOptions.rules` accepts a `rules.json` configuration. Import the JSON
|
|
66
|
+
file and pass it to `deploy` when multiple Cloudflare packages should share the
|
|
67
|
+
same rules.
|
|
68
|
+
|
|
69
|
+
```typescript
|
|
70
|
+
import * as m from "@mathrunet/masamune_cloudflare";
|
|
71
|
+
import rulesJson from "../rules.json";
|
|
72
|
+
|
|
73
|
+
export default m.deploy(
|
|
74
|
+
[
|
|
75
|
+
m.TestWorkers.test,
|
|
76
|
+
],
|
|
77
|
+
{
|
|
78
|
+
rules: rulesJson,
|
|
79
|
+
},
|
|
80
|
+
);
|
|
81
|
+
```
|
|
82
|
+
|
|
83
|
+
`rules.json` paths use the same normalized format across Turso, TiDB, and KV
|
|
84
|
+
workers.
|
|
85
|
+
|
|
86
|
+
```json
|
|
87
|
+
{
|
|
88
|
+
"version": "1",
|
|
89
|
+
"rules": {
|
|
90
|
+
"database/main": {
|
|
91
|
+
"read": "allow",
|
|
92
|
+
"write": "server"
|
|
93
|
+
},
|
|
94
|
+
"database/{uid}/table/users/{uid}": {
|
|
95
|
+
"read": { "type": "path", "param": "uid" },
|
|
96
|
+
"write": { "type": "field", "field": "ownerId", "server": true }
|
|
97
|
+
}
|
|
98
|
+
}
|
|
99
|
+
}
|
|
100
|
+
```
|
|
101
|
+
|
|
102
|
+
Supported access values are `deny`, `allow`, `authenticated`, `server`,
|
|
103
|
+
`{ "type": "field", "field": "..." }`, and
|
|
104
|
+
`{ "type": "path", "param": "..." }`. `{ "type": "fieldMatch" }` is still
|
|
105
|
+
accepted for compatibility.
|
|
106
|
+
|
|
63
107
|
# GitHub Sponsors
|
|
64
108
|
|
|
65
109
|
Sponsors are always welcome. Thank you for your support!
|
|
66
110
|
|
|
67
|
-
[https://github.com/sponsors/mathrunet](https://github.com/sponsors/mathrunet)
|
|
111
|
+
[https://github.com/sponsors/mathrunet](https://github.com/sponsors/mathrunet)
|
package/dist/index.d.ts
CHANGED
|
@@ -14,10 +14,16 @@ export * from "@mathrunet/masamune";
|
|
|
14
14
|
export * from "./lib/api";
|
|
15
15
|
export * from "./lib/src/workers_base";
|
|
16
16
|
export * from "./lib/src/workers_auth_adapter_base";
|
|
17
|
+
export * from "./lib/src/workers_rule_adapter_base";
|
|
17
18
|
export * from "./lib/src/workers_data";
|
|
18
19
|
export * from "./lib/src/request_process_workders_base";
|
|
20
|
+
export * from "./lib/src/rules/rules_loader";
|
|
21
|
+
export * from "./lib/src/rules/path_matcher";
|
|
22
|
+
export * from "./lib/src/rules/rules_engine";
|
|
19
23
|
export * from "./lib/adapters/firebase_auth_adapter";
|
|
20
24
|
export * from "./lib/adapters/none_auth_adapter";
|
|
25
|
+
export * from "./lib/adapters/rules_middleware";
|
|
26
|
+
export * from "./lib/middlewares";
|
|
21
27
|
/**
|
|
22
28
|
* Methods for deploying to Cloudflare Workers.
|
|
23
29
|
*
|
package/dist/index.js
CHANGED
|
@@ -52,10 +52,16 @@ __exportStar(require("@mathrunet/masamune"), exports);
|
|
|
52
52
|
__exportStar(require("./lib/api"), exports);
|
|
53
53
|
__exportStar(require("./lib/src/workers_base"), exports);
|
|
54
54
|
__exportStar(require("./lib/src/workers_auth_adapter_base"), exports);
|
|
55
|
+
__exportStar(require("./lib/src/workers_rule_adapter_base"), exports);
|
|
55
56
|
__exportStar(require("./lib/src/workers_data"), exports);
|
|
56
57
|
__exportStar(require("./lib/src/request_process_workders_base"), exports);
|
|
58
|
+
__exportStar(require("./lib/src/rules/rules_loader"), exports);
|
|
59
|
+
__exportStar(require("./lib/src/rules/path_matcher"), exports);
|
|
60
|
+
__exportStar(require("./lib/src/rules/rules_engine"), exports);
|
|
57
61
|
__exportStar(require("./lib/adapters/firebase_auth_adapter"), exports);
|
|
58
62
|
__exportStar(require("./lib/adapters/none_auth_adapter"), exports);
|
|
63
|
+
__exportStar(require("./lib/adapters/rules_middleware"), exports);
|
|
64
|
+
__exportStar(require("./lib/middlewares"), exports);
|
|
59
65
|
/**
|
|
60
66
|
* Methods for deploying to Cloudflare Workers.
|
|
61
67
|
*
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA2CA,wBAMC;AAjDD;;;;;;;;;GASG;AACH,2CAA6B;AAG7B,sDAAoC;AACpC,4CAA0B;AAC1B,yDAAuC;AACvC,sEAAoD;AACpD,sEAAoD;AACpD,yDAAuC;AACvC,0EAAwD;AACxD,+DAA6C;AAC7C,+DAA6C;AAC7C,+DAA6C;AAC7C,uEAAqD;AACrD,mEAAiD;AACjD,kEAAgD;AAChD,oDAAkC;AAElC;;;;;;;;;;;;;;GAcG;AACH,SAAgB,MAAM,CAAC,cAA6B,EAAE,UAA0B,EAAE;IAC9E,MAAM,GAAG,GAAG,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;IAC5B,KAAK,MAAM,MAAM,IAAI,cAAc,EAAE,CAAC;QAClC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC;IAClD,CAAC;IACD,OAAO,GAAG,CAAC;AACf,CAAC"}
|
|
@@ -0,0 +1,45 @@
|
|
|
1
|
+
import { Context, MiddlewareHandler } from "hono";
|
|
2
|
+
import { RulesEngine, RulesEvaluationInput, RulesEvaluationResult } from "../src/rules/rules_engine";
|
|
3
|
+
import { WorkersRuleAdapterBase } from "../src/workers_rule_adapter_base";
|
|
4
|
+
/**
|
|
5
|
+
* Input builder for rules adapter.
|
|
6
|
+
*
|
|
7
|
+
* rulesアダプター用の入力生成関数。
|
|
8
|
+
*/
|
|
9
|
+
export type RulesEvaluationInputBuilder = (context: Context) => RulesEvaluationInput | Promise<RulesEvaluationInput>;
|
|
10
|
+
/**
|
|
11
|
+
* Options for RulesEngineRuleAdapter.
|
|
12
|
+
*
|
|
13
|
+
* RulesEngineRuleAdapterのオプション。
|
|
14
|
+
*/
|
|
15
|
+
export interface RulesEngineRuleOptions {
|
|
16
|
+
/**
|
|
17
|
+
* Rules engine to evaluate access rules.
|
|
18
|
+
*
|
|
19
|
+
* アクセスルールを評価するrulesエンジン。
|
|
20
|
+
*/
|
|
21
|
+
engine: RulesEngine;
|
|
22
|
+
/**
|
|
23
|
+
* Builder that produces rules evaluation input from the request context.
|
|
24
|
+
*
|
|
25
|
+
* リクエストコンテキストからrules評価入力を生成するビルダー。
|
|
26
|
+
*/
|
|
27
|
+
getEvaluationInput: RulesEvaluationInputBuilder;
|
|
28
|
+
/**
|
|
29
|
+
* Response returned when access is denied.
|
|
30
|
+
*
|
|
31
|
+
* アクセスが拒否された場合に返すレスポンス。
|
|
32
|
+
*/
|
|
33
|
+
deniedResponse?: (context: Context, result: RulesEvaluationResult) => Response | Promise<Response>;
|
|
34
|
+
}
|
|
35
|
+
/**
|
|
36
|
+
* Middleware adapter that evaluates rules using a RulesEngine.
|
|
37
|
+
*
|
|
38
|
+
* RulesEngineを用いてrulesを評価するミドルウェアアダプター。
|
|
39
|
+
*/
|
|
40
|
+
export declare class RulesEngineRuleAdapter extends WorkersRuleAdapterBase {
|
|
41
|
+
constructor(options: RulesEngineRuleOptions);
|
|
42
|
+
private readonly options;
|
|
43
|
+
build(): MiddlewareHandler;
|
|
44
|
+
private denied;
|
|
45
|
+
}
|
|
@@ -0,0 +1,42 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.RulesEngineRuleAdapter = void 0;
|
|
4
|
+
const workers_rule_adapter_base_1 = require("../src/workers_rule_adapter_base");
|
|
5
|
+
/**
|
|
6
|
+
* Middleware adapter that evaluates rules using a RulesEngine.
|
|
7
|
+
*
|
|
8
|
+
* RulesEngineを用いてrulesを評価するミドルウェアアダプター。
|
|
9
|
+
*/
|
|
10
|
+
class RulesEngineRuleAdapter extends workers_rule_adapter_base_1.WorkersRuleAdapterBase {
|
|
11
|
+
constructor(options) {
|
|
12
|
+
super();
|
|
13
|
+
this.options = options;
|
|
14
|
+
}
|
|
15
|
+
options;
|
|
16
|
+
build() {
|
|
17
|
+
return async (context, next) => {
|
|
18
|
+
const authentication = context.get("authentication");
|
|
19
|
+
const input = await this.options.getEvaluationInput(context);
|
|
20
|
+
const result = await this.options.engine.evaluate({
|
|
21
|
+
...input,
|
|
22
|
+
authentication: input.authentication ?? authentication,
|
|
23
|
+
});
|
|
24
|
+
if (!result.allowed) {
|
|
25
|
+
return await this.denied(context, result);
|
|
26
|
+
}
|
|
27
|
+
this.setRulesContext(context, result);
|
|
28
|
+
await next();
|
|
29
|
+
};
|
|
30
|
+
}
|
|
31
|
+
async denied(context, result) {
|
|
32
|
+
if (this.options.deniedResponse) {
|
|
33
|
+
return await this.options.deniedResponse(context, result);
|
|
34
|
+
}
|
|
35
|
+
return context.json({
|
|
36
|
+
error: "denied",
|
|
37
|
+
rule: result.rulePath,
|
|
38
|
+
}, 403);
|
|
39
|
+
}
|
|
40
|
+
}
|
|
41
|
+
exports.RulesEngineRuleAdapter = RulesEngineRuleAdapter;
|
|
42
|
+
//# sourceMappingURL=rules_middleware.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"rules_middleware.js","sourceRoot":"","sources":["../../../src/lib/adapters/rules_middleware.ts"],"names":[],"mappings":";;;AAOA,gFAA0E;AA0C1E;;;;GAIG;AACH,MAAa,sBAAuB,SAAQ,kDAAsB;IAC9D,YAAY,OAA+B;QACvC,KAAK,EAAE,CAAC;QACR,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;IAC3B,CAAC;IAEgB,OAAO,CAAyB;IAEjD,KAAK;QACD,OAAO,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;YAC3B,MAAM,cAAc,GAAG,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAmC,CAAC;YACvF,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAC;YAC7D,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC;gBAC9C,GAAG,KAAK;gBACR,cAAc,EAAE,KAAK,CAAC,cAAc,IAAI,cAAc;aACzD,CAAC,CAAC;YACH,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;gBAClB,OAAO,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;YAC9C,CAAC;YACD,IAAI,CAAC,eAAe,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;YACtC,MAAM,IAAI,EAAE,CAAC;QACjB,CAAC,CAAC;IACN,CAAC;IAEO,KAAK,CAAC,MAAM,CAChB,OAAgB,EAChB,MAA6B;QAE7B,IAAI,IAAI,CAAC,OAAO,CAAC,cAAc,EAAE,CAAC;YAC9B,OAAO,MAAM,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QAC9D,CAAC;QACD,OAAO,OAAO,CAAC,IAAI,CAAC;YAChB,KAAK,EAAE,QAAQ;YACf,IAAI,EAAE,MAAM,CAAC,QAAQ;SACxB,EAAE,GAAG,CAAC,CAAC;IACZ,CAAC;CACJ;AApCD,wDAoCC"}
|
|
@@ -1,2 +1,3 @@
|
|
|
1
|
-
export * from "
|
|
2
|
-
export
|
|
1
|
+
export * from "../adapters/rules_middleware";
|
|
2
|
+
export { FirebaseAuthAdapter as FirebaseAuthenticationMiddleware, FirebaseAuthOptions as FirebaseAuthenticationMiddlewareOptions, FirebaseCacheApiKeyStorer, } from "../adapters/firebase_auth_adapter";
|
|
3
|
+
export { NoneAuthAdapter as NoAuthenticationMiddleware, } from "../adapters/none_auth_adapter";
|
|
@@ -14,6 +14,11 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
|
|
|
14
14
|
for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
|
|
15
15
|
};
|
|
16
16
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
17
|
-
|
|
18
|
-
__exportStar(require("
|
|
17
|
+
exports.NoAuthenticationMiddleware = exports.FirebaseCacheApiKeyStorer = exports.FirebaseAuthenticationMiddleware = void 0;
|
|
18
|
+
__exportStar(require("../adapters/rules_middleware"), exports);
|
|
19
|
+
var firebase_auth_adapter_1 = require("../adapters/firebase_auth_adapter");
|
|
20
|
+
Object.defineProperty(exports, "FirebaseAuthenticationMiddleware", { enumerable: true, get: function () { return firebase_auth_adapter_1.FirebaseAuthAdapter; } });
|
|
21
|
+
Object.defineProperty(exports, "FirebaseCacheApiKeyStorer", { enumerable: true, get: function () { return firebase_auth_adapter_1.FirebaseCacheApiKeyStorer; } });
|
|
22
|
+
var none_auth_adapter_1 = require("../adapters/none_auth_adapter");
|
|
23
|
+
Object.defineProperty(exports, "NoAuthenticationMiddleware", { enumerable: true, get: function () { return none_auth_adapter_1.NoneAuthAdapter; } });
|
|
19
24
|
//# sourceMappingURL=index.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/lib/middlewares/index.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/lib/middlewares/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;AAAA,+DAA6C;AAC7C,2EAI2C;AAHvC,yIAAA,mBAAmB,OAAoC;AAEvD,kIAAA,yBAAyB,OAAA;AAE7B,mEAEuC;AADnC,+HAAA,eAAe,OAA8B"}
|
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
import { Context, MiddlewareHandler } from "hono";
|
|
2
|
+
import { RulesEngine, RulesEvaluationInput, RulesEvaluationResult } from "../src/rules/rules_engine";
|
|
3
|
+
/**
|
|
4
|
+
* Input builder for rules middleware.
|
|
5
|
+
*
|
|
6
|
+
* rulesミドルウェア用の入力生成関数。
|
|
7
|
+
*/
|
|
8
|
+
export type RulesMiddlewareInputBuilder = (context: Context) => RulesEvaluationInput | Promise<RulesEvaluationInput>;
|
|
9
|
+
/**
|
|
10
|
+
* Options for rules middleware.
|
|
11
|
+
*
|
|
12
|
+
* rulesミドルウェアのオプション。
|
|
13
|
+
*/
|
|
14
|
+
export interface RulesMiddlewareOptions {
|
|
15
|
+
engine: RulesEngine;
|
|
16
|
+
getEvaluationInput: RulesMiddlewareInputBuilder;
|
|
17
|
+
}
|
|
18
|
+
/**
|
|
19
|
+
* Create rules middleware.
|
|
20
|
+
*
|
|
21
|
+
* rulesミドルウェアを作成します。
|
|
22
|
+
*/
|
|
23
|
+
export declare function rulesMiddleware(options: RulesMiddlewareOptions): MiddlewareHandler;
|
|
24
|
+
/**
|
|
25
|
+
* Get rules evaluation result from Hono context.
|
|
26
|
+
*
|
|
27
|
+
* Hono contextからrules評価結果を取得します。
|
|
28
|
+
*/
|
|
29
|
+
export declare function getRulesEvaluationResult(context: Context): RulesEvaluationResult | undefined;
|
|
@@ -0,0 +1,36 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.rulesMiddleware = rulesMiddleware;
|
|
4
|
+
exports.getRulesEvaluationResult = getRulesEvaluationResult;
|
|
5
|
+
/**
|
|
6
|
+
* Create rules middleware.
|
|
7
|
+
*
|
|
8
|
+
* rulesミドルウェアを作成します。
|
|
9
|
+
*/
|
|
10
|
+
function rulesMiddleware(options) {
|
|
11
|
+
return async (context, next) => {
|
|
12
|
+
const authentication = context.get("authentication");
|
|
13
|
+
const input = await options.getEvaluationInput(context);
|
|
14
|
+
const result = await options.engine.evaluate({
|
|
15
|
+
...input,
|
|
16
|
+
authentication: input.authentication ?? authentication,
|
|
17
|
+
});
|
|
18
|
+
if (!result.allowed) {
|
|
19
|
+
return context.json({
|
|
20
|
+
error: "denied",
|
|
21
|
+
rule: result.rulePath,
|
|
22
|
+
}, 403);
|
|
23
|
+
}
|
|
24
|
+
context.set("rules", result);
|
|
25
|
+
await next();
|
|
26
|
+
};
|
|
27
|
+
}
|
|
28
|
+
/**
|
|
29
|
+
* Get rules evaluation result from Hono context.
|
|
30
|
+
*
|
|
31
|
+
* Hono contextからrules評価結果を取得します。
|
|
32
|
+
*/
|
|
33
|
+
function getRulesEvaluationResult(context) {
|
|
34
|
+
return context.get("rules");
|
|
35
|
+
}
|
|
36
|
+
//# sourceMappingURL=rules_middleware.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"rules_middleware.js","sourceRoot":"","sources":["../../../src/lib/middlewares/rules_middleware.ts"],"names":[],"mappings":";;AAgCA,0CAiBC;AAOD,4DAEC;AA/BD;;;;GAIG;AACH,SAAgB,eAAe,CAAC,OAA+B;IAC3D,OAAO,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;QAC3B,MAAM,cAAc,GAAG,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAmC,CAAC;QACvF,MAAM,KAAK,GAAG,MAAM,OAAO,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAC;QACxD,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC;YACzC,GAAG,KAAK;YACR,cAAc,EAAE,KAAK,CAAC,cAAc,IAAI,cAAc;SACzD,CAAC,CAAC;QACH,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YAClB,OAAO,OAAO,CAAC,IAAI,CAAC;gBAChB,KAAK,EAAE,QAAQ;gBACf,IAAI,EAAE,MAAM,CAAC,QAAQ;aACxB,EAAE,GAAG,CAAC,CAAC;QACZ,CAAC;QACD,OAAO,CAAC,GAAG,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QAC7B,MAAM,IAAI,EAAE,CAAC;IACjB,CAAC,CAAC;AACN,CAAC;AAED;;;;GAIG;AACH,SAAgB,wBAAwB,CAAC,OAAgB;IACrD,OAAO,OAAO,CAAC,GAAG,CAAC,OAAO,CAAsC,CAAC;AACrE,CAAC"}
|
|
@@ -0,0 +1,33 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Result of matching a rule path against a request path.
|
|
3
|
+
*
|
|
4
|
+
* ルールパスとリクエストパスのマッチ結果。
|
|
5
|
+
*/
|
|
6
|
+
export interface RulePathMatch {
|
|
7
|
+
matched: boolean;
|
|
8
|
+
rulePath: string;
|
|
9
|
+
params: Record<string, string>;
|
|
10
|
+
literalSegments: number;
|
|
11
|
+
namedWildcardSegments: number;
|
|
12
|
+
wildcardSegments: number;
|
|
13
|
+
deepWildcardSegments: number;
|
|
14
|
+
matchedSegments: number;
|
|
15
|
+
}
|
|
16
|
+
/**
|
|
17
|
+
* Match rule path to request path.
|
|
18
|
+
*
|
|
19
|
+
* ルールパスをリクエストパスに照合します。
|
|
20
|
+
*/
|
|
21
|
+
export declare function matchRulePath(rulePath: string, requestPath: string): RulePathMatch;
|
|
22
|
+
/**
|
|
23
|
+
* Compare matches by specificity.
|
|
24
|
+
*
|
|
25
|
+
* マッチ結果を具体度で比較します。
|
|
26
|
+
*/
|
|
27
|
+
export declare function compareRulePathMatch(a: RulePathMatch, b: RulePathMatch): number;
|
|
28
|
+
/**
|
|
29
|
+
* Sort matches from the most specific to the least specific.
|
|
30
|
+
*
|
|
31
|
+
* マッチ結果を具体度の高い順に並べます。
|
|
32
|
+
*/
|
|
33
|
+
export declare function sortRulePathMatches(matches: RulePathMatch[]): RulePathMatch[];
|
|
@@ -0,0 +1,127 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.matchRulePath = matchRulePath;
|
|
4
|
+
exports.compareRulePathMatch = compareRulePathMatch;
|
|
5
|
+
exports.sortRulePathMatches = sortRulePathMatches;
|
|
6
|
+
const rules_loader_1 = require("./rules_loader");
|
|
7
|
+
/**
|
|
8
|
+
* Match rule path to request path.
|
|
9
|
+
*
|
|
10
|
+
* ルールパスをリクエストパスに照合します。
|
|
11
|
+
*/
|
|
12
|
+
function matchRulePath(rulePath, requestPath) {
|
|
13
|
+
(0, rules_loader_1.validateRulePath)(rulePath);
|
|
14
|
+
const ruleSegments = splitPath(rulePath);
|
|
15
|
+
const requestSegments = splitPath(requestPath);
|
|
16
|
+
const params = {};
|
|
17
|
+
let literalSegments = 0;
|
|
18
|
+
let namedWildcardSegments = 0;
|
|
19
|
+
let wildcardSegments = 0;
|
|
20
|
+
let deepWildcardSegments = 0;
|
|
21
|
+
for (let i = 0; i < ruleSegments.length; i++) {
|
|
22
|
+
const ruleSegment = ruleSegments[i];
|
|
23
|
+
if (ruleSegment === "**") {
|
|
24
|
+
deepWildcardSegments = 1;
|
|
25
|
+
return {
|
|
26
|
+
matched: true,
|
|
27
|
+
rulePath,
|
|
28
|
+
params,
|
|
29
|
+
literalSegments,
|
|
30
|
+
namedWildcardSegments,
|
|
31
|
+
wildcardSegments,
|
|
32
|
+
deepWildcardSegments,
|
|
33
|
+
matchedSegments: requestSegments.length,
|
|
34
|
+
};
|
|
35
|
+
}
|
|
36
|
+
const requestSegment = requestSegments[i];
|
|
37
|
+
if (requestSegment === undefined) {
|
|
38
|
+
return createUnmatched(rulePath);
|
|
39
|
+
}
|
|
40
|
+
if (ruleSegment === "*") {
|
|
41
|
+
wildcardSegments++;
|
|
42
|
+
continue;
|
|
43
|
+
}
|
|
44
|
+
const paramName = parseNamedPathParam(ruleSegment);
|
|
45
|
+
if (paramName) {
|
|
46
|
+
params[paramName] = requestSegment;
|
|
47
|
+
namedWildcardSegments++;
|
|
48
|
+
wildcardSegments++;
|
|
49
|
+
continue;
|
|
50
|
+
}
|
|
51
|
+
if (ruleSegment !== requestSegment) {
|
|
52
|
+
return createUnmatched(rulePath);
|
|
53
|
+
}
|
|
54
|
+
literalSegments++;
|
|
55
|
+
}
|
|
56
|
+
if (ruleSegments.length !== requestSegments.length) {
|
|
57
|
+
return createUnmatched(rulePath);
|
|
58
|
+
}
|
|
59
|
+
return {
|
|
60
|
+
matched: true,
|
|
61
|
+
rulePath,
|
|
62
|
+
params,
|
|
63
|
+
literalSegments,
|
|
64
|
+
namedWildcardSegments,
|
|
65
|
+
wildcardSegments,
|
|
66
|
+
deepWildcardSegments,
|
|
67
|
+
matchedSegments: requestSegments.length,
|
|
68
|
+
};
|
|
69
|
+
}
|
|
70
|
+
/**
|
|
71
|
+
* Compare matches by specificity.
|
|
72
|
+
*
|
|
73
|
+
* マッチ結果を具体度で比較します。
|
|
74
|
+
*/
|
|
75
|
+
function compareRulePathMatch(a, b) {
|
|
76
|
+
if (a.literalSegments !== b.literalSegments) {
|
|
77
|
+
return b.literalSegments - a.literalSegments;
|
|
78
|
+
}
|
|
79
|
+
if (a.deepWildcardSegments !== b.deepWildcardSegments) {
|
|
80
|
+
return a.deepWildcardSegments - b.deepWildcardSegments;
|
|
81
|
+
}
|
|
82
|
+
if (a.namedWildcardSegments !== b.namedWildcardSegments) {
|
|
83
|
+
return b.namedWildcardSegments - a.namedWildcardSegments;
|
|
84
|
+
}
|
|
85
|
+
if (a.wildcardSegments !== b.wildcardSegments) {
|
|
86
|
+
return a.wildcardSegments - b.wildcardSegments;
|
|
87
|
+
}
|
|
88
|
+
if (a.matchedSegments !== b.matchedSegments) {
|
|
89
|
+
return b.matchedSegments - a.matchedSegments;
|
|
90
|
+
}
|
|
91
|
+
return a.rulePath.localeCompare(b.rulePath);
|
|
92
|
+
}
|
|
93
|
+
/**
|
|
94
|
+
* Sort matches from the most specific to the least specific.
|
|
95
|
+
*
|
|
96
|
+
* マッチ結果を具体度の高い順に並べます。
|
|
97
|
+
*/
|
|
98
|
+
function sortRulePathMatches(matches) {
|
|
99
|
+
return [...matches].sort(compareRulePathMatch);
|
|
100
|
+
}
|
|
101
|
+
function splitPath(path) {
|
|
102
|
+
if (path.length === 0 || path.startsWith("/") || path.endsWith("/")) {
|
|
103
|
+
return [];
|
|
104
|
+
}
|
|
105
|
+
const segments = path.split("/");
|
|
106
|
+
if (segments.some((segment) => segment.length === 0)) {
|
|
107
|
+
return [];
|
|
108
|
+
}
|
|
109
|
+
return segments;
|
|
110
|
+
}
|
|
111
|
+
function createUnmatched(rulePath) {
|
|
112
|
+
return {
|
|
113
|
+
matched: false,
|
|
114
|
+
rulePath,
|
|
115
|
+
params: {},
|
|
116
|
+
literalSegments: 0,
|
|
117
|
+
namedWildcardSegments: 0,
|
|
118
|
+
wildcardSegments: 0,
|
|
119
|
+
deepWildcardSegments: 0,
|
|
120
|
+
matchedSegments: 0,
|
|
121
|
+
};
|
|
122
|
+
}
|
|
123
|
+
function parseNamedPathParam(segment) {
|
|
124
|
+
const match = /^\{([A-Za-z_][A-Za-z0-9_]*)\}$/.exec(segment);
|
|
125
|
+
return match?.[1];
|
|
126
|
+
}
|
|
127
|
+
//# sourceMappingURL=path_matcher.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"path_matcher.js","sourceRoot":"","sources":["../../../../src/lib/src/rules/path_matcher.ts"],"names":[],"mappings":";;AAuBA,sCA0DC;AAOD,oDAiBC;AAOD,kDAEC;AAlHD,iDAAkD;AAkBlD;;;;GAIG;AACH,SAAgB,aAAa,CAAC,QAAgB,EAAE,WAAmB;IAC/D,IAAA,+BAAgB,EAAC,QAAQ,CAAC,CAAC;IAC3B,MAAM,YAAY,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC;IACzC,MAAM,eAAe,GAAG,SAAS,CAAC,WAAW,CAAC,CAAC;IAC/C,MAAM,MAAM,GAA2B,EAAE,CAAC;IAC1C,IAAI,eAAe,GAAG,CAAC,CAAC;IACxB,IAAI,qBAAqB,GAAG,CAAC,CAAC;IAC9B,IAAI,gBAAgB,GAAG,CAAC,CAAC;IACzB,IAAI,oBAAoB,GAAG,CAAC,CAAC;IAE7B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,YAAY,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAC3C,MAAM,WAAW,GAAG,YAAY,CAAC,CAAC,CAAC,CAAC;QACpC,IAAI,WAAW,KAAK,IAAI,EAAE,CAAC;YACvB,oBAAoB,GAAG,CAAC,CAAC;YACzB,OAAO;gBACH,OAAO,EAAE,IAAI;gBACb,QAAQ;gBACR,MAAM;gBACN,eAAe;gBACf,qBAAqB;gBACrB,gBAAgB;gBAChB,oBAAoB;gBACpB,eAAe,EAAE,eAAe,CAAC,MAAM;aAC1C,CAAC;QACN,CAAC;QACD,MAAM,cAAc,GAAG,eAAe,CAAC,CAAC,CAAC,CAAC;QAC1C,IAAI,cAAc,KAAK,SAAS,EAAE,CAAC;YAC/B,OAAO,eAAe,CAAC,QAAQ,CAAC,CAAC;QACrC,CAAC;QACD,IAAI,WAAW,KAAK,GAAG,EAAE,CAAC;YACtB,gBAAgB,EAAE,CAAC;YACnB,SAAS;QACb,CAAC;QACD,MAAM,SAAS,GAAG,mBAAmB,CAAC,WAAW,CAAC,CAAC;QACnD,IAAI,SAAS,EAAE,CAAC;YACZ,MAAM,CAAC,SAAS,CAAC,GAAG,cAAc,CAAC;YACnC,qBAAqB,EAAE,CAAC;YACxB,gBAAgB,EAAE,CAAC;YACnB,SAAS;QACb,CAAC;QACD,IAAI,WAAW,KAAK,cAAc,EAAE,CAAC;YACjC,OAAO,eAAe,CAAC,QAAQ,CAAC,CAAC;QACrC,CAAC;QACD,eAAe,EAAE,CAAC;IACtB,CAAC;IACD,IAAI,YAAY,CAAC,MAAM,KAAK,eAAe,CAAC,MAAM,EAAE,CAAC;QACjD,OAAO,eAAe,CAAC,QAAQ,CAAC,CAAC;IACrC,CAAC;IACD,OAAO;QACH,OAAO,EAAE,IAAI;QACb,QAAQ;QACR,MAAM;QACN,eAAe;QACf,qBAAqB;QACrB,gBAAgB;QAChB,oBAAoB;QACpB,eAAe,EAAE,eAAe,CAAC,MAAM;KAC1C,CAAC;AACN,CAAC;AAED;;;;GAIG;AACH,SAAgB,oBAAoB,CAAC,CAAgB,EAAE,CAAgB;IACnE,IAAI,CAAC,CAAC,eAAe,KAAK,CAAC,CAAC,eAAe,EAAE,CAAC;QAC1C,OAAO,CAAC,CAAC,eAAe,GAAG,CAAC,CAAC,eAAe,CAAC;IACjD,CAAC;IACD,IAAI,CAAC,CAAC,oBAAoB,KAAK,CAAC,CAAC,oBAAoB,EAAE,CAAC;QACpD,OAAO,CAAC,CAAC,oBAAoB,GAAG,CAAC,CAAC,oBAAoB,CAAC;IAC3D,CAAC;IACD,IAAI,CAAC,CAAC,qBAAqB,KAAK,CAAC,CAAC,qBAAqB,EAAE,CAAC;QACtD,OAAO,CAAC,CAAC,qBAAqB,GAAG,CAAC,CAAC,qBAAqB,CAAC;IAC7D,CAAC;IACD,IAAI,CAAC,CAAC,gBAAgB,KAAK,CAAC,CAAC,gBAAgB,EAAE,CAAC;QAC5C,OAAO,CAAC,CAAC,gBAAgB,GAAG,CAAC,CAAC,gBAAgB,CAAC;IACnD,CAAC;IACD,IAAI,CAAC,CAAC,eAAe,KAAK,CAAC,CAAC,eAAe,EAAE,CAAC;QAC1C,OAAO,CAAC,CAAC,eAAe,GAAG,CAAC,CAAC,eAAe,CAAC;IACjD,CAAC;IACD,OAAO,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;AAChD,CAAC;AAED;;;;GAIG;AACH,SAAgB,mBAAmB,CAAC,OAAwB;IACxD,OAAO,CAAC,GAAG,OAAO,CAAC,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;AACnD,CAAC;AAED,SAAS,SAAS,CAAC,IAAY;IAC3B,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,IAAI,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QAClE,OAAO,EAAE,CAAC;IACd,CAAC;IACD,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACjC,IAAI,QAAQ,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC,CAAC,EAAE,CAAC;QACnD,OAAO,EAAE,CAAC;IACd,CAAC;IACD,OAAO,QAAQ,CAAC;AACpB,CAAC;AAED,SAAS,eAAe,CAAC,QAAgB;IACrC,OAAO;QACH,OAAO,EAAE,KAAK;QACd,QAAQ;QACR,MAAM,EAAE,EAAE;QACV,eAAe,EAAE,CAAC;QAClB,qBAAqB,EAAE,CAAC;QACxB,gBAAgB,EAAE,CAAC;QACnB,oBAAoB,EAAE,CAAC;QACvB,eAAe,EAAE,CAAC;KACrB,CAAC;AACN,CAAC;AAED,SAAS,mBAAmB,CAAC,OAAe;IACxC,MAAM,KAAK,GAAG,gCAAgC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAC7D,OAAO,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC;AACtB,CAAC"}
|
|
@@ -0,0 +1,182 @@
|
|
|
1
|
+
import { WorkersAuthContext } from "../workers_auth_adapter_base";
|
|
2
|
+
import { RulesAccessRule, RulesConfig, RulesOperation, RulesOperationKey } from "./rules_loader";
|
|
3
|
+
/**
|
|
4
|
+
* Input for evaluating rules.
|
|
5
|
+
*
|
|
6
|
+
* rules評価入力。
|
|
7
|
+
*/
|
|
8
|
+
export interface RulesEvaluationInput {
|
|
9
|
+
path: string;
|
|
10
|
+
operation: RulesOperation | RulesOperationKey;
|
|
11
|
+
authentication?: WorkersAuthContext | undefined;
|
|
12
|
+
fetchDocument?: (() => Promise<Record<string, unknown> | null | undefined>) | undefined;
|
|
13
|
+
server?: boolean | undefined;
|
|
14
|
+
}
|
|
15
|
+
/**
|
|
16
|
+
* Result of evaluating rules.
|
|
17
|
+
*
|
|
18
|
+
* rules評価結果。
|
|
19
|
+
*/
|
|
20
|
+
export interface RulesEvaluationResult {
|
|
21
|
+
allowed: boolean;
|
|
22
|
+
rulePath?: string | undefined;
|
|
23
|
+
access?: RulesAccessRule | undefined;
|
|
24
|
+
params?: Record<string, string> | undefined;
|
|
25
|
+
}
|
|
26
|
+
/**
|
|
27
|
+
* Arguments for building a rules path.
|
|
28
|
+
*
|
|
29
|
+
* rulesパス生成引数。
|
|
30
|
+
*/
|
|
31
|
+
export interface RulesPathArguments {
|
|
32
|
+
database: string;
|
|
33
|
+
table: string;
|
|
34
|
+
indexKey: string;
|
|
35
|
+
}
|
|
36
|
+
/**
|
|
37
|
+
* Access mode resolved from rules.
|
|
38
|
+
*
|
|
39
|
+
* rulesから解決されたアクセスモード。
|
|
40
|
+
*/
|
|
41
|
+
export type RulesAccessMode = "none" | "functions" | "direct";
|
|
42
|
+
/**
|
|
43
|
+
* Database token authorization resolved from rules.
|
|
44
|
+
*
|
|
45
|
+
* rulesから解決されたデータベーストークン権限。
|
|
46
|
+
*/
|
|
47
|
+
export type RulesDatabaseTokenAuthorization = "read-only" | "full-access";
|
|
48
|
+
/**
|
|
49
|
+
* Target input for database token rules evaluation.
|
|
50
|
+
*
|
|
51
|
+
* データベーストークンrules評価対象。
|
|
52
|
+
*/
|
|
53
|
+
export interface RulesTokenTargetInput {
|
|
54
|
+
table: string;
|
|
55
|
+
operations: RulesOperationKey[];
|
|
56
|
+
}
|
|
57
|
+
/**
|
|
58
|
+
* Target output for database token rules evaluation.
|
|
59
|
+
*
|
|
60
|
+
* データベーストークンrules評価結果。
|
|
61
|
+
*/
|
|
62
|
+
export interface RulesTokenTargetOutput extends RulesTokenTargetInput {
|
|
63
|
+
readMode?: RulesAccessMode | undefined;
|
|
64
|
+
writeMode?: RulesAccessMode | undefined;
|
|
65
|
+
}
|
|
66
|
+
/**
|
|
67
|
+
* Database token access resolved from rules.
|
|
68
|
+
*
|
|
69
|
+
* rulesから解決されたデータベーストークンアクセス。
|
|
70
|
+
*/
|
|
71
|
+
export interface RulesDatabaseTokenAccess {
|
|
72
|
+
authorization?: RulesDatabaseTokenAuthorization | undefined;
|
|
73
|
+
readMode: RulesAccessMode;
|
|
74
|
+
writeMode: RulesAccessMode;
|
|
75
|
+
scopes: RulesTokenTargetOutput[];
|
|
76
|
+
}
|
|
77
|
+
/**
|
|
78
|
+
* Rules engine.
|
|
79
|
+
*
|
|
80
|
+
* rules評価エンジン。
|
|
81
|
+
*/
|
|
82
|
+
export declare class RulesEngine {
|
|
83
|
+
constructor(config: RulesConfig | unknown);
|
|
84
|
+
private readonly config;
|
|
85
|
+
/**
|
|
86
|
+
* Evaluate rules for the given path and operation.
|
|
87
|
+
*
|
|
88
|
+
* 指定したパスと操作に対してrulesを評価します。
|
|
89
|
+
*/
|
|
90
|
+
evaluate(input: RulesEvaluationInput): Promise<RulesEvaluationResult>;
|
|
91
|
+
/**
|
|
92
|
+
* Returns true when a table scoped rule requires server evaluation.
|
|
93
|
+
*
|
|
94
|
+
* テーブル配下ルールにサーバー評価が必要な制約がある場合はtrueを返します。
|
|
95
|
+
*/
|
|
96
|
+
hasScopedRestriction({ database, table, operation, }: {
|
|
97
|
+
database: string;
|
|
98
|
+
table: string;
|
|
99
|
+
operation: RulesOperation | RulesOperationKey;
|
|
100
|
+
}): boolean;
|
|
101
|
+
/**
|
|
102
|
+
* Returns true when a table scoped rule explicitly denies access.
|
|
103
|
+
*
|
|
104
|
+
* テーブル配下ルールに明示的なdenyがある場合はtrueを返します。
|
|
105
|
+
*/
|
|
106
|
+
hasScopedDeny({ database, table, operation, }: {
|
|
107
|
+
database: string;
|
|
108
|
+
table: string;
|
|
109
|
+
operation: RulesOperation | RulesOperationKey;
|
|
110
|
+
}): boolean;
|
|
111
|
+
}
|
|
112
|
+
/**
|
|
113
|
+
* Build a normalized rules path.
|
|
114
|
+
*
|
|
115
|
+
* 正規化されたrulesパスを生成します。
|
|
116
|
+
*/
|
|
117
|
+
export declare function buildRulesPath({ database, table, indexKey }: RulesPathArguments): string;
|
|
118
|
+
/**
|
|
119
|
+
* Build a normalized database rules path.
|
|
120
|
+
*
|
|
121
|
+
* 正規化されたデータベースrulesパスを生成します。
|
|
122
|
+
*/
|
|
123
|
+
export declare function buildDatabaseRulesPath({ database }: {
|
|
124
|
+
database: string;
|
|
125
|
+
}): string;
|
|
126
|
+
/**
|
|
127
|
+
* Normalize HTTP method to rules operation.
|
|
128
|
+
*
|
|
129
|
+
* HTTPメソッドをrules操作に正規化します。
|
|
130
|
+
*/
|
|
131
|
+
export declare function normalizeHttpMethodToRulesOperation(method: string): RulesOperation;
|
|
132
|
+
/**
|
|
133
|
+
* Normalize rules operation aliases.
|
|
134
|
+
*
|
|
135
|
+
* rules操作エイリアスを正規化します。
|
|
136
|
+
*/
|
|
137
|
+
export declare function normalizeRulesOperation(operation: RulesOperation | RulesOperationKey): RulesOperation;
|
|
138
|
+
/**
|
|
139
|
+
* Expand operation aliases to concrete operations.
|
|
140
|
+
*
|
|
141
|
+
* 操作エイリアスを具体的な操作へ展開します。
|
|
142
|
+
*/
|
|
143
|
+
export declare function expandRulesOperation(operation: RulesOperationKey): RulesOperation[];
|
|
144
|
+
/**
|
|
145
|
+
* Filter token targets by rules.
|
|
146
|
+
*
|
|
147
|
+
* rulesによりトークン対象をフィルタします。
|
|
148
|
+
*/
|
|
149
|
+
export declare function filterAllowedScope({ engine, database, scope, authentication, }: {
|
|
150
|
+
engine: RulesEngine;
|
|
151
|
+
database: string;
|
|
152
|
+
scope: RulesTokenTargetInput[];
|
|
153
|
+
authentication?: WorkersAuthContext | undefined;
|
|
154
|
+
}): Promise<RulesTokenTargetInput[]>;
|
|
155
|
+
/**
|
|
156
|
+
* Resolve database token access from rules.
|
|
157
|
+
*
|
|
158
|
+
* rulesからデータベーストークンアクセスを解決します。
|
|
159
|
+
*/
|
|
160
|
+
export declare function resolveDatabaseTokenAccess({ engine, database, operations, scope, authentication, }: {
|
|
161
|
+
engine: RulesEngine;
|
|
162
|
+
database: string;
|
|
163
|
+
operations?: RulesOperationKey[] | undefined;
|
|
164
|
+
scope?: RulesTokenTargetInput[] | undefined;
|
|
165
|
+
authentication?: WorkersAuthContext | undefined;
|
|
166
|
+
}): Promise<RulesDatabaseTokenAccess | undefined>;
|
|
167
|
+
/**
|
|
168
|
+
* Resolve database token authorization from rules.
|
|
169
|
+
*
|
|
170
|
+
* rulesからデータベーストークン権限を解決します。
|
|
171
|
+
*/
|
|
172
|
+
export declare function resolveDatabaseTokenAuthorization({ engine, database, authentication, }: {
|
|
173
|
+
engine: RulesEngine;
|
|
174
|
+
database: string;
|
|
175
|
+
authentication?: WorkersAuthContext | undefined;
|
|
176
|
+
}): Promise<RulesDatabaseTokenAuthorization | undefined>;
|
|
177
|
+
/**
|
|
178
|
+
* Resolve operation lookup order.
|
|
179
|
+
*
|
|
180
|
+
* 操作の解決順を取得します。
|
|
181
|
+
*/
|
|
182
|
+
export declare function resolveRulesOperation(operation: RulesOperation | RulesOperationKey): RulesOperationKey[];
|