@mathrunet/masamune_cloudflare 3.1.7 → 3.1.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +1 -1
- package/README.md +45 -1
- package/dist/lib/src/rules/path_matcher.d.ts +2 -0
- package/dist/lib/src/rules/path_matcher.js +24 -2
- package/dist/lib/src/rules/path_matcher.js.map +1 -1
- package/dist/lib/src/rules/rules_engine.d.ts +119 -0
- package/dist/lib/src/rules/rules_engine.js +401 -9
- package/dist/lib/src/rules/rules_engine.js.map +1 -1
- package/dist/lib/src/rules/rules_loader.d.ts +21 -1
- package/dist/lib/src/rules/rules_loader.js +33 -1
- package/dist/lib/src/rules/rules_loader.js.map +1 -1
- package/dist/lib/src/workers_base.d.ts +22 -3
- package/dist/lib/src/workers_base.js +21 -1
- package/dist/lib/src/workers_base.js.map +1 -1
- package/package.json +1 -1
package/CHANGELOG.md
CHANGED
package/README.md
CHANGED
|
@@ -60,8 +60,52 @@ export default m.deploy(
|
|
|
60
60
|
);
|
|
61
61
|
```
|
|
62
62
|
|
|
63
|
+
# Rules
|
|
64
|
+
|
|
65
|
+
`WorkersOptions.rules` accepts a `rules.json` configuration. Import the JSON
|
|
66
|
+
file and pass it to `deploy` when multiple Cloudflare packages should share the
|
|
67
|
+
same rules.
|
|
68
|
+
|
|
69
|
+
```typescript
|
|
70
|
+
import * as m from "@mathrunet/masamune_cloudflare";
|
|
71
|
+
import rulesJson from "../rules.json";
|
|
72
|
+
|
|
73
|
+
export default m.deploy(
|
|
74
|
+
[
|
|
75
|
+
m.TestWorkers.test,
|
|
76
|
+
],
|
|
77
|
+
{
|
|
78
|
+
rules: rulesJson,
|
|
79
|
+
},
|
|
80
|
+
);
|
|
81
|
+
```
|
|
82
|
+
|
|
83
|
+
`rules.json` paths use the same normalized format across Turso, TiDB, and KV
|
|
84
|
+
workers.
|
|
85
|
+
|
|
86
|
+
```json
|
|
87
|
+
{
|
|
88
|
+
"version": "1",
|
|
89
|
+
"rules": {
|
|
90
|
+
"database/main": {
|
|
91
|
+
"read": "allow",
|
|
92
|
+
"write": "server"
|
|
93
|
+
},
|
|
94
|
+
"database/{uid}/users/{uid}": {
|
|
95
|
+
"read": { "type": "path", "param": "uid" },
|
|
96
|
+
"write": { "type": "field", "field": "ownerId", "server": true }
|
|
97
|
+
}
|
|
98
|
+
}
|
|
99
|
+
}
|
|
100
|
+
```
|
|
101
|
+
|
|
102
|
+
Supported access values are `deny`, `allow`, `authenticated`, `server`,
|
|
103
|
+
`{ "type": "field", "field": "..." }`, and
|
|
104
|
+
`{ "type": "path", "param": "..." }`. `{ "type": "fieldMatch" }` is still
|
|
105
|
+
accepted for compatibility.
|
|
106
|
+
|
|
63
107
|
# GitHub Sponsors
|
|
64
108
|
|
|
65
109
|
Sponsors are always welcome. Thank you for your support!
|
|
66
110
|
|
|
67
|
-
[https://github.com/sponsors/mathrunet](https://github.com/sponsors/mathrunet)
|
|
111
|
+
[https://github.com/sponsors/mathrunet](https://github.com/sponsors/mathrunet)
|
|
@@ -13,7 +13,9 @@ function matchRulePath(rulePath, requestPath) {
|
|
|
13
13
|
(0, rules_loader_1.validateRulePath)(rulePath);
|
|
14
14
|
const ruleSegments = splitPath(rulePath);
|
|
15
15
|
const requestSegments = splitPath(requestPath);
|
|
16
|
+
const params = {};
|
|
16
17
|
let literalSegments = 0;
|
|
18
|
+
let namedWildcardSegments = 0;
|
|
17
19
|
let wildcardSegments = 0;
|
|
18
20
|
let deepWildcardSegments = 0;
|
|
19
21
|
for (let i = 0; i < ruleSegments.length; i++) {
|
|
@@ -23,7 +25,9 @@ function matchRulePath(rulePath, requestPath) {
|
|
|
23
25
|
return {
|
|
24
26
|
matched: true,
|
|
25
27
|
rulePath,
|
|
28
|
+
params,
|
|
26
29
|
literalSegments,
|
|
30
|
+
namedWildcardSegments,
|
|
27
31
|
wildcardSegments,
|
|
28
32
|
deepWildcardSegments,
|
|
29
33
|
matchedSegments: requestSegments.length,
|
|
@@ -37,21 +41,30 @@ function matchRulePath(rulePath, requestPath) {
|
|
|
37
41
|
wildcardSegments++;
|
|
38
42
|
continue;
|
|
39
43
|
}
|
|
44
|
+
const paramName = parseNamedPathParam(ruleSegment);
|
|
45
|
+
if (paramName) {
|
|
46
|
+
params[paramName] = requestSegment;
|
|
47
|
+
namedWildcardSegments++;
|
|
48
|
+
wildcardSegments++;
|
|
49
|
+
continue;
|
|
50
|
+
}
|
|
40
51
|
if (ruleSegment !== requestSegment) {
|
|
41
52
|
return createUnmatched(rulePath);
|
|
42
53
|
}
|
|
43
54
|
literalSegments++;
|
|
44
55
|
}
|
|
45
|
-
if (ruleSegments.length
|
|
56
|
+
if (ruleSegments.length > requestSegments.length) {
|
|
46
57
|
return createUnmatched(rulePath);
|
|
47
58
|
}
|
|
48
59
|
return {
|
|
49
60
|
matched: true,
|
|
50
61
|
rulePath,
|
|
62
|
+
params,
|
|
51
63
|
literalSegments,
|
|
64
|
+
namedWildcardSegments,
|
|
52
65
|
wildcardSegments,
|
|
53
66
|
deepWildcardSegments,
|
|
54
|
-
matchedSegments:
|
|
67
|
+
matchedSegments: ruleSegments.length,
|
|
55
68
|
};
|
|
56
69
|
}
|
|
57
70
|
/**
|
|
@@ -66,6 +79,9 @@ function compareRulePathMatch(a, b) {
|
|
|
66
79
|
if (a.deepWildcardSegments !== b.deepWildcardSegments) {
|
|
67
80
|
return a.deepWildcardSegments - b.deepWildcardSegments;
|
|
68
81
|
}
|
|
82
|
+
if (a.namedWildcardSegments !== b.namedWildcardSegments) {
|
|
83
|
+
return b.namedWildcardSegments - a.namedWildcardSegments;
|
|
84
|
+
}
|
|
69
85
|
if (a.wildcardSegments !== b.wildcardSegments) {
|
|
70
86
|
return a.wildcardSegments - b.wildcardSegments;
|
|
71
87
|
}
|
|
@@ -96,10 +112,16 @@ function createUnmatched(rulePath) {
|
|
|
96
112
|
return {
|
|
97
113
|
matched: false,
|
|
98
114
|
rulePath,
|
|
115
|
+
params: {},
|
|
99
116
|
literalSegments: 0,
|
|
117
|
+
namedWildcardSegments: 0,
|
|
100
118
|
wildcardSegments: 0,
|
|
101
119
|
deepWildcardSegments: 0,
|
|
102
120
|
matchedSegments: 0,
|
|
103
121
|
};
|
|
104
122
|
}
|
|
123
|
+
function parseNamedPathParam(segment) {
|
|
124
|
+
const match = /^\{([A-Za-z_][A-Za-z0-9_]*)\}$/.exec(segment);
|
|
125
|
+
return match?.[1];
|
|
126
|
+
}
|
|
105
127
|
//# sourceMappingURL=path_matcher.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"path_matcher.js","sourceRoot":"","sources":["../../../../src/lib/src/rules/path_matcher.ts"],"names":[],"mappings":";;
|
|
1
|
+
{"version":3,"file":"path_matcher.js","sourceRoot":"","sources":["../../../../src/lib/src/rules/path_matcher.ts"],"names":[],"mappings":";;AAuBA,sCA0DC;AAOD,oDAiBC;AAOD,kDAEC;AAlHD,iDAAkD;AAkBlD;;;;GAIG;AACH,SAAgB,aAAa,CAAC,QAAgB,EAAE,WAAmB;IAC/D,IAAA,+BAAgB,EAAC,QAAQ,CAAC,CAAC;IAC3B,MAAM,YAAY,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC;IACzC,MAAM,eAAe,GAAG,SAAS,CAAC,WAAW,CAAC,CAAC;IAC/C,MAAM,MAAM,GAA2B,EAAE,CAAC;IAC1C,IAAI,eAAe,GAAG,CAAC,CAAC;IACxB,IAAI,qBAAqB,GAAG,CAAC,CAAC;IAC9B,IAAI,gBAAgB,GAAG,CAAC,CAAC;IACzB,IAAI,oBAAoB,GAAG,CAAC,CAAC;IAE7B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,YAAY,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAC3C,MAAM,WAAW,GAAG,YAAY,CAAC,CAAC,CAAC,CAAC;QACpC,IAAI,WAAW,KAAK,IAAI,EAAE,CAAC;YACvB,oBAAoB,GAAG,CAAC,CAAC;YACzB,OAAO;gBACH,OAAO,EAAE,IAAI;gBACb,QAAQ;gBACR,MAAM;gBACN,eAAe;gBACf,qBAAqB;gBACrB,gBAAgB;gBAChB,oBAAoB;gBACpB,eAAe,EAAE,eAAe,CAAC,MAAM;aAC1C,CAAC;QACN,CAAC;QACD,MAAM,cAAc,GAAG,eAAe,CAAC,CAAC,CAAC,CAAC;QAC1C,IAAI,cAAc,KAAK,SAAS,EAAE,CAAC;YAC/B,OAAO,eAAe,CAAC,QAAQ,CAAC,CAAC;QACrC,CAAC;QACD,IAAI,WAAW,KAAK,GAAG,EAAE,CAAC;YACtB,gBAAgB,EAAE,CAAC;YACnB,SAAS;QACb,CAAC;QACD,MAAM,SAAS,GAAG,mBAAmB,CAAC,WAAW,CAAC,CAAC;QACnD,IAAI,SAAS,EAAE,CAAC;YACZ,MAAM,CAAC,SAAS,CAAC,GAAG,cAAc,CAAC;YACnC,qBAAqB,EAAE,CAAC;YACxB,gBAAgB,EAAE,CAAC;YACnB,SAAS;QACb,CAAC;QACD,IAAI,WAAW,KAAK,cAAc,EAAE,CAAC;YACjC,OAAO,eAAe,CAAC,QAAQ,CAAC,CAAC;QACrC,CAAC;QACD,eAAe,EAAE,CAAC;IACtB,CAAC;IACD,IAAI,YAAY,CAAC,MAAM,GAAG,eAAe,CAAC,MAAM,EAAE,CAAC;QAC/C,OAAO,eAAe,CAAC,QAAQ,CAAC,CAAC;IACrC,CAAC;IACD,OAAO;QACH,OAAO,EAAE,IAAI;QACb,QAAQ;QACR,MAAM;QACN,eAAe;QACf,qBAAqB;QACrB,gBAAgB;QAChB,oBAAoB;QACpB,eAAe,EAAE,YAAY,CAAC,MAAM;KACvC,CAAC;AACN,CAAC;AAED;;;;GAIG;AACH,SAAgB,oBAAoB,CAAC,CAAgB,EAAE,CAAgB;IACnE,IAAI,CAAC,CAAC,eAAe,KAAK,CAAC,CAAC,eAAe,EAAE,CAAC;QAC1C,OAAO,CAAC,CAAC,eAAe,GAAG,CAAC,CAAC,eAAe,CAAC;IACjD,CAAC;IACD,IAAI,CAAC,CAAC,oBAAoB,KAAK,CAAC,CAAC,oBAAoB,EAAE,CAAC;QACpD,OAAO,CAAC,CAAC,oBAAoB,GAAG,CAAC,CAAC,oBAAoB,CAAC;IAC3D,CAAC;IACD,IAAI,CAAC,CAAC,qBAAqB,KAAK,CAAC,CAAC,qBAAqB,EAAE,CAAC;QACtD,OAAO,CAAC,CAAC,qBAAqB,GAAG,CAAC,CAAC,qBAAqB,CAAC;IAC7D,CAAC;IACD,IAAI,CAAC,CAAC,gBAAgB,KAAK,CAAC,CAAC,gBAAgB,EAAE,CAAC;QAC5C,OAAO,CAAC,CAAC,gBAAgB,GAAG,CAAC,CAAC,gBAAgB,CAAC;IACnD,CAAC;IACD,IAAI,CAAC,CAAC,eAAe,KAAK,CAAC,CAAC,eAAe,EAAE,CAAC;QAC1C,OAAO,CAAC,CAAC,eAAe,GAAG,CAAC,CAAC,eAAe,CAAC;IACjD,CAAC;IACD,OAAO,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;AAChD,CAAC;AAED;;;;GAIG;AACH,SAAgB,mBAAmB,CAAC,OAAwB;IACxD,OAAO,CAAC,GAAG,OAAO,CAAC,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;AACnD,CAAC;AAED,SAAS,SAAS,CAAC,IAAY;IAC3B,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,IAAI,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QAClE,OAAO,EAAE,CAAC;IACd,CAAC;IACD,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACjC,IAAI,QAAQ,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC,CAAC,EAAE,CAAC;QACnD,OAAO,EAAE,CAAC;IACd,CAAC;IACD,OAAO,QAAQ,CAAC;AACpB,CAAC;AAED,SAAS,eAAe,CAAC,QAAgB;IACrC,OAAO;QACH,OAAO,EAAE,KAAK;QACd,QAAQ;QACR,MAAM,EAAE,EAAE;QACV,eAAe,EAAE,CAAC;QAClB,qBAAqB,EAAE,CAAC;QACxB,gBAAgB,EAAE,CAAC;QACnB,oBAAoB,EAAE,CAAC;QACvB,eAAe,EAAE,CAAC;KACrB,CAAC;AACN,CAAC;AAED,SAAS,mBAAmB,CAAC,OAAe;IACxC,MAAM,KAAK,GAAG,gCAAgC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAC7D,OAAO,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC;AACtB,CAAC"}
|
|
@@ -10,6 +10,7 @@ export interface RulesEvaluationInput {
|
|
|
10
10
|
operation: RulesOperation | RulesOperationKey;
|
|
11
11
|
authentication?: WorkersAuthContext | undefined;
|
|
12
12
|
fetchDocument?: (() => Promise<Record<string, unknown> | null | undefined>) | undefined;
|
|
13
|
+
server?: boolean | undefined;
|
|
13
14
|
}
|
|
14
15
|
/**
|
|
15
16
|
* Result of evaluating rules.
|
|
@@ -20,6 +21,7 @@ export interface RulesEvaluationResult {
|
|
|
20
21
|
allowed: boolean;
|
|
21
22
|
rulePath?: string | undefined;
|
|
22
23
|
access?: RulesAccessRule | undefined;
|
|
24
|
+
params?: Record<string, string> | undefined;
|
|
23
25
|
}
|
|
24
26
|
/**
|
|
25
27
|
* Arguments for building a rules path.
|
|
@@ -31,6 +33,47 @@ export interface RulesPathArguments {
|
|
|
31
33
|
table: string;
|
|
32
34
|
indexKey: string;
|
|
33
35
|
}
|
|
36
|
+
/**
|
|
37
|
+
* Access mode resolved from rules.
|
|
38
|
+
*
|
|
39
|
+
* rulesから解決されたアクセスモード。
|
|
40
|
+
*/
|
|
41
|
+
export type RulesAccessMode = "none" | "functions" | "direct";
|
|
42
|
+
/**
|
|
43
|
+
* Database token authorization resolved from rules.
|
|
44
|
+
*
|
|
45
|
+
* rulesから解決されたデータベーストークン権限。
|
|
46
|
+
*/
|
|
47
|
+
export type RulesDatabaseTokenAuthorization = "read-only" | "full-access";
|
|
48
|
+
/**
|
|
49
|
+
* Target input for database token rules evaluation.
|
|
50
|
+
*
|
|
51
|
+
* データベーストークンrules評価対象。
|
|
52
|
+
*/
|
|
53
|
+
export interface RulesTokenTargetInput {
|
|
54
|
+
table: string;
|
|
55
|
+
operations: RulesOperationKey[];
|
|
56
|
+
}
|
|
57
|
+
/**
|
|
58
|
+
* Target output for database token rules evaluation.
|
|
59
|
+
*
|
|
60
|
+
* データベーストークンrules評価結果。
|
|
61
|
+
*/
|
|
62
|
+
export interface RulesTokenTargetOutput extends RulesTokenTargetInput {
|
|
63
|
+
readMode?: RulesAccessMode | undefined;
|
|
64
|
+
writeMode?: RulesAccessMode | undefined;
|
|
65
|
+
}
|
|
66
|
+
/**
|
|
67
|
+
* Database token access resolved from rules.
|
|
68
|
+
*
|
|
69
|
+
* rulesから解決されたデータベーストークンアクセス。
|
|
70
|
+
*/
|
|
71
|
+
export interface RulesDatabaseTokenAccess {
|
|
72
|
+
authorization?: RulesDatabaseTokenAuthorization | undefined;
|
|
73
|
+
readMode: RulesAccessMode;
|
|
74
|
+
writeMode: RulesAccessMode;
|
|
75
|
+
scopes: RulesTokenTargetOutput[];
|
|
76
|
+
}
|
|
34
77
|
/**
|
|
35
78
|
* Rules engine.
|
|
36
79
|
*
|
|
@@ -45,6 +88,35 @@ export declare class RulesEngine {
|
|
|
45
88
|
* 指定したパスと操作に対してrulesを評価します。
|
|
46
89
|
*/
|
|
47
90
|
evaluate(input: RulesEvaluationInput): Promise<RulesEvaluationResult>;
|
|
91
|
+
/**
|
|
92
|
+
* Returns true when a table scoped rule requires server evaluation.
|
|
93
|
+
*
|
|
94
|
+
* テーブル配下ルールにサーバー評価が必要な制約がある場合はtrueを返します。
|
|
95
|
+
*/
|
|
96
|
+
hasScopedRestriction({ database, table, operation, }: {
|
|
97
|
+
database: string;
|
|
98
|
+
table: string;
|
|
99
|
+
operation: RulesOperation | RulesOperationKey;
|
|
100
|
+
}): boolean;
|
|
101
|
+
/**
|
|
102
|
+
* Returns true when a table scoped rule explicitly denies access.
|
|
103
|
+
*
|
|
104
|
+
* テーブル配下ルールに明示的なdenyがある場合はtrueを返します。
|
|
105
|
+
*/
|
|
106
|
+
hasScopedDeny({ database, table, operation, }: {
|
|
107
|
+
database: string;
|
|
108
|
+
table: string;
|
|
109
|
+
operation: RulesOperation | RulesOperationKey;
|
|
110
|
+
}): boolean;
|
|
111
|
+
/**
|
|
112
|
+
* Returns true when a database descendant rule requires server evaluation.
|
|
113
|
+
*
|
|
114
|
+
* データベース配下ルールにサーバー評価が必要な制約がある場合はtrueを返します。
|
|
115
|
+
*/
|
|
116
|
+
hasDatabaseScopedRestriction({ database, operation, }: {
|
|
117
|
+
database: string;
|
|
118
|
+
operation: RulesOperation | RulesOperationKey;
|
|
119
|
+
}): boolean;
|
|
48
120
|
}
|
|
49
121
|
/**
|
|
50
122
|
* Build a normalized rules path.
|
|
@@ -52,6 +124,14 @@ export declare class RulesEngine {
|
|
|
52
124
|
* 正規化されたrulesパスを生成します。
|
|
53
125
|
*/
|
|
54
126
|
export declare function buildRulesPath({ database, table, indexKey }: RulesPathArguments): string;
|
|
127
|
+
/**
|
|
128
|
+
* Build a normalized database rules path.
|
|
129
|
+
*
|
|
130
|
+
* 正規化されたデータベースrulesパスを生成します。
|
|
131
|
+
*/
|
|
132
|
+
export declare function buildDatabaseRulesPath({ database }: {
|
|
133
|
+
database: string;
|
|
134
|
+
}): string;
|
|
55
135
|
/**
|
|
56
136
|
* Normalize HTTP method to rules operation.
|
|
57
137
|
*
|
|
@@ -64,6 +144,45 @@ export declare function normalizeHttpMethodToRulesOperation(method: string): Rul
|
|
|
64
144
|
* rules操作エイリアスを正規化します。
|
|
65
145
|
*/
|
|
66
146
|
export declare function normalizeRulesOperation(operation: RulesOperation | RulesOperationKey): RulesOperation;
|
|
147
|
+
/**
|
|
148
|
+
* Expand operation aliases to concrete operations.
|
|
149
|
+
*
|
|
150
|
+
* 操作エイリアスを具体的な操作へ展開します。
|
|
151
|
+
*/
|
|
152
|
+
export declare function expandRulesOperation(operation: RulesOperationKey): RulesOperation[];
|
|
153
|
+
/**
|
|
154
|
+
* Filter token targets by rules.
|
|
155
|
+
*
|
|
156
|
+
* rulesによりトークン対象をフィルタします。
|
|
157
|
+
*/
|
|
158
|
+
export declare function filterAllowedScope({ engine, database, scope, authentication, }: {
|
|
159
|
+
engine: RulesEngine;
|
|
160
|
+
database: string;
|
|
161
|
+
scope: RulesTokenTargetInput[];
|
|
162
|
+
authentication?: WorkersAuthContext | undefined;
|
|
163
|
+
}): Promise<RulesTokenTargetInput[]>;
|
|
164
|
+
/**
|
|
165
|
+
* Resolve database token access from rules.
|
|
166
|
+
*
|
|
167
|
+
* rulesからデータベーストークンアクセスを解決します。
|
|
168
|
+
*/
|
|
169
|
+
export declare function resolveDatabaseTokenAccess({ engine, database, operations, scope, authentication, }: {
|
|
170
|
+
engine: RulesEngine;
|
|
171
|
+
database: string;
|
|
172
|
+
operations?: RulesOperationKey[] | undefined;
|
|
173
|
+
scope?: RulesTokenTargetInput[] | undefined;
|
|
174
|
+
authentication?: WorkersAuthContext | undefined;
|
|
175
|
+
}): Promise<RulesDatabaseTokenAccess | undefined>;
|
|
176
|
+
/**
|
|
177
|
+
* Resolve database token authorization from rules.
|
|
178
|
+
*
|
|
179
|
+
* rulesからデータベーストークン権限を解決します。
|
|
180
|
+
*/
|
|
181
|
+
export declare function resolveDatabaseTokenAuthorization({ engine, database, authentication, }: {
|
|
182
|
+
engine: RulesEngine;
|
|
183
|
+
database: string;
|
|
184
|
+
authentication?: WorkersAuthContext | undefined;
|
|
185
|
+
}): Promise<RulesDatabaseTokenAuthorization | undefined>;
|
|
67
186
|
/**
|
|
68
187
|
* Resolve operation lookup order.
|
|
69
188
|
*
|
|
@@ -2,8 +2,13 @@
|
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.RulesEngine = void 0;
|
|
4
4
|
exports.buildRulesPath = buildRulesPath;
|
|
5
|
+
exports.buildDatabaseRulesPath = buildDatabaseRulesPath;
|
|
5
6
|
exports.normalizeHttpMethodToRulesOperation = normalizeHttpMethodToRulesOperation;
|
|
6
7
|
exports.normalizeRulesOperation = normalizeRulesOperation;
|
|
8
|
+
exports.expandRulesOperation = expandRulesOperation;
|
|
9
|
+
exports.filterAllowedScope = filterAllowedScope;
|
|
10
|
+
exports.resolveDatabaseTokenAccess = resolveDatabaseTokenAccess;
|
|
11
|
+
exports.resolveDatabaseTokenAuthorization = resolveDatabaseTokenAuthorization;
|
|
7
12
|
exports.resolveRulesOperation = resolveRulesOperation;
|
|
8
13
|
const rules_loader_1 = require("./rules_loader");
|
|
9
14
|
const path_matcher_1 = require("./path_matcher");
|
|
@@ -35,21 +40,79 @@ class RulesEngine {
|
|
|
35
40
|
return {
|
|
36
41
|
rulePath: match.rulePath,
|
|
37
42
|
entry: this.config.rules[match.rulePath],
|
|
43
|
+
params: match.params,
|
|
38
44
|
};
|
|
39
45
|
}));
|
|
40
|
-
const
|
|
41
|
-
if (!
|
|
46
|
+
const resolvedAccess = resolveAccessRule(resolved.entry, resolved.params, operation);
|
|
47
|
+
if (!resolvedAccess) {
|
|
42
48
|
return {
|
|
43
49
|
allowed: false,
|
|
44
50
|
rulePath: resolved.rulePath,
|
|
45
51
|
};
|
|
46
52
|
}
|
|
47
53
|
return {
|
|
48
|
-
allowed: await evaluateAccessRule(access, input.authentication, input.fetchDocument),
|
|
54
|
+
allowed: await evaluateAccessRule(resolvedAccess.access, input.authentication, input.fetchDocument, resolvedAccess.params, input.server === true),
|
|
49
55
|
rulePath: resolved.rulePath,
|
|
50
|
-
access,
|
|
56
|
+
access: resolvedAccess.access,
|
|
57
|
+
params: resolvedAccess.params,
|
|
51
58
|
};
|
|
52
59
|
}
|
|
60
|
+
/**
|
|
61
|
+
* Returns true when a table scoped rule requires server evaluation.
|
|
62
|
+
*
|
|
63
|
+
* テーブル配下ルールにサーバー評価が必要な制約がある場合はtrueを返します。
|
|
64
|
+
*/
|
|
65
|
+
hasScopedRestriction({ database, table, operation, }) {
|
|
66
|
+
const normalized = normalizeRulesOperation(operation);
|
|
67
|
+
for (const [rulePath, entry] of Object.entries(this.config.rules)) {
|
|
68
|
+
if (!isRulePathInTableScope(rulePath, database, table)) {
|
|
69
|
+
continue;
|
|
70
|
+
}
|
|
71
|
+
const access = resolveAccessRule(entry, {}, normalized)?.access;
|
|
72
|
+
if (!access || isDirectSafeScopeAccess(access)) {
|
|
73
|
+
continue;
|
|
74
|
+
}
|
|
75
|
+
return true;
|
|
76
|
+
}
|
|
77
|
+
return false;
|
|
78
|
+
}
|
|
79
|
+
/**
|
|
80
|
+
* Returns true when a table scoped rule explicitly denies access.
|
|
81
|
+
*
|
|
82
|
+
* テーブル配下ルールに明示的なdenyがある場合はtrueを返します。
|
|
83
|
+
*/
|
|
84
|
+
hasScopedDeny({ database, table, operation, }) {
|
|
85
|
+
const normalized = normalizeRulesOperation(operation);
|
|
86
|
+
for (const [rulePath, entry] of Object.entries(this.config.rules)) {
|
|
87
|
+
if (!isRulePathInTableScope(rulePath, database, table)) {
|
|
88
|
+
continue;
|
|
89
|
+
}
|
|
90
|
+
const access = resolveAccessRule(entry, {}, normalized)?.access;
|
|
91
|
+
if (access === "deny") {
|
|
92
|
+
return true;
|
|
93
|
+
}
|
|
94
|
+
}
|
|
95
|
+
return false;
|
|
96
|
+
}
|
|
97
|
+
/**
|
|
98
|
+
* Returns true when a database descendant rule requires server evaluation.
|
|
99
|
+
*
|
|
100
|
+
* データベース配下ルールにサーバー評価が必要な制約がある場合はtrueを返します。
|
|
101
|
+
*/
|
|
102
|
+
hasDatabaseScopedRestriction({ database, operation, }) {
|
|
103
|
+
const normalized = normalizeRulesOperation(operation);
|
|
104
|
+
for (const [rulePath, entry] of Object.entries(this.config.rules)) {
|
|
105
|
+
if (!isRulePathInDatabaseScope(rulePath, database)) {
|
|
106
|
+
continue;
|
|
107
|
+
}
|
|
108
|
+
const access = resolveAccessRule(entry, {}, normalized)?.access;
|
|
109
|
+
if (!access || isDirectSafeScopeAccess(access)) {
|
|
110
|
+
continue;
|
|
111
|
+
}
|
|
112
|
+
return true;
|
|
113
|
+
}
|
|
114
|
+
return false;
|
|
115
|
+
}
|
|
53
116
|
}
|
|
54
117
|
exports.RulesEngine = RulesEngine;
|
|
55
118
|
/**
|
|
@@ -61,11 +124,21 @@ function buildRulesPath({ database, table, indexKey }) {
|
|
|
61
124
|
return [
|
|
62
125
|
"database",
|
|
63
126
|
encodeRulesPathSegment(database),
|
|
64
|
-
"table",
|
|
65
127
|
encodeRulesPathSegment(table),
|
|
66
128
|
encodeRulesPathSegment(indexKey),
|
|
67
129
|
].join("/");
|
|
68
130
|
}
|
|
131
|
+
/**
|
|
132
|
+
* Build a normalized database rules path.
|
|
133
|
+
*
|
|
134
|
+
* 正規化されたデータベースrulesパスを生成します。
|
|
135
|
+
*/
|
|
136
|
+
function buildDatabaseRulesPath({ database }) {
|
|
137
|
+
return [
|
|
138
|
+
"database",
|
|
139
|
+
encodeRulesPathSegment(database),
|
|
140
|
+
].join("/");
|
|
141
|
+
}
|
|
69
142
|
/**
|
|
70
143
|
* Normalize HTTP method to rules operation.
|
|
71
144
|
*
|
|
@@ -103,6 +176,157 @@ function normalizeRulesOperation(operation) {
|
|
|
103
176
|
return operation;
|
|
104
177
|
}
|
|
105
178
|
}
|
|
179
|
+
/**
|
|
180
|
+
* Expand operation aliases to concrete operations.
|
|
181
|
+
*
|
|
182
|
+
* 操作エイリアスを具体的な操作へ展開します。
|
|
183
|
+
*/
|
|
184
|
+
function expandRulesOperation(operation) {
|
|
185
|
+
switch (operation) {
|
|
186
|
+
case "read":
|
|
187
|
+
return ["get"];
|
|
188
|
+
case "write":
|
|
189
|
+
return ["create", "update", "delete"];
|
|
190
|
+
case "get":
|
|
191
|
+
case "create":
|
|
192
|
+
case "update":
|
|
193
|
+
case "delete":
|
|
194
|
+
return [operation];
|
|
195
|
+
}
|
|
196
|
+
}
|
|
197
|
+
/**
|
|
198
|
+
* Filter token targets by rules.
|
|
199
|
+
*
|
|
200
|
+
* rulesによりトークン対象をフィルタします。
|
|
201
|
+
*/
|
|
202
|
+
async function filterAllowedScope({ engine, database, scope, authentication, }) {
|
|
203
|
+
const allowed = [];
|
|
204
|
+
for (const item of scope) {
|
|
205
|
+
const operations = [];
|
|
206
|
+
for (const operationKey of item.operations) {
|
|
207
|
+
const expanded = expandRulesOperation(operationKey);
|
|
208
|
+
const results = await Promise.all(expanded.map((operation) => {
|
|
209
|
+
return engine.evaluate({
|
|
210
|
+
path: buildRulesPath({
|
|
211
|
+
database,
|
|
212
|
+
table: item.table,
|
|
213
|
+
indexKey: "*",
|
|
214
|
+
}),
|
|
215
|
+
operation,
|
|
216
|
+
authentication,
|
|
217
|
+
});
|
|
218
|
+
}));
|
|
219
|
+
if (results.every((result) => result.allowed)) {
|
|
220
|
+
operations.push(operationKey);
|
|
221
|
+
}
|
|
222
|
+
}
|
|
223
|
+
if (operations.length > 0) {
|
|
224
|
+
allowed.push({
|
|
225
|
+
table: item.table,
|
|
226
|
+
operations,
|
|
227
|
+
});
|
|
228
|
+
}
|
|
229
|
+
}
|
|
230
|
+
return allowed;
|
|
231
|
+
}
|
|
232
|
+
/**
|
|
233
|
+
* Resolve database token access from rules.
|
|
234
|
+
*
|
|
235
|
+
* rulesからデータベーストークンアクセスを解決します。
|
|
236
|
+
*/
|
|
237
|
+
async function resolveDatabaseTokenAccess({ engine, database, operations, scope = [], authentication, }) {
|
|
238
|
+
const path = buildDatabaseRulesPath({ database });
|
|
239
|
+
const directRead = await engine.evaluate({
|
|
240
|
+
path,
|
|
241
|
+
operation: "read",
|
|
242
|
+
authentication,
|
|
243
|
+
server: false,
|
|
244
|
+
});
|
|
245
|
+
const serverRead = directRead.allowed
|
|
246
|
+
? directRead
|
|
247
|
+
: await engine.evaluate({
|
|
248
|
+
path,
|
|
249
|
+
operation: "read",
|
|
250
|
+
authentication,
|
|
251
|
+
server: true,
|
|
252
|
+
});
|
|
253
|
+
if (!serverRead.allowed) {
|
|
254
|
+
return undefined;
|
|
255
|
+
}
|
|
256
|
+
const directDatabaseWrite = await evaluateDatabaseWrite({
|
|
257
|
+
engine,
|
|
258
|
+
path,
|
|
259
|
+
authentication,
|
|
260
|
+
server: false,
|
|
261
|
+
});
|
|
262
|
+
const serverDatabaseWrite = directDatabaseWrite
|
|
263
|
+
? true
|
|
264
|
+
: await evaluateDatabaseWrite({
|
|
265
|
+
engine,
|
|
266
|
+
path,
|
|
267
|
+
authentication,
|
|
268
|
+
server: true,
|
|
269
|
+
});
|
|
270
|
+
const scopes = await resolveScopeModes({
|
|
271
|
+
engine,
|
|
272
|
+
database,
|
|
273
|
+
scope,
|
|
274
|
+
authentication,
|
|
275
|
+
});
|
|
276
|
+
const readScopes = scopes.filter((item) => requiresRead(item.operations));
|
|
277
|
+
const writeScopes = scopes.filter((item) => requiresWrite(item.operations));
|
|
278
|
+
const requestedOperations = operations ?? [];
|
|
279
|
+
const requestsDatabaseRead = requiresRead(requestedOperations);
|
|
280
|
+
const requestsDatabaseWrite = requiresWrite(requestedOperations);
|
|
281
|
+
const hasTargets = scope.length > 0;
|
|
282
|
+
const restrictedDatabaseRead = !hasTargets && expandRulesOperation("read").some((operation) => {
|
|
283
|
+
return engine.hasDatabaseScopedRestriction({
|
|
284
|
+
database,
|
|
285
|
+
operation,
|
|
286
|
+
});
|
|
287
|
+
});
|
|
288
|
+
const restrictedDatabaseWrite = !hasTargets && expandRulesOperation("write").some((operation) => {
|
|
289
|
+
return engine.hasDatabaseScopedRestriction({
|
|
290
|
+
database,
|
|
291
|
+
operation,
|
|
292
|
+
});
|
|
293
|
+
});
|
|
294
|
+
const databaseReadMode = restrictedDatabaseRead
|
|
295
|
+
? serverRead.allowed ? "functions" : "none"
|
|
296
|
+
: directRead.allowed ? "direct" : "functions";
|
|
297
|
+
const databaseWriteMode = restrictedDatabaseWrite
|
|
298
|
+
? serverDatabaseWrite ? "functions" : "none"
|
|
299
|
+
: directDatabaseWrite ? "direct" : serverDatabaseWrite ? "functions" : "none";
|
|
300
|
+
const readMode = resolveOverallMode(readScopes.map((item) => item.readMode ?? "none"), !hasTargets && (requestedOperations.length === 0 || requestsDatabaseRead)
|
|
301
|
+
? databaseReadMode
|
|
302
|
+
: "none");
|
|
303
|
+
let writeMode = resolveOverallMode(writeScopes.map((item) => item.writeMode ?? "none"), !hasTargets && (requestedOperations.length === 0 || requestsDatabaseWrite)
|
|
304
|
+
? databaseWriteMode
|
|
305
|
+
: "none");
|
|
306
|
+
if (readMode === "functions" && writeMode === "direct") {
|
|
307
|
+
writeMode = serverDatabaseWrite ? "functions" : "none";
|
|
308
|
+
}
|
|
309
|
+
const authorization = resolveTokenAuthorization(readMode, writeMode);
|
|
310
|
+
return {
|
|
311
|
+
authorization,
|
|
312
|
+
readMode,
|
|
313
|
+
writeMode,
|
|
314
|
+
scopes,
|
|
315
|
+
};
|
|
316
|
+
}
|
|
317
|
+
/**
|
|
318
|
+
* Resolve database token authorization from rules.
|
|
319
|
+
*
|
|
320
|
+
* rulesからデータベーストークン権限を解決します。
|
|
321
|
+
*/
|
|
322
|
+
async function resolveDatabaseTokenAuthorization({ engine, database, authentication, }) {
|
|
323
|
+
const access = await resolveDatabaseTokenAccess({
|
|
324
|
+
engine,
|
|
325
|
+
database,
|
|
326
|
+
authentication,
|
|
327
|
+
});
|
|
328
|
+
return access?.authorization;
|
|
329
|
+
}
|
|
106
330
|
/**
|
|
107
331
|
* Resolve operation lookup order.
|
|
108
332
|
*
|
|
@@ -123,6 +347,7 @@ function resolveRulesOperation(operation) {
|
|
|
123
347
|
}
|
|
124
348
|
function resolveInheritedRule(matches) {
|
|
125
349
|
const inherited = {};
|
|
350
|
+
const inheritedParams = {};
|
|
126
351
|
let rulePath = matches[0]?.rulePath ?? "";
|
|
127
352
|
for (const match of [...matches].reverse()) {
|
|
128
353
|
if (!match.entry) {
|
|
@@ -131,23 +356,28 @@ function resolveInheritedRule(matches) {
|
|
|
131
356
|
rulePath = match.rulePath;
|
|
132
357
|
for (const [operation, access] of Object.entries(match.entry)) {
|
|
133
358
|
inherited[operation] = access;
|
|
359
|
+
inheritedParams[operation] = match.params;
|
|
134
360
|
}
|
|
135
361
|
}
|
|
136
362
|
return {
|
|
137
363
|
rulePath,
|
|
138
364
|
entry: inherited,
|
|
365
|
+
params: inheritedParams,
|
|
139
366
|
};
|
|
140
367
|
}
|
|
141
|
-
function resolveAccessRule(entry, operation) {
|
|
368
|
+
function resolveAccessRule(entry, params, operation) {
|
|
142
369
|
for (const operationKey of resolveRulesOperation(operation)) {
|
|
143
370
|
const access = entry[operationKey];
|
|
144
371
|
if (access) {
|
|
145
|
-
return
|
|
372
|
+
return {
|
|
373
|
+
access,
|
|
374
|
+
params: params[operationKey] ?? {},
|
|
375
|
+
};
|
|
146
376
|
}
|
|
147
377
|
}
|
|
148
378
|
return undefined;
|
|
149
379
|
}
|
|
150
|
-
async function evaluateAccessRule(access, authentication, fetchDocument) {
|
|
380
|
+
async function evaluateAccessRule(access, authentication, fetchDocument, params = {}, server = false) {
|
|
151
381
|
switch (access) {
|
|
152
382
|
case "deny":
|
|
153
383
|
return false;
|
|
@@ -155,7 +385,17 @@ async function evaluateAccessRule(access, authentication, fetchDocument) {
|
|
|
155
385
|
return true;
|
|
156
386
|
case "authenticated":
|
|
157
387
|
return !!authentication?.uid;
|
|
158
|
-
|
|
388
|
+
case "server":
|
|
389
|
+
return server;
|
|
390
|
+
default:
|
|
391
|
+
break;
|
|
392
|
+
}
|
|
393
|
+
if ("server" in access && access.server === true && !server) {
|
|
394
|
+
return false;
|
|
395
|
+
}
|
|
396
|
+
switch (access.type) {
|
|
397
|
+
case "field":
|
|
398
|
+
case "fieldMatch": {
|
|
159
399
|
const uid = authentication?.uid;
|
|
160
400
|
if (!uid || !fetchDocument) {
|
|
161
401
|
return false;
|
|
@@ -163,7 +403,159 @@ async function evaluateAccessRule(access, authentication, fetchDocument) {
|
|
|
163
403
|
const document = await fetchDocument();
|
|
164
404
|
return document?.[access.field] === uid;
|
|
165
405
|
}
|
|
406
|
+
case "path": {
|
|
407
|
+
const uid = authentication?.uid;
|
|
408
|
+
return !!uid && params[access.param] === uid;
|
|
409
|
+
}
|
|
410
|
+
}
|
|
411
|
+
}
|
|
412
|
+
async function resolveScopeModes({ engine, database, scope, authentication, }) {
|
|
413
|
+
const resolved = [];
|
|
414
|
+
for (const item of scope) {
|
|
415
|
+
const readMode = requiresRead(item.operations)
|
|
416
|
+
? await resolveScopedOperationMode({
|
|
417
|
+
engine,
|
|
418
|
+
database,
|
|
419
|
+
table: item.table,
|
|
420
|
+
operation: "read",
|
|
421
|
+
authentication,
|
|
422
|
+
})
|
|
423
|
+
: undefined;
|
|
424
|
+
const writeMode = requiresWrite(item.operations)
|
|
425
|
+
? await resolveScopedOperationMode({
|
|
426
|
+
engine,
|
|
427
|
+
database,
|
|
428
|
+
table: item.table,
|
|
429
|
+
operation: "write",
|
|
430
|
+
authentication,
|
|
431
|
+
})
|
|
432
|
+
: undefined;
|
|
433
|
+
resolved.push({
|
|
434
|
+
table: item.table,
|
|
435
|
+
operations: item.operations,
|
|
436
|
+
...(readMode ? { readMode } : {}),
|
|
437
|
+
...(writeMode ? { writeMode } : {}),
|
|
438
|
+
});
|
|
439
|
+
}
|
|
440
|
+
return resolved;
|
|
441
|
+
}
|
|
442
|
+
async function resolveScopedOperationMode({ engine, database, table, operation, authentication, }) {
|
|
443
|
+
const path = buildRulesPath({
|
|
444
|
+
database,
|
|
445
|
+
table,
|
|
446
|
+
indexKey: "*",
|
|
447
|
+
});
|
|
448
|
+
const expanded = expandRulesOperation(operation);
|
|
449
|
+
const direct = await Promise.all(expanded.map((item) => engine.evaluate({
|
|
450
|
+
path,
|
|
451
|
+
operation: item,
|
|
452
|
+
authentication,
|
|
453
|
+
server: false,
|
|
454
|
+
})));
|
|
455
|
+
const directAllowed = direct.every((result) => result.allowed);
|
|
456
|
+
const restricted = expanded.some((item) => engine.hasScopedRestriction({
|
|
457
|
+
database,
|
|
458
|
+
table,
|
|
459
|
+
operation: item,
|
|
460
|
+
}));
|
|
461
|
+
if (directAllowed && !restricted) {
|
|
462
|
+
return "direct";
|
|
463
|
+
}
|
|
464
|
+
const denied = expanded.some((item) => engine.hasScopedDeny({
|
|
465
|
+
database,
|
|
466
|
+
table,
|
|
467
|
+
operation: item,
|
|
468
|
+
}));
|
|
469
|
+
if (restricted && !denied) {
|
|
470
|
+
return "functions";
|
|
471
|
+
}
|
|
472
|
+
const server = await Promise.all(expanded.map((item) => engine.evaluate({
|
|
473
|
+
path,
|
|
474
|
+
operation: item,
|
|
475
|
+
authentication,
|
|
476
|
+
server: true,
|
|
477
|
+
})));
|
|
478
|
+
return server.every((result) => result.allowed) ? "functions" : "none";
|
|
479
|
+
}
|
|
480
|
+
function resolveOverallMode(scopedModes, fallback) {
|
|
481
|
+
if (scopedModes.length === 0) {
|
|
482
|
+
return fallback;
|
|
483
|
+
}
|
|
484
|
+
if (scopedModes.every((mode) => mode === "direct")) {
|
|
485
|
+
return "direct";
|
|
486
|
+
}
|
|
487
|
+
if (scopedModes.some((mode) => mode === "none")) {
|
|
488
|
+
return "none";
|
|
489
|
+
}
|
|
490
|
+
return "functions";
|
|
491
|
+
}
|
|
492
|
+
function resolveTokenAuthorization(readMode, writeMode) {
|
|
493
|
+
if (writeMode === "direct") {
|
|
494
|
+
return "full-access";
|
|
495
|
+
}
|
|
496
|
+
if (readMode === "direct") {
|
|
497
|
+
return "read-only";
|
|
498
|
+
}
|
|
499
|
+
return undefined;
|
|
500
|
+
}
|
|
501
|
+
function requiresRead(operations) {
|
|
502
|
+
return operations.some((operation) => expandRulesOperation(operation).includes("get"));
|
|
503
|
+
}
|
|
504
|
+
function requiresWrite(operations) {
|
|
505
|
+
return operations.some((operation) => {
|
|
506
|
+
const expanded = expandRulesOperation(operation);
|
|
507
|
+
return expanded.includes("create") || expanded.includes("update") || expanded.includes("delete");
|
|
508
|
+
});
|
|
509
|
+
}
|
|
510
|
+
async function evaluateDatabaseWrite({ engine, path, authentication, server, }) {
|
|
511
|
+
const results = await Promise.all(expandRulesOperation("write").map((operation) => {
|
|
512
|
+
return engine.evaluate({
|
|
513
|
+
path,
|
|
514
|
+
operation,
|
|
515
|
+
authentication,
|
|
516
|
+
server,
|
|
517
|
+
});
|
|
518
|
+
}));
|
|
519
|
+
return results.every((result) => result.allowed);
|
|
520
|
+
}
|
|
521
|
+
function isRulePathInTableScope(rulePath, database, table) {
|
|
522
|
+
const segments = splitRulesPath(rulePath);
|
|
523
|
+
if (segments.length <= 2) {
|
|
524
|
+
return false;
|
|
525
|
+
}
|
|
526
|
+
return segmentMatches(segments[0], "database") &&
|
|
527
|
+
segmentMatches(segments[1], database) &&
|
|
528
|
+
segmentMatches(segments[2], table);
|
|
529
|
+
}
|
|
530
|
+
function isRulePathInDatabaseScope(rulePath, database) {
|
|
531
|
+
const segments = splitRulesPath(rulePath);
|
|
532
|
+
if (segments.length <= 2) {
|
|
533
|
+
return false;
|
|
534
|
+
}
|
|
535
|
+
return segmentMatches(segments[0], "database") &&
|
|
536
|
+
segmentMatches(segments[1], database);
|
|
537
|
+
}
|
|
538
|
+
function segmentMatches(ruleSegment, value) {
|
|
539
|
+
if (!ruleSegment) {
|
|
540
|
+
return false;
|
|
541
|
+
}
|
|
542
|
+
if (ruleSegment === "**") {
|
|
543
|
+
return true;
|
|
544
|
+
}
|
|
545
|
+
return ruleSegment === "*" || !!parseNamedPathParam(ruleSegment) || ruleSegment === value;
|
|
546
|
+
}
|
|
547
|
+
function isDirectSafeScopeAccess(access) {
|
|
548
|
+
return access === "allow";
|
|
549
|
+
}
|
|
550
|
+
function splitRulesPath(path) {
|
|
551
|
+
if (path.length === 0 || path.startsWith("/") || path.endsWith("/")) {
|
|
552
|
+
return [];
|
|
166
553
|
}
|
|
554
|
+
return path.split("/");
|
|
555
|
+
}
|
|
556
|
+
function parseNamedPathParam(segment) {
|
|
557
|
+
const match = /^\{([A-Za-z_][A-Za-z0-9_]*)\}$/.exec(segment);
|
|
558
|
+
return match?.[1];
|
|
167
559
|
}
|
|
168
560
|
function encodeRulesPathSegment(segment) {
|
|
169
561
|
if (segment.length === 0 || segment.includes("/")) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"rules_engine.js","sourceRoot":"","sources":["../../../../src/lib/src/rules/rules_engine.ts"],"names":[],"mappings":";;;AAkGA,wCAQC;AAOD,kFAaC;AAOD,0DAYC;AAOD,sDAYC;AAnKD,iDAOwB;AACxB,iDAAoE;AAoCpE;;;;GAIG;AACH,MAAa,WAAW;IACpB,YAAY,MAA6B;QACrC,IAAI,CAAC,MAAM,GAAG,IAAA,8BAAe,EAAC,MAAM,CAAC,CAAC;IAC1C,CAAC;IAEgB,MAAM,CAAc;IAErC;;;;OAIG;IACH,KAAK,CAAC,QAAQ,CAAC,KAA2B;QACtC,MAAM,SAAS,GAAG,uBAAuB,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;QAC3D,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC;aACzC,GAAG,CAAC,CAAC,QAAQ,EAAE,EAAE,CAAC,IAAA,4BAAa,EAAC,QAAQ,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;aACtD,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QACtC,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACvB,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;QAC9B,CAAC;QAED,MAAM,aAAa,GAAG,IAAA,kCAAmB,EAAC,OAAO,CAAC,CAAC;QACnD,MAAM,QAAQ,GAAG,oBAAoB,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE;YAC9D,OAAO;gBACH,QAAQ,EAAE,KAAK,CAAC,QAAQ;gBACxB,KAAK,EAAE,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,QAAQ,CAAC;aAC3C,CAAC;QACN,CAAC,CAAC,CAAC,CAAC;QACJ,MAAM,MAAM,GAAG,iBAAiB,CAAC,QAAQ,CAAC,KAAK,EAAE,SAAS,CAAC,CAAC;QAC5D,IAAI,CAAC,MAAM,EAAE,CAAC;YACV,OAAO;gBACH,OAAO,EAAE,KAAK;gBACd,QAAQ,EAAE,QAAQ,CAAC,QAAQ;aAC9B,CAAC;QACN,CAAC;QACD,OAAO;YACH,OAAO,EAAE,MAAM,kBAAkB,CAAC,MAAM,EAAE,KAAK,CAAC,cAAc,EAAE,KAAK,CAAC,aAAa,CAAC;YACpF,QAAQ,EAAE,QAAQ,CAAC,QAAQ;YAC3B,MAAM;SACT,CAAC;IACN,CAAC;CACJ;AAzCD,kCAyCC;AAED;;;;GAIG;AACH,SAAgB,cAAc,CAAC,EAAE,QAAQ,EAAE,KAAK,EAAE,QAAQ,EAAsB;IAC5E,OAAO;QACH,UAAU;QACV,sBAAsB,CAAC,QAAQ,CAAC;QAChC,OAAO;QACP,sBAAsB,CAAC,KAAK,CAAC;QAC7B,sBAAsB,CAAC,QAAQ,CAAC;KACnC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAChB,CAAC;AAED;;;;GAIG;AACH,SAAgB,mCAAmC,CAAC,MAAc;IAC9D,QAAQ,MAAM,CAAC,WAAW,EAAE,EAAE,CAAC;QAC3B,KAAK,KAAK;YACN,OAAO,KAAK,CAAC;QACjB,KAAK,MAAM;YACP,OAAO,QAAQ,CAAC;QACpB,KAAK,KAAK;YACN,OAAO,QAAQ,CAAC;QACpB,KAAK,QAAQ;YACT,OAAO,QAAQ,CAAC;QACpB;YACI,MAAM,IAAI,KAAK,CAAC,sCAAsC,MAAM,EAAE,CAAC,CAAC;IACxE,CAAC;AACL,CAAC;AAED;;;;GAIG;AACH,SAAgB,uBAAuB,CAAC,SAA6C;IACjF,QAAQ,SAAS,EAAE,CAAC;QAChB,KAAK,MAAM;YACP,OAAO,KAAK,CAAC;QACjB,KAAK,OAAO;YACR,OAAO,QAAQ,CAAC;QACpB,KAAK,KAAK,CAAC;QACX,KAAK,QAAQ,CAAC;QACd,KAAK,QAAQ,CAAC;QACd,KAAK,QAAQ;YACT,OAAO,SAAS,CAAC;IACzB,CAAC;AACL,CAAC;AAED;;;;GAIG;AACH,SAAgB,qBAAqB,CAAC,SAA6C;IAC/E,MAAM,UAAU,GAAG,uBAAuB,CAAC,SAAS,CAAC,CAAC;IACtD,QAAQ,UAAU,EAAE,CAAC;QACjB,KAAK,KAAK;YACN,OAAO,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;QAC3B,KAAK,QAAQ;YACT,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAC/B,KAAK,QAAQ;YACT,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAC/B,KAAK,QAAQ;YACT,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IACnC,CAAC;AACL,CAAC;AAED,SAAS,oBAAoB,CACzB,OAA8D;IAE9D,MAAM,SAAS,GAAe,EAAE,CAAC;IACjC,IAAI,QAAQ,GAAG,OAAO,CAAC,CAAC,CAAC,EAAE,QAAQ,IAAI,EAAE,CAAC;IAC1C,KAAK,MAAM,KAAK,IAAI,CAAC,GAAG,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC;QACzC,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;YACf,SAAS;QACb,CAAC;QACD,QAAQ,GAAG,KAAK,CAAC,QAAQ,CAAC;QAC1B,KAAK,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;YAC5D,SAAS,CAAC,SAA8B,CAAC,GAAG,MAAM,CAAC;QACvD,CAAC;IACL,CAAC;IACD,OAAO;QACH,QAAQ;QACR,KAAK,EAAE,SAAS;KACnB,CAAC;AACN,CAAC;AAED,SAAS,iBAAiB,CAAC,KAAiB,EAAE,SAAyB;IACnE,KAAK,MAAM,YAAY,IAAI,qBAAqB,CAAC,SAAS,CAAC,EAAE,CAAC;QAC1D,MAAM,MAAM,GAAG,KAAK,CAAC,YAAY,CAAC,CAAC;QACnC,IAAI,MAAM,EAAE,CAAC;YACT,OAAO,MAAM,CAAC;QAClB,CAAC;IACL,CAAC;IACD,OAAO,SAAS,CAAC;AACrB,CAAC;AAED,KAAK,UAAU,kBAAkB,CAC7B,MAAuB,EACvB,cAA+C,EAC/C,aAAuF;IAEvF,QAAQ,MAAM,EAAE,CAAC;QACb,KAAK,MAAM;YACP,OAAO,KAAK,CAAC;QACjB,KAAK,OAAO;YACR,OAAO,IAAI,CAAC;QAChB,KAAK,eAAe;YAChB,OAAO,CAAC,CAAC,cAAc,EAAE,GAAG,CAAC;QACjC,OAAO,CAAC,CAAC,CAAC;YACN,MAAM,GAAG,GAAG,cAAc,EAAE,GAAG,CAAC;YAChC,IAAI,CAAC,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;gBACzB,OAAO,KAAK,CAAC;YACjB,CAAC;YACD,MAAM,QAAQ,GAAG,MAAM,aAAa,EAAE,CAAC;YACvC,OAAO,QAAQ,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,GAAG,CAAC;QAC5C,CAAC;IACL,CAAC;AACL,CAAC;AAED,SAAS,sBAAsB,CAAC,OAAe;IAC3C,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QAChD,MAAM,IAAI,KAAK,CAAC,+BAA+B,OAAO,EAAE,CAAC,CAAC;IAC9D,CAAC;IACD,OAAO,OAAO,CAAC;AACnB,CAAC"}
|
|
1
|
+
{"version":3,"file":"rules_engine.js","sourceRoot":"","sources":["../../../../src/lib/src/rules/rules_engine.ts"],"names":[],"mappings":";;;AA2OA,wCAOC;AAOD,wDAKC;AAOD,kFAaC;AAOD,0DAYC;AAOD,oDAYC;AAOD,gDAuCC;AAOD,gEAiGC;AAOD,8EAeC;AAOD,sDAYC;AAtfD,iDAOwB;AACxB,iDAAoE;AAoFpE;;;;GAIG;AACH,MAAa,WAAW;IACpB,YAAY,MAA6B;QACrC,IAAI,CAAC,MAAM,GAAG,IAAA,8BAAe,EAAC,MAAM,CAAC,CAAC;IAC1C,CAAC;IAEgB,MAAM,CAAc;IAErC;;;;OAIG;IACH,KAAK,CAAC,QAAQ,CAAC,KAA2B;QACtC,MAAM,SAAS,GAAG,uBAAuB,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;QAC3D,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC;aACzC,GAAG,CAAC,CAAC,QAAQ,EAAE,EAAE,CAAC,IAAA,4BAAa,EAAC,QAAQ,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;aACtD,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QACtC,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACvB,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;QAC9B,CAAC;QAED,MAAM,aAAa,GAAG,IAAA,kCAAmB,EAAC,OAAO,CAAC,CAAC;QACnD,MAAM,QAAQ,GAAG,oBAAoB,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE;YAC9D,OAAO;gBACH,QAAQ,EAAE,KAAK,CAAC,QAAQ;gBACxB,KAAK,EAAE,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,QAAQ,CAAC;gBACxC,MAAM,EAAE,KAAK,CAAC,MAAM;aACvB,CAAC;QACN,CAAC,CAAC,CAAC,CAAC;QACJ,MAAM,cAAc,GAAG,iBAAiB,CAAC,QAAQ,CAAC,KAAK,EAAE,QAAQ,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;QACrF,IAAI,CAAC,cAAc,EAAE,CAAC;YAClB,OAAO;gBACH,OAAO,EAAE,KAAK;gBACd,QAAQ,EAAE,QAAQ,CAAC,QAAQ;aAC9B,CAAC;QACN,CAAC;QACD,OAAO;YACH,OAAO,EAAE,MAAM,kBAAkB,CAC7B,cAAc,CAAC,MAAM,EACrB,KAAK,CAAC,cAAc,EACpB,KAAK,CAAC,aAAa,EACnB,cAAc,CAAC,MAAM,EACrB,KAAK,CAAC,MAAM,KAAK,IAAI,CACxB;YACD,QAAQ,EAAE,QAAQ,CAAC,QAAQ;YAC3B,MAAM,EAAE,cAAc,CAAC,MAAM;YAC7B,MAAM,EAAE,cAAc,CAAC,MAAM;SAChC,CAAC;IACN,CAAC;IAED;;;;OAIG;IACH,oBAAoB,CAAC,EACjB,QAAQ,EACR,KAAK,EACL,SAAS,GAKZ;QACG,MAAM,UAAU,GAAG,uBAAuB,CAAC,SAAS,CAAC,CAAC;QACtD,KAAK,MAAM,CAAC,QAAQ,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;YAChE,IAAI,CAAC,sBAAsB,CAAC,QAAQ,EAAE,QAAQ,EAAE,KAAK,CAAC,EAAE,CAAC;gBACrD,SAAS;YACb,CAAC;YACD,MAAM,MAAM,GAAG,iBAAiB,CAAC,KAAK,EAAE,EAAE,EAAE,UAAU,CAAC,EAAE,MAAM,CAAC;YAChE,IAAI,CAAC,MAAM,IAAI,uBAAuB,CAAC,MAAM,CAAC,EAAE,CAAC;gBAC7C,SAAS;YACb,CAAC;YACD,OAAO,IAAI,CAAC;QAChB,CAAC;QACD,OAAO,KAAK,CAAC;IACjB,CAAC;IAED;;;;OAIG;IACH,aAAa,CAAC,EACV,QAAQ,EACR,KAAK,EACL,SAAS,GAKZ;QACG,MAAM,UAAU,GAAG,uBAAuB,CAAC,SAAS,CAAC,CAAC;QACtD,KAAK,MAAM,CAAC,QAAQ,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;YAChE,IAAI,CAAC,sBAAsB,CAAC,QAAQ,EAAE,QAAQ,EAAE,KAAK,CAAC,EAAE,CAAC;gBACrD,SAAS;YACb,CAAC;YACD,MAAM,MAAM,GAAG,iBAAiB,CAAC,KAAK,EAAE,EAAE,EAAE,UAAU,CAAC,EAAE,MAAM,CAAC;YAChE,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;gBACpB,OAAO,IAAI,CAAC;YAChB,CAAC;QACL,CAAC;QACD,OAAO,KAAK,CAAC;IACjB,CAAC;IAED;;;;OAIG;IACH,4BAA4B,CAAC,EACzB,QAAQ,EACR,SAAS,GAIZ;QACG,MAAM,UAAU,GAAG,uBAAuB,CAAC,SAAS,CAAC,CAAC;QACtD,KAAK,MAAM,CAAC,QAAQ,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;YAChE,IAAI,CAAC,yBAAyB,CAAC,QAAQ,EAAE,QAAQ,CAAC,EAAE,CAAC;gBACjD,SAAS;YACb,CAAC;YACD,MAAM,MAAM,GAAG,iBAAiB,CAAC,KAAK,EAAE,EAAE,EAAE,UAAU,CAAC,EAAE,MAAM,CAAC;YAChE,IAAI,CAAC,MAAM,IAAI,uBAAuB,CAAC,MAAM,CAAC,EAAE,CAAC;gBAC7C,SAAS;YACb,CAAC;YACD,OAAO,IAAI,CAAC;QAChB,CAAC;QACD,OAAO,KAAK,CAAC;IACjB,CAAC;CACJ;AAlID,kCAkIC;AAED;;;;GAIG;AACH,SAAgB,cAAc,CAAC,EAAE,QAAQ,EAAE,KAAK,EAAE,QAAQ,EAAsB;IAC5E,OAAO;QACH,UAAU;QACV,sBAAsB,CAAC,QAAQ,CAAC;QAChC,sBAAsB,CAAC,KAAK,CAAC;QAC7B,sBAAsB,CAAC,QAAQ,CAAC;KACnC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAChB,CAAC;AAED;;;;GAIG;AACH,SAAgB,sBAAsB,CAAC,EAAE,QAAQ,EAAwB;IACrE,OAAO;QACH,UAAU;QACV,sBAAsB,CAAC,QAAQ,CAAC;KACnC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAChB,CAAC;AAED;;;;GAIG;AACH,SAAgB,mCAAmC,CAAC,MAAc;IAC9D,QAAQ,MAAM,CAAC,WAAW,EAAE,EAAE,CAAC;QAC3B,KAAK,KAAK;YACN,OAAO,KAAK,CAAC;QACjB,KAAK,MAAM;YACP,OAAO,QAAQ,CAAC;QACpB,KAAK,KAAK;YACN,OAAO,QAAQ,CAAC;QACpB,KAAK,QAAQ;YACT,OAAO,QAAQ,CAAC;QACpB;YACI,MAAM,IAAI,KAAK,CAAC,sCAAsC,MAAM,EAAE,CAAC,CAAC;IACxE,CAAC;AACL,CAAC;AAED;;;;GAIG;AACH,SAAgB,uBAAuB,CAAC,SAA6C;IACjF,QAAQ,SAAS,EAAE,CAAC;QAChB,KAAK,MAAM;YACP,OAAO,KAAK,CAAC;QACjB,KAAK,OAAO;YACR,OAAO,QAAQ,CAAC;QACpB,KAAK,KAAK,CAAC;QACX,KAAK,QAAQ,CAAC;QACd,KAAK,QAAQ,CAAC;QACd,KAAK,QAAQ;YACT,OAAO,SAAS,CAAC;IACzB,CAAC;AACL,CAAC;AAED;;;;GAIG;AACH,SAAgB,oBAAoB,CAAC,SAA4B;IAC7D,QAAQ,SAAS,EAAE,CAAC;QAChB,KAAK,MAAM;YACP,OAAO,CAAC,KAAK,CAAC,CAAC;QACnB,KAAK,OAAO;YACR,OAAO,CAAC,QAAQ,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC;QAC1C,KAAK,KAAK,CAAC;QACX,KAAK,QAAQ,CAAC;QACd,KAAK,QAAQ,CAAC;QACd,KAAK,QAAQ;YACT,OAAO,CAAC,SAAS,CAAC,CAAC;IAC3B,CAAC;AACL,CAAC;AAED;;;;GAIG;AACI,KAAK,UAAU,kBAAkB,CAAC,EACrC,MAAM,EACN,QAAQ,EACR,KAAK,EACL,cAAc,GAMjB;IACG,MAAM,OAAO,GAA4B,EAAE,CAAC;IAC5C,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACvB,MAAM,UAAU,GAAwB,EAAE,CAAC;QAC3C,KAAK,MAAM,YAAY,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;YACzC,MAAM,QAAQ,GAAG,oBAAoB,CAAC,YAAY,CAAC,CAAC;YACpD,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,SAAS,EAAE,EAAE;gBACzD,OAAO,MAAM,CAAC,QAAQ,CAAC;oBACnB,IAAI,EAAE,cAAc,CAAC;wBACjB,QAAQ;wBACR,KAAK,EAAE,IAAI,CAAC,KAAK;wBACjB,QAAQ,EAAE,GAAG;qBAChB,CAAC;oBACF,SAAS;oBACT,cAAc;iBACjB,CAAC,CAAC;YACP,CAAC,CAAC,CAAC,CAAC;YACJ,IAAI,OAAO,CAAC,KAAK,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC5C,UAAU,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;YAClC,CAAC;QACL,CAAC;QACD,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACxB,OAAO,CAAC,IAAI,CAAC;gBACT,KAAK,EAAE,IAAI,CAAC,KAAK;gBACjB,UAAU;aACb,CAAC,CAAC;QACP,CAAC;IACL,CAAC;IACD,OAAO,OAAO,CAAC;AACnB,CAAC;AAED;;;;GAIG;AACI,KAAK,UAAU,0BAA0B,CAAC,EAC7C,MAAM,EACN,QAAQ,EACR,UAAU,EACV,KAAK,GAAG,EAAE,EACV,cAAc,GAOjB;IACG,MAAM,IAAI,GAAG,sBAAsB,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAC;IAClD,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,QAAQ,CAAC;QACrC,IAAI;QACJ,SAAS,EAAE,MAAM;QACjB,cAAc;QACd,MAAM,EAAE,KAAK;KAChB,CAAC,CAAC;IACH,MAAM,UAAU,GAAG,UAAU,CAAC,OAAO;QACjC,CAAC,CAAC,UAAU;QACZ,CAAC,CAAC,MAAM,MAAM,CAAC,QAAQ,CAAC;YACpB,IAAI;YACJ,SAAS,EAAE,MAAM;YACjB,cAAc;YACd,MAAM,EAAE,IAAI;SACf,CAAC,CAAC;IACP,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC;QACtB,OAAO,SAAS,CAAC;IACrB,CAAC;IACD,MAAM,mBAAmB,GAAG,MAAM,qBAAqB,CAAC;QACpD,MAAM;QACN,IAAI;QACJ,cAAc;QACd,MAAM,EAAE,KAAK;KAChB,CAAC,CAAC;IACH,MAAM,mBAAmB,GAAG,mBAAmB;QAC3C,CAAC,CAAC,IAAI;QACN,CAAC,CAAC,MAAM,qBAAqB,CAAC;YAC1B,MAAM;YACN,IAAI;YACJ,cAAc;YACd,MAAM,EAAE,IAAI;SACf,CAAC,CAAC;IACP,MAAM,MAAM,GAAG,MAAM,iBAAiB,CAAC;QACnC,MAAM;QACN,QAAQ;QACR,KAAK;QACL,cAAc;KACjB,CAAC,CAAC;IACH,MAAM,UAAU,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC;IAC1E,MAAM,WAAW,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC;IAC5E,MAAM,mBAAmB,GAAG,UAAU,IAAI,EAAE,CAAC;IAC7C,MAAM,oBAAoB,GAAG,YAAY,CAAC,mBAAmB,CAAC,CAAC;IAC/D,MAAM,qBAAqB,GAAG,aAAa,CAAC,mBAAmB,CAAC,CAAC;IACjE,MAAM,UAAU,GAAG,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC;IACpC,MAAM,sBAAsB,GAAG,CAAC,UAAU,IAAI,oBAAoB,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,SAAS,EAAE,EAAE;QAC1F,OAAO,MAAM,CAAC,4BAA4B,CAAC;YACvC,QAAQ;YACR,SAAS;SACZ,CAAC,CAAC;IACP,CAAC,CAAC,CAAC;IACH,MAAM,uBAAuB,GAAG,CAAC,UAAU,IAAI,oBAAoB,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,CAAC,SAAS,EAAE,EAAE;QAC5F,OAAO,MAAM,CAAC,4BAA4B,CAAC;YACvC,QAAQ;YACR,SAAS;SACZ,CAAC,CAAC;IACP,CAAC,CAAC,CAAC;IACH,MAAM,gBAAgB,GAAG,sBAAsB;QAC3C,CAAC,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,MAAM;QAC3C,CAAC,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,WAAW,CAAC;IAClD,MAAM,iBAAiB,GAAG,uBAAuB;QAC7C,CAAC,CAAC,mBAAmB,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,MAAM;QAC5C,CAAC,CAAC,mBAAmB,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,mBAAmB,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,MAAM,CAAC;IAClF,MAAM,QAAQ,GAAG,kBAAkB,CAC/B,UAAU,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,IAAI,MAAM,CAAC,EACjD,CAAC,UAAU,IAAI,CAAC,mBAAmB,CAAC,MAAM,KAAK,CAAC,IAAI,oBAAoB,CAAC;QACrE,CAAC,CAAC,gBAAgB;QAClB,CAAC,CAAC,MAAM,CACf,CAAC;IACF,IAAI,SAAS,GAAG,kBAAkB,CAC9B,WAAW,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,SAAS,IAAI,MAAM,CAAC,EACnD,CAAC,UAAU,IAAI,CAAC,mBAAmB,CAAC,MAAM,KAAK,CAAC,IAAI,qBAAqB,CAAC;QACtE,CAAC,CAAC,iBAAiB;QACnB,CAAC,CAAC,MAAM,CACf,CAAC;IACF,IAAI,QAAQ,KAAK,WAAW,IAAI,SAAS,KAAK,QAAQ,EAAE,CAAC;QACrD,SAAS,GAAG,mBAAmB,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,MAAM,CAAC;IAC3D,CAAC;IACD,MAAM,aAAa,GAAG,yBAAyB,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;IACrE,OAAO;QACH,aAAa;QACb,QAAQ;QACR,SAAS;QACT,MAAM;KACT,CAAC;AACN,CAAC;AAED;;;;GAIG;AACI,KAAK,UAAU,iCAAiC,CAAC,EACpD,MAAM,EACN,QAAQ,EACR,cAAc,GAKjB;IACG,MAAM,MAAM,GAAG,MAAM,0BAA0B,CAAC;QAC5C,MAAM;QACN,QAAQ;QACR,cAAc;KACjB,CAAC,CAAC;IACH,OAAO,MAAM,EAAE,aAAa,CAAC;AACjC,CAAC;AAED;;;;GAIG;AACH,SAAgB,qBAAqB,CAAC,SAA6C;IAC/E,MAAM,UAAU,GAAG,uBAAuB,CAAC,SAAS,CAAC,CAAC;IACtD,QAAQ,UAAU,EAAE,CAAC;QACjB,KAAK,KAAK;YACN,OAAO,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;QAC3B,KAAK,QAAQ;YACT,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAC/B,KAAK,QAAQ;YACT,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAC/B,KAAK,QAAQ;YACT,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IACnC,CAAC;AACL,CAAC;AAED,SAAS,oBAAoB,CACzB,OAIG;IAMH,MAAM,SAAS,GAAe,EAAE,CAAC;IACjC,MAAM,eAAe,GAA+D,EAAE,CAAC;IACvF,IAAI,QAAQ,GAAG,OAAO,CAAC,CAAC,CAAC,EAAE,QAAQ,IAAI,EAAE,CAAC;IAC1C,KAAK,MAAM,KAAK,IAAI,CAAC,GAAG,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC;QACzC,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;YACf,SAAS;QACb,CAAC;QACD,QAAQ,GAAG,KAAK,CAAC,QAAQ,CAAC;QAC1B,KAAK,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;YAC5D,SAAS,CAAC,SAA8B,CAAC,GAAG,MAAM,CAAC;YACnD,eAAe,CAAC,SAA8B,CAAC,GAAG,KAAK,CAAC,MAAM,CAAC;QACnE,CAAC;IACL,CAAC;IACD,OAAO;QACH,QAAQ;QACR,KAAK,EAAE,SAAS;QAChB,MAAM,EAAE,eAAe;KAC1B,CAAC;AACN,CAAC;AAED,SAAS,iBAAiB,CACtB,KAAiB,EACjB,MAAkE,EAClE,SAAyB;IAKzB,KAAK,MAAM,YAAY,IAAI,qBAAqB,CAAC,SAAS,CAAC,EAAE,CAAC;QAC1D,MAAM,MAAM,GAAG,KAAK,CAAC,YAAY,CAAC,CAAC;QACnC,IAAI,MAAM,EAAE,CAAC;YACT,OAAO;gBACH,MAAM;gBACN,MAAM,EAAE,MAAM,CAAC,YAAY,CAAC,IAAI,EAAE;aACrC,CAAC;QACN,CAAC;IACL,CAAC;IACD,OAAO,SAAS,CAAC;AACrB,CAAC;AAED,KAAK,UAAU,kBAAkB,CAC7B,MAAuB,EACvB,cAA+C,EAC/C,aAAuF,EACvF,SAAiC,EAAE,EACnC,MAAM,GAAG,KAAK;IAEd,QAAQ,MAAM,EAAE,CAAC;QACb,KAAK,MAAM;YACP,OAAO,KAAK,CAAC;QACjB,KAAK,OAAO;YACR,OAAO,IAAI,CAAC;QAChB,KAAK,eAAe;YAChB,OAAO,CAAC,CAAC,cAAc,EAAE,GAAG,CAAC;QACjC,KAAK,QAAQ;YACT,OAAO,MAAM,CAAC;QAClB;YACI,MAAM;IACd,CAAC;IACD,IAAI,QAAQ,IAAI,MAAM,IAAI,MAAM,CAAC,MAAM,KAAK,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;QAC1D,OAAO,KAAK,CAAC;IACjB,CAAC;IACD,QAAQ,MAAM,CAAC,IAAI,EAAE,CAAC;QAClB,KAAK,OAAO,CAAC;QACb,KAAK,YAAY,CAAC,CAAC,CAAC;YAChB,MAAM,GAAG,GAAG,cAAc,EAAE,GAAG,CAAC;YAChC,IAAI,CAAC,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;gBACzB,OAAO,KAAK,CAAC;YACjB,CAAC;YACD,MAAM,QAAQ,GAAG,MAAM,aAAa,EAAE,CAAC;YACvC,OAAO,QAAQ,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,GAAG,CAAC;QAC5C,CAAC;QACD,KAAK,MAAM,CAAC,CAAC,CAAC;YACV,MAAM,GAAG,GAAG,cAAc,EAAE,GAAG,CAAC;YAChC,OAAO,CAAC,CAAC,GAAG,IAAI,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,GAAG,CAAC;QACjD,CAAC;IACL,CAAC;AACL,CAAC;AAED,KAAK,UAAU,iBAAiB,CAAC,EAC7B,MAAM,EACN,QAAQ,EACR,KAAK,EACL,cAAc,GAMjB;IACG,MAAM,QAAQ,GAA6B,EAAE,CAAC;IAC9C,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACvB,MAAM,QAAQ,GAAG,YAAY,CAAC,IAAI,CAAC,UAAU,CAAC;YAC1C,CAAC,CAAC,MAAM,0BAA0B,CAAC;gBAC/B,MAAM;gBACN,QAAQ;gBACR,KAAK,EAAE,IAAI,CAAC,KAAK;gBACjB,SAAS,EAAE,MAAM;gBACjB,cAAc;aACjB,CAAC;YACF,CAAC,CAAC,SAAS,CAAC;QAChB,MAAM,SAAS,GAAG,aAAa,CAAC,IAAI,CAAC,UAAU,CAAC;YAC5C,CAAC,CAAC,MAAM,0BAA0B,CAAC;gBAC/B,MAAM;gBACN,QAAQ;gBACR,KAAK,EAAE,IAAI,CAAC,KAAK;gBACjB,SAAS,EAAE,OAAO;gBAClB,cAAc;aACjB,CAAC;YACF,CAAC,CAAC,SAAS,CAAC;QAChB,QAAQ,CAAC,IAAI,CAAC;YACV,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACjC,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACtC,CAAC,CAAC;IACP,CAAC;IACD,OAAO,QAAQ,CAAC;AACpB,CAAC;AAED,KAAK,UAAU,0BAA0B,CAAC,EACtC,MAAM,EACN,QAAQ,EACR,KAAK,EACL,SAAS,EACT,cAAc,GAOjB;IACG,MAAM,IAAI,GAAG,cAAc,CAAC;QACxB,QAAQ;QACR,KAAK;QACL,QAAQ,EAAE,GAAG;KAChB,CAAC,CAAC;IACH,MAAM,QAAQ,GAAG,oBAAoB,CAAC,SAAS,CAAC,CAAC;IACjD,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC;QACpE,IAAI;QACJ,SAAS,EAAE,IAAI;QACf,cAAc;QACd,MAAM,EAAE,KAAK;KAChB,CAAC,CAAC,CAAC,CAAC;IACL,MAAM,aAAa,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAC/D,MAAM,UAAU,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,MAAM,CAAC,oBAAoB,CAAC;QACnE,QAAQ;QACR,KAAK;QACL,SAAS,EAAE,IAAI;KAClB,CAAC,CAAC,CAAC;IACJ,IAAI,aAAa,IAAI,CAAC,UAAU,EAAE,CAAC;QAC/B,OAAO,QAAQ,CAAC;IACpB,CAAC;IACD,MAAM,MAAM,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,MAAM,CAAC,aAAa,CAAC;QACxD,QAAQ;QACR,KAAK;QACL,SAAS,EAAE,IAAI;KAClB,CAAC,CAAC,CAAC;IACJ,IAAI,UAAU,IAAI,CAAC,MAAM,EAAE,CAAC;QACxB,OAAO,WAAW,CAAC;IACvB,CAAC;IACD,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC;QACpE,IAAI;QACJ,SAAS,EAAE,IAAI;QACf,cAAc;QACd,MAAM,EAAE,IAAI;KACf,CAAC,CAAC,CAAC,CAAC;IACL,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,MAAM,CAAC;AAC3E,CAAC;AAED,SAAS,kBAAkB,CACvB,WAA8B,EAC9B,QAAyB;IAEzB,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC3B,OAAO,QAAQ,CAAC;IACpB,CAAC;IACD,IAAI,WAAW,CAAC,KAAK,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,KAAK,QAAQ,CAAC,EAAE,CAAC;QACjD,OAAO,QAAQ,CAAC;IACpB,CAAC;IACD,IAAI,WAAW,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,KAAK,MAAM,CAAC,EAAE,CAAC;QAC9C,OAAO,MAAM,CAAC;IAClB,CAAC;IACD,OAAO,WAAW,CAAC;AACvB,CAAC;AAED,SAAS,yBAAyB,CAC9B,QAAyB,EACzB,SAA0B;IAE1B,IAAI,SAAS,KAAK,QAAQ,EAAE,CAAC;QACzB,OAAO,aAAa,CAAC;IACzB,CAAC;IACD,IAAI,QAAQ,KAAK,QAAQ,EAAE,CAAC;QACxB,OAAO,WAAW,CAAC;IACvB,CAAC;IACD,OAAO,SAAS,CAAC;AACrB,CAAC;AAED,SAAS,YAAY,CAAC,UAA+B;IACjD,OAAO,UAAU,CAAC,IAAI,CAAC,CAAC,SAAS,EAAE,EAAE,CAAC,oBAAoB,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC;AAC3F,CAAC;AAED,SAAS,aAAa,CAAC,UAA+B;IAClD,OAAO,UAAU,CAAC,IAAI,CAAC,CAAC,SAAS,EAAE,EAAE;QACjC,MAAM,QAAQ,GAAG,oBAAoB,CAAC,SAAS,CAAC,CAAC;QACjD,OAAO,QAAQ,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IACrG,CAAC,CAAC,CAAC;AACP,CAAC;AAED,KAAK,UAAU,qBAAqB,CAAC,EACjC,MAAM,EACN,IAAI,EACJ,cAAc,EACd,MAAM,GAMT;IACG,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,GAAG,CAC7B,oBAAoB,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,CAAC,SAAS,EAAE,EAAE;QAC5C,OAAO,MAAM,CAAC,QAAQ,CAAC;YACnB,IAAI;YACJ,SAAS;YACT,cAAc;YACd,MAAM;SACT,CAAC,CAAC;IACP,CAAC,CAAC,CACL,CAAC;IACF,OAAO,OAAO,CAAC,KAAK,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;AACrD,CAAC;AAED,SAAS,sBAAsB,CAC3B,QAAgB,EAChB,QAAgB,EAChB,KAAa;IAEb,MAAM,QAAQ,GAAG,cAAc,CAAC,QAAQ,CAAC,CAAC;IAC1C,IAAI,QAAQ,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;QACvB,OAAO,KAAK,CAAC;IACjB,CAAC;IACD,OAAO,cAAc,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,UAAU,CAAC;QAC1C,cAAc,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,QAAQ,CAAC;QACrC,cAAc,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;AAC3C,CAAC;AAED,SAAS,yBAAyB,CAC9B,QAAgB,EAChB,QAAgB;IAEhB,MAAM,QAAQ,GAAG,cAAc,CAAC,QAAQ,CAAC,CAAC;IAC1C,IAAI,QAAQ,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;QACvB,OAAO,KAAK,CAAC;IACjB,CAAC;IACD,OAAO,cAAc,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,UAAU,CAAC;QAC1C,cAAc,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;AAC9C,CAAC;AAED,SAAS,cAAc,CAAC,WAA+B,EAAE,KAAa;IAClE,IAAI,CAAC,WAAW,EAAE,CAAC;QACf,OAAO,KAAK,CAAC;IACjB,CAAC;IACD,IAAI,WAAW,KAAK,IAAI,EAAE,CAAC;QACvB,OAAO,IAAI,CAAC;IAChB,CAAC;IACD,OAAO,WAAW,KAAK,GAAG,IAAI,CAAC,CAAC,mBAAmB,CAAC,WAAW,CAAC,IAAI,WAAW,KAAK,KAAK,CAAC;AAC9F,CAAC;AAED,SAAS,uBAAuB,CAAC,MAAuB;IACpD,OAAO,MAAM,KAAK,OAAO,CAAC;AAC9B,CAAC;AAED,SAAS,cAAc,CAAC,IAAY;IAChC,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,IAAI,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QAClE,OAAO,EAAE,CAAC;IACd,CAAC;IACD,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;AAC3B,CAAC;AAED,SAAS,mBAAmB,CAAC,OAAe;IACxC,MAAM,KAAK,GAAG,gCAAgC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAC7D,OAAO,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC;AACtB,CAAC;AAED,SAAS,sBAAsB,CAAC,OAAe;IAC3C,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QAChD,MAAM,IAAI,KAAK,CAAC,+BAA+B,OAAO,EAAE,CAAC,CAAC;IAC9D,CAAC;IACD,OAAO,OAAO,CAAC;AACnB,CAAC"}
|
|
@@ -21,7 +21,7 @@ export type RulesOperationKey = RulesOperation | RulesOperationAlias;
|
|
|
21
21
|
*
|
|
22
22
|
* 操作に対するアクセスルール。
|
|
23
23
|
*/
|
|
24
|
-
export type RulesAccessRule = "deny" | "allow" | "authenticated" | RulesFieldMatchAccessRule;
|
|
24
|
+
export type RulesAccessRule = "deny" | "allow" | "authenticated" | "server" | RulesFieldMatchAccessRule | RulesFieldAccessRule | RulesPathAccessRule;
|
|
25
25
|
/**
|
|
26
26
|
* Field match access rule.
|
|
27
27
|
*
|
|
@@ -31,6 +31,26 @@ export interface RulesFieldMatchAccessRule {
|
|
|
31
31
|
type: "fieldMatch";
|
|
32
32
|
field: string;
|
|
33
33
|
}
|
|
34
|
+
/**
|
|
35
|
+
* Field match access rule.
|
|
36
|
+
*
|
|
37
|
+
* フィールド一致アクセスルール。
|
|
38
|
+
*/
|
|
39
|
+
export interface RulesFieldAccessRule {
|
|
40
|
+
type: "field";
|
|
41
|
+
field: string;
|
|
42
|
+
server?: boolean | undefined;
|
|
43
|
+
}
|
|
44
|
+
/**
|
|
45
|
+
* Path parameter access rule.
|
|
46
|
+
*
|
|
47
|
+
* パスパラメーター一致アクセスルール。
|
|
48
|
+
*/
|
|
49
|
+
export interface RulesPathAccessRule {
|
|
50
|
+
type: "path";
|
|
51
|
+
param: string;
|
|
52
|
+
server?: boolean | undefined;
|
|
53
|
+
}
|
|
34
54
|
/**
|
|
35
55
|
* Rule entry for a matched path.
|
|
36
56
|
*
|
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.loadRulesConfig = loadRulesConfig;
|
|
4
4
|
exports.validateRulePath = validateRulePath;
|
|
5
|
-
const allowedAccessValues = new Set(["deny", "allow", "authenticated"]);
|
|
5
|
+
const allowedAccessValues = new Set(["deny", "allow", "authenticated", "server"]);
|
|
6
6
|
const allowedOperationKeys = new Set([
|
|
7
7
|
"get",
|
|
8
8
|
"create",
|
|
@@ -52,6 +52,20 @@ function validateRulePath(path) {
|
|
|
52
52
|
if (segments.some((segment) => segment.length === 0)) {
|
|
53
53
|
throw new Error(`Rule path must not contain empty segments: ${path}`);
|
|
54
54
|
}
|
|
55
|
+
const paramNames = new Set();
|
|
56
|
+
for (const segment of segments) {
|
|
57
|
+
const paramName = parseNamedPathParam(segment);
|
|
58
|
+
if ((segment.startsWith("{") || segment.endsWith("}")) && !paramName) {
|
|
59
|
+
throw new Error(`Invalid path parameter segment '${segment}' in rule path: ${path}`);
|
|
60
|
+
}
|
|
61
|
+
if (!paramName) {
|
|
62
|
+
continue;
|
|
63
|
+
}
|
|
64
|
+
if (paramNames.has(paramName)) {
|
|
65
|
+
throw new Error(`Duplicate path parameter '${paramName}' in rule path: ${path}`);
|
|
66
|
+
}
|
|
67
|
+
paramNames.add(paramName);
|
|
68
|
+
}
|
|
55
69
|
const deepWildcardIndex = segments.indexOf("**");
|
|
56
70
|
if (deepWildcardIndex >= 0 && deepWildcardIndex !== segments.length - 1) {
|
|
57
71
|
throw new Error(`'**' must be the last segment in rule path: ${path}`);
|
|
@@ -84,9 +98,27 @@ function validateAccessRule(path, operation, access) {
|
|
|
84
98
|
field: access.field,
|
|
85
99
|
};
|
|
86
100
|
}
|
|
101
|
+
if (access.type === "field" && typeof access.field === "string" && access.field.length > 0) {
|
|
102
|
+
return {
|
|
103
|
+
type: "field",
|
|
104
|
+
field: access.field,
|
|
105
|
+
...(access.server === true ? { server: true } : {}),
|
|
106
|
+
};
|
|
107
|
+
}
|
|
108
|
+
if (access.type === "path" && typeof access.param === "string" && access.param.length > 0) {
|
|
109
|
+
return {
|
|
110
|
+
type: "path",
|
|
111
|
+
param: access.param,
|
|
112
|
+
...(access.server === true ? { server: true } : {}),
|
|
113
|
+
};
|
|
114
|
+
}
|
|
87
115
|
}
|
|
88
116
|
throw new Error(`Invalid access rule for ${operation} in ${path}.`);
|
|
89
117
|
}
|
|
118
|
+
function parseNamedPathParam(segment) {
|
|
119
|
+
const match = /^\{([A-Za-z_][A-Za-z0-9_]*)\}$/.exec(segment);
|
|
120
|
+
return match?.[1];
|
|
121
|
+
}
|
|
90
122
|
function isRecord(value) {
|
|
91
123
|
return typeof value === "object" && value !== null;
|
|
92
124
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"rules_loader.js","sourceRoot":"","sources":["../../../../src/lib/src/rules/rules_loader.ts"],"names":[],"mappings":";;
|
|
1
|
+
{"version":3,"file":"rules_loader.js","sourceRoot":"","sources":["../../../../src/lib/src/rules/rules_loader.ts"],"names":[],"mappings":";;AAiHA,0CAoBC;AAOD,4CA6BC;AAvED,MAAM,mBAAmB,GAAG,IAAI,GAAG,CAAC,CAAC,MAAM,EAAE,OAAO,EAAE,eAAe,EAAE,QAAQ,CAAC,CAAC,CAAC;AAClF,MAAM,oBAAoB,GAAG,IAAI,GAAG,CAAC;IACjC,KAAK;IACL,QAAQ;IACR,QAAQ;IACR,QAAQ;IACR,MAAM;IACN,OAAO;CACV,CAAC,CAAC;AAEH;;;;GAIG;AACH,SAAgB,eAAe,CAAC,KAAc;IAC1C,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;QACnB,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;IACvD,CAAC;IACD,IAAI,OAAO,KAAK,CAAC,OAAO,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAClE,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAC;IACxE,CAAC;IACD,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;QACvD,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;IACjE,CAAC;IAED,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,KAAK,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;QACtD,gBAAgB,CAAC,IAAI,CAAC,CAAC;QACvB,KAAK,CAAC,IAAI,CAAC,GAAG,kBAAkB,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IAClD,CAAC;IACD,OAAO;QACH,OAAO,EAAE,KAAK,CAAC,OAAO;QACtB,KAAK;KACR,CAAC;AACN,CAAC;AAED;;;;GAIG;AACH,SAAgB,gBAAgB,CAAC,IAAY;IACzC,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACpB,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;IAC7D,CAAC;IACD,IAAI,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QAC7C,MAAM,IAAI,KAAK,CAAC,6CAA6C,IAAI,EAAE,CAAC,CAAC;IACzE,CAAC;IACD,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACjC,IAAI,QAAQ,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC,CAAC,EAAE,CAAC;QACnD,MAAM,IAAI,KAAK,CAAC,8CAA8C,IAAI,EAAE,CAAC,CAAC;IAC1E,CAAC;IACD,MAAM,UAAU,GAAG,IAAI,GAAG,EAAU,CAAC;IACrC,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC7B,MAAM,SAAS,GAAG,mBAAmB,CAAC,OAAO,CAAC,CAAC;QAC/C,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;YACnE,MAAM,IAAI,KAAK,CAAC,mCAAmC,OAAO,mBAAmB,IAAI,EAAE,CAAC,CAAC;QACzF,CAAC;QACD,IAAI,CAAC,SAAS,EAAE,CAAC;YACb,SAAS;QACb,CAAC;QACD,IAAI,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;YAC5B,MAAM,IAAI,KAAK,CAAC,6BAA6B,SAAS,mBAAmB,IAAI,EAAE,CAAC,CAAC;QACrF,CAAC;QACD,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IAC9B,CAAC;IACD,MAAM,iBAAiB,GAAG,QAAQ,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IACjD,IAAI,iBAAiB,IAAI,CAAC,IAAI,iBAAiB,KAAK,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACtE,MAAM,IAAI,KAAK,CAAC,+CAA+C,IAAI,EAAE,CAAC,CAAC;IAC3E,CAAC;AACL,CAAC;AAED,SAAS,kBAAkB,CAAC,IAAY,EAAE,KAAc;IACpD,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QAC3C,MAAM,IAAI,KAAK,CAAC,iCAAiC,IAAI,EAAE,CAAC,CAAC;IAC7D,CAAC;IACD,MAAM,MAAM,GAAe,EAAE,CAAC;IAC9B,KAAK,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACtD,IAAI,CAAC,oBAAoB,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;YACvC,MAAM,IAAI,KAAK,CAAC,+BAA+B,SAAS,QAAQ,IAAI,GAAG,CAAC,CAAC;QAC7E,CAAC;QACD,MAAM,CAAC,SAA8B,CAAC,GAAG,kBAAkB,CAAC,IAAI,EAAE,SAAS,EAAE,MAAM,CAAC,CAAC;IACzF,CAAC;IACD,OAAO,MAAM,CAAC;AAClB,CAAC;AAED,SAAS,kBAAkB,CAAC,IAAY,EAAE,SAAiB,EAAE,MAAe;IACxE,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;QAC7B,IAAI,mBAAmB,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;YAClC,OAAO,MAAyB,CAAC;QACrC,CAAC;QACD,MAAM,IAAI,KAAK,CAAC,4BAA4B,MAAM,SAAS,SAAS,OAAO,IAAI,GAAG,CAAC,CAAC;IACxF,CAAC;IACD,IAAI,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;QACnB,IAAI,MAAM,CAAC,IAAI,KAAK,YAAY,IAAI,OAAO,MAAM,CAAC,KAAK,KAAK,QAAQ,IAAI,MAAM,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC9F,OAAO;gBACH,IAAI,EAAE,YAAY;gBAClB,KAAK,EAAE,MAAM,CAAC,KAAK;aACtB,CAAC;QACN,CAAC;QACD,IAAI,MAAM,CAAC,IAAI,KAAK,OAAO,IAAI,OAAO,MAAM,CAAC,KAAK,KAAK,QAAQ,IAAI,MAAM,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACzF,OAAO;gBACH,IAAI,EAAE,OAAO;gBACb,KAAK,EAAE,MAAM,CAAC,KAAK;gBACnB,GAAG,CAAC,MAAM,CAAC,MAAM,KAAK,IAAI,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aACtD,CAAC;QACN,CAAC;QACD,IAAI,MAAM,CAAC,IAAI,KAAK,MAAM,IAAI,OAAO,MAAM,CAAC,KAAK,KAAK,QAAQ,IAAI,MAAM,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACxF,OAAO;gBACH,IAAI,EAAE,MAAM;gBACZ,KAAK,EAAE,MAAM,CAAC,KAAK;gBACnB,GAAG,CAAC,MAAM,CAAC,MAAM,KAAK,IAAI,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aACtD,CAAC;QACN,CAAC;IACL,CAAC;IACD,MAAM,IAAI,KAAK,CAAC,2BAA2B,SAAS,OAAO,IAAI,GAAG,CAAC,CAAC;AACxE,CAAC;AAED,SAAS,mBAAmB,CAAC,OAAe;IACxC,MAAM,KAAK,GAAG,gCAAgC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAC7D,OAAO,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC;AACtB,CAAC;AAED,SAAS,QAAQ,CAAC,KAAc;IAC5B,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,CAAC;AACvD,CAAC"}
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
import { Hono } from "hono";
|
|
2
2
|
import { WorkersAuthAdapterBase } from "./workers_auth_adapter_base";
|
|
3
3
|
import { WorkersRuleAdapterBase } from "./workers_rule_adapter_base";
|
|
4
|
+
import { RulesConfig } from "./rules/rules_loader";
|
|
4
5
|
/**
|
|
5
6
|
* Define Function data for Cloudflare Workers.
|
|
6
7
|
*
|
|
@@ -98,15 +99,33 @@ export interface WorkersOptions {
|
|
|
98
99
|
*/
|
|
99
100
|
auth?: WorkersAuthAdapterBase | null | undefined;
|
|
100
101
|
/**
|
|
101
|
-
* Rules adapter.
|
|
102
|
+
* Rules adapter or rules.json configuration.
|
|
102
103
|
*
|
|
103
|
-
* rules
|
|
104
|
+
* rulesアダプター、またはrules.json設定。
|
|
104
105
|
*/
|
|
105
|
-
rules?:
|
|
106
|
+
rules?: WorkersRulesOption | null | undefined;
|
|
106
107
|
}
|
|
108
|
+
/**
|
|
109
|
+
* Rules option for Workers.
|
|
110
|
+
*
|
|
111
|
+
* Workers用rulesオプション。
|
|
112
|
+
*/
|
|
113
|
+
export type WorkersRulesOption = WorkersRuleAdapterBase | RulesConfig;
|
|
107
114
|
/**
|
|
108
115
|
* Merge Workers options.
|
|
109
116
|
*
|
|
110
117
|
* Workersのオプションをマージします。
|
|
111
118
|
*/
|
|
112
119
|
export declare function resolveWorkersOptions(defaultOptions?: WorkersOptions, options?: WorkersOptions): WorkersOptions;
|
|
120
|
+
/**
|
|
121
|
+
* Returns true when rules option is a middleware adapter.
|
|
122
|
+
*
|
|
123
|
+
* rulesオプションがミドルウェアアダプターの場合はtrueを返します。
|
|
124
|
+
*/
|
|
125
|
+
export declare function isWorkersRuleAdapter(rules: WorkersRulesOption | null | undefined): rules is WorkersRuleAdapterBase;
|
|
126
|
+
/**
|
|
127
|
+
* Returns true when rules option is rules.json configuration.
|
|
128
|
+
*
|
|
129
|
+
* rulesオプションがrules.json設定の場合はtrueを返します。
|
|
130
|
+
*/
|
|
131
|
+
export declare function isRulesConfig(rules: WorkersRulesOption | null | undefined): rules is RulesConfig;
|
|
@@ -2,6 +2,8 @@
|
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.WorkersBase = void 0;
|
|
4
4
|
exports.resolveWorkersOptions = resolveWorkersOptions;
|
|
5
|
+
exports.isWorkersRuleAdapter = isWorkersRuleAdapter;
|
|
6
|
+
exports.isRulesConfig = isRulesConfig;
|
|
5
7
|
/**
|
|
6
8
|
* Define Function data for Cloudflare Workers.
|
|
7
9
|
*
|
|
@@ -78,7 +80,7 @@ class WorkersBase {
|
|
|
78
80
|
* rulesミドルウェアを適用します。
|
|
79
81
|
*/
|
|
80
82
|
applyRules(hono, options) {
|
|
81
|
-
if (options.rules) {
|
|
83
|
+
if (isWorkersRuleAdapter(options.rules)) {
|
|
82
84
|
hono.use("*", options.rules.build());
|
|
83
85
|
}
|
|
84
86
|
return hono;
|
|
@@ -106,4 +108,22 @@ function resolveWorkersOptions(defaultOptions = {}, options = {}) {
|
|
|
106
108
|
: rules,
|
|
107
109
|
};
|
|
108
110
|
}
|
|
111
|
+
/**
|
|
112
|
+
* Returns true when rules option is a middleware adapter.
|
|
113
|
+
*
|
|
114
|
+
* rulesオプションがミドルウェアアダプターの場合はtrueを返します。
|
|
115
|
+
*/
|
|
116
|
+
function isWorkersRuleAdapter(rules) {
|
|
117
|
+
return !!rules && typeof rules.build === "function";
|
|
118
|
+
}
|
|
119
|
+
/**
|
|
120
|
+
* Returns true when rules option is rules.json configuration.
|
|
121
|
+
*
|
|
122
|
+
* rulesオプションがrules.json設定の場合はtrueを返します。
|
|
123
|
+
*/
|
|
124
|
+
function isRulesConfig(rules) {
|
|
125
|
+
return !!rules && typeof rules.version === "string" &&
|
|
126
|
+
typeof rules.rules === "object" &&
|
|
127
|
+
rules.rules !== null;
|
|
128
|
+
}
|
|
109
129
|
//# sourceMappingURL=workers_base.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"workers_base.js","sourceRoot":"","sources":["../../../src/lib/src/workers_base.ts"],"names":[],"mappings":";;;
|
|
1
|
+
{"version":3,"file":"workers_base.js","sourceRoot":"","sources":["../../../src/lib/src/workers_base.ts"],"names":[],"mappings":";;;AAyJA,sDAkBC;AAOD,oDAIC;AAOD,sCAMC;AA9LD;;;;;;;;GAQG;AACH,MAAsB,WAAW;IAC7B;;;;;;;;OAQG;IACH,YAAY,EACR,IAAI,EACJ,IAAI,EACJ,IAAI,GAAG,EAAE,EACT,OAAO,GAUV;QACG,IAAI,CAAC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;QACjB,IAAI,CAAC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,IAAI,CAAC,OAAO,GAAG,OAAO,IAAI,EAAE,CAAC;IACjC,CAAC;IAED;;;;;OAKG;IACM,IAAI,CAAS;IAEtB;;;;;OAKG;IACM,IAAI,CAIiB;IAE9B;;;;OAIG;IACM,IAAI,CAAyB;IAEtC;;;;OAIG;IACM,OAAO,CAAiB;IASjC;;;;OAIG;IACO,cAAc,CAAC,iBAAiC,EAAE;QACxD,OAAO,qBAAqB,CAAC,cAAc,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC;IAC/D,CAAC;IAED;;;;OAIG;IACO,mBAAmB,CAAC,IAAU,EAAE,OAAuB;QAC7D,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;YACf,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,OAAO,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC;QACxC,CAAC;QACD,OAAO,IAAI,CAAC;IAChB,CAAC;IAED;;;;OAIG;IACO,UAAU,CAAC,IAAU,EAAE,OAAuB;QACpD,IAAI,oBAAoB,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;YACtC,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,OAAO,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC,CAAC;QACzC,CAAC;QACD,OAAO,IAAI,CAAC;IAChB,CAAC;CACJ;AAxGD,kCAwGC;AA8BD;;;;GAIG;AACH,SAAgB,qBAAqB,CACjC,iBAAiC,EAAE,EACnC,UAA0B,EAAE;IAE5B,MAAM,WAAW,GAAG,cAAc,CAAC,IAAI,CAAC;IACxC,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;IAC1B,MAAM,YAAY,GAAG,cAAc,CAAC,KAAK,CAAC;IAC1C,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC;IAC5B,OAAO;QACH,GAAG,cAAc;QACjB,GAAG,OAAO;QACV,IAAI,EAAE,IAAI,KAAK,SAAS;YACpB,CAAC,CAAC,WAAW;YACb,CAAC,CAAC,IAAI;QACV,KAAK,EAAE,KAAK,KAAK,SAAS;YACtB,CAAC,CAAC,YAAY;YACd,CAAC,CAAC,KAAK;KACd,CAAC;AACN,CAAC;AAED;;;;GAIG;AACH,SAAgB,oBAAoB,CAChC,KAA4C;IAE5C,OAAO,CAAC,CAAC,KAAK,IAAI,OAAQ,KAAgC,CAAC,KAAK,KAAK,UAAU,CAAC;AACpF,CAAC;AAED;;;;GAIG;AACH,SAAgB,aAAa,CACzB,KAA4C;IAE5C,OAAO,CAAC,CAAC,KAAK,IAAI,OAAQ,KAAqB,CAAC,OAAO,KAAK,QAAQ;QAChE,OAAQ,KAAqB,CAAC,KAAK,KAAK,QAAQ;QAC/C,KAAqB,CAAC,KAAK,KAAK,IAAI,CAAC;AAC9C,CAAC"}
|
package/package.json
CHANGED