@naylence/advanced-security 0.4.5 → 0.4.7

package/dist/esm/naylence/fame/security/auth/policy/http-authorization-policy-source-factory.js

@@ -0,0 +1,108 @@
+/**
+ * Factory for creating HttpAuthorizationPolicySource instances.
+ *
+ * @packageDocumentation
+ */
+import { AUTHORIZATION_POLICY_SOURCE_FACTORY_BASE_TYPE, AuthorizationPolicySourceFactory, TokenProviderFactory, } from "@naylence/runtime";
+let httpModulePromise = null;
+async function getHttpModule() {
+    if (!httpModulePromise) {
+        httpModulePromise = import("./http-authorization-policy-source.js");
+    }
+    return httpModulePromise;
+}
+function normalizeConfig(config) {
+    if (!config) {
+        throw new Error("HttpAuthorizationPolicySourceFactory requires a configuration with a url");
+    }
+    const candidate = config;
+    const url = candidate.url;
+    if (typeof url !== "string" || url.trim().length === 0) {
+        throw new Error("HttpAuthorizationPolicySourceConfig requires a non-empty url");
+    }
+    // Support both camelCase and snake_case
+    const method = candidate.method ?? "GET";
+    if (!["GET", "POST", "PUT"].includes(method)) {
+        throw new Error(`Invalid method "${String(method)}". Must be "GET", "POST", or "PUT"`);
+    }
+    const timeoutMs = candidate.timeout_ms ??
+        candidate.timeoutMs ??
+        30000;
+    if (typeof timeoutMs !== "number" || !Number.isFinite(timeoutMs) || timeoutMs <= 0) {
+        throw new Error("timeout_ms must be a positive number");
+    }
+    const headers = candidate.headers;
+    if (headers !== undefined && typeof headers !== "object") {
+        throw new Error("headers must be an object");
+    }
+    const tokenProviderConfig = candidate.token_provider ??
+        candidate.tokenProvider;
+    const bearerPrefix = candidate.bearer_prefix ??
+        candidate.bearerPrefix ??
+        "Bearer ";
+    const policyFactory = candidate.policy_factory ??
+        candidate.policyFactory;
+    const cacheTtlMs = candidate.cache_ttl_ms ??
+        candidate.cacheTtlMs ??
+        300000;
+    if (typeof cacheTtlMs !== "number" || !Number.isFinite(cacheTtlMs) || cacheTtlMs < 0) {
+        throw new Error("cache_ttl_ms must be a non-negative number");
+    }
+    return {
+        url: url.trim(),
+        method,
+        timeoutMs,
+        headers,
+        tokenProviderConfig,
+        bearerPrefix,
+        policyFactory,
+        cacheTtlMs,
+    };
+}
+/**
+ * Factory metadata for registration.
+ */
+export const FACTORY_META = {
+    base: AUTHORIZATION_POLICY_SOURCE_FACTORY_BASE_TYPE,
+    key: "HttpAuthorizationPolicySource",
+};
+/**
+ * Factory for creating HttpAuthorizationPolicySource instances.
+ *
+ * This factory uses lazy loading to avoid pulling in Node.js-specific
+ * code (fetch operations) in browser environments where it may not work.
+ */
+export class HttpAuthorizationPolicySourceFactory extends AuthorizationPolicySourceFactory {
+    constructor() {
+        super(...arguments);
+        this.type = "HttpAuthorizationPolicySource";
+    }
+    /**
+     * Creates an HttpAuthorizationPolicySource from the given configuration.
+     *
+     * @param config - Configuration specifying the policy URL and options
+     * @returns The created policy source
+     */
+    async create(config) {
+        const normalized = normalizeConfig(config);
+        // Create token provider if configured
+        let tokenProvider;
+        if (normalized.tokenProviderConfig) {
+            tokenProvider = await TokenProviderFactory.createTokenProvider(normalized.tokenProviderConfig);
+        }
+        const { HttpAuthorizationPolicySource } = await getHttpModule();
+        const options = {
+            url: normalized.url,
+            method: normalized.method,
+            timeoutMs: normalized.timeoutMs,
+            headers: normalized.headers,
+            tokenProvider,
+            bearerPrefix: normalized.bearerPrefix,
+            policyFactory: normalized.policyFactory,
+            cacheTtlMs: normalized.cacheTtlMs,
+        };
+        return new HttpAuthorizationPolicySource(options);
+    }
+}
+export default HttpAuthorizationPolicySourceFactory;
+//# sourceMappingURL=http-authorization-policy-source-factory.js.map

package/dist/esm/naylence/fame/security/auth/policy/http-authorization-policy-source-factory.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"http-authorization-policy-source-factory.js","sourceRoot":"","sources":["../../../../../../../src/naylence/fame/security/auth/policy/http-authorization-policy-source-factory.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,EACL,6CAA6C,EAC7C,gCAAgC,EAGhC,oBAAoB,GAErB,MAAM,mBAAmB,CAAC;AAoE3B,IAAI,iBAAiB,GAAmC,IAAI,CAAC;AAE7D,KAAK,UAAU,aAAa;IAC1B,IAAI,CAAC,iBAAiB,EAAE,CAAC;QACvB,iBAAiB,GAAG,MAAM,CAAC,uCAAuC,CAAC,CAAC;IACtE,CAAC;IACD,OAAO,iBAAiB,CAAC;AAC3B,CAAC;AAaD,SAAS,eAAe,CACtB,MAA6E;IAE7E,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,IAAI,KAAK,CACb,0EAA0E,CAC3E,CAAC;IACJ,CAAC;IAED,MAAM,SAAS,GAAG,MAAiC,CAAC;IAEpD,MAAM,GAAG,GAAG,SAAS,CAAC,GAAG,CAAC;IAC1B,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvD,MAAM,IAAI,KAAK,CACb,8DAA8D,CAC/D,CAAC;IACJ,CAAC;IAED,wCAAwC;IACxC,MAAM,MAAM,GAAI,SAAS,CAAC,MAAiC,IAAI,KAAK,CAAC;IACrE,IAAI,CAAC,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;QAC7C,MAAM,IAAI,KAAK,CACb,mBAAmB,MAAM,CAAC,MAAM,CAAC,oCAAoC,CACtE,CAAC;IACJ,CAAC;IAED,MAAM,SAAS,GACZ,SAAS,CAAC,UAAiC;QAC3C,SAAS,CAAC,SAAgC;QAC3C,KAAK,CAAC;IACR,IAAI,OAAO,SAAS,KAAK,QAAQ,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,SAAS,IAAI,CAAC,EAAE,CAAC;QACnF,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;IAC1D,CAAC;IAED,MAAM,OAAO,GAAG,SAAS,CAAC,OAA6C,CAAC;IACxE,IAAI,OAAO,KAAK,SAAS,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;QACzD,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC;IAC/C,CAAC;IAED,MAAM,mBAAmB,GACtB,SAAS,CAAC,cAAkD;QAC5D,SAAS,CAAC,aAAiD,CAAC;IAE/D,MAAM,YAAY,GACf,SAAS,CAAC,aAAoC;QAC9C,SAAS,CAAC,YAAmC;QAC9C,SAAS,CAAC;IAEZ,MAAM,aAAa,GAChB,SAAS,CAAC,cAAwD;QAClE,SAAS,CAAC,aAAuD,CAAC;IAErE,MAAM,UAAU,GACb,SAAS,CAAC,YAAmC;QAC7C,SAAS,CAAC,UAAiC;QAC5C,MAAM,CAAC;IACT,IAAI,OAAO,UAAU,KAAK,QAAQ,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,UAAU,GAAG,CAAC,EAAE,CAAC;QACrF,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;IAChE,CAAC;IAED,OAAO;QACL,GAAG,EAAE,GAAG,CAAC,IAAI,EAAE;QACf,MAAM;QACN,SAAS;QACT,OAAO;QACP,mBAAmB;QACnB,YAAY;QACZ,aAAa;QACb,UAAU;KACX,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,YAAY,GAAG;IAC1B,IAAI,EAAE,6CAA6C;IACnD,GAAG,EAAE,+BAA+B;CAC5B,CAAC;AAEX;;;;;GAKG;AACH,MAAM,OAAO,oCAAqC,SAAQ,gCAAqE;IAA/H;;QACkB,SAAI,GAAG,+BAA+B,CAAC;IAuCzD,CAAC;IArCC;;;;;OAKG;IACI,KAAK,CAAC,MAAM,CACjB,MAGQ;QAER,MAAM,UAAU,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC;QAE3C,sCAAsC;QACtC,IAAI,aAAwC,CAAC;QAC7C,IAAI,UAAU,CAAC,mBAAmB,EAAE,CAAC;YACnC,aAAa,GAAG,MAAM,oBAAoB,CAAC,mBAAmB,CAC5D,UAAU,CAAC,mBAAmB,CAC/B,CAAC;QACJ,CAAC;QAED,MAAM,EAAE,6BAA6B,EAAE,GAAG,MAAM,aAAa,EAAE,CAAC;QAEhE,MAAM,OAAO,GAAyC;YACpD,GAAG,EAAE,UAAU,CAAC,GAAG;YACnB,MAAM,EAAE,UAAU,CAAC,MAAM;YACzB,SAAS,EAAE,UAAU,CAAC,SAAS;YAC/B,OAAO,EAAE,UAAU,CAAC,OAAO;YAC3B,aAAa;YACb,YAAY,EAAE,UAAU,CAAC,YAAY;YACrC,aAAa,EAAE,UAAU,CAAC,aAAa;YACvC,UAAU,EAAE,UAAU,CAAC,UAAU;SAClC,CAAC;QAEF,OAAO,IAAI,6BAA6B,CAAC,OAAO,CAAC,CAAC;IACpD,CAAC;CACF;AAED,eAAe,oCAAoC,CAAC"}

package/dist/esm/naylence/fame/security/auth/policy/http-authorization-policy-source.js

@@ -0,0 +1,367 @@
+/**
+ * HTTP-based authorization policy source.
+ *
+ * Loads authorization policies from an HTTP endpoint supporting JSON or YAML.
+ * Supports bearer authentication via TokenProvider and HTTP caching via ETag.
+ *
+ * This is a Node.js-only implementation.
+ *
+ * @packageDocumentation
+ */
+import { parse as parseYaml } from "yaml";
+import { AuthorizationPolicyFactory, getLogger, } from "@naylence/runtime";
+const logger = getLogger("naylence.fame.security.auth.policy.http_authorization_policy_source");
+function isPlainObject(value) {
+    return Boolean(value) && typeof value === "object" && !Array.isArray(value);
+}
+function parseJson(content) {
+    const parsed = JSON.parse(content);
+    if (!isPlainObject(parsed)) {
+        throw new Error("Parsed JSON policy must be an object");
+    }
+    return parsed;
+}
+function parseYamlContent(content) {
+    const parsed = parseYaml(content ?? "");
+    if (parsed == null) {
+        return {};
+    }
+    if (!isPlainObject(parsed)) {
+        throw new Error("Parsed YAML policy must be an object");
+    }
+    return parsed;
+}
+/**
+ * Detect whether content is JSON or YAML based on Content-Type header.
+ * Falls back to sniffing the content if Content-Type is not definitive.
+ */
+function detectFormat(contentType, content) {
+    if (contentType) {
+        const lower = contentType.toLowerCase();
+        if (lower.includes("application/json") ||
+            lower.includes("text/json")) {
+            return "json";
+        }
+        if (lower.includes("application/yaml") ||
+            lower.includes("application/x-yaml") ||
+            lower.includes("text/yaml") ||
+            lower.includes("text/x-yaml")) {
+            return "yaml";
+        }
+    }
+    // Sniff by first non-whitespace character
+    const trimmed = content.trimStart();
+    if (trimmed.startsWith("{") || trimmed.startsWith("[")) {
+        return "json";
+    }
+    // Default to YAML
+    return "yaml";
+}
+/**
+ * Parse Cache-Control header to extract max-age value.
+ */
+function parseMaxAge(cacheControl) {
+    if (!cacheControl) {
+        return undefined;
+    }
+    const match = cacheControl.match(/max-age\s*=\s*(\d+)/i);
+    if (match && match[1]) {
+        const seconds = parseInt(match[1], 10);
+        if (Number.isFinite(seconds) && seconds >= 0) {
+            return seconds;
+        }
+    }
+    return undefined;
+}
+/**
+ * An authorization policy source that loads policy definitions from an HTTP endpoint.
+ *
+ * Supports JSON and YAML formats, bearer authentication via TokenProvider,
+ * and HTTP caching via ETag and Cache-Control headers.
+ *
+ * This is a Node.js-only implementation that uses fetch.
+ */
+export class HttpAuthorizationPolicySource {
+    constructor(options) {
+        this.cachedState = null;
+        this.inflightFetch = null;
+        if (!options.url || typeof options.url !== "string") {
+            throw new Error("HttpAuthorizationPolicySource requires a valid URL");
+        }
+        this.url = options.url;
+        this.method = options.method ?? "GET";
+        this.timeoutMs = options.timeoutMs ?? 30000;
+        this.headers = { ...options.headers };
+        this.tokenProvider = options.tokenProvider;
+        this.bearerPrefix = options.bearerPrefix ?? "Bearer ";
+        this.policyFactoryConfig = options.policyFactory;
+        this.cacheTtlMs = options.cacheTtlMs ?? 300000; // 5 minutes default
+    }
+    /**
+     * Loads the authorization policy from the configured HTTP endpoint.
+     *
+     * Returns a cached policy if still fresh (based on TTL or cache headers).
+     * Multiple concurrent calls are de-duplicated (single-flight pattern).
+     *
+     * @returns The loaded authorization policy
+     */
+    async loadPolicy() {
+        // Return cached policy if still fresh
+        if (this.cachedState && this.isCacheFresh()) {
+            logger.debug("returning_cached_policy", {
+                url: this.url,
+                fetchedAt: this.cachedState.metadata.fetchedAt,
+                expiresAt: this.cachedState.metadata.expiresAt,
+            });
+            return this.cachedState.policy;
+        }
+        // De-duplicate concurrent requests
+        if (this.inflightFetch) {
+            return this.inflightFetch;
+        }
+        this.inflightFetch = this.fetchPolicy(false);
+        try {
+            return await this.inflightFetch;
+        }
+        finally {
+            this.inflightFetch = null;
+        }
+    }
+    /**
+     * Forces a reload of the policy from the HTTP endpoint.
+     *
+     * Bypasses cache freshness checks and always fetches from the server.
+     * If the fetch fails, the existing cached policy is preserved and the error is thrown.
+     *
+     * @returns The reloaded authorization policy
+     */
+    async reloadPolicy() {
+        // Clear inflight to force a new request
+        this.inflightFetch = null;
+        return this.fetchPolicy(true);
+    }
+    /**
+     * Clears the cached policy, forcing a fresh fetch on the next loadPolicy() call.
+     */
+    clearCache() {
+        this.cachedState = null;
+        this.inflightFetch = null;
+    }
+    /**
+     * Returns metadata about the last successful fetch.
+     *
+     * Useful for verification, monitoring, or debugging.
+     */
+    getMetadata() {
+        return this.cachedState?.metadata;
+    }
+    /**
+     * Returns the raw policy definition from the last successful fetch.
+     *
+     * Useful for verification or reprocessing.
+     */
+    getRawDefinition() {
+        return this.cachedState?.rawDefinition;
+    }
+    isCacheFresh() {
+        if (!this.cachedState) {
+            return false;
+        }
+        const now = Date.now();
+        const { expiresAt } = this.cachedState.metadata;
+        if (expiresAt !== undefined) {
+            return now < expiresAt;
+        }
+        // No expiration info, check against default TTL
+        const fetchedAt = this.cachedState.metadata.fetchedAt;
+        return now < fetchedAt + this.cacheTtlMs;
+    }
+    async fetchPolicy(forceRefresh) {
+        logger.debug("fetching_policy", {
+            url: this.url,
+            method: this.method,
+            forceRefresh,
+        });
+        const requestHeaders = {
+            Accept: "application/json, application/yaml, text/yaml, */*",
+            ...this.headers,
+        };
+        // Add bearer token if token provider is configured
+        if (this.tokenProvider) {
+            try {
+                const token = await this.tokenProvider.getToken();
+                if (token && token.value) {
+                    requestHeaders["Authorization"] = `${this.bearerPrefix}${token.value}`;
+                    logger.debug("added_bearer_token", { url: this.url });
+                }
+            }
+            catch (error) {
+                logger.warning("token_provider_failed", {
+                    url: this.url,
+                    error: error instanceof Error ? error.message : String(error),
+                });
+                // Continue without token - let the server decide if auth is required
+            }
+        }
+        // Add If-None-Match header for conditional request if we have a cached ETag
+        // and this is not a forced refresh
+        if (!forceRefresh && this.cachedState?.metadata.etag) {
+            requestHeaders["If-None-Match"] = this.cachedState.metadata.etag;
+        }
+        const controller = new AbortController();
+        const timeoutId = setTimeout(() => controller.abort(), this.timeoutMs);
+        try {
+            const response = await fetch(this.url, {
+                method: this.method,
+                headers: requestHeaders,
+                signal: controller.signal,
+            });
+            clearTimeout(timeoutId);
+            // Handle 304 Not Modified - return cached policy
+            if (response.status === 304 && this.cachedState) {
+                logger.debug("policy_not_modified", {
+                    url: this.url,
+                    etag: this.cachedState.metadata.etag,
+                });
+                // Update freshness timestamps
+                const now = Date.now();
+                const cacheControl = response.headers.get("Cache-Control");
+                const maxAgeSeconds = parseMaxAge(cacheControl);
+                const expiresAt = maxAgeSeconds !== undefined
+                    ? now + maxAgeSeconds * 1000
+                    : now + this.cacheTtlMs;
+                this.cachedState = {
+                    ...this.cachedState,
+                    metadata: {
+                        ...this.cachedState.metadata,
+                        fetchedAt: now,
+                        maxAgeSeconds,
+                        expiresAt,
+                    },
+                };
+                return this.cachedState.policy;
+            }
+            if (!response.ok) {
+                const errorMessage = `HTTP ${response.status}: ${response.statusText}`;
+                logger.error("policy_fetch_failed", {
+                    url: this.url,
+                    status: response.status,
+                    statusText: response.statusText,
+                });
+                // If we have a cached policy, preserve it and throw
+                if (this.cachedState) {
+                    throw new Error(`Failed to fetch policy from ${this.url}: ${errorMessage}. ` +
+                        "Using last known good policy.");
+                }
+                throw new Error(`Failed to fetch policy from ${this.url}: ${errorMessage}`);
+            }
+            // Parse the response
+            const contentType = response.headers.get("Content-Type");
+            const content = await response.text();
+            const format = detectFormat(contentType, content);
+            let policyDefinition;
+            try {
+                if (format === "json") {
+                    policyDefinition = parseJson(content);
+                }
+                else {
+                    policyDefinition = parseYamlContent(content);
+                }
+            }
+            catch (parseError) {
+                const message = parseError instanceof Error
+                    ? parseError.message
+                    : String(parseError);
+                logger.error("policy_parse_failed", {
+                    url: this.url,
+                    format,
+                    error: message,
+                });
+                // Preserve cached policy on parse failure
+                if (this.cachedState) {
+                    throw new Error(`Failed to parse policy from ${this.url}: ${message}. ` +
+                        "Using last known good policy.");
+                }
+                throw new Error(`Failed to parse policy from ${this.url}: ${message}`);
+            }
+            logger.debug("parsed_policy_definition", {
+                url: this.url,
+                format,
+                hasType: "type" in policyDefinition,
+            });
+            // Build the policy using the factory
+            const policy = await this.buildPolicy(policyDefinition);
+            // Update cache
+            const now = Date.now();
+            const etag = response.headers.get("ETag") ?? undefined;
+            const cacheControl = response.headers.get("Cache-Control");
+            const maxAgeSeconds = parseMaxAge(cacheControl);
+            const expiresAt = maxAgeSeconds !== undefined
+                ? now + maxAgeSeconds * 1000
+                : now + this.cacheTtlMs;
+            this.cachedState = {
+                policy,
+                rawDefinition: policyDefinition,
+                metadata: {
+                    url: this.url,
+                    status: response.status,
+                    etag,
+                    fetchedAt: now,
+                    maxAgeSeconds,
+                    expiresAt,
+                },
+            };
+            logger.info("loaded_policy_from_http", {
+                url: this.url,
+                status: response.status,
+                format,
+                etag,
+                maxAgeSeconds,
+            });
+            return policy;
+        }
+        catch (error) {
+            clearTimeout(timeoutId);
+            if (error instanceof Error && error.name === "AbortError") {
+                const timeoutError = new Error(`Request to ${this.url} timed out after ${this.timeoutMs}ms`);
+                logger.error("policy_fetch_timeout", {
+                    url: this.url,
+                    timeoutMs: this.timeoutMs,
+                });
+                // Preserve cached policy on timeout
+                if (this.cachedState) {
+                    throw timeoutError;
+                }
+                throw timeoutError;
+            }
+            throw error;
+        }
+    }
+    async buildPolicy(policyDefinition) {
+        // Determine the factory configuration to use
+        const factoryConfig = this.policyFactoryConfig ?? policyDefinition;
+        // Ensure we have a type field for the factory
+        if (!("type" in factoryConfig) || typeof factoryConfig.type !== "string") {
+            logger.warning("policy_type_missing_defaulting_to_basic", {
+                url: this.url,
+            });
+            factoryConfig.type = "BasicAuthorizationPolicy";
+        }
+        // Build the factory config with the policy definition
+        // The response content IS the policy definition, so we extract the type
+        // and wrap the remaining content as the policyDefinition
+        const { type: definitionType, ...restOfDefinition } = policyDefinition;
+        const resolvedType = typeof definitionType === "string" && definitionType.trim().length > 0
+            ? definitionType
+            : factoryConfig.type;
+        const mergedConfig = this.policyFactoryConfig != null
+            ? { ...this.policyFactoryConfig, policyDefinition }
+            : { type: resolvedType, policyDefinition: restOfDefinition };
+        const policy = await AuthorizationPolicyFactory.createAuthorizationPolicy(mergedConfig);
+        if (!policy) {
+            throw new Error(`Failed to create authorization policy from ${this.url}`);
+        }
+        return policy;
+    }
+}
+//# sourceMappingURL=http-authorization-policy-source.js.map

package/dist/esm/naylence/fame/security/auth/policy/http-authorization-policy-source.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"http-authorization-policy-source.js","sourceRoot":"","sources":["../../../../../../../src/naylence/fame/security/auth/policy/http-authorization-policy-source.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAAE,KAAK,IAAI,SAAS,EAAE,MAAM,MAAM,CAAC;AAQ1C,OAAO,EACL,0BAA0B,EAC1B,SAAS,GACV,MAAM,mBAAmB,CAAC;AAE3B,MAAM,MAAM,GAAG,SAAS,CACtB,qEAAqE,CACtE,CAAC;AA0GF,SAAS,aAAa,CAAC,KAAc;IACnC,OAAO,OAAO,CAAC,KAAK,CAAC,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;AAC9E,CAAC;AAED,SAAS,SAAS,CAAC,OAAe;IAChC,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IACnC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,EAAE,CAAC;QAC3B,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;IAC1D,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,gBAAgB,CAAC,OAAe;IACvC,MAAM,MAAM,GAAG,SAAS,CAAC,OAAO,IAAI,EAAE,CAAY,CAAC;IACnD,IAAI,MAAM,IAAI,IAAI,EAAE,CAAC;QACnB,OAAO,EAAE,CAAC;IACZ,CAAC;IACD,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,EAAE,CAAC;QAC3B,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;IAC1D,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;GAGG;AACH,SAAS,YAAY,CACnB,WAA0B,EAC1B,OAAe;IAEf,IAAI,WAAW,EAAE,CAAC;QAChB,MAAM,KAAK,GAAG,WAAW,CAAC,WAAW,EAAE,CAAC;QACxC,IACE,KAAK,CAAC,QAAQ,CAAC,kBAAkB,CAAC;YAClC,KAAK,CAAC,QAAQ,CAAC,WAAW,CAAC,EAC3B,CAAC;YACD,OAAO,MAAM,CAAC;QAChB,CAAC;QACD,IACE,KAAK,CAAC,QAAQ,CAAC,kBAAkB,CAAC;YAClC,KAAK,CAAC,QAAQ,CAAC,oBAAoB,CAAC;YACpC,KAAK,CAAC,QAAQ,CAAC,WAAW,CAAC;YAC3B,KAAK,CAAC,QAAQ,CAAC,aAAa,CAAC,EAC7B,CAAC;YACD,OAAO,MAAM,CAAC;QAChB,CAAC;IACH,CAAC;IAED,0CAA0C;IAC1C,MAAM,OAAO,GAAG,OAAO,CAAC,SAAS,EAAE,CAAC;IACpC,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QACvD,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,kBAAkB;IAClB,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;GAEG;AACH,SAAS,WAAW,CAAC,YAA2B;IAC9C,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,MAAM,KAAK,GAAG,YAAY,CAAC,KAAK,CAAC,sBAAsB,CAAC,CAAC;IACzD,IAAI,KAAK,IAAI,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;QACtB,MAAM,OAAO,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACvC,IAAI,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,OAAO,IAAI,CAAC,EAAE,CAAC;YAC7C,OAAO,OAAO,CAAC;QACjB,CAAC;IACH,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,OAAO,6BAA6B;IAgBxC,YAAY,OAA6C;QAHjD,gBAAW,GAA6B,IAAI,CAAC;QAC7C,kBAAa,GAAwC,IAAI,CAAC;QAGhE,IAAI,CAAC,OAAO,CAAC,GAAG,IAAI,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ,EAAE,CAAC;YACpD,MAAM,IAAI,KAAK,CACb,oDAAoD,CACrD,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC;QACvB,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,IAAI,KAAK,CAAC;QACtC,IAAI,CAAC,SAAS,GAAG,OAAO,CAAC,SAAS,IAAI,KAAK,CAAC;QAC5C,IAAI,CAAC,OAAO,GAAG,EAAE,GAAG,OAAO,CAAC,OAAO,EAAE,CAAC;QACtC,IAAI,CAAC,aAAa,GAAG,OAAO,CAAC,aAAa,CAAC;QAC3C,IAAI,CAAC,YAAY,GAAG,OAAO,CAAC,YAAY,IAAI,SAAS,CAAC;QACtD,IAAI,CAAC,mBAAmB,GAAG,OAAO,CAAC,aAAa,CAAC;QACjD,IAAI,CAAC,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,MAAM,CAAC,CAAC,oBAAoB;IACtE,CAAC;IAED;;;;;;;OAOG;IACH,KAAK,CAAC,UAAU;QACd,sCAAsC;QACtC,IAAI,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC,YAAY,EAAE,EAAE,CAAC;YAC5C,MAAM,CAAC,KAAK,CAAC,yBAAyB,EAAE;gBACtC,GAAG,EAAE,IAAI,CAAC,GAAG;gBACb,SAAS,EAAE,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,SAAS;gBAC9C,SAAS,EAAE,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,SAAS;aAC/C,CAAC,CAAC;YACH,OAAO,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC;QACjC,CAAC;QAED,mCAAmC;QACnC,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;YACvB,OAAO,IAAI,CAAC,aAAa,CAAC;QAC5B,CAAC;QAED,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QAE7C,IAAI,CAAC;YACH,OAAO,MAAM,IAAI,CAAC,aAAa,CAAC;QAClC,CAAC;gBAAS,CAAC;YACT,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC;QAC5B,CAAC;IACH,CAAC;IAED;;;;;;;OAOG;IACH,KAAK,CAAC,YAAY;QAChB,wCAAwC;QACxC,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC;QAE1B,OAAO,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;IAChC,CAAC;IAED;;OAEG;IACH,UAAU;QACR,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;QACxB,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC;IAC5B,CAAC;IAED;;;;OAIG;IACH,WAAW;QACT,OAAO,IAAI,CAAC,WAAW,EAAE,QAAQ,CAAC;IACpC,CAAC;IAED;;;;OAIG;IACH,gBAAgB;QACd,OAAO,IAAI,CAAC,WAAW,EAAE,aAAa,CAAC;IACzC,CAAC;IAEO,YAAY;QAClB,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;YACtB,OAAO,KAAK,CAAC;QACf,CAAC;QAED,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,MAAM,EAAE,SAAS,EAAE,GAAG,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC;QAEhD,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;YAC5B,OAAO,GAAG,GAAG,SAAS,CAAC;QACzB,CAAC;QAED,gDAAgD;QAChD,MAAM,SAAS,GAAG,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,SAAS,CAAC;QACtD,OAAO,GAAG,GAAG,SAAS,GAAG,IAAI,CAAC,UAAU,CAAC;IAC3C,CAAC;IAEO,KAAK,CAAC,WAAW,CAAC,YAAqB;QAC7C,MAAM,CAAC,KAAK,CAAC,iBAAiB,EAAE;YAC9B,GAAG,EAAE,IAAI,CAAC,GAAG;YACb,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,YAAY;SACb,CAAC,CAAC;QAEH,MAAM,cAAc,GAA2B;YAC7C,MAAM,EAAE,oDAAoD;YAC5D,GAAG,IAAI,CAAC,OAAO;SAChB,CAAC;QAEF,mDAAmD;QACnD,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;YACvB,IAAI,CAAC;gBACH,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,QAAQ,EAAE,CAAC;gBAClD,IAAI,KAAK,IAAI,KAAK,CAAC,KAAK,EAAE,CAAC;oBACzB,cAAc,CAAC,eAAe,CAAC,GAAG,GAAG,IAAI,CAAC,YAAY,GAAG,KAAK,CAAC,KAAK,EAAE,CAAC;oBACvE,MAAM,CAAC,KAAK,CAAC,oBAAoB,EAAE,EAAE,GAAG,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;gBACxD,CAAC;YACH,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,MAAM,CAAC,OAAO,CAAC,uBAAuB,EAAE;oBACtC,GAAG,EAAE,IAAI,CAAC,GAAG;oBACb,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;iBAC9D,CAAC,CAAC;gBACH,qEAAqE;YACvE,CAAC;QACH,CAAC;QAED,4EAA4E;QAC5E,mCAAmC;QACnC,IAAI,CAAC,YAAY,IAAI,IAAI,CAAC,WAAW,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC;YACrD,cAAc,CAAC,eAAe,CAAC,GAAG,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,IAAI,CAAC;QACnE,CAAC;QAED,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;QACzC,MAAM,SAAS,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;QAEvE,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE;gBACrC,MAAM,EAAE,IAAI,CAAC,MAAM;gBACnB,OAAO,EAAE,cAAc;gBACvB,MAAM,EAAE,UAAU,CAAC,MAAM;aAC1B,CAAC,CAAC;YAEH,YAAY,CAAC,SAAS,CAAC,CAAC;YAExB,iDAAiD;YACjD,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;gBAChD,MAAM,CAAC,KAAK,CAAC,qBAAqB,EAAE;oBAClC,GAAG,EAAE,IAAI,CAAC,GAAG;oBACb,IAAI,EAAE,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,IAAI;iBACrC,CAAC,CAAC;gBAEH,8BAA8B;gBAC9B,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;gBACvB,MAAM,YAAY,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;gBAC3D,MAAM,aAAa,GAAG,WAAW,CAAC,YAAY,CAAC,CAAC;gBAChD,MAAM,SAAS,GAAG,aAAa,KAAK,SAAS;oBAC3C,CAAC,CAAC,GAAG,GAAG,aAAa,GAAG,IAAI;oBAC5B,CAAC,CAAC,GAAG,GAAG,IAAI,CAAC,UAAU,CAAC;gBAE1B,IAAI,CAAC,WAAW,GAAG;oBACjB,GAAG,IAAI,CAAC,WAAW;oBACnB,QAAQ,EAAE;wBACR,GAAG,IAAI,CAAC,WAAW,CAAC,QAAQ;wBAC5B,SAAS,EAAE,GAAG;wBACd,aAAa;wBACb,SAAS;qBACV;iBACF,CAAC;gBAEF,OAAO,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC;YACjC,CAAC;YAED,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBACjB,MAAM,YAAY,GAAG,QAAQ,QAAQ,CAAC,MAAM,KAAK,QAAQ,CAAC,UAAU,EAAE,CAAC;gBACvE,MAAM,CAAC,KAAK,CAAC,qBAAqB,EAAE;oBAClC,GAAG,EAAE,IAAI,CAAC,GAAG;oBACb,MAAM,EAAE,QAAQ,CAAC,MAAM;oBACvB,UAAU,EAAE,QAAQ,CAAC,UAAU;iBAChC,CAAC,CAAC;gBAEH,oDAAoD;gBACpD,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;oBACrB,MAAM,IAAI,KAAK,CACb,+BAA+B,IAAI,CAAC,GAAG,KAAK,YAAY,IAAI;wBAC5D,+BAA+B,CAChC,CAAC;gBACJ,CAAC;gBAED,MAAM,IAAI,KAAK,CAAC,+BAA+B,IAAI,CAAC,GAAG,KAAK,YAAY,EAAE,CAAC,CAAC;YAC9E,CAAC;YAED,qBAAqB;YACrB,MAAM,WAAW,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;YACzD,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACtC,MAAM,MAAM,GAAG,YAAY,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;YAElD,IAAI,gBAAyC,CAAC;YAC9C,IAAI,CAAC;gBACH,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;oBACtB,gBAAgB,GAAG,SAAS,CAAC,OAAO,CAAC,CAAC;gBACxC,CAAC;qBAAM,CAAC;oBACN,gBAAgB,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC;gBAC/C,CAAC;YACH,CAAC;YAAC,OAAO,UAAU,EAAE,CAAC;gBACpB,MAAM,OAAO,GAAG,UAAU,YAAY,KAAK;oBACzC,CAAC,CAAC,UAAU,CAAC,OAAO;oBACpB,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;gBACvB,MAAM,CAAC,KAAK,CAAC,qBAAqB,EAAE;oBAClC,GAAG,EAAE,IAAI,CAAC,GAAG;oBACb,MAAM;oBACN,KAAK,EAAE,OAAO;iBACf,CAAC,CAAC;gBAEH,0CAA0C;gBAC1C,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;oBACrB,MAAM,IAAI,KAAK,CACb,+BAA+B,IAAI,CAAC,GAAG,KAAK,OAAO,IAAI;wBACvD,+BAA+B,CAChC,CAAC;gBACJ,CAAC;gBAED,MAAM,IAAI,KAAK,CAAC,+BAA+B,IAAI,CAAC,GAAG,KAAK,OAAO,EAAE,CAAC,CAAC;YACzE,CAAC;YAED,MAAM,CAAC,KAAK,CAAC,0BAA0B,EAAE;gBACvC,GAAG,EAAE,IAAI,CAAC,GAAG;gBACb,MAAM;gBACN,OAAO,EAAE,MAAM,IAAI,gBAAgB;aACpC,CAAC,CAAC;YAEH,qCAAqC;YACrC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,gBAAgB,CAAC,CAAC;YAExD,eAAe;YACf,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;YACvB,MAAM,IAAI,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,SAAS,CAAC;YACvD,MAAM,YAAY,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;YAC3D,MAAM,aAAa,GAAG,WAAW,CAAC,YAAY,CAAC,CAAC;YAChD,MAAM,SAAS,GAAG,aAAa,KAAK,SAAS;gBAC3C,CAAC,CAAC,GAAG,GAAG,aAAa,GAAG,IAAI;gBAC5B,CAAC,CAAC,GAAG,GAAG,IAAI,CAAC,UAAU,CAAC;YAE1B,IAAI,CAAC,WAAW,GAAG;gBACjB,MAAM;gBACN,aAAa,EAAE,gBAAgB;gBAC/B,QAAQ,EAAE;oBACR,GAAG,EAAE,IAAI,CAAC,GAAG;oBACb,MAAM,EAAE,QAAQ,CAAC,MAAM;oBACvB,IAAI;oBACJ,SAAS,EAAE,GAAG;oBACd,aAAa;oBACb,SAAS;iBACV;aACF,CAAC;YAEF,MAAM,CAAC,IAAI,CAAC,yBAAyB,EAAE;gBACrC,GAAG,EAAE,IAAI,CAAC,GAAG;gBACb,MAAM,EAAE,QAAQ,CAAC,MAAM;gBACvB,MAAM;gBACN,IAAI;gBACJ,aAAa;aACd,CAAC,CAAC;YAEH,OAAO,MAAM,CAAC;QAChB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,YAAY,CAAC,SAAS,CAAC,CAAC;YAExB,IAAI,KAAK,YAAY,KAAK,IAAI,KAAK,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;gBAC1D,MAAM,YAAY,GAAG,IAAI,KAAK,CAC5B,cAAc,IAAI,CAAC,GAAG,oBAAoB,IAAI,CAAC,SAAS,IAAI,CAC7D,CAAC;gBAEF,MAAM,CAAC,KAAK,CAAC,sBAAsB,EAAE;oBACnC,GAAG,EAAE,IAAI,CAAC,GAAG;oBACb,SAAS,EAAE,IAAI,CAAC,SAAS;iBAC1B,CAAC,CAAC;gBAEH,oCAAoC;gBACpC,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;oBACrB,MAAM,YAAY,CAAC;gBACrB,CAAC;gBAED,MAAM,YAAY,CAAC;YACrB,CAAC;YAED,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,WAAW,CACvB,gBAAyC;QAEzC,6CAA6C;QAC7C,MAAM,aAAa,GAAG,IAAI,CAAC,mBAAmB,IAAI,gBAAgB,CAAC;QAEnE,8CAA8C;QAC9C,IAAI,CAAC,CAAC,MAAM,IAAI,aAAa,CAAC,IAAI,OAAO,aAAa,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YACzE,MAAM,CAAC,OAAO,CAAC,yCAAyC,EAAE;gBACxD,GAAG,EAAE,IAAI,CAAC,GAAG;aACd,CAAC,CAAC;YACF,aAAyC,CAAC,IAAI,GAAG,0BAA0B,CAAC;QAC/E,CAAC;QAED,sDAAsD;QACtD,wEAAwE;QACxE,yDAAyD;QACzD,MAAM,EAAE,IAAI,EAAE,cAAc,EAAE,GAAG,gBAAgB,EAAE,GAAG,gBACT,CAAC;QAC9C,MAAM,YAAY,GAChB,OAAO,cAAc,KAAK,QAAQ,IAAI,cAAc,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC;YACpE,CAAC,CAAC,cAAc;YAChB,CAAC,CAAE,aAAyC,CAAC,IAAI,CAAC;QACtD,MAAM,YAAY,GAChB,IAAI,CAAC,mBAAmB,IAAI,IAAI;YAC9B,CAAC,CAAC,EAAE,GAAG,IAAI,CAAC,mBAAmB,EAAE,gBAAgB,EAAE;YACnD,CAAC,CAAC,EAAE,IAAI,EAAE,YAAY,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,CAAC;QAEjE,MAAM,MAAM,GAAG,MAAM,0BAA0B,CAAC,yBAAyB,CACvE,YAAY,CACb,CAAC;QAEF,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,IAAI,KAAK,CACb,8CAA8C,IAAI,CAAC,GAAG,EAAE,CACzD,CAAC;QACJ,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;CACF"}

package/dist/esm/naylence/fame/security/auth/policy/index.js

@@ -6,10 +6,12 @@
  *
  * @packageDocumentation
  */
-// Auth expression helpers
-export { createAuthFunctionRegistry, createSecurityBindings, normalizeEncryptionLevelFromAlg, } from "./expr-builtins.js";
 // Expression authorization policy
 export { AdvancedAuthorizationPolicy, } from "./advanced-authorization-policy.js";
 // Factory
 export { AdvancedAuthorizationPolicyFactory, FACTORY_META as ADVANCED_AUTHORIZATION_POLICY_FACTORY_META, } from "./advanced-authorization-policy-factory.js";
+// HTTP policy source
+export { HttpAuthorizationPolicySource, } from "./http-authorization-policy-source.js";
+// HTTP policy source factory
+export { HttpAuthorizationPolicySourceFactory, FACTORY_META as HTTP_AUTHORIZATION_POLICY_SOURCE_FACTORY_META, } from "./http-authorization-policy-source-factory.js";
 //# sourceMappingURL=index.js.map

package/dist/esm/naylence/fame/security/auth/policy/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../../../src/naylence/fame/security/auth/policy/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,0BAA0B;AAC1B,OAAO,EACL,0BAA0B,EAC1B,sBAAsB,EACtB,+BAA+B,GAIhC,MAAM,oBAAoB,CAAC;AAE5B,kCAAkC;AAClC,OAAO,EACL,2BAA2B,GAE5B,MAAM,oCAAoC,CAAC;AAE5C,UAAU;AACV,OAAO,EACL,kCAAkC,EAClC,YAAY,IAAI,0CAA0C,GAE3D,MAAM,4CAA4C,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../../../src/naylence/fame/security/auth/policy/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,kCAAkC;AAClC,OAAO,EACL,2BAA2B,GAE5B,MAAM,oCAAoC,CAAC;AAE5C,UAAU;AACV,OAAO,EACL,kCAAkC,EAClC,YAAY,IAAI,0CAA0C,GAE3D,MAAM,4CAA4C,CAAC;AAEpD,qBAAqB;AACrB,OAAO,EACL,6BAA6B,GAI9B,MAAM,uCAAuC,CAAC;AAE/C,6BAA6B;AAC7B,OAAO,EACL,oCAAoC,EACpC,YAAY,IAAI,6CAA6C,GAE9D,MAAM,+CAA+C,CAAC"}

package/dist/esm/naylence/fame/security/auth/policy-http-authorization-profile.js

@@ -0,0 +1,78 @@
+/**
+ * HTTP Policy Authorization Profile
+ *
+ * Provides the 'policy-http' authorization profile for loading policies over HTTP(S).
+ * This profile is similar to 'policy-localfile' from the runtime package but uses
+ * the HttpAuthorizationPolicySource instead of LocalFileAuthorizationPolicySource.
+ */
+import { Expressions } from "@naylence/factory";
+import { registerProfile, AUTHORIZER_FACTORY_BASE_TYPE, } from "@naylence/runtime";
+// Environment variable names for HTTP policy source
+export const ENV_VAR_AUTH_POLICY_URL = "FAME_AUTH_POLICY_URL";
+export const ENV_VAR_AUTH_POLICY_TIMEOUT_MS = "FAME_AUTH_POLICY_TIMEOUT_MS";
+export const ENV_VAR_AUTH_POLICY_CACHE_TTL_MS = "FAME_AUTH_POLICY_CACHE_TTL_MS";
+export const ENV_VAR_AUTH_POLICY_TOKEN_URL = "FAME_AUTH_POLICY_TOKEN_URL";
+export const ENV_VAR_AUTH_POLICY_CLIENT_ID = "FAME_AUTH_POLICY_CLIENT_ID";
+export const ENV_VAR_AUTH_POLICY_CLIENT_SECRET = "FAME_AUTH_POLICY_CLIENT_SECRET";
+export const ENV_VAR_AUTH_POLICY_AUDIENCE = "FAME_AUTH_POLICY_AUDIENCE";
+// Legacy environment variable for backwards compatibility
+export const ENV_VAR_AUTH_POLICY_BEARER_TOKEN = "FAME_AUTH_POLICY_BEARER_TOKEN";
+// Profile name constant
+export const PROFILE_NAME_POLICY_HTTP = "policy-http";
+// Re-use JWT verifier env vars from runtime
+const ENV_VAR_JWKS_URL = "FAME_JWKS_URL";
+const ENV_VAR_JWT_TRUSTED_ISSUER = "FAME_JWT_TRUSTED_ISSUER";
+/**
+ * Default token verifier configuration using JWKS.
+ */
+const DEFAULT_VERIFIER_CONFIG = {
+    type: "JWKSJWTTokenVerifier",
+    jwks_url: Expressions.env(ENV_VAR_JWKS_URL),
+    issuer: Expressions.env(ENV_VAR_JWT_TRUSTED_ISSUER),
+};
+/**
+ * Creates OAuth2 token provider configuration for HTTP policy source.
+ *
+ * Uses environment variables for OAuth2 client credentials flow.
+ */
+function createOAuth2TokenProviderConfig() {
+    const tokenUrl = Expressions.env(ENV_VAR_AUTH_POLICY_TOKEN_URL);
+    const clientId = Expressions.env(ENV_VAR_AUTH_POLICY_CLIENT_ID);
+    const clientSecret = Expressions.env(ENV_VAR_AUTH_POLICY_CLIENT_SECRET);
+    const audience = Expressions.env(ENV_VAR_AUTH_POLICY_AUDIENCE);
+    return {
+        type: "OAuth2ClientCredentialsTokenProvider",
+        token_url: tokenUrl,
+        tokenUrl,
+        client_id: clientId,
+        clientId,
+        client_secret: clientSecret,
+        clientSecret,
+        scopes: ["policy.read"],
+        audience,
+    };
+}
+/**
+ * Default HTTP policy source configuration.
+ *
+ * Uses environment variables for URL, timeout, and OAuth2 client credentials.
+ */
+const DEFAULT_HTTP_POLICY_SOURCE = {
+    type: "HttpAuthorizationPolicySource",
+    url: Expressions.env(ENV_VAR_AUTH_POLICY_URL),
+    timeout_ms: Expressions.env(ENV_VAR_AUTH_POLICY_TIMEOUT_MS, "30000"),
+    cache_ttl_ms: Expressions.env(ENV_VAR_AUTH_POLICY_CACHE_TTL_MS, "300000"),
+    // OAuth2 client credentials token provider
+    token_provider: createOAuth2TokenProviderConfig(),
+};
+const POLICY_HTTP_PROFILE = {
+    type: "PolicyAuthorizer",
+    verifier: DEFAULT_VERIFIER_CONFIG,
+    policy_source: DEFAULT_HTTP_POLICY_SOURCE,
+};
+// Register the policy-http profile
+registerProfile(AUTHORIZER_FACTORY_BASE_TYPE, PROFILE_NAME_POLICY_HTTP, POLICY_HTTP_PROFILE, {
+    source: "advanced-security:policy-http-authorization-profile",
+    allowOverride: true,
+});
+//# sourceMappingURL=policy-http-authorization-profile.js.map

package/dist/esm/naylence/fame/security/auth/policy-http-authorization-profile.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy-http-authorization-profile.js","sourceRoot":"","sources":["../../../../../../src/naylence/fame/security/auth/policy-http-authorization-profile.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EACL,eAAe,EACf,4BAA4B,GAE7B,MAAM,mBAAmB,CAAC;AAI3B,oDAAoD;AACpD,MAAM,CAAC,MAAM,uBAAuB,GAAG,sBAAsB,CAAC;AAC9D,MAAM,CAAC,MAAM,8BAA8B,GAAG,6BAA6B,CAAC;AAC5E,MAAM,CAAC,MAAM,gCAAgC,GAAG,+BAA+B,CAAC;AAChF,MAAM,CAAC,MAAM,6BAA6B,GAAG,4BAA4B,CAAC;AAC1E,MAAM,CAAC,MAAM,6BAA6B,GAAG,4BAA4B,CAAC;AAC1E,MAAM,CAAC,MAAM,iCAAiC,GAAG,gCAAgC,CAAC;AAClF,MAAM,CAAC,MAAM,4BAA4B,GAAG,2BAA2B,CAAC;AAExE,0DAA0D;AAC1D,MAAM,CAAC,MAAM,gCAAgC,GAAG,+BAA+B,CAAC;AAEhF,wBAAwB;AACxB,MAAM,CAAC,MAAM,wBAAwB,GAAG,aAAa,CAAC;AAEtD,4CAA4C;AAC5C,MAAM,gBAAgB,GAAG,eAAe,CAAC;AACzC,MAAM,0BAA0B,GAAG,yBAAyB,CAAC;AAE7D;;GAEG;AACH,MAAM,uBAAuB,GAAwB;IACnD,IAAI,EAAE,sBAAsB;IAC5B,QAAQ,EAAE,WAAW,CAAC,GAAG,CAAC,gBAAgB,CAAC;IAC3C,MAAM,EAAE,WAAW,CAAC,GAAG,CAAC,0BAA0B,CAAC;CACpD,CAAC;AAEF;;;;GAIG;AACH,SAAS,+BAA+B;IACtC,MAAM,QAAQ,GAAG,WAAW,CAAC,GAAG,CAAC,6BAA6B,CAAC,CAAC;IAChE,MAAM,QAAQ,GAAG,WAAW,CAAC,GAAG,CAAC,6BAA6B,CAAC,CAAC;IAChE,MAAM,YAAY,GAAG,WAAW,CAAC,GAAG,CAAC,iCAAiC,CAAC,CAAC;IACxE,MAAM,QAAQ,GAAG,WAAW,CAAC,GAAG,CAAC,4BAA4B,CAAC,CAAC;IAE/D,OAAO;QACL,IAAI,EAAE,sCAAsC;QAC5C,SAAS,EAAE,QAAQ;QACnB,QAAQ;QACR,SAAS,EAAE,QAAQ;QACnB,QAAQ;QACR,aAAa,EAAE,YAAY;QAC3B,YAAY;QACZ,MAAM,EAAE,CAAC,aAAa,CAAC;QACvB,QAAQ;KACT,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,MAAM,0BAA0B,GAAwC;IACtE,IAAI,EAAE,+BAA+B;IACrC,GAAG,EAAE,WAAW,CAAC,GAAG,CAAC,uBAAuB,CAAsB;IAClE,UAAU,EAAE,WAAW,CAAC,GAAG,CACzB,8BAA8B,EAC9B,OAAO,CACa;IACtB,YAAY,EAAE,WAAW,CAAC,GAAG,CAC3B,gCAAgC,EAChC,QAAQ,CACY;IACtB,2CAA2C;IAC3C,cAAc,EAAE,+BAA+B,EAAE;CAClD,CAAC;AAYF,MAAM,mBAAmB,GAA+B;IACtD,IAAI,EAAE,kBAAkB;IACxB,QAAQ,EAAE,uBAAuB;IACjC,aAAa,EAAE,0BAA0B;CAC1C,CAAC;AAEF,mCAAmC;AACnC,eAAe,CACb,4BAA4B,EAC5B,wBAAwB,EACxB,mBAAmB,EACnB;IACE,MAAM,EAAE,qDAAqD;IAC7D,aAAa,EAAE,IAAI;CACpB,CACF,CAAC"}

package/dist/esm/naylence/fame/security/register-advanced-security-factories.js

@@ -3,10 +3,12 @@ import { MODULES, MODULE_LOADERS, } from "../factory-manifest.js";
 import { getEncryptionManagerFactoryRegistry } from "./encryption/encryption-manager-registry.js";
 // Import to trigger profile registration
 import "./strict-overlay-security-profile.js";
+import "./auth/policy-http-authorization-profile.js";
 const SECURITY_PREFIX = "./security/";
 const SECURITY_MODULES = MODULES.filter((spec) => spec.startsWith(SECURITY_PREFIX));
 const EXTRA_MODULES = MODULES.filter((spec) => !spec.startsWith(SECURITY_PREFIX));
 const NODE_ONLY_MODULES = new Set([
+    "./security/auth/policy/http-authorization-policy-source-factory.js",
     "./security/cert/default-ca-service-factory.js",
     "./security/cert/trust-store/node-trust-store-provider-factory.js",
 ]);