npm - @nest-boot/row-level-security - Versions diffs - 7.1.0 → 7.2.0 - Mend

@nest-boot/row-level-security 7.1.0 → 7.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (81) hide show

package/dist/row-level-security.d.ts ADDED Viewed

@@ -0,0 +1,29 @@
+import { RowLevelSecurityContextValue, SnakeCase } from "./utils/row-level-security-context-builder.types";
+/** Request-scoped row-level security execution mode. */
+export declare enum RowLevelSecurityMode {
+    /** Apply RLS only when a role or context value is present. */
+    AUTO = "auto",
+    /** Always apply RLS while request context is active. */
+    ENABLED = "enabled",
+    /** Never apply RLS, even when role or context values are present. */
+    DISABLED = "disabled"
+}
+/** Request-scoped row-level security mode, role, and context helpers. */
+export declare class RowLevelSecurity {
+    /** Stores the row-level security mode for the current request context. */
+    static setMode(mode: RowLevelSecurityMode): void;
+    /** Reads the request-scoped row-level security mode. */
+    static getMode(): RowLevelSecurityMode;
+    /** Stores the database role that should be applied to the next RLS query. */
+    static setRole(role: string): void;
+    /** Reads the request-scoped database role, if one is active. */
+    static getRole(): string | undefined;
+    /** Stores a context value that will be converted to a PostgreSQL setting. */
+    static setContext<S extends string>(key: SnakeCase<S>, value: RowLevelSecurityContextValue): void;
+    /** Reads a request-scoped context value by key. */
+    static getContext<S extends string>(key: SnakeCase<S>): RowLevelSecurityContextValue;
+    /** Returns all request-scoped context entries for RLS transaction setup. */
+    static entries(): [string, RowLevelSecurityContextValue][];
+    /** Clears request-scoped RLS mode, role, and context values. */
+    static clear(): void;
+}

package/dist/row-level-security.js ADDED Viewed

@@ -0,0 +1,69 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RowLevelSecurity = exports.RowLevelSecurityMode = void 0;
+const request_context_1 = require("@nest-boot/request-context");
+const ROW_LEVEL_SECURITY_CONTEXT = Symbol("ROW_LEVEL_SECURITY_CONTEXT");
+const ROW_LEVEL_SECURITY_MODE = Symbol("ROW_LEVEL_SECURITY_MODE");
+const ROW_LEVEL_SECURITY_ROLE = Symbol("ROW_LEVEL_SECURITY_ROLE");
+/** Request-scoped row-level security execution mode. */
+var RowLevelSecurityMode;
+(function (RowLevelSecurityMode) {
+    /** Apply RLS only when a role or context value is present. */
+    RowLevelSecurityMode["AUTO"] = "auto";
+    /** Always apply RLS while request context is active. */
+    RowLevelSecurityMode["ENABLED"] = "enabled";
+    /** Never apply RLS, even when role or context values are present. */
+    RowLevelSecurityMode["DISABLED"] = "disabled";
+})(RowLevelSecurityMode || (exports.RowLevelSecurityMode = RowLevelSecurityMode = {}));
+/** Request-scoped row-level security mode, role, and context helpers. */
+class RowLevelSecurity {
+    /** Stores the row-level security mode for the current request context. */
+    static setMode(mode) {
+        request_context_1.RequestContext.set(ROW_LEVEL_SECURITY_MODE, mode);
+    }
+    /** Reads the request-scoped row-level security mode. */
+    static getMode() {
+        return request_context_1.RequestContext.isActive()
+            ? (request_context_1.RequestContext.get(ROW_LEVEL_SECURITY_MODE) ??
+                RowLevelSecurityMode.AUTO)
+            : RowLevelSecurityMode.AUTO;
+    }
+    /** Stores the database role that should be applied to the next RLS query. */
+    static setRole(role) {
+        request_context_1.RequestContext.set(ROW_LEVEL_SECURITY_ROLE, role);
+    }
+    /** Reads the request-scoped database role, if one is active. */
+    static getRole() {
+        return request_context_1.RequestContext.isActive()
+            ? request_context_1.RequestContext.get(ROW_LEVEL_SECURITY_ROLE)
+            : undefined;
+    }
+    /** Stores a context value that will be converted to a PostgreSQL setting. */
+    static setContext(key, value) {
+        const context = request_context_1.RequestContext.getOrSet(ROW_LEVEL_SECURITY_CONTEXT, new Map());
+        context.set(key, value);
+    }
+    /** Reads a request-scoped context value by key. */
+    static getContext(key) {
+        return request_context_1.RequestContext.isActive()
+            ? request_context_1.RequestContext.get(ROW_LEVEL_SECURITY_CONTEXT)?.get(key)
+            : undefined;
+    }
+    /** Returns all request-scoped context entries for RLS transaction setup. */
+    static entries() {
+        return request_context_1.RequestContext.isActive()
+            ? Array.from(request_context_1.RequestContext.get(ROW_LEVEL_SECURITY_CONTEXT) ?? [])
+            : [];
+    }
+    /** Clears request-scoped RLS mode, role, and context values. */
+    static clear() {
+        if (!request_context_1.RequestContext.isActive()) {
+            return;
+        }
+        request_context_1.RequestContext.set(ROW_LEVEL_SECURITY_MODE, RowLevelSecurityMode.AUTO);
+        request_context_1.RequestContext.set(ROW_LEVEL_SECURITY_ROLE, undefined);
+        request_context_1.RequestContext.set(ROW_LEVEL_SECURITY_CONTEXT, new Map());
+    }
+}
+exports.RowLevelSecurity = RowLevelSecurity;
+//# sourceMappingURL=row-level-security.js.map

package/dist/row-level-security.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"row-level-security.js","sourceRoot":"","sources":["../src/row-level-security.ts"],"names":[],"mappings":";;;AAAA,gEAA4D;AAS5D,MAAM,0BAA0B,GAAG,MAAM,CAAC,4BAA4B,CAAC,CAAC;AACxE,MAAM,uBAAuB,GAAG,MAAM,CAAC,yBAAyB,CAAC,CAAC;AAClE,MAAM,uBAAuB,GAAG,MAAM,CAAC,yBAAyB,CAAC,CAAC;AAElE,wDAAwD;AACxD,IAAY,oBAOX;AAPD,WAAY,oBAAoB;IAC9B,8DAA8D;IAC9D,qCAAa,CAAA;IACb,wDAAwD;IACxD,2CAAmB,CAAA;IACnB,qEAAqE;IACrE,6CAAqB,CAAA;AACvB,CAAC,EAPW,oBAAoB,oCAApB,oBAAoB,QAO/B;AAED,yEAAyE;AACzE,MAAa,gBAAgB;IAC3B,0EAA0E;IAC1E,MAAM,CAAC,OAAO,CAAC,IAA0B;QACvC,gCAAc,CAAC,GAAG,CAAC,uBAAuB,EAAE,IAAI,CAAC,CAAC;IACpD,CAAC;IAED,wDAAwD;IACxD,MAAM,CAAC,OAAO;QACZ,OAAO,gCAAc,CAAC,QAAQ,EAAE;YAC9B,CAAC,CAAC,CAAC,gCAAc,CAAC,GAAG,CAAuB,uBAAuB,CAAC;gBAChE,oBAAoB,CAAC,IAAI,CAAC;YAC9B,CAAC,CAAC,oBAAoB,CAAC,IAAI,CAAC;IAChC,CAAC;IAED,6EAA6E;IAC7E,MAAM,CAAC,OAAO,CAAC,IAAY;QACzB,gCAAc,CAAC,GAAG,CAAC,uBAAuB,EAAE,IAAI,CAAC,CAAC;IACpD,CAAC;IAED,gEAAgE;IAChE,MAAM,CAAC,OAAO;QACZ,OAAO,gCAAc,CAAC,QAAQ,EAAE;YAC9B,CAAC,CAAC,gCAAc,CAAC,GAAG,CAAS,uBAAuB,CAAC;YACrD,CAAC,CAAC,SAAS,CAAC;IAChB,CAAC;IAED,6EAA6E;IAC7E,MAAM,CAAC,UAAU,CACf,GAAiB,EACjB,KAAmC;QAEnC,MAAM,OAAO,GAAG,gCAAc,CAAC,QAAQ,CACrC,0BAA0B,EAC1B,IAAI,GAAG,EAAE,CACV,CAAC;QAEF,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;IAC1B,CAAC;IAED,mDAAmD;IACnD,MAAM,CAAC,UAAU,CACf,GAAiB;QAEjB,OAAO,gCAAc,CAAC,QAAQ,EAAE;YAC9B,CAAC,CAAC,gCAAc,CAAC,GAAG,CAChB,0BAA0B,CAC3B,EAAE,GAAG,CAAC,GAAG,CAAC;YACb,CAAC,CAAC,SAAS,CAAC;IAChB,CAAC;IAED,4EAA4E;IAC5E,MAAM,CAAC,OAAO;QACZ,OAAO,gCAAc,CAAC,QAAQ,EAAE;YAC9B,CAAC,CAAC,KAAK,CAAC,IAAI,CACR,gCAAc,CAAC,GAAG,CAChB,0BAA0B,CAC3B,IAAI,EAAE,CACR;YACH,CAAC,CAAC,EAAE,CAAC;IACT,CAAC;IAED,gEAAgE;IAChE,MAAM,CAAC,KAAK;QACV,IAAI,CAAC,gCAAc,CAAC,QAAQ,EAAE,EAAE,CAAC;YAC/B,OAAO;QACT,CAAC;QAED,gCAAc,CAAC,GAAG,CAAC,uBAAuB,EAAE,oBAAoB,CAAC,IAAI,CAAC,CAAC;QACvE,gCAAc,CAAC,GAAG,CAAqB,uBAAuB,EAAE,SAAS,CAAC,CAAC;QAC3E,gCAAc,CAAC,GAAG,CAChB,0BAA0B,EAC1B,IAAI,GAAG,EAAE,CACV,CAAC;IACJ,CAAC;CACF;AA1ED,4CA0EC"}

package/dist/row-level-security.spec.js ADDED Viewed

@@ -0,0 +1,52 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const request_context_1 = require("@nest-boot/request-context");
+const row_level_security_1 = require("./row-level-security");
+describe("RowLevelSecurity", () => {
+    it("stores the database role in RequestContext", async () => {
+        await request_context_1.RequestContext.run(new request_context_1.RequestContext({ type: "http" }), () => {
+            row_level_security_1.RowLevelSecurity.setRole("authenticated");
+            expect(row_level_security_1.RowLevelSecurity.getRole()).toBe("authenticated");
+        });
+    });
+    it("stores policy context values in RequestContext", async () => {
+        await request_context_1.RequestContext.run(new request_context_1.RequestContext({ type: "http" }), () => {
+            row_level_security_1.RowLevelSecurity.setContext("tenant_id", "42");
+            row_level_security_1.RowLevelSecurity.setContext("user_id", 7);
+            expect(row_level_security_1.RowLevelSecurity.getContext("tenant_id")).toBe("42");
+            expect(row_level_security_1.RowLevelSecurity.entries()).toEqual([
+                ["tenant_id", "42"],
+                ["user_id", 7],
+            ]);
+        });
+    });
+    it("defaults to auto mode and stores mode in RequestContext", async () => {
+        expect(row_level_security_1.RowLevelSecurity.getMode()).toBe(row_level_security_1.RowLevelSecurityMode.AUTO);
+        await request_context_1.RequestContext.run(new request_context_1.RequestContext({ type: "http" }), () => {
+            expect(row_level_security_1.RowLevelSecurity.getMode()).toBe(row_level_security_1.RowLevelSecurityMode.AUTO);
+            row_level_security_1.RowLevelSecurity.setMode(row_level_security_1.RowLevelSecurityMode.DISABLED);
+            expect(row_level_security_1.RowLevelSecurity.getMode()).toBe(row_level_security_1.RowLevelSecurityMode.DISABLED);
+            row_level_security_1.RowLevelSecurity.setMode(row_level_security_1.RowLevelSecurityMode.ENABLED);
+            expect(row_level_security_1.RowLevelSecurity.getMode()).toBe(row_level_security_1.RowLevelSecurityMode.ENABLED);
+        });
+    });
+    it("clears mode, role, and context values", async () => {
+        await request_context_1.RequestContext.run(new request_context_1.RequestContext({ type: "http" }), () => {
+            row_level_security_1.RowLevelSecurity.setMode(row_level_security_1.RowLevelSecurityMode.ENABLED);
+            row_level_security_1.RowLevelSecurity.setRole("authenticated");
+            row_level_security_1.RowLevelSecurity.setContext("tenant_id", "42");
+            row_level_security_1.RowLevelSecurity.clear();
+            expect(row_level_security_1.RowLevelSecurity.getMode()).toBe(row_level_security_1.RowLevelSecurityMode.AUTO);
+            expect(row_level_security_1.RowLevelSecurity.getRole()).toBeUndefined();
+            expect(row_level_security_1.RowLevelSecurity.getContext("tenant_id")).toBeUndefined();
+            expect(row_level_security_1.RowLevelSecurity.entries()).toEqual([]);
+        });
+    });
+    it("returns empty values when RequestContext is inactive", () => {
+        expect(row_level_security_1.RowLevelSecurity.getMode()).toBe(row_level_security_1.RowLevelSecurityMode.AUTO);
+        expect(row_level_security_1.RowLevelSecurity.getRole()).toBeUndefined();
+        expect(row_level_security_1.RowLevelSecurity.getContext("tenant_id")).toBeUndefined();
+        expect(row_level_security_1.RowLevelSecurity.entries()).toEqual([]);
+    });
+});
+//# sourceMappingURL=row-level-security.spec.js.map

package/dist/row-level-security.spec.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"row-level-security.spec.js","sourceRoot":"","sources":["../src/row-level-security.spec.ts"],"names":[],"mappings":";;AAAA,gEAA4D;AAE5D,6DAA8E;AAE9E,QAAQ,CAAC,kBAAkB,EAAE,GAAG,EAAE;IAChC,EAAE,CAAC,4CAA4C,EAAE,KAAK,IAAI,EAAE;QAC1D,MAAM,gCAAc,CAAC,GAAG,CAAC,IAAI,gCAAc,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE;YAClE,qCAAgB,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;YAE1C,MAAM,CAAC,qCAAgB,CAAC,OAAO,EAAE,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QAC3D,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,gDAAgD,EAAE,KAAK,IAAI,EAAE;QAC9D,MAAM,gCAAc,CAAC,GAAG,CAAC,IAAI,gCAAc,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE;YAClE,qCAAgB,CAAC,UAAU,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC;YAC/C,qCAAgB,CAAC,UAAU,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC;YAE1C,MAAM,CAAC,qCAAgB,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC5D,MAAM,CAAC,qCAAgB,CAAC,OAAO,EAAE,CAAC,CAAC,OAAO,CAAC;gBACzC,CAAC,WAAW,EAAE,IAAI,CAAC;gBACnB,CAAC,SAAS,EAAE,CAAC,CAAC;aACf,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,yDAAyD,EAAE,KAAK,IAAI,EAAE;QACvE,MAAM,CAAC,qCAAgB,CAAC,OAAO,EAAE,CAAC,CAAC,IAAI,CAAC,yCAAoB,CAAC,IAAI,CAAC,CAAC;QAEnE,MAAM,gCAAc,CAAC,GAAG,CAAC,IAAI,gCAAc,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE;YAClE,MAAM,CAAC,qCAAgB,CAAC,OAAO,EAAE,CAAC,CAAC,IAAI,CAAC,yCAAoB,CAAC,IAAI,CAAC,CAAC;YAEnE,qCAAgB,CAAC,OAAO,CAAC,yCAAoB,CAAC,QAAQ,CAAC,CAAC;YACxD,MAAM,CAAC,qCAAgB,CAAC,OAAO,EAAE,CAAC,CAAC,IAAI,CAAC,yCAAoB,CAAC,QAAQ,CAAC,CAAC;YAEvE,qCAAgB,CAAC,OAAO,CAAC,yCAAoB,CAAC,OAAO,CAAC,CAAC;YACvD,MAAM,CAAC,qCAAgB,CAAC,OAAO,EAAE,CAAC,CAAC,IAAI,CAAC,yCAAoB,CAAC,OAAO,CAAC,CAAC;QACxE,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,uCAAuC,EAAE,KAAK,IAAI,EAAE;QACrD,MAAM,gCAAc,CAAC,GAAG,CAAC,IAAI,gCAAc,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE;YAClE,qCAAgB,CAAC,OAAO,CAAC,yCAAoB,CAAC,OAAO,CAAC,CAAC;YACvD,qCAAgB,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;YAC1C,qCAAgB,CAAC,UAAU,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC;YAE/C,qCAAgB,CAAC,KAAK,EAAE,CAAC;YAEzB,MAAM,CAAC,qCAAgB,CAAC,OAAO,EAAE,CAAC,CAAC,IAAI,CAAC,yCAAoB,CAAC,IAAI,CAAC,CAAC;YACnE,MAAM,CAAC,qCAAgB,CAAC,OAAO,EAAE,CAAC,CAAC,aAAa,EAAE,CAAC;YACnD,MAAM,CAAC,qCAAgB,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC,CAAC,aAAa,EAAE,CAAC;YACjE,MAAM,CAAC,qCAAgB,CAAC,OAAO,EAAE,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;QACjD,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,sDAAsD,EAAE,GAAG,EAAE;QAC9D,MAAM,CAAC,qCAAgB,CAAC,OAAO,EAAE,CAAC,CAAC,IAAI,CAAC,yCAAoB,CAAC,IAAI,CAAC,CAAC;QACnE,MAAM,CAAC,qCAAgB,CAAC,OAAO,EAAE,CAAC,CAAC,aAAa,EAAE,CAAC;QACnD,MAAM,CAAC,qCAAgB,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC,CAAC,aAAa,EAAE,CAAC;QACjE,MAAM,CAAC,qCAAgB,CAAC,OAAO,EAAE,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;IACjD,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}