@open-mercato/core 0.4.2-canary-7732371765 → 0.4.2-canary-ed15f2e753
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/generated/entities/api_key/index.js +2 -0
- package/dist/generated/entities/api_key/index.js.map +2 -2
- package/dist/generated/entities/workflow_event_trigger/index.js +33 -0
- package/dist/generated/entities/workflow_event_trigger/index.js.map +7 -0
- package/dist/generated/entities.ids.generated.js +1 -0
- package/dist/generated/entities.ids.generated.js.map +2 -2
- package/dist/generated/entity-fields-registry.js +2 -0
- package/dist/generated/entity-fields-registry.js.map +2 -2
- package/dist/modules/api_keys/data/entities.js +3 -0
- package/dist/modules/api_keys/data/entities.js.map +2 -2
- package/dist/modules/api_keys/migrations/Migration20260125204102.js +13 -0
- package/dist/modules/api_keys/migrations/Migration20260125204102.js.map +7 -0
- package/dist/modules/api_keys/services/apiKeyService.js +41 -0
- package/dist/modules/api_keys/services/apiKeyService.js.map +3 -3
- package/dist/modules/auth/events.js +30 -0
- package/dist/modules/auth/events.js.map +7 -0
- package/dist/modules/auth/services/rbacService.js.map +2 -2
- package/dist/modules/business_rules/api/execute/[ruleId]/route.js +145 -0
- package/dist/modules/business_rules/api/execute/[ruleId]/route.js.map +7 -0
- package/dist/modules/business_rules/data/validators.js +34 -0
- package/dist/modules/business_rules/data/validators.js.map +2 -2
- package/dist/modules/business_rules/index.js +21 -1
- package/dist/modules/business_rules/index.js.map +2 -2
- package/dist/modules/business_rules/lib/rule-engine.js +182 -1
- package/dist/modules/business_rules/lib/rule-engine.js.map +2 -2
- package/dist/modules/catalog/events.js +34 -0
- package/dist/modules/catalog/events.js.map +7 -0
- package/dist/modules/customers/events.js +49 -0
- package/dist/modules/customers/events.js.map +7 -0
- package/dist/modules/directory/events.js +23 -0
- package/dist/modules/directory/events.js.map +7 -0
- package/dist/modules/sales/acl.js +1 -0
- package/dist/modules/sales/acl.js.map +2 -2
- package/dist/modules/sales/backend/sales/documents/[id]/page.js +12 -0
- package/dist/modules/sales/backend/sales/documents/[id]/page.js.map +2 -2
- package/dist/modules/sales/commands/documents.js +62 -0
- package/dist/modules/sales/commands/documents.js.map +2 -2
- package/dist/modules/sales/events.js +63 -0
- package/dist/modules/sales/events.js.map +7 -0
- package/dist/modules/sales/lib/dictionaries.js +3 -0
- package/dist/modules/sales/lib/dictionaries.js.map +2 -2
- package/dist/modules/sales/lib/frontend/documentDataEvents.js +25 -0
- package/dist/modules/sales/lib/frontend/documentDataEvents.js.map +7 -0
- package/dist/modules/workflows/acl.js +2 -0
- package/dist/modules/workflows/acl.js.map +2 -2
- package/dist/modules/workflows/api/instances/route.js +18 -6
- package/dist/modules/workflows/api/instances/route.js.map +2 -2
- package/dist/modules/workflows/api/tasks/route.js +6 -1
- package/dist/modules/workflows/api/tasks/route.js.map +2 -2
- package/dist/modules/workflows/backend/definitions/[id]/page.js +9 -1
- package/dist/modules/workflows/backend/definitions/[id]/page.js.map +2 -2
- package/dist/modules/workflows/backend/definitions/[id]/page.meta.js +1 -1
- package/dist/modules/workflows/backend/definitions/[id]/page.meta.js.map +2 -2
- package/dist/modules/workflows/backend/definitions/create/page.js +24 -15
- package/dist/modules/workflows/backend/definitions/create/page.js.map +2 -2
- package/dist/modules/workflows/backend/definitions/create/page.meta.js +1 -1
- package/dist/modules/workflows/backend/definitions/create/page.meta.js.map +2 -2
- package/dist/modules/workflows/backend/definitions/visual-editor/page.js +150 -132
- package/dist/modules/workflows/backend/definitions/visual-editor/page.js.map +2 -2
- package/dist/modules/workflows/backend/definitions/visual-editor/page.meta.js +1 -1
- package/dist/modules/workflows/backend/definitions/visual-editor/page.meta.js.map +2 -2
- package/dist/modules/workflows/backend/events/[id]/page.js +1 -1
- package/dist/modules/workflows/backend/events/[id]/page.js.map +2 -2
- package/dist/modules/workflows/backend/events/[id]/page.meta.js +2 -2
- package/dist/modules/workflows/backend/events/[id]/page.meta.js.map +2 -2
- package/dist/modules/workflows/backend/instances/[id]/page.meta.js +2 -2
- package/dist/modules/workflows/backend/instances/[id]/page.meta.js.map +2 -2
- package/dist/modules/workflows/backend/tasks/[id]/page.js +1 -1
- package/dist/modules/workflows/backend/tasks/[id]/page.js.map +2 -2
- package/dist/modules/workflows/backend/tasks/[id]/page.meta.js +2 -2
- package/dist/modules/workflows/backend/tasks/[id]/page.meta.js.map +2 -2
- package/dist/modules/workflows/backend/tasks/page.js +5 -6
- package/dist/modules/workflows/backend/tasks/page.js.map +2 -2
- package/dist/modules/workflows/cli.js +81 -3
- package/dist/modules/workflows/cli.js.map +3 -3
- package/dist/modules/workflows/components/DefinitionTriggersEditor.js +481 -0
- package/dist/modules/workflows/components/DefinitionTriggersEditor.js.map +7 -0
- package/dist/modules/workflows/components/EventTriggersEditor.js +553 -0
- package/dist/modules/workflows/components/EventTriggersEditor.js.map +7 -0
- package/dist/modules/workflows/data/entities.js +64 -1
- package/dist/modules/workflows/data/entities.js.map +2 -2
- package/dist/modules/workflows/data/validators.js +115 -0
- package/dist/modules/workflows/data/validators.js.map +2 -2
- package/dist/modules/workflows/events.js +38 -0
- package/dist/modules/workflows/events.js.map +7 -0
- package/dist/modules/workflows/examples/checkout-demo-definition.json +1 -5
- package/dist/modules/workflows/examples/order-approval-definition.json +257 -0
- package/dist/modules/workflows/examples/order-approval-guard-rules.json +32 -0
- package/dist/modules/workflows/lib/activity-executor.js +75 -13
- package/dist/modules/workflows/lib/activity-executor.js.map +2 -2
- package/dist/modules/workflows/lib/event-trigger-service.js +308 -0
- package/dist/modules/workflows/lib/event-trigger-service.js.map +7 -0
- package/dist/modules/workflows/lib/graph-utils.js +71 -2
- package/dist/modules/workflows/lib/graph-utils.js.map +2 -2
- package/dist/modules/workflows/lib/seeds.js +22 -5
- package/dist/modules/workflows/lib/seeds.js.map +2 -2
- package/dist/modules/workflows/lib/start-validator.js +33 -23
- package/dist/modules/workflows/lib/start-validator.js.map +2 -2
- package/dist/modules/workflows/lib/transition-handler.js +157 -45
- package/dist/modules/workflows/lib/transition-handler.js.map +3 -3
- package/dist/modules/workflows/migrations/Migration20260123143500.js +36 -0
- package/dist/modules/workflows/migrations/Migration20260123143500.js.map +7 -0
- package/dist/modules/workflows/subscribers/event-trigger.js +78 -0
- package/dist/modules/workflows/subscribers/event-trigger.js.map +7 -0
- package/dist/modules/workflows/widgets/injection/order-approval/widget.client.js +323 -0
- package/dist/modules/workflows/widgets/injection/order-approval/widget.client.js.map +7 -0
- package/dist/modules/workflows/widgets/injection/order-approval/widget.js +17 -0
- package/dist/modules/workflows/widgets/injection/order-approval/widget.js.map +7 -0
- package/dist/modules/workflows/widgets/injection-table.js +19 -0
- package/dist/modules/workflows/widgets/injection-table.js.map +7 -0
- package/generated/entities/api_key/index.ts +1 -0
- package/generated/entities/workflow_event_trigger/index.ts +15 -0
- package/generated/entities.ids.generated.ts +1 -0
- package/generated/entity-fields-registry.ts +2 -0
- package/package.json +2 -2
- package/src/modules/api_keys/data/entities.ts +4 -0
- package/src/modules/api_keys/migrations/.snapshot-open-mercato.json +9 -0
- package/src/modules/api_keys/migrations/Migration20260125204102.ts +13 -0
- package/src/modules/api_keys/services/apiKeyService.ts +85 -0
- package/src/modules/auth/events.ts +39 -0
- package/src/modules/auth/services/rbacService.ts +1 -1
- package/src/modules/business_rules/api/execute/[ruleId]/route.ts +163 -0
- package/src/modules/business_rules/data/validators.ts +40 -0
- package/src/modules/business_rules/index.ts +25 -0
- package/src/modules/business_rules/lib/rule-engine.ts +281 -1
- package/src/modules/catalog/events.ts +45 -0
- package/src/modules/customers/events.ts +63 -0
- package/src/modules/directory/events.ts +31 -0
- package/src/modules/sales/acl.ts +1 -0
- package/src/modules/sales/backend/sales/documents/[id]/page.tsx +16 -0
- package/src/modules/sales/commands/documents.ts +74 -1
- package/src/modules/sales/events.ts +82 -0
- package/src/modules/sales/lib/dictionaries.ts +3 -0
- package/src/modules/sales/lib/frontend/documentDataEvents.ts +28 -0
- package/src/modules/workflows/acl.ts +2 -0
- package/src/modules/workflows/api/__tests__/instances.route.test.ts +5 -2
- package/src/modules/workflows/api/instances/route.ts +21 -7
- package/src/modules/workflows/api/tasks/route.ts +7 -1
- package/src/modules/workflows/backend/definitions/[id]/page.meta.ts +1 -1
- package/src/modules/workflows/backend/definitions/[id]/page.tsx +9 -0
- package/src/modules/workflows/backend/definitions/create/page.meta.ts +1 -1
- package/src/modules/workflows/backend/definitions/create/page.tsx +9 -0
- package/src/modules/workflows/backend/definitions/visual-editor/page.meta.ts +1 -1
- package/src/modules/workflows/backend/definitions/visual-editor/page.tsx +21 -3
- package/src/modules/workflows/backend/events/[id]/page.meta.ts +2 -2
- package/src/modules/workflows/backend/events/[id]/page.tsx +1 -1
- package/src/modules/workflows/backend/instances/[id]/page.meta.ts +2 -2
- package/src/modules/workflows/backend/tasks/[id]/page.meta.ts +2 -2
- package/src/modules/workflows/backend/tasks/[id]/page.tsx +1 -1
- package/src/modules/workflows/backend/tasks/page.tsx +5 -6
- package/src/modules/workflows/cli.ts +111 -0
- package/src/modules/workflows/components/DefinitionTriggersEditor.tsx +581 -0
- package/src/modules/workflows/components/EventTriggersEditor.tsx +664 -0
- package/src/modules/workflows/data/entities.ts +124 -0
- package/src/modules/workflows/data/validators.ts +138 -0
- package/src/modules/workflows/events.ts +49 -0
- package/src/modules/workflows/examples/checkout-demo-definition.json +1 -5
- package/src/modules/workflows/examples/order-approval-definition.json +257 -0
- package/src/modules/workflows/examples/order-approval-guard-rules.json +32 -0
- package/src/modules/workflows/i18n/en.json +71 -0
- package/src/modules/workflows/lib/__tests__/activity-executor.test.ts +43 -36
- package/src/modules/workflows/lib/__tests__/transition-handler.test.ts +170 -90
- package/src/modules/workflows/lib/activity-executor.ts +129 -16
- package/src/modules/workflows/lib/event-trigger-service.ts +557 -0
- package/src/modules/workflows/lib/graph-utils.ts +117 -2
- package/src/modules/workflows/lib/seeds.ts +34 -8
- package/src/modules/workflows/lib/start-validator.ts +38 -28
- package/src/modules/workflows/lib/transition-handler.ts +208 -55
- package/src/modules/workflows/migrations/Migration20260123143500.ts +38 -0
- package/src/modules/workflows/subscribers/event-trigger.ts +109 -0
- package/src/modules/workflows/widgets/injection/order-approval/widget.client.tsx +446 -0
- package/src/modules/workflows/widgets/injection/order-approval/widget.ts +16 -0
- package/src/modules/workflows/widgets/injection-table.ts +21 -0
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"version": 3,
|
|
3
3
|
"sources": ["../../../../src/modules/auth/services/rbacService.ts"],
|
|
4
|
-
"sourcesContent": ["import type { EntityManager } from '@mikro-orm/postgresql'\nimport type { CacheStrategy } from '@open-mercato/cache'\nimport { getCurrentCacheTenant, runWithCacheTenant } from '@open-mercato/cache'\nimport { UserAcl, RoleAcl, User, UserRole } from '@open-mercato/core/modules/auth/data/entities'\nimport { ApiKey } from '@open-mercato/core/modules/api_keys/data/entities'\nimport { findWithDecryption } from '@open-mercato/shared/lib/encryption/find'\n\ninterface AclData {\n isSuperAdmin: boolean\n features: string[]\n organizations: string[] | null\n}\n\nfunction isAclData(value: unknown): value is AclData {\n if (typeof value !== 'object' || value === null) return false\n const record = value as Partial<AclData>\n if (typeof record.isSuperAdmin !== 'boolean') return false\n if (!Array.isArray(record.features) || record.features.some((feature) => typeof feature !== 'string')) return false\n if (record.organizations !== null && record.organizations !== undefined) {\n if (!Array.isArray(record.organizations)) return false\n if (record.organizations.some((org) => typeof org !== 'string')) return false\n }\n return true\n}\n\nexport class RbacService {\n private cacheTtlMs: number = 5 * 60 * 1000 // 5 minutes default\n private cache: CacheStrategy | null = null\n private globalSuperAdminCache = new Map<string, boolean>()\n\n constructor(private em: EntityManager, cache?: CacheStrategy) {\n this.cache = cache || null\n }\n\n /**\n * Set cache TTL in milliseconds\n * @param ttlMs - Time to live in milliseconds\n */\n setCacheTtl(ttlMs: number) {\n this.cacheTtlMs = ttlMs\n }\n\n /**\n * Checks if a required feature is satisfied by a granted feature permission.\n * \n * Wildcard patterns:\n * - `*` (global wildcard): Grants access to all features\n * - `prefix.*` (module wildcard): Grants access to all features starting with `prefix.`\n * and also the exact prefix itself (e.g., `entities.*` matches both `entities` and `entities.records.view`)\n * - Exact match: Feature must match exactly (e.g., `users.view` only matches `users.view`)\n * \n * @param required - The feature being requested (e.g., 'entities.records.view')\n * @param granted - The feature permission granted (e.g., 'entities.*' or '*')\n * @returns true if the granted permission satisfies the required feature\n * \n * @example\n * matchFeature('users.view', '*') // true - global wildcard\n * matchFeature('entities.records.view', 'entities.*') // true - module wildcard\n * matchFeature('entities', 'entities.*') // true - exact prefix match\n * matchFeature('users.view', 'entities.*') // false - different module\n * matchFeature('users.view', 'users.view') // true - exact match\n */\n private matchFeature(required: string, granted: string): boolean {\n if (granted === '*') return true\n if (granted.endsWith('.*')) {\n const prefix = granted.slice(0, -2)\n return required === prefix || required.startsWith(prefix + '.')\n }\n return granted === required\n }\n\n private hasAllFeatures(required: string[], granted: string[]): boolean {\n if (!required.length) return true\n if (!granted.length) return false\n return required.every((req) => granted.some((g) => this.matchFeature(req, g)))\n }\n\n private getCacheKey(userId: string, scope: { tenantId: string | null; organizationId: string | null }): string {\n return `rbac:${userId}:${scope.tenantId || 'null'}:${scope.organizationId || 'null'}`\n }\n\n private getUserTag(userId: string): string {\n return `rbac:user:${userId}`\n }\n\n private getTenantTag(tenantId: string): string {\n return `rbac:tenant:${tenantId}`\n }\n\n private getOrganizationTag(organizationId: string): string {\n return `rbac:org:${organizationId}`\n }\n\n private async getFromCache(cacheKey: string): Promise<AclData | null> {\n if (!this.cache) return null\n const cached = await this.cache.get(cacheKey)\n if (!cached) return null\n return isAclData(cached) ? cached : null\n }\n\n private async setCache(cacheKey: string, data: AclData, userId: string, scope: { tenantId: string | null; organizationId: string | null }): Promise<void> {\n if (!this.cache) return\n\n const tags = [\n this.getUserTag(userId),\n 'rbac:all'\n ]\n\n if (scope.tenantId) {\n tags.push(this.getTenantTag(scope.tenantId))\n }\n\n if (scope.organizationId) {\n tags.push(this.getOrganizationTag(scope.organizationId))\n }\n\n await this.cache.set(cacheKey, data, {\n ttl: this.cacheTtlMs,\n tags\n })\n }\n\n /**\n * Invalidates cached ACL data for a specific user across all tenants and organizations.\n * Call this when a user's roles or user-specific ACL is modified.\n * \n * @param userId - The ID of the user whose cache should be invalidated\n */\n async invalidateUserCache(userId: string): Promise<void> {\n this.globalSuperAdminCache.delete(userId)\n await this.deleteCacheByTags([this.getUserTag(userId)])\n }\n\n /**\n * Invalidates cached ACL data for all users within a specific tenant.\n * Call this when a role's ACL is modified, since roles are tenant-scoped\n * and affect all users in that tenant who have that role.\n * \n * @param tenantId - The ID of the tenant whose cache should be invalidated\n */\n async invalidateTenantCache(tenantId: string): Promise<void> {\n this.globalSuperAdminCache.clear()\n await this.deleteCacheByTags([this.getTenantTag(tenantId)], [tenantId])\n }\n\n /**\n * Invalidates cached ACL data for all users within a specific organization.\n * Call this when organization-level permissions or visibility changes.\n * \n * @param organizationId - The ID of the organization whose cache should be invalidated\n */\n async invalidateOrganizationCache(organizationId: string): Promise<void> {\n await this.deleteCacheByTags([this.getOrganizationTag(organizationId)])\n }\n\n /**\n * Clears all cached ACL data.\n * Use this for bulk operations or system-wide ACL changes.\n */\n async invalidateAllCache(): Promise<void> {\n this.globalSuperAdminCache.clear()\n await this.deleteCacheByTags(['rbac:all'])\n }\n\n private async deleteCacheByTags(tags: string[], tenantHints?: Array<string | null>): Promise<void> {\n if (!this.cache) return\n const contexts = new Set<string | null>()\n const current = getCurrentCacheTenant()\n contexts.add(current ?? null)\n contexts.add(null)\n if (Array.isArray(tenantHints)) {\n for (const hint of tenantHints) {\n contexts.add(hint ?? null)\n }\n }\n for (const ctx of contexts) {\n if (ctx === current) {\n await this.cache.deleteByTags(tags)\n } else {\n await runWithCacheTenant(ctx, async () => {\n await this.cache!.deleteByTags(tags)\n })\n }\n }\n }\n\n private async isGlobalSuperAdmin(userId: string): Promise<boolean> {\n if (this.globalSuperAdminCache.has(userId)) return this.globalSuperAdminCache.get(userId)!\n const em = this.em.fork()\n const userSuper = await em.findOne(UserAcl, { user: userId as any, isSuperAdmin: true })\n if (userSuper && (userSuper as any).isSuperAdmin) {\n this.globalSuperAdminCache.set(userId, true)\n return true\n }\n const links = await findWithDecryption(\n em,\n UserRole,\n { user: userId as any },\n { populate: ['role'] },\n { tenantId: null, organizationId: null },\n )\n const linkList = Array.isArray(links) ? links : []\n if (!linkList.length) {\n this.globalSuperAdminCache.set(userId, false)\n return false\n }\n const roleIds = Array.from(new Set(linkList.map((link) => {\n const role = link.role as any\n return role?.id ? String(role.id) : null\n }).filter((id): id is string => typeof id === 'string' && id.length > 0)))\n if (!roleIds.length) {\n this.globalSuperAdminCache.set(userId, false)\n return false\n }\n const roleSuper = await em.findOne(RoleAcl, { isSuperAdmin: true, role: { $in: roleIds as any } } as any)\n const result = !!(roleSuper && (roleSuper as any).isSuperAdmin)\n this.globalSuperAdminCache.set(userId, result)\n return result\n }\n\n /**\n * Loads the Access Control List (ACL) for a user within a given scope.\n * \n * The ACL resolution follows this priority:\n * 1. Per-user ACL (UserAcl) - if exists, use it exclusively\n * 2. Aggregated role ACLs (RoleAcl) - combine permissions from all user's roles\n * \n * Results are cached for performance (default 5 minutes TTL).\n * Cache is automatically invalidated when ACL-related data changes.\n * \n * @param userId - The ID of the user\n * @param scope - The tenant and organization context for ACL evaluation\n * @returns An object containing:\n * - isSuperAdmin: If true, user has unrestricted access to all features\n * - features: Array of feature strings (may include wildcards like 'entities.*')\n * - organizations: Array of organization IDs user can access, or null for all organizations\n * \n * @example\n * const acl = await rbacService.loadAcl('user-123', { tenantId: 'tenant-1', organizationId: 'org-1' })\n * // Returns: { isSuperAdmin: false, features: ['users.view', 'entities.*'], organizations: ['org-1', 'org-2'] }\n */\n async loadAcl(userId: string, scope: { tenantId: string | null; organizationId: string | null }): Promise<{\n isSuperAdmin: boolean\n features: string[]\n organizations: string[] | null\n }> {\n const cacheKey = this.getCacheKey(userId, scope)\n const cached = await this.getFromCache(cacheKey)\n if (cached) return cached\n\n if (!userId.startsWith('api_key:')) {\n if (await this.isGlobalSuperAdmin(userId)) {\n const result = { isSuperAdmin: true, features: ['*'], organizations: null }\n await this.setCache(cacheKey, result, userId, scope)\n return result\n }\n }\n\n if (userId.startsWith('api_key:')) {\n const apiKeyId = userId.slice('api_key:'.length)\n const em = this.em.fork()\n const key = await em.findOne(ApiKey, { id: apiKeyId, deletedAt: null })\n if (!key || (key.expiresAt && key.expiresAt.getTime() < Date.now())) {\n const result = { isSuperAdmin: false, features: [], organizations: null }\n await this.setCache(cacheKey, result, userId, scope)\n return result\n }\n const tenantId = scope.tenantId || key.tenantId || null\n const roleIds = Array.isArray(key.rolesJson) ? key.rolesJson.filter(Boolean) : []\n let isSuper = false\n const features: string[] = []\n let organizations: string[] | null = key.organizationId ? [key.organizationId] : null\n if (tenantId && roleIds.length) {\n const racls = await em.find(RoleAcl, { tenantId, role: { $in: roleIds as any } } as any)\n for (const acl of racls) {\n isSuper = isSuper || !!acl.isSuperAdmin\n if (Array.isArray(acl.featuresJson)) {\n for (const f of acl.featuresJson) if (!features.includes(f)) features.push(f)\n }\n if (organizations !== null) {\n if (acl.organizationsJson == null) {\n organizations = null\n } else {\n organizations = Array.from(new Set([...(organizations || []), ...acl.organizationsJson]))\n }\n }\n }\n }\n const result = { isSuperAdmin: isSuper, features, organizations }\n await this.setCache(cacheKey, result, userId, scope)\n return result\n }\n\n // Use a forked EntityManager to avoid inheriting an aborted transaction from callers\n const em = this.em.fork()\n const user = await em.findOne(User, { id: userId })\n if (!user) {\n const result = { isSuperAdmin: false, features: [], organizations: null }\n await this.setCache(cacheKey, result, userId, scope)\n return result\n }\n const tenantId = scope.tenantId || user.tenantId || null\n const orgId = scope.organizationId || user.organizationId || null\n\n if (!tenantId) {\n const result = { isSuperAdmin: false, features: [], organizations: null }\n await this.setCache(cacheKey, result, userId, scope)\n return result\n }\n\n // Per-user ACL first\n const uacl = await em.findOne(UserAcl, { user: userId as any, tenantId })\n if (uacl) {\n const result = {\n isSuperAdmin: !!uacl.isSuperAdmin,\n features: Array.isArray(uacl.featuresJson) ? (uacl.featuresJson as string[]) : [],\n organizations: Array.isArray(uacl.organizationsJson) ? (uacl.organizationsJson as string[]) : null,\n }\n await this.setCache(cacheKey, result, userId, scope)\n return result\n }\n\n // Aggregate role ACLs\n const links = await findWithDecryption(\n em,\n UserRole,\n { user: userId as any, role: { tenantId } } as any,\n { populate: ['role'] },\n { tenantId, organizationId: orgId },\n )\n const linkList = Array.isArray(links) ? links : []\n const roleIds = linkList.map((l) => (l.role as any)?.id).filter(Boolean)\n let isSuper = false\n const features: string[] = []\n let organizations: string[] | null = []\n if (roleIds.length) {\n const racls = await em.find(RoleAcl, { tenantId, role: { $in: roleIds as any } } as any, {})\n const roleAcls = Array.isArray(racls) ? racls : []\n for (const r of roleAcls) {\n isSuper = isSuper || !!r.isSuperAdmin\n if (Array.isArray(r.featuresJson)) for (const f of r.featuresJson) if (!features.includes(f)) features.push(f)\n if (organizations !== null) {\n if (r.organizationsJson == null) organizations = null\n else organizations = Array.from(new Set([...(organizations || []), ...r.organizationsJson]))\n }\n }\n }\n if (organizations && orgId && !organizations.includes(orgId)) {\n // Out-of-scope org; caller will enforce\n }\n const result = { isSuperAdmin: isSuper, features, organizations }\n await this.setCache(cacheKey, result, userId, scope)\n return result\n }\n\n /**\n * Checks if a user has all required features within a given scope.\n * \n * This is the primary authorization check method used throughout the application.\n * It combines feature checking with organization visibility validation.\n * \n * Authorization logic:\n * 1. No features required \u2192 always returns true\n * 2. User is super admin \u2192 always returns true\n * 3. Organization restriction check: If the user's ACL has a restricted organization list\n * and the requested organization is not in that list \u2192 returns false\n * 4. Feature matching: User must have all required features (supports wildcards)\n * \n * @param userId - The ID of the user\n * @param required - Array of feature strings to check (e.g., ['users.view', 'users.edit'])\n * @param scope - The tenant and organization context for authorization\n * @returns true if the user has all required features and organization access, false otherwise\n * \n * @example\n * // Check if user can view and edit users\n * const canManageUsers = await rbacService.userHasAllFeatures(\n * 'user-123',\n * ['users.view', 'users.edit'],\n * { tenantId: 'tenant-1', organizationId: 'org-1' }\n * )\n * \n * @example\n * // Check with wildcard features\n * const canAccessEntities = await rbacService.userHasAllFeatures(\n * 'user-123',\n * ['entities.records.view'],\n * { tenantId: 'tenant-1', organizationId: 'org-1' }\n * )\n * // Returns true if user has 'entities.*', '*', or 'entities.records.view'\n */\n async userHasAllFeatures(userId: string, required: string[], scope: { tenantId: string | null; organizationId: string | null }): Promise<boolean> {\n if (!required.length) return true\n const acl = await this.loadAcl(userId, scope)\n if (acl.isSuperAdmin) return true\n if (acl.organizations && scope.organizationId && !acl.organizations.includes(scope.organizationId)) return false\n return this.hasAllFeatures(required, acl.features)\n }\n}\n"],
|
|
5
|
-
"mappings": "AAEA,SAAS,uBAAuB,0BAA0B;AAC1D,SAAS,SAAS,SAAS,MAAM,gBAAgB;AACjD,SAAS,cAAc;AACvB,SAAS,0BAA0B;AAQnC,SAAS,UAAU,OAAkC;AACnD,MAAI,OAAO,UAAU,YAAY,UAAU,KAAM,QAAO;AACxD,QAAM,SAAS;AACf,MAAI,OAAO,OAAO,iBAAiB,UAAW,QAAO;AACrD,MAAI,CAAC,MAAM,QAAQ,OAAO,QAAQ,KAAK,OAAO,SAAS,KAAK,CAAC,YAAY,OAAO,YAAY,QAAQ,EAAG,QAAO;AAC9G,MAAI,OAAO,kBAAkB,QAAQ,OAAO,kBAAkB,QAAW;AACvE,QAAI,CAAC,MAAM,QAAQ,OAAO,aAAa,EAAG,QAAO;AACjD,QAAI,OAAO,cAAc,KAAK,CAAC,QAAQ,OAAO,QAAQ,QAAQ,EAAG,QAAO;AAAA,EAC1E;AACA,SAAO;AACT;AAEO,MAAM,YAAY;AAAA,EAKvB,YAAoB,IAAmB,OAAuB;AAA1C;AAJpB,SAAQ,aAAqB,IAAI,KAAK;AACtC;AAAA,SAAQ,QAA8B;AACtC,SAAQ,wBAAwB,oBAAI,IAAqB;AAGvD,SAAK,QAAQ,SAAS;AAAA,EACxB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,YAAY,OAAe;AACzB,SAAK,aAAa;AAAA,EACpB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAsBQ,aAAa,UAAkB,SAA0B;AAC/D,QAAI,YAAY,IAAK,QAAO;AAC5B,QAAI,QAAQ,SAAS,IAAI,GAAG;AAC1B,YAAM,SAAS,QAAQ,MAAM,GAAG,EAAE;AAClC,aAAO,aAAa,UAAU,SAAS,WAAW,SAAS,GAAG;AAAA,IAChE;AACA,WAAO,YAAY;AAAA,EACrB;AAAA,
|
|
4
|
+
"sourcesContent": ["import type { EntityManager } from '@mikro-orm/postgresql'\nimport type { CacheStrategy } from '@open-mercato/cache'\nimport { getCurrentCacheTenant, runWithCacheTenant } from '@open-mercato/cache'\nimport { UserAcl, RoleAcl, User, UserRole } from '@open-mercato/core/modules/auth/data/entities'\nimport { ApiKey } from '@open-mercato/core/modules/api_keys/data/entities'\nimport { findWithDecryption } from '@open-mercato/shared/lib/encryption/find'\n\ninterface AclData {\n isSuperAdmin: boolean\n features: string[]\n organizations: string[] | null\n}\n\nfunction isAclData(value: unknown): value is AclData {\n if (typeof value !== 'object' || value === null) return false\n const record = value as Partial<AclData>\n if (typeof record.isSuperAdmin !== 'boolean') return false\n if (!Array.isArray(record.features) || record.features.some((feature) => typeof feature !== 'string')) return false\n if (record.organizations !== null && record.organizations !== undefined) {\n if (!Array.isArray(record.organizations)) return false\n if (record.organizations.some((org) => typeof org !== 'string')) return false\n }\n return true\n}\n\nexport class RbacService {\n private cacheTtlMs: number = 5 * 60 * 1000 // 5 minutes default\n private cache: CacheStrategy | null = null\n private globalSuperAdminCache = new Map<string, boolean>()\n\n constructor(private em: EntityManager, cache?: CacheStrategy) {\n this.cache = cache || null\n }\n\n /**\n * Set cache TTL in milliseconds\n * @param ttlMs - Time to live in milliseconds\n */\n setCacheTtl(ttlMs: number) {\n this.cacheTtlMs = ttlMs\n }\n\n /**\n * Checks if a required feature is satisfied by a granted feature permission.\n * \n * Wildcard patterns:\n * - `*` (global wildcard): Grants access to all features\n * - `prefix.*` (module wildcard): Grants access to all features starting with `prefix.`\n * and also the exact prefix itself (e.g., `entities.*` matches both `entities` and `entities.records.view`)\n * - Exact match: Feature must match exactly (e.g., `users.view` only matches `users.view`)\n * \n * @param required - The feature being requested (e.g., 'entities.records.view')\n * @param granted - The feature permission granted (e.g., 'entities.*' or '*')\n * @returns true if the granted permission satisfies the required feature\n * \n * @example\n * matchFeature('users.view', '*') // true - global wildcard\n * matchFeature('entities.records.view', 'entities.*') // true - module wildcard\n * matchFeature('entities', 'entities.*') // true - exact prefix match\n * matchFeature('users.view', 'entities.*') // false - different module\n * matchFeature('users.view', 'users.view') // true - exact match\n */\n private matchFeature(required: string, granted: string): boolean {\n if (granted === '*') return true\n if (granted.endsWith('.*')) {\n const prefix = granted.slice(0, -2)\n return required === prefix || required.startsWith(prefix + '.')\n }\n return granted === required\n }\n\n public hasAllFeatures(required: string[], granted: string[]): boolean {\n if (!required.length) return true\n if (!granted.length) return false\n return required.every((req) => granted.some((g) => this.matchFeature(req, g)))\n }\n\n private getCacheKey(userId: string, scope: { tenantId: string | null; organizationId: string | null }): string {\n return `rbac:${userId}:${scope.tenantId || 'null'}:${scope.organizationId || 'null'}`\n }\n\n private getUserTag(userId: string): string {\n return `rbac:user:${userId}`\n }\n\n private getTenantTag(tenantId: string): string {\n return `rbac:tenant:${tenantId}`\n }\n\n private getOrganizationTag(organizationId: string): string {\n return `rbac:org:${organizationId}`\n }\n\n private async getFromCache(cacheKey: string): Promise<AclData | null> {\n if (!this.cache) return null\n const cached = await this.cache.get(cacheKey)\n if (!cached) return null\n return isAclData(cached) ? cached : null\n }\n\n private async setCache(cacheKey: string, data: AclData, userId: string, scope: { tenantId: string | null; organizationId: string | null }): Promise<void> {\n if (!this.cache) return\n\n const tags = [\n this.getUserTag(userId),\n 'rbac:all'\n ]\n\n if (scope.tenantId) {\n tags.push(this.getTenantTag(scope.tenantId))\n }\n\n if (scope.organizationId) {\n tags.push(this.getOrganizationTag(scope.organizationId))\n }\n\n await this.cache.set(cacheKey, data, {\n ttl: this.cacheTtlMs,\n tags\n })\n }\n\n /**\n * Invalidates cached ACL data for a specific user across all tenants and organizations.\n * Call this when a user's roles or user-specific ACL is modified.\n * \n * @param userId - The ID of the user whose cache should be invalidated\n */\n async invalidateUserCache(userId: string): Promise<void> {\n this.globalSuperAdminCache.delete(userId)\n await this.deleteCacheByTags([this.getUserTag(userId)])\n }\n\n /**\n * Invalidates cached ACL data for all users within a specific tenant.\n * Call this when a role's ACL is modified, since roles are tenant-scoped\n * and affect all users in that tenant who have that role.\n * \n * @param tenantId - The ID of the tenant whose cache should be invalidated\n */\n async invalidateTenantCache(tenantId: string): Promise<void> {\n this.globalSuperAdminCache.clear()\n await this.deleteCacheByTags([this.getTenantTag(tenantId)], [tenantId])\n }\n\n /**\n * Invalidates cached ACL data for all users within a specific organization.\n * Call this when organization-level permissions or visibility changes.\n * \n * @param organizationId - The ID of the organization whose cache should be invalidated\n */\n async invalidateOrganizationCache(organizationId: string): Promise<void> {\n await this.deleteCacheByTags([this.getOrganizationTag(organizationId)])\n }\n\n /**\n * Clears all cached ACL data.\n * Use this for bulk operations or system-wide ACL changes.\n */\n async invalidateAllCache(): Promise<void> {\n this.globalSuperAdminCache.clear()\n await this.deleteCacheByTags(['rbac:all'])\n }\n\n private async deleteCacheByTags(tags: string[], tenantHints?: Array<string | null>): Promise<void> {\n if (!this.cache) return\n const contexts = new Set<string | null>()\n const current = getCurrentCacheTenant()\n contexts.add(current ?? null)\n contexts.add(null)\n if (Array.isArray(tenantHints)) {\n for (const hint of tenantHints) {\n contexts.add(hint ?? null)\n }\n }\n for (const ctx of contexts) {\n if (ctx === current) {\n await this.cache.deleteByTags(tags)\n } else {\n await runWithCacheTenant(ctx, async () => {\n await this.cache!.deleteByTags(tags)\n })\n }\n }\n }\n\n private async isGlobalSuperAdmin(userId: string): Promise<boolean> {\n if (this.globalSuperAdminCache.has(userId)) return this.globalSuperAdminCache.get(userId)!\n const em = this.em.fork()\n const userSuper = await em.findOne(UserAcl, { user: userId as any, isSuperAdmin: true })\n if (userSuper && (userSuper as any).isSuperAdmin) {\n this.globalSuperAdminCache.set(userId, true)\n return true\n }\n const links = await findWithDecryption(\n em,\n UserRole,\n { user: userId as any },\n { populate: ['role'] },\n { tenantId: null, organizationId: null },\n )\n const linkList = Array.isArray(links) ? links : []\n if (!linkList.length) {\n this.globalSuperAdminCache.set(userId, false)\n return false\n }\n const roleIds = Array.from(new Set(linkList.map((link) => {\n const role = link.role as any\n return role?.id ? String(role.id) : null\n }).filter((id): id is string => typeof id === 'string' && id.length > 0)))\n if (!roleIds.length) {\n this.globalSuperAdminCache.set(userId, false)\n return false\n }\n const roleSuper = await em.findOne(RoleAcl, { isSuperAdmin: true, role: { $in: roleIds as any } } as any)\n const result = !!(roleSuper && (roleSuper as any).isSuperAdmin)\n this.globalSuperAdminCache.set(userId, result)\n return result\n }\n\n /**\n * Loads the Access Control List (ACL) for a user within a given scope.\n * \n * The ACL resolution follows this priority:\n * 1. Per-user ACL (UserAcl) - if exists, use it exclusively\n * 2. Aggregated role ACLs (RoleAcl) - combine permissions from all user's roles\n * \n * Results are cached for performance (default 5 minutes TTL).\n * Cache is automatically invalidated when ACL-related data changes.\n * \n * @param userId - The ID of the user\n * @param scope - The tenant and organization context for ACL evaluation\n * @returns An object containing:\n * - isSuperAdmin: If true, user has unrestricted access to all features\n * - features: Array of feature strings (may include wildcards like 'entities.*')\n * - organizations: Array of organization IDs user can access, or null for all organizations\n * \n * @example\n * const acl = await rbacService.loadAcl('user-123', { tenantId: 'tenant-1', organizationId: 'org-1' })\n * // Returns: { isSuperAdmin: false, features: ['users.view', 'entities.*'], organizations: ['org-1', 'org-2'] }\n */\n async loadAcl(userId: string, scope: { tenantId: string | null; organizationId: string | null }): Promise<{\n isSuperAdmin: boolean\n features: string[]\n organizations: string[] | null\n }> {\n const cacheKey = this.getCacheKey(userId, scope)\n const cached = await this.getFromCache(cacheKey)\n if (cached) return cached\n\n if (!userId.startsWith('api_key:')) {\n if (await this.isGlobalSuperAdmin(userId)) {\n const result = { isSuperAdmin: true, features: ['*'], organizations: null }\n await this.setCache(cacheKey, result, userId, scope)\n return result\n }\n }\n\n if (userId.startsWith('api_key:')) {\n const apiKeyId = userId.slice('api_key:'.length)\n const em = this.em.fork()\n const key = await em.findOne(ApiKey, { id: apiKeyId, deletedAt: null })\n if (!key || (key.expiresAt && key.expiresAt.getTime() < Date.now())) {\n const result = { isSuperAdmin: false, features: [], organizations: null }\n await this.setCache(cacheKey, result, userId, scope)\n return result\n }\n const tenantId = scope.tenantId || key.tenantId || null\n const roleIds = Array.isArray(key.rolesJson) ? key.rolesJson.filter(Boolean) : []\n let isSuper = false\n const features: string[] = []\n let organizations: string[] | null = key.organizationId ? [key.organizationId] : null\n if (tenantId && roleIds.length) {\n const racls = await em.find(RoleAcl, { tenantId, role: { $in: roleIds as any } } as any)\n for (const acl of racls) {\n isSuper = isSuper || !!acl.isSuperAdmin\n if (Array.isArray(acl.featuresJson)) {\n for (const f of acl.featuresJson) if (!features.includes(f)) features.push(f)\n }\n if (organizations !== null) {\n if (acl.organizationsJson == null) {\n organizations = null\n } else {\n organizations = Array.from(new Set([...(organizations || []), ...acl.organizationsJson]))\n }\n }\n }\n }\n const result = { isSuperAdmin: isSuper, features, organizations }\n await this.setCache(cacheKey, result, userId, scope)\n return result\n }\n\n // Use a forked EntityManager to avoid inheriting an aborted transaction from callers\n const em = this.em.fork()\n const user = await em.findOne(User, { id: userId })\n if (!user) {\n const result = { isSuperAdmin: false, features: [], organizations: null }\n await this.setCache(cacheKey, result, userId, scope)\n return result\n }\n const tenantId = scope.tenantId || user.tenantId || null\n const orgId = scope.organizationId || user.organizationId || null\n\n if (!tenantId) {\n const result = { isSuperAdmin: false, features: [], organizations: null }\n await this.setCache(cacheKey, result, userId, scope)\n return result\n }\n\n // Per-user ACL first\n const uacl = await em.findOne(UserAcl, { user: userId as any, tenantId })\n if (uacl) {\n const result = {\n isSuperAdmin: !!uacl.isSuperAdmin,\n features: Array.isArray(uacl.featuresJson) ? (uacl.featuresJson as string[]) : [],\n organizations: Array.isArray(uacl.organizationsJson) ? (uacl.organizationsJson as string[]) : null,\n }\n await this.setCache(cacheKey, result, userId, scope)\n return result\n }\n\n // Aggregate role ACLs\n const links = await findWithDecryption(\n em,\n UserRole,\n { user: userId as any, role: { tenantId } } as any,\n { populate: ['role'] },\n { tenantId, organizationId: orgId },\n )\n const linkList = Array.isArray(links) ? links : []\n const roleIds = linkList.map((l) => (l.role as any)?.id).filter(Boolean)\n let isSuper = false\n const features: string[] = []\n let organizations: string[] | null = []\n if (roleIds.length) {\n const racls = await em.find(RoleAcl, { tenantId, role: { $in: roleIds as any } } as any, {})\n const roleAcls = Array.isArray(racls) ? racls : []\n for (const r of roleAcls) {\n isSuper = isSuper || !!r.isSuperAdmin\n if (Array.isArray(r.featuresJson)) for (const f of r.featuresJson) if (!features.includes(f)) features.push(f)\n if (organizations !== null) {\n if (r.organizationsJson == null) organizations = null\n else organizations = Array.from(new Set([...(organizations || []), ...r.organizationsJson]))\n }\n }\n }\n if (organizations && orgId && !organizations.includes(orgId)) {\n // Out-of-scope org; caller will enforce\n }\n const result = { isSuperAdmin: isSuper, features, organizations }\n await this.setCache(cacheKey, result, userId, scope)\n return result\n }\n\n /**\n * Checks if a user has all required features within a given scope.\n * \n * This is the primary authorization check method used throughout the application.\n * It combines feature checking with organization visibility validation.\n * \n * Authorization logic:\n * 1. No features required \u2192 always returns true\n * 2. User is super admin \u2192 always returns true\n * 3. Organization restriction check: If the user's ACL has a restricted organization list\n * and the requested organization is not in that list \u2192 returns false\n * 4. Feature matching: User must have all required features (supports wildcards)\n * \n * @param userId - The ID of the user\n * @param required - Array of feature strings to check (e.g., ['users.view', 'users.edit'])\n * @param scope - The tenant and organization context for authorization\n * @returns true if the user has all required features and organization access, false otherwise\n * \n * @example\n * // Check if user can view and edit users\n * const canManageUsers = await rbacService.userHasAllFeatures(\n * 'user-123',\n * ['users.view', 'users.edit'],\n * { tenantId: 'tenant-1', organizationId: 'org-1' }\n * )\n * \n * @example\n * // Check with wildcard features\n * const canAccessEntities = await rbacService.userHasAllFeatures(\n * 'user-123',\n * ['entities.records.view'],\n * { tenantId: 'tenant-1', organizationId: 'org-1' }\n * )\n * // Returns true if user has 'entities.*', '*', or 'entities.records.view'\n */\n async userHasAllFeatures(userId: string, required: string[], scope: { tenantId: string | null; organizationId: string | null }): Promise<boolean> {\n if (!required.length) return true\n const acl = await this.loadAcl(userId, scope)\n if (acl.isSuperAdmin) return true\n if (acl.organizations && scope.organizationId && !acl.organizations.includes(scope.organizationId)) return false\n return this.hasAllFeatures(required, acl.features)\n }\n}\n"],
|
|
5
|
+
"mappings": "AAEA,SAAS,uBAAuB,0BAA0B;AAC1D,SAAS,SAAS,SAAS,MAAM,gBAAgB;AACjD,SAAS,cAAc;AACvB,SAAS,0BAA0B;AAQnC,SAAS,UAAU,OAAkC;AACnD,MAAI,OAAO,UAAU,YAAY,UAAU,KAAM,QAAO;AACxD,QAAM,SAAS;AACf,MAAI,OAAO,OAAO,iBAAiB,UAAW,QAAO;AACrD,MAAI,CAAC,MAAM,QAAQ,OAAO,QAAQ,KAAK,OAAO,SAAS,KAAK,CAAC,YAAY,OAAO,YAAY,QAAQ,EAAG,QAAO;AAC9G,MAAI,OAAO,kBAAkB,QAAQ,OAAO,kBAAkB,QAAW;AACvE,QAAI,CAAC,MAAM,QAAQ,OAAO,aAAa,EAAG,QAAO;AACjD,QAAI,OAAO,cAAc,KAAK,CAAC,QAAQ,OAAO,QAAQ,QAAQ,EAAG,QAAO;AAAA,EAC1E;AACA,SAAO;AACT;AAEO,MAAM,YAAY;AAAA,EAKvB,YAAoB,IAAmB,OAAuB;AAA1C;AAJpB,SAAQ,aAAqB,IAAI,KAAK;AACtC;AAAA,SAAQ,QAA8B;AACtC,SAAQ,wBAAwB,oBAAI,IAAqB;AAGvD,SAAK,QAAQ,SAAS;AAAA,EACxB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,YAAY,OAAe;AACzB,SAAK,aAAa;AAAA,EACpB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAsBQ,aAAa,UAAkB,SAA0B;AAC/D,QAAI,YAAY,IAAK,QAAO;AAC5B,QAAI,QAAQ,SAAS,IAAI,GAAG;AAC1B,YAAM,SAAS,QAAQ,MAAM,GAAG,EAAE;AAClC,aAAO,aAAa,UAAU,SAAS,WAAW,SAAS,GAAG;AAAA,IAChE;AACA,WAAO,YAAY;AAAA,EACrB;AAAA,EAEO,eAAe,UAAoB,SAA4B;AACpE,QAAI,CAAC,SAAS,OAAQ,QAAO;AAC7B,QAAI,CAAC,QAAQ,OAAQ,QAAO;AAC5B,WAAO,SAAS,MAAM,CAAC,QAAQ,QAAQ,KAAK,CAAC,MAAM,KAAK,aAAa,KAAK,CAAC,CAAC,CAAC;AAAA,EAC/E;AAAA,EAEQ,YAAY,QAAgB,OAA2E;AAC7G,WAAO,QAAQ,MAAM,IAAI,MAAM,YAAY,MAAM,IAAI,MAAM,kBAAkB,MAAM;AAAA,EACrF;AAAA,EAEQ,WAAW,QAAwB;AACzC,WAAO,aAAa,MAAM;AAAA,EAC5B;AAAA,EAEQ,aAAa,UAA0B;AAC7C,WAAO,eAAe,QAAQ;AAAA,EAChC;AAAA,EAEQ,mBAAmB,gBAAgC;AACzD,WAAO,YAAY,cAAc;AAAA,EACnC;AAAA,EAEA,MAAc,aAAa,UAA2C;AACpE,QAAI,CAAC,KAAK,MAAO,QAAO;AACxB,UAAM,SAAS,MAAM,KAAK,MAAM,IAAI,QAAQ;AAC5C,QAAI,CAAC,OAAQ,QAAO;AACpB,WAAO,UAAU,MAAM,IAAI,SAAS;AAAA,EACtC;AAAA,EAEA,MAAc,SAAS,UAAkB,MAAe,QAAgB,OAAkF;AACxJ,QAAI,CAAC,KAAK,MAAO;AAEjB,UAAM,OAAO;AAAA,MACX,KAAK,WAAW,MAAM;AAAA,MACtB;AAAA,IACF;AAEA,QAAI,MAAM,UAAU;AAClB,WAAK,KAAK,KAAK,aAAa,MAAM,QAAQ,CAAC;AAAA,IAC7C;AAEA,QAAI,MAAM,gBAAgB;AACxB,WAAK,KAAK,KAAK,mBAAmB,MAAM,cAAc,CAAC;AAAA,IACzD;AAEA,UAAM,KAAK,MAAM,IAAI,UAAU,MAAM;AAAA,MACnC,KAAK,KAAK;AAAA,MACV;AAAA,IACF,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,oBAAoB,QAA+B;AACvD,SAAK,sBAAsB,OAAO,MAAM;AACxC,UAAM,KAAK,kBAAkB,CAAC,KAAK,WAAW,MAAM,CAAC,CAAC;AAAA,EACxD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAM,sBAAsB,UAAiC;AAC3D,SAAK,sBAAsB,MAAM;AACjC,UAAM,KAAK,kBAAkB,CAAC,KAAK,aAAa,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC;AAAA,EACxE;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,4BAA4B,gBAAuC;AACvE,UAAM,KAAK,kBAAkB,CAAC,KAAK,mBAAmB,cAAc,CAAC,CAAC;AAAA,EACxE;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,qBAAoC;AACxC,SAAK,sBAAsB,MAAM;AACjC,UAAM,KAAK,kBAAkB,CAAC,UAAU,CAAC;AAAA,EAC3C;AAAA,EAEA,MAAc,kBAAkB,MAAgB,aAAmD;AACjG,QAAI,CAAC,KAAK,MAAO;AACjB,UAAM,WAAW,oBAAI,IAAmB;AACxC,UAAM,UAAU,sBAAsB;AACtC,aAAS,IAAI,WAAW,IAAI;AAC5B,aAAS,IAAI,IAAI;AACjB,QAAI,MAAM,QAAQ,WAAW,GAAG;AAC9B,iBAAW,QAAQ,aAAa;AAC9B,iBAAS,IAAI,QAAQ,IAAI;AAAA,MAC3B;AAAA,IACF;AACA,eAAW,OAAO,UAAU;AAC1B,UAAI,QAAQ,SAAS;AACnB,cAAM,KAAK,MAAM,aAAa,IAAI;AAAA,MACpC,OAAO;AACL,cAAM,mBAAmB,KAAK,YAAY;AACxC,gBAAM,KAAK,MAAO,aAAa,IAAI;AAAA,QACrC,CAAC;AAAA,MACH;AAAA,IACF;AAAA,EACF;AAAA,EAEA,MAAc,mBAAmB,QAAkC;AACjE,QAAI,KAAK,sBAAsB,IAAI,MAAM,EAAG,QAAO,KAAK,sBAAsB,IAAI,MAAM;AACxF,UAAM,KAAK,KAAK,GAAG,KAAK;AACxB,UAAM,YAAY,MAAM,GAAG,QAAQ,SAAS,EAAE,MAAM,QAAe,cAAc,KAAK,CAAC;AACvF,QAAI,aAAc,UAAkB,cAAc;AAChD,WAAK,sBAAsB,IAAI,QAAQ,IAAI;AAC3C,aAAO;AAAA,IACT;AACA,UAAM,QAAQ,MAAM;AAAA,MAClB;AAAA,MACA;AAAA,MACA,EAAE,MAAM,OAAc;AAAA,MACtB,EAAE,UAAU,CAAC,MAAM,EAAE;AAAA,MACrB,EAAE,UAAU,MAAM,gBAAgB,KAAK;AAAA,IACzC;AACA,UAAM,WAAW,MAAM,QAAQ,KAAK,IAAI,QAAQ,CAAC;AACjD,QAAI,CAAC,SAAS,QAAQ;AACpB,WAAK,sBAAsB,IAAI,QAAQ,KAAK;AAC5C,aAAO;AAAA,IACT;AACA,UAAM,UAAU,MAAM,KAAK,IAAI,IAAI,SAAS,IAAI,CAAC,SAAS;AACxD,YAAM,OAAO,KAAK;AAClB,aAAO,MAAM,KAAK,OAAO,KAAK,EAAE,IAAI;AAAA,IACtC,CAAC,EAAE,OAAO,CAAC,OAAqB,OAAO,OAAO,YAAY,GAAG,SAAS,CAAC,CAAC,CAAC;AACzE,QAAI,CAAC,QAAQ,QAAQ;AACnB,WAAK,sBAAsB,IAAI,QAAQ,KAAK;AAC5C,aAAO;AAAA,IACT;AACA,UAAM,YAAY,MAAM,GAAG,QAAQ,SAAS,EAAE,cAAc,MAAM,MAAM,EAAE,KAAK,QAAe,EAAE,CAAQ;AACxG,UAAM,SAAS,CAAC,EAAE,aAAc,UAAkB;AAClD,SAAK,sBAAsB,IAAI,QAAQ,MAAM;AAC7C,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAuBA,MAAM,QAAQ,QAAgB,OAI3B;AACD,UAAM,WAAW,KAAK,YAAY,QAAQ,KAAK;AAC/C,UAAM,SAAS,MAAM,KAAK,aAAa,QAAQ;AAC/C,QAAI,OAAQ,QAAO;AAEnB,QAAI,CAAC,OAAO,WAAW,UAAU,GAAG;AAClC,UAAI,MAAM,KAAK,mBAAmB,MAAM,GAAG;AACzC,cAAMA,UAAS,EAAE,cAAc,MAAM,UAAU,CAAC,GAAG,GAAG,eAAe,KAAK;AAC1E,cAAM,KAAK,SAAS,UAAUA,SAAQ,QAAQ,KAAK;AACnD,eAAOA;AAAA,MACT;AAAA,IACF;AAEA,QAAI,OAAO,WAAW,UAAU,GAAG;AACjC,YAAM,WAAW,OAAO,MAAM,WAAW,MAAM;AAC/C,YAAMC,MAAK,KAAK,GAAG,KAAK;AACxB,YAAM,MAAM,MAAMA,IAAG,QAAQ,QAAQ,EAAE,IAAI,UAAU,WAAW,KAAK,CAAC;AACtE,UAAI,CAAC,OAAQ,IAAI,aAAa,IAAI,UAAU,QAAQ,IAAI,KAAK,IAAI,GAAI;AACnE,cAAMD,UAAS,EAAE,cAAc,OAAO,UAAU,CAAC,GAAG,eAAe,KAAK;AACxE,cAAM,KAAK,SAAS,UAAUA,SAAQ,QAAQ,KAAK;AACnD,eAAOA;AAAA,MACT;AACA,YAAME,YAAW,MAAM,YAAY,IAAI,YAAY;AACnD,YAAMC,WAAU,MAAM,QAAQ,IAAI,SAAS,IAAI,IAAI,UAAU,OAAO,OAAO,IAAI,CAAC;AAChF,UAAIC,WAAU;AACd,YAAMC,YAAqB,CAAC;AAC5B,UAAIC,iBAAiC,IAAI,iBAAiB,CAAC,IAAI,cAAc,IAAI;AACjF,UAAIJ,aAAYC,SAAQ,QAAQ;AAC9B,cAAM,QAAQ,MAAMF,IAAG,KAAK,SAAS,EAAE,UAAAC,WAAU,MAAM,EAAE,KAAKC,SAAe,EAAE,CAAQ;AACvF,mBAAW,OAAO,OAAO;AACvB,UAAAC,WAAUA,YAAW,CAAC,CAAC,IAAI;AAC3B,cAAI,MAAM,QAAQ,IAAI,YAAY,GAAG;AACnC,uBAAW,KAAK,IAAI,aAAc,KAAI,CAACC,UAAS,SAAS,CAAC,EAAG,CAAAA,UAAS,KAAK,CAAC;AAAA,UAC9E;AACA,cAAIC,mBAAkB,MAAM;AAC1B,gBAAI,IAAI,qBAAqB,MAAM;AACjC,cAAAA,iBAAgB;AAAA,YAClB,OAAO;AACL,cAAAA,iBAAgB,MAAM,KAAK,oBAAI,IAAI,CAAC,GAAIA,kBAAiB,CAAC,GAAI,GAAG,IAAI,iBAAiB,CAAC,CAAC;AAAA,YAC1F;AAAA,UACF;AAAA,QACF;AAAA,MACF;AACA,YAAMN,UAAS,EAAE,cAAcI,UAAS,UAAAC,WAAU,eAAAC,eAAc;AAChE,YAAM,KAAK,SAAS,UAAUN,SAAQ,QAAQ,KAAK;AACnD,aAAOA;AAAA,IACT;AAGA,UAAM,KAAK,KAAK,GAAG,KAAK;AACxB,UAAM,OAAO,MAAM,GAAG,QAAQ,MAAM,EAAE,IAAI,OAAO,CAAC;AAClD,QAAI,CAAC,MAAM;AACT,YAAMA,UAAS,EAAE,cAAc,OAAO,UAAU,CAAC,GAAG,eAAe,KAAK;AACxE,YAAM,KAAK,SAAS,UAAUA,SAAQ,QAAQ,KAAK;AACnD,aAAOA;AAAA,IACT;AACA,UAAM,WAAW,MAAM,YAAY,KAAK,YAAY;AACpD,UAAM,QAAQ,MAAM,kBAAkB,KAAK,kBAAkB;AAE7D,QAAI,CAAC,UAAU;AACb,YAAMA,UAAS,EAAE,cAAc,OAAO,UAAU,CAAC,GAAG,eAAe,KAAK;AACxE,YAAM,KAAK,SAAS,UAAUA,SAAQ,QAAQ,KAAK;AACnD,aAAOA;AAAA,IACT;AAGA,UAAM,OAAO,MAAM,GAAG,QAAQ,SAAS,EAAE,MAAM,QAAe,SAAS,CAAC;AACxE,QAAI,MAAM;AACR,YAAMA,UAAS;AAAA,QACb,cAAc,CAAC,CAAC,KAAK;AAAA,QACrB,UAAU,MAAM,QAAQ,KAAK,YAAY,IAAK,KAAK,eAA4B,CAAC;AAAA,QAChF,eAAe,MAAM,QAAQ,KAAK,iBAAiB,IAAK,KAAK,oBAAiC;AAAA,MAChG;AACA,YAAM,KAAK,SAAS,UAAUA,SAAQ,QAAQ,KAAK;AACnD,aAAOA;AAAA,IACT;AAGA,UAAM,QAAQ,MAAM;AAAA,MAClB;AAAA,MACA;AAAA,MACA,EAAE,MAAM,QAAe,MAAM,EAAE,SAAS,EAAE;AAAA,MAC1C,EAAE,UAAU,CAAC,MAAM,EAAE;AAAA,MACrB,EAAE,UAAU,gBAAgB,MAAM;AAAA,IACpC;AACA,UAAM,WAAW,MAAM,QAAQ,KAAK,IAAI,QAAQ,CAAC;AACjD,UAAM,UAAU,SAAS,IAAI,CAAC,MAAO,EAAE,MAAc,EAAE,EAAE,OAAO,OAAO;AACvE,QAAI,UAAU;AACd,UAAM,WAAqB,CAAC;AAC5B,QAAI,gBAAiC,CAAC;AACtC,QAAI,QAAQ,QAAQ;AAClB,YAAM,QAAQ,MAAM,GAAG,KAAK,SAAS,EAAE,UAAU,MAAM,EAAE,KAAK,QAAe,EAAE,GAAU,CAAC,CAAC;AAC3F,YAAM,WAAW,MAAM,QAAQ,KAAK,IAAI,QAAQ,CAAC;AACjD,iBAAW,KAAK,UAAU;AACxB,kBAAU,WAAW,CAAC,CAAC,EAAE;AACzB,YAAI,MAAM,QAAQ,EAAE,YAAY;AAAG,qBAAW,KAAK,EAAE,aAAc,KAAI,CAAC,SAAS,SAAS,CAAC,EAAG,UAAS,KAAK,CAAC;AAAA;AAC7G,YAAI,kBAAkB,MAAM;AAC1B,cAAI,EAAE,qBAAqB,KAAM,iBAAgB;AAAA,cAC5C,iBAAgB,MAAM,KAAK,oBAAI,IAAI,CAAC,GAAI,iBAAiB,CAAC,GAAI,GAAG,EAAE,iBAAiB,CAAC,CAAC;AAAA,QAC7F;AAAA,MACF;AAAA,IACF;AACA,QAAI,iBAAiB,SAAS,CAAC,cAAc,SAAS,KAAK,GAAG;AAAA,IAE9D;AACA,UAAM,SAAS,EAAE,cAAc,SAAS,UAAU,cAAc;AAChE,UAAM,KAAK,SAAS,UAAU,QAAQ,QAAQ,KAAK;AACnD,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAqCA,MAAM,mBAAmB,QAAgB,UAAoB,OAAqF;AAChJ,QAAI,CAAC,SAAS,OAAQ,QAAO;AAC7B,UAAM,MAAM,MAAM,KAAK,QAAQ,QAAQ,KAAK;AAC5C,QAAI,IAAI,aAAc,QAAO;AAC7B,QAAI,IAAI,iBAAiB,MAAM,kBAAkB,CAAC,IAAI,cAAc,SAAS,MAAM,cAAc,EAAG,QAAO;AAC3G,WAAO,KAAK,eAAe,UAAU,IAAI,QAAQ;AAAA,EACnD;AACF;",
|
|
6
6
|
"names": ["result", "em", "tenantId", "roleIds", "isSuper", "features", "organizations"]
|
|
7
7
|
}
|
|
@@ -0,0 +1,145 @@
|
|
|
1
|
+
import { NextResponse } from "next/server";
|
|
2
|
+
import { z } from "zod";
|
|
3
|
+
import { getAuthFromRequest } from "@open-mercato/shared/lib/auth/server";
|
|
4
|
+
import { createRequestContainer } from "@open-mercato/shared/lib/di/container";
|
|
5
|
+
import * as ruleEngine from "../../../lib/rule-engine.js";
|
|
6
|
+
const executeByIdRequestSchema = z.object({
|
|
7
|
+
data: z.any(),
|
|
8
|
+
dryRun: z.boolean().optional().default(false),
|
|
9
|
+
entityType: z.string().optional(),
|
|
10
|
+
entityId: z.string().optional(),
|
|
11
|
+
eventType: z.string().optional()
|
|
12
|
+
});
|
|
13
|
+
const executeByIdResponseSchema = z.object({
|
|
14
|
+
success: z.boolean(),
|
|
15
|
+
ruleId: z.string(),
|
|
16
|
+
ruleName: z.string(),
|
|
17
|
+
conditionResult: z.boolean(),
|
|
18
|
+
actionsExecuted: z.object({
|
|
19
|
+
success: z.boolean(),
|
|
20
|
+
results: z.array(z.object({
|
|
21
|
+
type: z.string(),
|
|
22
|
+
success: z.boolean(),
|
|
23
|
+
error: z.string().optional()
|
|
24
|
+
}))
|
|
25
|
+
}).nullable(),
|
|
26
|
+
executionTime: z.number(),
|
|
27
|
+
error: z.string().optional(),
|
|
28
|
+
logId: z.string().optional()
|
|
29
|
+
});
|
|
30
|
+
const errorResponseSchema = z.object({
|
|
31
|
+
error: z.string()
|
|
32
|
+
});
|
|
33
|
+
const routeMetadata = {
|
|
34
|
+
POST: { requireAuth: true, requireFeatures: ["business_rules.execute"] }
|
|
35
|
+
};
|
|
36
|
+
const metadata = routeMetadata;
|
|
37
|
+
async function POST(req, context) {
|
|
38
|
+
const auth = await getAuthFromRequest(req);
|
|
39
|
+
if (!auth) {
|
|
40
|
+
return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
|
|
41
|
+
}
|
|
42
|
+
const params = await context.params;
|
|
43
|
+
const ruleId = params.ruleId;
|
|
44
|
+
if (!ruleId || !z.uuid().safeParse(ruleId).success) {
|
|
45
|
+
return NextResponse.json({ error: "Invalid rule ID" }, { status: 400 });
|
|
46
|
+
}
|
|
47
|
+
const container = await createRequestContainer();
|
|
48
|
+
const em = container.resolve("em");
|
|
49
|
+
let body;
|
|
50
|
+
try {
|
|
51
|
+
body = await req.json();
|
|
52
|
+
} catch {
|
|
53
|
+
return NextResponse.json({ error: "Invalid JSON body" }, { status: 400 });
|
|
54
|
+
}
|
|
55
|
+
const parsed = executeByIdRequestSchema.safeParse(body);
|
|
56
|
+
if (!parsed.success) {
|
|
57
|
+
const errors = parsed.error.issues.map((e) => `${e.path.join(".")}: ${e.message}`);
|
|
58
|
+
return NextResponse.json({ error: `Validation failed: ${errors.join(", ")}` }, { status: 400 });
|
|
59
|
+
}
|
|
60
|
+
const { data, dryRun, entityType, entityId, eventType } = parsed.data;
|
|
61
|
+
const execContext = {
|
|
62
|
+
ruleId,
|
|
63
|
+
data,
|
|
64
|
+
user: {
|
|
65
|
+
id: auth.sub,
|
|
66
|
+
email: auth.email,
|
|
67
|
+
role: auth.role ?? void 0
|
|
68
|
+
},
|
|
69
|
+
tenantId: auth.tenantId ?? "",
|
|
70
|
+
organizationId: auth.orgId ?? "",
|
|
71
|
+
executedBy: auth.sub ?? auth.email ?? void 0,
|
|
72
|
+
dryRun,
|
|
73
|
+
entityType,
|
|
74
|
+
entityId,
|
|
75
|
+
eventType
|
|
76
|
+
};
|
|
77
|
+
try {
|
|
78
|
+
const result = await ruleEngine.executeRuleById(em, execContext);
|
|
79
|
+
const response = {
|
|
80
|
+
success: result.success,
|
|
81
|
+
ruleId: result.ruleId,
|
|
82
|
+
ruleName: result.ruleName,
|
|
83
|
+
conditionResult: result.conditionResult,
|
|
84
|
+
actionsExecuted: result.actionsExecuted ? {
|
|
85
|
+
success: result.actionsExecuted.success,
|
|
86
|
+
results: result.actionsExecuted.results.map((ar) => ({
|
|
87
|
+
type: ar.action.type,
|
|
88
|
+
success: ar.success,
|
|
89
|
+
error: ar.error
|
|
90
|
+
}))
|
|
91
|
+
} : null,
|
|
92
|
+
executionTime: result.executionTime,
|
|
93
|
+
error: result.error,
|
|
94
|
+
logId: result.logId
|
|
95
|
+
};
|
|
96
|
+
const status = result.success ? 200 : result.error === "Rule not found" ? 404 : 200;
|
|
97
|
+
return NextResponse.json(response, { status });
|
|
98
|
+
} catch (error) {
|
|
99
|
+
const errorMessage = error instanceof Error ? error.message : String(error);
|
|
100
|
+
return NextResponse.json(
|
|
101
|
+
{ error: `Rule execution failed: ${errorMessage}` },
|
|
102
|
+
{ status: 500 }
|
|
103
|
+
);
|
|
104
|
+
}
|
|
105
|
+
}
|
|
106
|
+
const openApi = {
|
|
107
|
+
tag: "Business Rules",
|
|
108
|
+
summary: "Execute a specific business rule by ID",
|
|
109
|
+
methods: {
|
|
110
|
+
POST: {
|
|
111
|
+
summary: "Execute a specific rule by its database UUID",
|
|
112
|
+
description: "Directly executes a specific business rule identified by its UUID, bypassing the normal entityType/eventType discovery mechanism. Useful for workflows and targeted rule execution.",
|
|
113
|
+
pathParams: z.object({
|
|
114
|
+
ruleId: z.string().uuid().describe("The database UUID of the business rule to execute")
|
|
115
|
+
}),
|
|
116
|
+
requestBody: {
|
|
117
|
+
contentType: "application/json",
|
|
118
|
+
schema: executeByIdRequestSchema
|
|
119
|
+
},
|
|
120
|
+
responses: [
|
|
121
|
+
{
|
|
122
|
+
status: 200,
|
|
123
|
+
description: "Rule executed successfully",
|
|
124
|
+
schema: executeByIdResponseSchema
|
|
125
|
+
},
|
|
126
|
+
{
|
|
127
|
+
status: 404,
|
|
128
|
+
description: "Rule not found",
|
|
129
|
+
schema: errorResponseSchema
|
|
130
|
+
}
|
|
131
|
+
],
|
|
132
|
+
errors: [
|
|
133
|
+
{ status: 400, description: "Invalid request payload or rule ID", schema: errorResponseSchema },
|
|
134
|
+
{ status: 401, description: "Unauthorized", schema: errorResponseSchema },
|
|
135
|
+
{ status: 500, description: "Execution error", schema: errorResponseSchema }
|
|
136
|
+
]
|
|
137
|
+
}
|
|
138
|
+
}
|
|
139
|
+
};
|
|
140
|
+
export {
|
|
141
|
+
POST,
|
|
142
|
+
metadata,
|
|
143
|
+
openApi
|
|
144
|
+
};
|
|
145
|
+
//# sourceMappingURL=route.js.map
|
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
{
|
|
2
|
+
"version": 3,
|
|
3
|
+
"sources": ["../../../../../../src/modules/business_rules/api/execute/%5BruleId%5D/route.ts"],
|
|
4
|
+
"sourcesContent": ["import { NextResponse } from 'next/server'\nimport { z } from 'zod'\nimport type { OpenApiRouteDoc } from '@open-mercato/shared/lib/openapi'\nimport { getAuthFromRequest } from '@open-mercato/shared/lib/auth/server'\nimport { createRequestContainer } from '@open-mercato/shared/lib/di/container'\nimport type { EntityManager } from '@mikro-orm/postgresql'\nimport * as ruleEngine from '../../../lib/rule-engine'\n\nconst executeByIdRequestSchema = z.object({\n data: z.any(),\n dryRun: z.boolean().optional().default(false),\n entityType: z.string().optional(),\n entityId: z.string().optional(),\n eventType: z.string().optional(),\n})\n\nconst executeByIdResponseSchema = z.object({\n success: z.boolean(),\n ruleId: z.string(),\n ruleName: z.string(),\n conditionResult: z.boolean(),\n actionsExecuted: z.object({\n success: z.boolean(),\n results: z.array(z.object({\n type: z.string(),\n success: z.boolean(),\n error: z.string().optional(),\n })),\n }).nullable(),\n executionTime: z.number(),\n error: z.string().optional(),\n logId: z.string().optional(),\n})\n\nconst errorResponseSchema = z.object({\n error: z.string(),\n})\n\nconst routeMetadata = {\n POST: { requireAuth: true, requireFeatures: ['business_rules.execute'] },\n}\n\nexport const metadata = routeMetadata\n\ninterface RouteContext {\n params: Promise<{ ruleId: string }>\n}\n\nexport async function POST(req: Request, context: RouteContext) {\n const auth = await getAuthFromRequest(req)\n if (!auth) {\n return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })\n }\n\n const params = await context.params\n const ruleId = params.ruleId\n\n if (!ruleId || !z.uuid().safeParse(ruleId).success) {\n return NextResponse.json({ error: 'Invalid rule ID' }, { status: 400 })\n }\n\n const container = await createRequestContainer()\n const em = container.resolve('em') as EntityManager\n\n let body: any\n try {\n body = await req.json()\n } catch {\n return NextResponse.json({ error: 'Invalid JSON body' }, { status: 400 })\n }\n\n const parsed = executeByIdRequestSchema.safeParse(body)\n if (!parsed.success) {\n const errors = parsed.error.issues.map(e => `${e.path.join('.')}: ${e.message}`)\n return NextResponse.json({ error: `Validation failed: ${errors.join(', ')}` }, { status: 400 })\n }\n\n const { data, dryRun, entityType, entityId, eventType } = parsed.data\n\n const execContext: ruleEngine.DirectRuleExecutionContext = {\n ruleId,\n data,\n user: {\n id: auth.sub,\n email: auth.email,\n role: (auth.role as string) ?? undefined,\n },\n tenantId: auth.tenantId ?? '',\n organizationId: auth.orgId ?? '',\n executedBy: auth.sub ?? auth.email ?? undefined,\n dryRun,\n entityType,\n entityId,\n eventType,\n }\n\n try {\n const result = await ruleEngine.executeRuleById(em, execContext)\n\n const response = {\n success: result.success,\n ruleId: result.ruleId,\n ruleName: result.ruleName,\n conditionResult: result.conditionResult,\n actionsExecuted: result.actionsExecuted ? {\n success: result.actionsExecuted.success,\n results: result.actionsExecuted.results.map(ar => ({\n type: ar.action.type,\n success: ar.success,\n error: ar.error,\n })),\n } : null,\n executionTime: result.executionTime,\n error: result.error,\n logId: result.logId,\n }\n\n // Return appropriate status based on result\n const status = result.success ? 200 : (result.error === 'Rule not found' ? 404 : 200)\n return NextResponse.json(response, { status })\n } catch (error) {\n const errorMessage = error instanceof Error ? error.message : String(error)\n return NextResponse.json(\n { error: `Rule execution failed: ${errorMessage}` },\n { status: 500 }\n )\n }\n}\n\nexport const openApi: OpenApiRouteDoc = {\n tag: 'Business Rules',\n summary: 'Execute a specific business rule by ID',\n methods: {\n POST: {\n summary: 'Execute a specific rule by its database UUID',\n description: 'Directly executes a specific business rule identified by its UUID, bypassing the normal entityType/eventType discovery mechanism. Useful for workflows and targeted rule execution.',\n pathParams: z.object({\n ruleId: z.string().uuid().describe('The database UUID of the business rule to execute'),\n }),\n requestBody: {\n contentType: 'application/json',\n schema: executeByIdRequestSchema,\n },\n responses: [\n {\n status: 200,\n description: 'Rule executed successfully',\n schema: executeByIdResponseSchema,\n },\n {\n status: 404,\n description: 'Rule not found',\n schema: errorResponseSchema,\n },\n ],\n errors: [\n { status: 400, description: 'Invalid request payload or rule ID', schema: errorResponseSchema },\n { status: 401, description: 'Unauthorized', schema: errorResponseSchema },\n { status: 500, description: 'Execution error', schema: errorResponseSchema },\n ],\n },\n },\n}\n"],
|
|
5
|
+
"mappings": "AAAA,SAAS,oBAAoB;AAC7B,SAAS,SAAS;AAElB,SAAS,0BAA0B;AACnC,SAAS,8BAA8B;AAEvC,YAAY,gBAAgB;AAE5B,MAAM,2BAA2B,EAAE,OAAO;AAAA,EACxC,MAAM,EAAE,IAAI;AAAA,EACZ,QAAQ,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,KAAK;AAAA,EAC5C,YAAY,EAAE,OAAO,EAAE,SAAS;AAAA,EAChC,UAAU,EAAE,OAAO,EAAE,SAAS;AAAA,EAC9B,WAAW,EAAE,OAAO,EAAE,SAAS;AACjC,CAAC;AAED,MAAM,4BAA4B,EAAE,OAAO;AAAA,EACzC,SAAS,EAAE,QAAQ;AAAA,EACnB,QAAQ,EAAE,OAAO;AAAA,EACjB,UAAU,EAAE,OAAO;AAAA,EACnB,iBAAiB,EAAE,QAAQ;AAAA,EAC3B,iBAAiB,EAAE,OAAO;AAAA,IACxB,SAAS,EAAE,QAAQ;AAAA,IACnB,SAAS,EAAE,MAAM,EAAE,OAAO;AAAA,MACxB,MAAM,EAAE,OAAO;AAAA,MACf,SAAS,EAAE,QAAQ;AAAA,MACnB,OAAO,EAAE,OAAO,EAAE,SAAS;AAAA,IAC7B,CAAC,CAAC;AAAA,EACJ,CAAC,EAAE,SAAS;AAAA,EACZ,eAAe,EAAE,OAAO;AAAA,EACxB,OAAO,EAAE,OAAO,EAAE,SAAS;AAAA,EAC3B,OAAO,EAAE,OAAO,EAAE,SAAS;AAC7B,CAAC;AAED,MAAM,sBAAsB,EAAE,OAAO;AAAA,EACnC,OAAO,EAAE,OAAO;AAClB,CAAC;AAED,MAAM,gBAAgB;AAAA,EACpB,MAAM,EAAE,aAAa,MAAM,iBAAiB,CAAC,wBAAwB,EAAE;AACzE;AAEO,MAAM,WAAW;AAMxB,eAAsB,KAAK,KAAc,SAAuB;AAC9D,QAAM,OAAO,MAAM,mBAAmB,GAAG;AACzC,MAAI,CAAC,MAAM;AACT,WAAO,aAAa,KAAK,EAAE,OAAO,eAAe,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACrE;AAEA,QAAM,SAAS,MAAM,QAAQ;AAC7B,QAAM,SAAS,OAAO;AAEtB,MAAI,CAAC,UAAU,CAAC,EAAE,KAAK,EAAE,UAAU,MAAM,EAAE,SAAS;AAClD,WAAO,aAAa,KAAK,EAAE,OAAO,kBAAkB,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACxE;AAEA,QAAM,YAAY,MAAM,uBAAuB;AAC/C,QAAM,KAAK,UAAU,QAAQ,IAAI;AAEjC,MAAI;AACJ,MAAI;AACF,WAAO,MAAM,IAAI,KAAK;AAAA,EACxB,QAAQ;AACN,WAAO,aAAa,KAAK,EAAE,OAAO,oBAAoB,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC1E;AAEA,QAAM,SAAS,yBAAyB,UAAU,IAAI;AACtD,MAAI,CAAC,OAAO,SAAS;AACnB,UAAM,SAAS,OAAO,MAAM,OAAO,IAAI,OAAK,GAAG,EAAE,KAAK,KAAK,GAAG,CAAC,KAAK,EAAE,OAAO,EAAE;AAC/E,WAAO,aAAa,KAAK,EAAE,OAAO,sBAAsB,OAAO,KAAK,IAAI,CAAC,GAAG,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAChG;AAEA,QAAM,EAAE,MAAM,QAAQ,YAAY,UAAU,UAAU,IAAI,OAAO;AAEjE,QAAM,cAAqD;AAAA,IACzD;AAAA,IACA;AAAA,IACA,MAAM;AAAA,MACJ,IAAI,KAAK;AAAA,MACT,OAAO,KAAK;AAAA,MACZ,MAAO,KAAK,QAAmB;AAAA,IACjC;AAAA,IACA,UAAU,KAAK,YAAY;AAAA,IAC3B,gBAAgB,KAAK,SAAS;AAAA,IAC9B,YAAY,KAAK,OAAO,KAAK,SAAS;AAAA,IACtC;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AAEA,MAAI;AACF,UAAM,SAAS,MAAM,WAAW,gBAAgB,IAAI,WAAW;AAE/D,UAAM,WAAW;AAAA,MACf,SAAS,OAAO;AAAA,MAChB,QAAQ,OAAO;AAAA,MACf,UAAU,OAAO;AAAA,MACjB,iBAAiB,OAAO;AAAA,MACxB,iBAAiB,OAAO,kBAAkB;AAAA,QACxC,SAAS,OAAO,gBAAgB;AAAA,QAChC,SAAS,OAAO,gBAAgB,QAAQ,IAAI,SAAO;AAAA,UACjD,MAAM,GAAG,OAAO;AAAA,UAChB,SAAS,GAAG;AAAA,UACZ,OAAO,GAAG;AAAA,QACZ,EAAE;AAAA,MACJ,IAAI;AAAA,MACJ,eAAe,OAAO;AAAA,MACtB,OAAO,OAAO;AAAA,MACd,OAAO,OAAO;AAAA,IAChB;AAGA,UAAM,SAAS,OAAO,UAAU,MAAO,OAAO,UAAU,mBAAmB,MAAM;AACjF,WAAO,aAAa,KAAK,UAAU,EAAE,OAAO,CAAC;AAAA,EAC/C,SAAS,OAAO;AACd,UAAM,eAAe,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AAC1E,WAAO,aAAa;AAAA,MAClB,EAAE,OAAO,0BAA0B,YAAY,GAAG;AAAA,MAClD,EAAE,QAAQ,IAAI;AAAA,IAChB;AAAA,EACF;AACF;AAEO,MAAM,UAA2B;AAAA,EACtC,KAAK;AAAA,EACL,SAAS;AAAA,EACT,SAAS;AAAA,IACP,MAAM;AAAA,MACJ,SAAS;AAAA,MACT,aAAa;AAAA,MACb,YAAY,EAAE,OAAO;AAAA,QACnB,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,mDAAmD;AAAA,MACxF,CAAC;AAAA,MACD,aAAa;AAAA,QACX,aAAa;AAAA,QACb,QAAQ;AAAA,MACV;AAAA,MACA,WAAW;AAAA,QACT;AAAA,UACE,QAAQ;AAAA,UACR,aAAa;AAAA,UACb,QAAQ;AAAA,QACV;AAAA,QACA;AAAA,UACE,QAAQ;AAAA,UACR,aAAa;AAAA,UACb,QAAQ;AAAA,QACV;AAAA,MACF;AAAA,MACA,QAAQ;AAAA,QACN,EAAE,QAAQ,KAAK,aAAa,sCAAsC,QAAQ,oBAAoB;AAAA,QAC9F,EAAE,QAAQ,KAAK,aAAa,gBAAgB,QAAQ,oBAAoB;AAAA,QACxE,EAAE,QAAQ,KAAK,aAAa,mBAAmB,QAAQ,oBAAoB;AAAA,MAC7E;AAAA,IACF;AAAA,EACF;AACF;",
|
|
6
|
+
"names": []
|
|
7
|
+
}
|
|
@@ -191,6 +191,38 @@ const ruleDiscoveryOptionsSchema = z.object({
|
|
|
191
191
|
organizationId: z.uuid("organizationId must be a valid UUID"),
|
|
192
192
|
ruleType: ruleTypeSchema.optional()
|
|
193
193
|
});
|
|
194
|
+
const directRuleExecutionContextSchema = z.object({
|
|
195
|
+
ruleId: z.uuid("ruleId must be a valid UUID"),
|
|
196
|
+
data: z.any(),
|
|
197
|
+
user: z.looseObject({
|
|
198
|
+
id: z.string().optional(),
|
|
199
|
+
email: z.string().optional(),
|
|
200
|
+
role: z.string().optional()
|
|
201
|
+
}).optional(),
|
|
202
|
+
tenantId: z.uuid("tenantId must be a valid UUID"),
|
|
203
|
+
organizationId: z.uuid("organizationId must be a valid UUID"),
|
|
204
|
+
executedBy: z.string().optional(),
|
|
205
|
+
dryRun: z.boolean().optional(),
|
|
206
|
+
entityType: z.string().optional(),
|
|
207
|
+
entityId: z.string().optional(),
|
|
208
|
+
eventType: z.string().optional()
|
|
209
|
+
});
|
|
210
|
+
const ruleIdExecutionContextSchema = z.object({
|
|
211
|
+
ruleId: z.string().min(1, "ruleId must be a non-empty string").max(50),
|
|
212
|
+
data: z.any(),
|
|
213
|
+
user: z.looseObject({
|
|
214
|
+
id: z.string().optional(),
|
|
215
|
+
email: z.string().optional(),
|
|
216
|
+
role: z.string().optional()
|
|
217
|
+
}).optional(),
|
|
218
|
+
tenantId: z.uuid("tenantId must be a valid UUID"),
|
|
219
|
+
organizationId: z.uuid("organizationId must be a valid UUID"),
|
|
220
|
+
executedBy: z.string().optional(),
|
|
221
|
+
dryRun: z.boolean().optional(),
|
|
222
|
+
entityType: z.string().optional(),
|
|
223
|
+
entityId: z.string().optional(),
|
|
224
|
+
eventType: z.string().optional()
|
|
225
|
+
});
|
|
194
226
|
export {
|
|
195
227
|
actionSchema,
|
|
196
228
|
actionTriggerSchema,
|
|
@@ -204,11 +236,13 @@ export {
|
|
|
204
236
|
createRuleSetMemberSchema,
|
|
205
237
|
createRuleSetSchema,
|
|
206
238
|
dataTypeSchema,
|
|
239
|
+
directRuleExecutionContextSchema,
|
|
207
240
|
executionResultSchema,
|
|
208
241
|
logicalOperatorSchema,
|
|
209
242
|
ruleDiscoveryOptionsSchema,
|
|
210
243
|
ruleEngineContextSchema,
|
|
211
244
|
ruleExecutionLogFilterSchema,
|
|
245
|
+
ruleIdExecutionContextSchema,
|
|
212
246
|
ruleSetFilterSchema,
|
|
213
247
|
ruleSetMemberFilterSchema,
|
|
214
248
|
ruleTypeSchema,
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"version": 3,
|
|
3
3
|
"sources": ["../../../../src/modules/business_rules/data/validators.ts"],
|
|
4
|
-
"sourcesContent": ["import { z } from 'zod'\nimport {\n validateConditionExpressionForApi,\n validateActionsForApi,\n isSafeExpression,\n} from '../lib/payload-validation'\n\n/**\n * Business Rules Module - Zod Validators\n */\n\nconst uuid = z.uuid()\n\n// Rule Types\nexport const ruleTypeSchema = z.enum(['GUARD', 'VALIDATION', 'CALCULATION', 'ACTION', 'ASSIGNMENT'])\nexport type RuleType = z.infer<typeof ruleTypeSchema>\n\n// Condition Types\nexport const conditionTypeSchema = z.enum(['EXPRESSION', 'GROUP'])\nexport type ConditionType = z.infer<typeof conditionTypeSchema>\n\n// Logical Operators\nexport const logicalOperatorSchema = z.enum(['AND', 'OR', 'NOT'])\nexport type LogicalOperator = z.infer<typeof logicalOperatorSchema>\n\n// Comparison Operators\nexport const comparisonOperatorSchema = z.enum([\n '=',\n '==',\n '!=',\n '>',\n '>=',\n '<',\n '<=',\n 'IN',\n 'NOT_IN',\n 'CONTAINS',\n 'NOT_CONTAINS',\n 'STARTS_WITH',\n 'ENDS_WITH',\n 'MATCHES',\n 'IS_EMPTY',\n 'IS_NOT_EMPTY',\n])\nexport type ComparisonOperator = z.infer<typeof comparisonOperatorSchema>\n\n// Data Types\nexport const dataTypeSchema = z.enum(['STRING', 'NUMBER', 'BOOLEAN', 'DATE', 'ARRAY', 'OBJECT'])\nexport type DataType = z.infer<typeof dataTypeSchema>\n\n// Action Trigger\nexport const actionTriggerSchema = z.enum(['ON_SUCCESS', 'ON_FAILURE', 'ALWAYS'])\nexport type ActionTrigger = z.infer<typeof actionTriggerSchema>\n\n// Execution Result\nexport const executionResultSchema = z.enum(['SUCCESS', 'FAILURE', 'ERROR'])\nexport type ExecutionResult = z.infer<typeof executionResultSchema>\n\n// Condition Expression Schema with Validation\n// Uses runtime validation to check structure, nesting, and field paths\nexport const conditionExpressionSchema = z.any()\n .superRefine((val, ctx) => {\n // Null/undefined is allowed (optional field)\n if (val === null || val === undefined) return\n\n // Check for dangerous patterns first (DoS prevention)\n if (!isSafeExpression(val)) {\n ctx.addIssue({\n code: z.ZodIssueCode.custom,\n message: 'Condition expression exceeds safety limits (max depth: 10, max rules per group: 50, max field path length: 200)'\n })\n return\n }\n\n // Validate structure and content\n const result = validateConditionExpressionForApi(val)\n if (!result.valid) {\n ctx.addIssue({\n code: z.ZodIssueCode.custom,\n message: result.error || 'Invalid condition expression'\n })\n }\n })\n\n// Action Schema with Validation\n// Validates action type and required config fields\nexport const actionSchema = z.object({\n type: z.string().min(1),\n config: z.record(z.string(), z.any()).optional(),\n})\n\nexport const actionsArraySchema = z.array(actionSchema).optional().nullable()\n .superRefine((val, ctx) => {\n // Null/undefined/empty is allowed (optional field)\n if (!val || (Array.isArray(val) && val.length === 0)) return\n\n const result = validateActionsForApi(val, 'actions')\n if (!result.valid) {\n ctx.addIssue({\n code: z.ZodIssueCode.custom,\n message: result.error || 'Invalid actions'\n })\n }\n })\n\n// Date preprocessing helper\nconst dateOrNull = z.preprocess((value) => {\n if (value === undefined || value === null || value === '') return null\n const date = value instanceof Date ? value : new Date(String(value))\n return Number.isNaN(date.getTime()) ? null : date\n}, z.date().nullable())\n\n// BusinessRule Create Schema\nexport const createBusinessRuleSchema = z.object({\n ruleId: z.string().min(1).max(50),\n ruleName: z.string().min(1).max(200),\n description: z.string().max(5000).optional().nullable(),\n ruleType: ruleTypeSchema,\n ruleCategory: z.string().max(50).optional().nullable(),\n entityType: z.string().min(1).max(50),\n eventType: z.string().max(50).optional().nullable(),\n conditionExpression: conditionExpressionSchema,\n successActions: actionsArraySchema,\n failureActions: actionsArraySchema,\n enabled: z.boolean().optional().default(true),\n priority: z.number().int().min(0).max(9999).optional().default(100),\n version: z.number().int().min(1).optional().default(1),\n effectiveFrom: dateOrNull.optional(),\n effectiveTo: dateOrNull.optional(),\n tenantId: uuid,\n organizationId: uuid,\n createdBy: z.string().max(50).optional().nullable(),\n})\n\nexport type CreateBusinessRuleInput = z.infer<typeof createBusinessRuleSchema>\n\n// BusinessRule Update Schema\nexport const updateBusinessRuleSchema = createBusinessRuleSchema.partial().extend({\n id: uuid,\n})\n\nexport type UpdateBusinessRuleInput = z.infer<typeof updateBusinessRuleSchema>\n\n// Query/Filter Schema\nexport const businessRuleFilterSchema = z.object({\n ruleId: z.string().optional(),\n ruleName: z.string().optional(),\n ruleType: ruleTypeSchema.optional(),\n ruleCategory: z.string().optional(),\n entityType: z.string().optional(),\n eventType: z.string().optional(),\n enabled: z.boolean().optional(),\n tenantId: uuid.optional(),\n organizationId: uuid.optional(),\n})\n\nexport type BusinessRuleFilter = z.infer<typeof businessRuleFilterSchema>\n\n// RuleExecutionLog Create Schema\nexport const createRuleExecutionLogSchema = z.object({\n ruleId: uuid,\n entityId: uuid,\n entityType: z.string().min(1).max(50),\n executionResult: executionResultSchema,\n inputContext: z.any().optional().nullable(),\n outputContext: z.any().optional().nullable(),\n errorMessage: z.string().optional().nullable(),\n executionTimeMs: z.number().int().min(0),\n executedAt: z.date().optional(),\n tenantId: uuid,\n organizationId: uuid.optional().nullable(),\n executedBy: z.string().max(50).optional().nullable(),\n})\n\nexport type CreateRuleExecutionLogInput = z.infer<typeof createRuleExecutionLogSchema>\n\n// RuleExecutionLog Query/Filter Schema\nexport const ruleExecutionLogFilterSchema = z.object({\n ruleId: uuid.optional(),\n entityId: uuid.optional(),\n entityType: z.string().optional(),\n executionResult: executionResultSchema.optional(),\n tenantId: uuid.optional(),\n organizationId: uuid.optional(),\n executedBy: z.string().optional(),\n executedAtFrom: z.date().optional(),\n executedAtTo: z.date().optional(),\n})\n\nexport type RuleExecutionLogFilter = z.infer<typeof ruleExecutionLogFilterSchema>\n\n// RuleSet Create Schema\nexport const createRuleSetSchema = z.object({\n setId: z.string().min(1).max(50),\n setName: z.string().min(1).max(200),\n description: z.string().max(5000).optional().nullable(),\n enabled: z.boolean().optional().default(true),\n tenantId: uuid,\n organizationId: uuid,\n createdBy: z.string().max(50).optional().nullable(),\n})\n\nexport type CreateRuleSetInput = z.infer<typeof createRuleSetSchema>\n\n// RuleSet Update Schema\nexport const updateRuleSetSchema = createRuleSetSchema.partial().extend({\n id: uuid,\n})\n\nexport type UpdateRuleSetInput = z.infer<typeof updateRuleSetSchema>\n\n// RuleSet Query/Filter Schema\nexport const ruleSetFilterSchema = z.object({\n setId: z.string().optional(),\n setName: z.string().optional(),\n enabled: z.boolean().optional(),\n tenantId: uuid.optional(),\n organizationId: uuid.optional(),\n})\n\nexport type RuleSetFilter = z.infer<typeof ruleSetFilterSchema>\n\n// RuleSetMember Create Schema\nexport const createRuleSetMemberSchema = z.object({\n ruleSetId: uuid,\n ruleId: uuid,\n sequence: z.number().int().min(0).optional().default(0),\n enabled: z.boolean().optional().default(true),\n tenantId: uuid,\n organizationId: uuid,\n})\n\nexport type CreateRuleSetMemberInput = z.infer<typeof createRuleSetMemberSchema>\n\n// RuleSetMember Update Schema\nexport const updateRuleSetMemberSchema = z.object({\n id: uuid,\n sequence: z.number().int().min(0).optional(),\n enabled: z.boolean().optional(),\n})\n\nexport type UpdateRuleSetMemberInput = z.infer<typeof updateRuleSetMemberSchema>\n\n// RuleSetMember Query/Filter Schema\nexport const ruleSetMemberFilterSchema = z.object({\n ruleSetId: uuid.optional(),\n ruleId: uuid.optional(),\n enabled: z.boolean().optional(),\n tenantId: uuid.optional(),\n organizationId: uuid.optional(),\n})\n\nexport type RuleSetMemberFilter = z.infer<typeof ruleSetMemberFilterSchema>\n\n// Rule Engine Context Schema\nexport const ruleEngineContextSchema = z.looseObject({\n entityType: z.string().min(1, 'entityType is required'),\n entityId: z.string().optional(),\n eventType: z.string().optional(),\n data: z.any(),\n user: z.looseObject({\n id: z.string().optional(),\n email: z.string().optional(),\n role: z.string().optional(),\n }).optional(),\n tenant: z.looseObject({\n id: z.string().optional(),\n }).optional(),\n organization: z.looseObject({\n id: z.string().optional(),\n }).optional(),\n tenantId: z.uuid('tenantId must be a valid UUID'),\n organizationId: z.uuid('organizationId must be a valid UUID'),\n executedBy: z.string().optional(),\n dryRun: z.boolean().optional(),\n})\n\nexport type RuleEngineContextInput = z.infer<typeof ruleEngineContextSchema>\n\n// Rule Discovery Options Schema\nexport const ruleDiscoveryOptionsSchema = z.object({\n entityType: z.string().min(1, 'entityType is required'),\n eventType: z.string().optional(),\n tenantId: z.uuid('tenantId must be a valid UUID'),\n organizationId: z.uuid('organizationId must be a valid UUID'),\n ruleType: ruleTypeSchema.optional(),\n})\n\nexport type RuleDiscoveryOptionsInput = z.infer<typeof ruleDiscoveryOptionsSchema>\n"],
|
|
5
|
-
"mappings": "AAAA,SAAS,SAAS;AAClB;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,OACK;AAMP,MAAM,OAAO,EAAE,KAAK;AAGb,MAAM,iBAAiB,EAAE,KAAK,CAAC,SAAS,cAAc,eAAe,UAAU,YAAY,CAAC;AAI5F,MAAM,sBAAsB,EAAE,KAAK,CAAC,cAAc,OAAO,CAAC;AAI1D,MAAM,wBAAwB,EAAE,KAAK,CAAC,OAAO,MAAM,KAAK,CAAC;AAIzD,MAAM,2BAA2B,EAAE,KAAK;AAAA,EAC7C;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,CAAC;AAIM,MAAM,iBAAiB,EAAE,KAAK,CAAC,UAAU,UAAU,WAAW,QAAQ,SAAS,QAAQ,CAAC;AAIxF,MAAM,sBAAsB,EAAE,KAAK,CAAC,cAAc,cAAc,QAAQ,CAAC;AAIzE,MAAM,wBAAwB,EAAE,KAAK,CAAC,WAAW,WAAW,OAAO,CAAC;AAKpE,MAAM,4BAA4B,EAAE,IAAI,EAC5C,YAAY,CAAC,KAAK,QAAQ;AAEzB,MAAI,QAAQ,QAAQ,QAAQ,OAAW;AAGvC,MAAI,CAAC,iBAAiB,GAAG,GAAG;AAC1B,QAAI,SAAS;AAAA,MACX,MAAM,EAAE,aAAa;AAAA,MACrB,SAAS;AAAA,IACX,CAAC;AACD;AAAA,EACF;AAGA,QAAM,SAAS,kCAAkC,GAAG;AACpD,MAAI,CAAC,OAAO,OAAO;AACjB,QAAI,SAAS;AAAA,MACX,MAAM,EAAE,aAAa;AAAA,MACrB,SAAS,OAAO,SAAS;AAAA,IAC3B,CAAC;AAAA,EACH;AACF,CAAC;AAII,MAAM,eAAe,EAAE,OAAO;AAAA,EACnC,MAAM,EAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EACtB,QAAQ,EAAE,OAAO,EAAE,OAAO,GAAG,EAAE,IAAI,CAAC,EAAE,SAAS;AACjD,CAAC;AAEM,MAAM,qBAAqB,EAAE,MAAM,YAAY,EAAE,SAAS,EAAE,SAAS,EACzE,YAAY,CAAC,KAAK,QAAQ;AAEzB,MAAI,CAAC,OAAQ,MAAM,QAAQ,GAAG,KAAK,IAAI,WAAW,EAAI;AAEtD,QAAM,SAAS,sBAAsB,KAAK,SAAS;AACnD,MAAI,CAAC,OAAO,OAAO;AACjB,QAAI,SAAS;AAAA,MACX,MAAM,EAAE,aAAa;AAAA,MACrB,SAAS,OAAO,SAAS;AAAA,IAC3B,CAAC;AAAA,EACH;AACF,CAAC;AAGH,MAAM,aAAa,EAAE,WAAW,CAAC,UAAU;AACzC,MAAI,UAAU,UAAa,UAAU,QAAQ,UAAU,GAAI,QAAO;AAClE,QAAM,OAAO,iBAAiB,OAAO,QAAQ,IAAI,KAAK,OAAO,KAAK,CAAC;AACnE,SAAO,OAAO,MAAM,KAAK,QAAQ,CAAC,IAAI,OAAO;AAC/C,GAAG,EAAE,KAAK,EAAE,SAAS,CAAC;AAGf,MAAM,2BAA2B,EAAE,OAAO;AAAA,EAC/C,QAAQ,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,EAAE;AAAA,EAChC,UAAU,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG;AAAA,EACnC,aAAa,EAAE,OAAO,EAAE,IAAI,GAAI,EAAE,SAAS,EAAE,SAAS;AAAA,EACtD,UAAU;AAAA,EACV,cAAc,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE,SAAS,EAAE,SAAS;AAAA,EACrD,YAAY,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,EAAE;AAAA,EACpC,WAAW,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE,SAAS,EAAE,SAAS;AAAA,EAClD,qBAAqB;AAAA,EACrB,gBAAgB;AAAA,EAChB,gBAAgB;AAAA,EAChB,SAAS,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,IAAI;AAAA,EAC5C,UAAU,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,IAAI,IAAI,EAAE,SAAS,EAAE,QAAQ,GAAG;AAAA,EAClE,SAAS,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,SAAS,EAAE,QAAQ,CAAC;AAAA,EACrD,eAAe,WAAW,SAAS;AAAA,EACnC,aAAa,WAAW,SAAS;AAAA,EACjC,UAAU;AAAA,EACV,gBAAgB;AAAA,EAChB,WAAW,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE,SAAS,EAAE,SAAS;AACpD,CAAC;AAKM,MAAM,2BAA2B,yBAAyB,QAAQ,EAAE,OAAO;AAAA,EAChF,IAAI;AACN,CAAC;AAKM,MAAM,2BAA2B,EAAE,OAAO;AAAA,EAC/C,QAAQ,EAAE,OAAO,EAAE,SAAS;AAAA,EAC5B,UAAU,EAAE,OAAO,EAAE,SAAS;AAAA,EAC9B,UAAU,eAAe,SAAS;AAAA,EAClC,cAAc,EAAE,OAAO,EAAE,SAAS;AAAA,EAClC,YAAY,EAAE,OAAO,EAAE,SAAS;AAAA,EAChC,WAAW,EAAE,OAAO,EAAE,SAAS;AAAA,EAC/B,SAAS,EAAE,QAAQ,EAAE,SAAS;AAAA,EAC9B,UAAU,KAAK,SAAS;AAAA,EACxB,gBAAgB,KAAK,SAAS;AAChC,CAAC;AAKM,MAAM,+BAA+B,EAAE,OAAO;AAAA,EACnD,QAAQ;AAAA,EACR,UAAU;AAAA,EACV,YAAY,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,EAAE;AAAA,EACpC,iBAAiB;AAAA,EACjB,cAAc,EAAE,IAAI,EAAE,SAAS,EAAE,SAAS;AAAA,EAC1C,eAAe,EAAE,IAAI,EAAE,SAAS,EAAE,SAAS;AAAA,EAC3C,cAAc,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,EAC7C,iBAAiB,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC;AAAA,EACvC,YAAY,EAAE,KAAK,EAAE,SAAS;AAAA,EAC9B,UAAU;AAAA,EACV,gBAAgB,KAAK,SAAS,EAAE,SAAS;AAAA,EACzC,YAAY,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE,SAAS,EAAE,SAAS;AACrD,CAAC;AAKM,MAAM,+BAA+B,EAAE,OAAO;AAAA,EACnD,QAAQ,KAAK,SAAS;AAAA,EACtB,UAAU,KAAK,SAAS;AAAA,EACxB,YAAY,EAAE,OAAO,EAAE,SAAS;AAAA,EAChC,iBAAiB,sBAAsB,SAAS;AAAA,EAChD,UAAU,KAAK,SAAS;AAAA,EACxB,gBAAgB,KAAK,SAAS;AAAA,EAC9B,YAAY,EAAE,OAAO,EAAE,SAAS;AAAA,EAChC,gBAAgB,EAAE,KAAK,EAAE,SAAS;AAAA,EAClC,cAAc,EAAE,KAAK,EAAE,SAAS;AAClC,CAAC;AAKM,MAAM,sBAAsB,EAAE,OAAO;AAAA,EAC1C,OAAO,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,EAAE;AAAA,EAC/B,SAAS,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG;AAAA,EAClC,aAAa,EAAE,OAAO,EAAE,IAAI,GAAI,EAAE,SAAS,EAAE,SAAS;AAAA,EACtD,SAAS,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,IAAI;AAAA,EAC5C,UAAU;AAAA,EACV,gBAAgB;AAAA,EAChB,WAAW,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE,SAAS,EAAE,SAAS;AACpD,CAAC;AAKM,MAAM,sBAAsB,oBAAoB,QAAQ,EAAE,OAAO;AAAA,EACtE,IAAI;AACN,CAAC;AAKM,MAAM,sBAAsB,EAAE,OAAO;AAAA,EAC1C,OAAO,EAAE,OAAO,EAAE,SAAS;AAAA,EAC3B,SAAS,EAAE,OAAO,EAAE,SAAS;AAAA,EAC7B,SAAS,EAAE,QAAQ,EAAE,SAAS;AAAA,EAC9B,UAAU,KAAK,SAAS;AAAA,EACxB,gBAAgB,KAAK,SAAS;AAChC,CAAC;AAKM,MAAM,4BAA4B,EAAE,OAAO;AAAA,EAChD,WAAW;AAAA,EACX,QAAQ;AAAA,EACR,UAAU,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,SAAS,EAAE,QAAQ,CAAC;AAAA,EACtD,SAAS,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,IAAI;AAAA,EAC5C,UAAU;AAAA,EACV,gBAAgB;AAClB,CAAC;AAKM,MAAM,4BAA4B,EAAE,OAAO;AAAA,EAChD,IAAI;AAAA,EACJ,UAAU,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,SAAS;AAAA,EAC3C,SAAS,EAAE,QAAQ,EAAE,SAAS;AAChC,CAAC;AAKM,MAAM,4BAA4B,EAAE,OAAO;AAAA,EAChD,WAAW,KAAK,SAAS;AAAA,EACzB,QAAQ,KAAK,SAAS;AAAA,EACtB,SAAS,EAAE,QAAQ,EAAE,SAAS;AAAA,EAC9B,UAAU,KAAK,SAAS;AAAA,EACxB,gBAAgB,KAAK,SAAS;AAChC,CAAC;AAKM,MAAM,0BAA0B,EAAE,YAAY;AAAA,EACnD,YAAY,EAAE,OAAO,EAAE,IAAI,GAAG,wBAAwB;AAAA,EACtD,UAAU,EAAE,OAAO,EAAE,SAAS;AAAA,EAC9B,WAAW,EAAE,OAAO,EAAE,SAAS;AAAA,EAC/B,MAAM,EAAE,IAAI;AAAA,EACZ,MAAM,EAAE,YAAY;AAAA,IAClB,IAAI,EAAE,OAAO,EAAE,SAAS;AAAA,IACxB,OAAO,EAAE,OAAO,EAAE,SAAS;AAAA,IAC3B,MAAM,EAAE,OAAO,EAAE,SAAS;AAAA,EAC5B,CAAC,EAAE,SAAS;AAAA,EACZ,QAAQ,EAAE,YAAY;AAAA,IACpB,IAAI,EAAE,OAAO,EAAE,SAAS;AAAA,EAC1B,CAAC,EAAE,SAAS;AAAA,EACZ,cAAc,EAAE,YAAY;AAAA,IAC1B,IAAI,EAAE,OAAO,EAAE,SAAS;AAAA,EAC1B,CAAC,EAAE,SAAS;AAAA,EACZ,UAAU,EAAE,KAAK,+BAA+B;AAAA,EAChD,gBAAgB,EAAE,KAAK,qCAAqC;AAAA,EAC5D,YAAY,EAAE,OAAO,EAAE,SAAS;AAAA,EAChC,QAAQ,EAAE,QAAQ,EAAE,SAAS;AAC/B,CAAC;AAKM,MAAM,6BAA6B,EAAE,OAAO;AAAA,EACjD,YAAY,EAAE,OAAO,EAAE,IAAI,GAAG,wBAAwB;AAAA,EACtD,WAAW,EAAE,OAAO,EAAE,SAAS;AAAA,EAC/B,UAAU,EAAE,KAAK,+BAA+B;AAAA,EAChD,gBAAgB,EAAE,KAAK,qCAAqC;AAAA,EAC5D,UAAU,eAAe,SAAS;AACpC,CAAC;",
|
|
4
|
+
"sourcesContent": ["import { z } from 'zod'\nimport {\n validateConditionExpressionForApi,\n validateActionsForApi,\n isSafeExpression,\n} from '../lib/payload-validation'\n\n/**\n * Business Rules Module - Zod Validators\n */\n\nconst uuid = z.uuid()\n\n// Rule Types\nexport const ruleTypeSchema = z.enum(['GUARD', 'VALIDATION', 'CALCULATION', 'ACTION', 'ASSIGNMENT'])\nexport type RuleType = z.infer<typeof ruleTypeSchema>\n\n// Condition Types\nexport const conditionTypeSchema = z.enum(['EXPRESSION', 'GROUP'])\nexport type ConditionType = z.infer<typeof conditionTypeSchema>\n\n// Logical Operators\nexport const logicalOperatorSchema = z.enum(['AND', 'OR', 'NOT'])\nexport type LogicalOperator = z.infer<typeof logicalOperatorSchema>\n\n// Comparison Operators\nexport const comparisonOperatorSchema = z.enum([\n '=',\n '==',\n '!=',\n '>',\n '>=',\n '<',\n '<=',\n 'IN',\n 'NOT_IN',\n 'CONTAINS',\n 'NOT_CONTAINS',\n 'STARTS_WITH',\n 'ENDS_WITH',\n 'MATCHES',\n 'IS_EMPTY',\n 'IS_NOT_EMPTY',\n])\nexport type ComparisonOperator = z.infer<typeof comparisonOperatorSchema>\n\n// Data Types\nexport const dataTypeSchema = z.enum(['STRING', 'NUMBER', 'BOOLEAN', 'DATE', 'ARRAY', 'OBJECT'])\nexport type DataType = z.infer<typeof dataTypeSchema>\n\n// Action Trigger\nexport const actionTriggerSchema = z.enum(['ON_SUCCESS', 'ON_FAILURE', 'ALWAYS'])\nexport type ActionTrigger = z.infer<typeof actionTriggerSchema>\n\n// Execution Result\nexport const executionResultSchema = z.enum(['SUCCESS', 'FAILURE', 'ERROR'])\nexport type ExecutionResult = z.infer<typeof executionResultSchema>\n\n// Condition Expression Schema with Validation\n// Uses runtime validation to check structure, nesting, and field paths\nexport const conditionExpressionSchema = z.any()\n .superRefine((val, ctx) => {\n // Null/undefined is allowed (optional field)\n if (val === null || val === undefined) return\n\n // Check for dangerous patterns first (DoS prevention)\n if (!isSafeExpression(val)) {\n ctx.addIssue({\n code: z.ZodIssueCode.custom,\n message: 'Condition expression exceeds safety limits (max depth: 10, max rules per group: 50, max field path length: 200)'\n })\n return\n }\n\n // Validate structure and content\n const result = validateConditionExpressionForApi(val)\n if (!result.valid) {\n ctx.addIssue({\n code: z.ZodIssueCode.custom,\n message: result.error || 'Invalid condition expression'\n })\n }\n })\n\n// Action Schema with Validation\n// Validates action type and required config fields\nexport const actionSchema = z.object({\n type: z.string().min(1),\n config: z.record(z.string(), z.any()).optional(),\n})\n\nexport const actionsArraySchema = z.array(actionSchema).optional().nullable()\n .superRefine((val, ctx) => {\n // Null/undefined/empty is allowed (optional field)\n if (!val || (Array.isArray(val) && val.length === 0)) return\n\n const result = validateActionsForApi(val, 'actions')\n if (!result.valid) {\n ctx.addIssue({\n code: z.ZodIssueCode.custom,\n message: result.error || 'Invalid actions'\n })\n }\n })\n\n// Date preprocessing helper\nconst dateOrNull = z.preprocess((value) => {\n if (value === undefined || value === null || value === '') return null\n const date = value instanceof Date ? value : new Date(String(value))\n return Number.isNaN(date.getTime()) ? null : date\n}, z.date().nullable())\n\n// BusinessRule Create Schema\nexport const createBusinessRuleSchema = z.object({\n ruleId: z.string().min(1).max(50),\n ruleName: z.string().min(1).max(200),\n description: z.string().max(5000).optional().nullable(),\n ruleType: ruleTypeSchema,\n ruleCategory: z.string().max(50).optional().nullable(),\n entityType: z.string().min(1).max(50),\n eventType: z.string().max(50).optional().nullable(),\n conditionExpression: conditionExpressionSchema,\n successActions: actionsArraySchema,\n failureActions: actionsArraySchema,\n enabled: z.boolean().optional().default(true),\n priority: z.number().int().min(0).max(9999).optional().default(100),\n version: z.number().int().min(1).optional().default(1),\n effectiveFrom: dateOrNull.optional(),\n effectiveTo: dateOrNull.optional(),\n tenantId: uuid,\n organizationId: uuid,\n createdBy: z.string().max(50).optional().nullable(),\n})\n\nexport type CreateBusinessRuleInput = z.infer<typeof createBusinessRuleSchema>\n\n// BusinessRule Update Schema\nexport const updateBusinessRuleSchema = createBusinessRuleSchema.partial().extend({\n id: uuid,\n})\n\nexport type UpdateBusinessRuleInput = z.infer<typeof updateBusinessRuleSchema>\n\n// Query/Filter Schema\nexport const businessRuleFilterSchema = z.object({\n ruleId: z.string().optional(),\n ruleName: z.string().optional(),\n ruleType: ruleTypeSchema.optional(),\n ruleCategory: z.string().optional(),\n entityType: z.string().optional(),\n eventType: z.string().optional(),\n enabled: z.boolean().optional(),\n tenantId: uuid.optional(),\n organizationId: uuid.optional(),\n})\n\nexport type BusinessRuleFilter = z.infer<typeof businessRuleFilterSchema>\n\n// RuleExecutionLog Create Schema\nexport const createRuleExecutionLogSchema = z.object({\n ruleId: uuid,\n entityId: uuid,\n entityType: z.string().min(1).max(50),\n executionResult: executionResultSchema,\n inputContext: z.any().optional().nullable(),\n outputContext: z.any().optional().nullable(),\n errorMessage: z.string().optional().nullable(),\n executionTimeMs: z.number().int().min(0),\n executedAt: z.date().optional(),\n tenantId: uuid,\n organizationId: uuid.optional().nullable(),\n executedBy: z.string().max(50).optional().nullable(),\n})\n\nexport type CreateRuleExecutionLogInput = z.infer<typeof createRuleExecutionLogSchema>\n\n// RuleExecutionLog Query/Filter Schema\nexport const ruleExecutionLogFilterSchema = z.object({\n ruleId: uuid.optional(),\n entityId: uuid.optional(),\n entityType: z.string().optional(),\n executionResult: executionResultSchema.optional(),\n tenantId: uuid.optional(),\n organizationId: uuid.optional(),\n executedBy: z.string().optional(),\n executedAtFrom: z.date().optional(),\n executedAtTo: z.date().optional(),\n})\n\nexport type RuleExecutionLogFilter = z.infer<typeof ruleExecutionLogFilterSchema>\n\n// RuleSet Create Schema\nexport const createRuleSetSchema = z.object({\n setId: z.string().min(1).max(50),\n setName: z.string().min(1).max(200),\n description: z.string().max(5000).optional().nullable(),\n enabled: z.boolean().optional().default(true),\n tenantId: uuid,\n organizationId: uuid,\n createdBy: z.string().max(50).optional().nullable(),\n})\n\nexport type CreateRuleSetInput = z.infer<typeof createRuleSetSchema>\n\n// RuleSet Update Schema\nexport const updateRuleSetSchema = createRuleSetSchema.partial().extend({\n id: uuid,\n})\n\nexport type UpdateRuleSetInput = z.infer<typeof updateRuleSetSchema>\n\n// RuleSet Query/Filter Schema\nexport const ruleSetFilterSchema = z.object({\n setId: z.string().optional(),\n setName: z.string().optional(),\n enabled: z.boolean().optional(),\n tenantId: uuid.optional(),\n organizationId: uuid.optional(),\n})\n\nexport type RuleSetFilter = z.infer<typeof ruleSetFilterSchema>\n\n// RuleSetMember Create Schema\nexport const createRuleSetMemberSchema = z.object({\n ruleSetId: uuid,\n ruleId: uuid,\n sequence: z.number().int().min(0).optional().default(0),\n enabled: z.boolean().optional().default(true),\n tenantId: uuid,\n organizationId: uuid,\n})\n\nexport type CreateRuleSetMemberInput = z.infer<typeof createRuleSetMemberSchema>\n\n// RuleSetMember Update Schema\nexport const updateRuleSetMemberSchema = z.object({\n id: uuid,\n sequence: z.number().int().min(0).optional(),\n enabled: z.boolean().optional(),\n})\n\nexport type UpdateRuleSetMemberInput = z.infer<typeof updateRuleSetMemberSchema>\n\n// RuleSetMember Query/Filter Schema\nexport const ruleSetMemberFilterSchema = z.object({\n ruleSetId: uuid.optional(),\n ruleId: uuid.optional(),\n enabled: z.boolean().optional(),\n tenantId: uuid.optional(),\n organizationId: uuid.optional(),\n})\n\nexport type RuleSetMemberFilter = z.infer<typeof ruleSetMemberFilterSchema>\n\n// Rule Engine Context Schema\nexport const ruleEngineContextSchema = z.looseObject({\n entityType: z.string().min(1, 'entityType is required'),\n entityId: z.string().optional(),\n eventType: z.string().optional(),\n data: z.any(),\n user: z.looseObject({\n id: z.string().optional(),\n email: z.string().optional(),\n role: z.string().optional(),\n }).optional(),\n tenant: z.looseObject({\n id: z.string().optional(),\n }).optional(),\n organization: z.looseObject({\n id: z.string().optional(),\n }).optional(),\n tenantId: z.uuid('tenantId must be a valid UUID'),\n organizationId: z.uuid('organizationId must be a valid UUID'),\n executedBy: z.string().optional(),\n dryRun: z.boolean().optional(),\n})\n\nexport type RuleEngineContextInput = z.infer<typeof ruleEngineContextSchema>\n\n// Rule Discovery Options Schema\nexport const ruleDiscoveryOptionsSchema = z.object({\n entityType: z.string().min(1, 'entityType is required'),\n eventType: z.string().optional(),\n tenantId: z.uuid('tenantId must be a valid UUID'),\n organizationId: z.uuid('organizationId must be a valid UUID'),\n ruleType: ruleTypeSchema.optional(),\n})\n\nexport type RuleDiscoveryOptionsInput = z.infer<typeof ruleDiscoveryOptionsSchema>\n\n// Direct Rule Execution Context Schema (for executing a specific rule by ID)\nexport const directRuleExecutionContextSchema = z.object({\n ruleId: z.uuid('ruleId must be a valid UUID'),\n data: z.any(),\n user: z.looseObject({\n id: z.string().optional(),\n email: z.string().optional(),\n role: z.string().optional(),\n }).optional(),\n tenantId: z.uuid('tenantId must be a valid UUID'),\n organizationId: z.uuid('organizationId must be a valid UUID'),\n executedBy: z.string().optional(),\n dryRun: z.boolean().optional(),\n entityType: z.string().optional(),\n entityId: z.string().optional(),\n eventType: z.string().optional(),\n})\n\nexport type DirectRuleExecutionContextInput = z.infer<typeof directRuleExecutionContextSchema>\n\n// Rule ID Execution Context Schema (for executing a specific rule by its string rule_id identifier)\nexport const ruleIdExecutionContextSchema = z.object({\n ruleId: z.string().min(1, 'ruleId must be a non-empty string').max(50),\n data: z.any(),\n user: z.looseObject({\n id: z.string().optional(),\n email: z.string().optional(),\n role: z.string().optional(),\n }).optional(),\n tenantId: z.uuid('tenantId must be a valid UUID'),\n organizationId: z.uuid('organizationId must be a valid UUID'),\n executedBy: z.string().optional(),\n dryRun: z.boolean().optional(),\n entityType: z.string().optional(),\n entityId: z.string().optional(),\n eventType: z.string().optional(),\n})\n\nexport type RuleIdExecutionContextInput = z.infer<typeof ruleIdExecutionContextSchema>\n"],
|
|
5
|
+
"mappings": "AAAA,SAAS,SAAS;AAClB;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,OACK;AAMP,MAAM,OAAO,EAAE,KAAK;AAGb,MAAM,iBAAiB,EAAE,KAAK,CAAC,SAAS,cAAc,eAAe,UAAU,YAAY,CAAC;AAI5F,MAAM,sBAAsB,EAAE,KAAK,CAAC,cAAc,OAAO,CAAC;AAI1D,MAAM,wBAAwB,EAAE,KAAK,CAAC,OAAO,MAAM,KAAK,CAAC;AAIzD,MAAM,2BAA2B,EAAE,KAAK;AAAA,EAC7C;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,CAAC;AAIM,MAAM,iBAAiB,EAAE,KAAK,CAAC,UAAU,UAAU,WAAW,QAAQ,SAAS,QAAQ,CAAC;AAIxF,MAAM,sBAAsB,EAAE,KAAK,CAAC,cAAc,cAAc,QAAQ,CAAC;AAIzE,MAAM,wBAAwB,EAAE,KAAK,CAAC,WAAW,WAAW,OAAO,CAAC;AAKpE,MAAM,4BAA4B,EAAE,IAAI,EAC5C,YAAY,CAAC,KAAK,QAAQ;AAEzB,MAAI,QAAQ,QAAQ,QAAQ,OAAW;AAGvC,MAAI,CAAC,iBAAiB,GAAG,GAAG;AAC1B,QAAI,SAAS;AAAA,MACX,MAAM,EAAE,aAAa;AAAA,MACrB,SAAS;AAAA,IACX,CAAC;AACD;AAAA,EACF;AAGA,QAAM,SAAS,kCAAkC,GAAG;AACpD,MAAI,CAAC,OAAO,OAAO;AACjB,QAAI,SAAS;AAAA,MACX,MAAM,EAAE,aAAa;AAAA,MACrB,SAAS,OAAO,SAAS;AAAA,IAC3B,CAAC;AAAA,EACH;AACF,CAAC;AAII,MAAM,eAAe,EAAE,OAAO;AAAA,EACnC,MAAM,EAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EACtB,QAAQ,EAAE,OAAO,EAAE,OAAO,GAAG,EAAE,IAAI,CAAC,EAAE,SAAS;AACjD,CAAC;AAEM,MAAM,qBAAqB,EAAE,MAAM,YAAY,EAAE,SAAS,EAAE,SAAS,EACzE,YAAY,CAAC,KAAK,QAAQ;AAEzB,MAAI,CAAC,OAAQ,MAAM,QAAQ,GAAG,KAAK,IAAI,WAAW,EAAI;AAEtD,QAAM,SAAS,sBAAsB,KAAK,SAAS;AACnD,MAAI,CAAC,OAAO,OAAO;AACjB,QAAI,SAAS;AAAA,MACX,MAAM,EAAE,aAAa;AAAA,MACrB,SAAS,OAAO,SAAS;AAAA,IAC3B,CAAC;AAAA,EACH;AACF,CAAC;AAGH,MAAM,aAAa,EAAE,WAAW,CAAC,UAAU;AACzC,MAAI,UAAU,UAAa,UAAU,QAAQ,UAAU,GAAI,QAAO;AAClE,QAAM,OAAO,iBAAiB,OAAO,QAAQ,IAAI,KAAK,OAAO,KAAK,CAAC;AACnE,SAAO,OAAO,MAAM,KAAK,QAAQ,CAAC,IAAI,OAAO;AAC/C,GAAG,EAAE,KAAK,EAAE,SAAS,CAAC;AAGf,MAAM,2BAA2B,EAAE,OAAO;AAAA,EAC/C,QAAQ,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,EAAE;AAAA,EAChC,UAAU,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG;AAAA,EACnC,aAAa,EAAE,OAAO,EAAE,IAAI,GAAI,EAAE,SAAS,EAAE,SAAS;AAAA,EACtD,UAAU;AAAA,EACV,cAAc,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE,SAAS,EAAE,SAAS;AAAA,EACrD,YAAY,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,EAAE;AAAA,EACpC,WAAW,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE,SAAS,EAAE,SAAS;AAAA,EAClD,qBAAqB;AAAA,EACrB,gBAAgB;AAAA,EAChB,gBAAgB;AAAA,EAChB,SAAS,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,IAAI;AAAA,EAC5C,UAAU,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,IAAI,IAAI,EAAE,SAAS,EAAE,QAAQ,GAAG;AAAA,EAClE,SAAS,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,SAAS,EAAE,QAAQ,CAAC;AAAA,EACrD,eAAe,WAAW,SAAS;AAAA,EACnC,aAAa,WAAW,SAAS;AAAA,EACjC,UAAU;AAAA,EACV,gBAAgB;AAAA,EAChB,WAAW,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE,SAAS,EAAE,SAAS;AACpD,CAAC;AAKM,MAAM,2BAA2B,yBAAyB,QAAQ,EAAE,OAAO;AAAA,EAChF,IAAI;AACN,CAAC;AAKM,MAAM,2BAA2B,EAAE,OAAO;AAAA,EAC/C,QAAQ,EAAE,OAAO,EAAE,SAAS;AAAA,EAC5B,UAAU,EAAE,OAAO,EAAE,SAAS;AAAA,EAC9B,UAAU,eAAe,SAAS;AAAA,EAClC,cAAc,EAAE,OAAO,EAAE,SAAS;AAAA,EAClC,YAAY,EAAE,OAAO,EAAE,SAAS;AAAA,EAChC,WAAW,EAAE,OAAO,EAAE,SAAS;AAAA,EAC/B,SAAS,EAAE,QAAQ,EAAE,SAAS;AAAA,EAC9B,UAAU,KAAK,SAAS;AAAA,EACxB,gBAAgB,KAAK,SAAS;AAChC,CAAC;AAKM,MAAM,+BAA+B,EAAE,OAAO;AAAA,EACnD,QAAQ;AAAA,EACR,UAAU;AAAA,EACV,YAAY,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,EAAE;AAAA,EACpC,iBAAiB;AAAA,EACjB,cAAc,EAAE,IAAI,EAAE,SAAS,EAAE,SAAS;AAAA,EAC1C,eAAe,EAAE,IAAI,EAAE,SAAS,EAAE,SAAS;AAAA,EAC3C,cAAc,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,EAC7C,iBAAiB,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC;AAAA,EACvC,YAAY,EAAE,KAAK,EAAE,SAAS;AAAA,EAC9B,UAAU;AAAA,EACV,gBAAgB,KAAK,SAAS,EAAE,SAAS;AAAA,EACzC,YAAY,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE,SAAS,EAAE,SAAS;AACrD,CAAC;AAKM,MAAM,+BAA+B,EAAE,OAAO;AAAA,EACnD,QAAQ,KAAK,SAAS;AAAA,EACtB,UAAU,KAAK,SAAS;AAAA,EACxB,YAAY,EAAE,OAAO,EAAE,SAAS;AAAA,EAChC,iBAAiB,sBAAsB,SAAS;AAAA,EAChD,UAAU,KAAK,SAAS;AAAA,EACxB,gBAAgB,KAAK,SAAS;AAAA,EAC9B,YAAY,EAAE,OAAO,EAAE,SAAS;AAAA,EAChC,gBAAgB,EAAE,KAAK,EAAE,SAAS;AAAA,EAClC,cAAc,EAAE,KAAK,EAAE,SAAS;AAClC,CAAC;AAKM,MAAM,sBAAsB,EAAE,OAAO;AAAA,EAC1C,OAAO,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,EAAE;AAAA,EAC/B,SAAS,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG;AAAA,EAClC,aAAa,EAAE,OAAO,EAAE,IAAI,GAAI,EAAE,SAAS,EAAE,SAAS;AAAA,EACtD,SAAS,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,IAAI;AAAA,EAC5C,UAAU;AAAA,EACV,gBAAgB;AAAA,EAChB,WAAW,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE,SAAS,EAAE,SAAS;AACpD,CAAC;AAKM,MAAM,sBAAsB,oBAAoB,QAAQ,EAAE,OAAO;AAAA,EACtE,IAAI;AACN,CAAC;AAKM,MAAM,sBAAsB,EAAE,OAAO;AAAA,EAC1C,OAAO,EAAE,OAAO,EAAE,SAAS;AAAA,EAC3B,SAAS,EAAE,OAAO,EAAE,SAAS;AAAA,EAC7B,SAAS,EAAE,QAAQ,EAAE,SAAS;AAAA,EAC9B,UAAU,KAAK,SAAS;AAAA,EACxB,gBAAgB,KAAK,SAAS;AAChC,CAAC;AAKM,MAAM,4BAA4B,EAAE,OAAO;AAAA,EAChD,WAAW;AAAA,EACX,QAAQ;AAAA,EACR,UAAU,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,SAAS,EAAE,QAAQ,CAAC;AAAA,EACtD,SAAS,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,IAAI;AAAA,EAC5C,UAAU;AAAA,EACV,gBAAgB;AAClB,CAAC;AAKM,MAAM,4BAA4B,EAAE,OAAO;AAAA,EAChD,IAAI;AAAA,EACJ,UAAU,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,SAAS;AAAA,EAC3C,SAAS,EAAE,QAAQ,EAAE,SAAS;AAChC,CAAC;AAKM,MAAM,4BAA4B,EAAE,OAAO;AAAA,EAChD,WAAW,KAAK,SAAS;AAAA,EACzB,QAAQ,KAAK,SAAS;AAAA,EACtB,SAAS,EAAE,QAAQ,EAAE,SAAS;AAAA,EAC9B,UAAU,KAAK,SAAS;AAAA,EACxB,gBAAgB,KAAK,SAAS;AAChC,CAAC;AAKM,MAAM,0BAA0B,EAAE,YAAY;AAAA,EACnD,YAAY,EAAE,OAAO,EAAE,IAAI,GAAG,wBAAwB;AAAA,EACtD,UAAU,EAAE,OAAO,EAAE,SAAS;AAAA,EAC9B,WAAW,EAAE,OAAO,EAAE,SAAS;AAAA,EAC/B,MAAM,EAAE,IAAI;AAAA,EACZ,MAAM,EAAE,YAAY;AAAA,IAClB,IAAI,EAAE,OAAO,EAAE,SAAS;AAAA,IACxB,OAAO,EAAE,OAAO,EAAE,SAAS;AAAA,IAC3B,MAAM,EAAE,OAAO,EAAE,SAAS;AAAA,EAC5B,CAAC,EAAE,SAAS;AAAA,EACZ,QAAQ,EAAE,YAAY;AAAA,IACpB,IAAI,EAAE,OAAO,EAAE,SAAS;AAAA,EAC1B,CAAC,EAAE,SAAS;AAAA,EACZ,cAAc,EAAE,YAAY;AAAA,IAC1B,IAAI,EAAE,OAAO,EAAE,SAAS;AAAA,EAC1B,CAAC,EAAE,SAAS;AAAA,EACZ,UAAU,EAAE,KAAK,+BAA+B;AAAA,EAChD,gBAAgB,EAAE,KAAK,qCAAqC;AAAA,EAC5D,YAAY,EAAE,OAAO,EAAE,SAAS;AAAA,EAChC,QAAQ,EAAE,QAAQ,EAAE,SAAS;AAC/B,CAAC;AAKM,MAAM,6BAA6B,EAAE,OAAO;AAAA,EACjD,YAAY,EAAE,OAAO,EAAE,IAAI,GAAG,wBAAwB;AAAA,EACtD,WAAW,EAAE,OAAO,EAAE,SAAS;AAAA,EAC/B,UAAU,EAAE,KAAK,+BAA+B;AAAA,EAChD,gBAAgB,EAAE,KAAK,qCAAqC;AAAA,EAC5D,UAAU,eAAe,SAAS;AACpC,CAAC;AAKM,MAAM,mCAAmC,EAAE,OAAO;AAAA,EACvD,QAAQ,EAAE,KAAK,6BAA6B;AAAA,EAC5C,MAAM,EAAE,IAAI;AAAA,EACZ,MAAM,EAAE,YAAY;AAAA,IAClB,IAAI,EAAE,OAAO,EAAE,SAAS;AAAA,IACxB,OAAO,EAAE,OAAO,EAAE,SAAS;AAAA,IAC3B,MAAM,EAAE,OAAO,EAAE,SAAS;AAAA,EAC5B,CAAC,EAAE,SAAS;AAAA,EACZ,UAAU,EAAE,KAAK,+BAA+B;AAAA,EAChD,gBAAgB,EAAE,KAAK,qCAAqC;AAAA,EAC5D,YAAY,EAAE,OAAO,EAAE,SAAS;AAAA,EAChC,QAAQ,EAAE,QAAQ,EAAE,SAAS;AAAA,EAC7B,YAAY,EAAE,OAAO,EAAE,SAAS;AAAA,EAChC,UAAU,EAAE,OAAO,EAAE,SAAS;AAAA,EAC9B,WAAW,EAAE,OAAO,EAAE,SAAS;AACjC,CAAC;AAKM,MAAM,+BAA+B,EAAE,OAAO;AAAA,EACnD,QAAQ,EAAE,OAAO,EAAE,IAAI,GAAG,mCAAmC,EAAE,IAAI,EAAE;AAAA,EACrE,MAAM,EAAE,IAAI;AAAA,EACZ,MAAM,EAAE,YAAY;AAAA,IAClB,IAAI,EAAE,OAAO,EAAE,SAAS;AAAA,IACxB,OAAO,EAAE,OAAO,EAAE,SAAS;AAAA,IAC3B,MAAM,EAAE,OAAO,EAAE,SAAS;AAAA,EAC5B,CAAC,EAAE,SAAS;AAAA,EACZ,UAAU,EAAE,KAAK,+BAA+B;AAAA,EAChD,gBAAgB,EAAE,KAAK,qCAAqC;AAAA,EAC5D,YAAY,EAAE,OAAO,EAAE,SAAS;AAAA,EAChC,QAAQ,EAAE,QAAQ,EAAE,SAAS;AAAA,EAC7B,YAAY,EAAE,OAAO,EAAE,SAAS;AAAA,EAChC,UAAU,EAAE,OAAO,EAAE,SAAS;AAAA,EAC9B,WAAW,EAAE,OAAO,EAAE,SAAS;AACjC,CAAC;",
|
|
6
6
|
"names": []
|
|
7
7
|
}
|
|
@@ -6,7 +6,27 @@ const metadata = {
|
|
|
6
6
|
author: "Patryk Lewczuk",
|
|
7
7
|
license: "Proprietary"
|
|
8
8
|
};
|
|
9
|
+
import {
|
|
10
|
+
executeRules,
|
|
11
|
+
executeRuleById,
|
|
12
|
+
executeRuleByRuleId,
|
|
13
|
+
executeSingleRule,
|
|
14
|
+
findApplicableRules,
|
|
15
|
+
logRuleExecution
|
|
16
|
+
} from "./lib/rule-engine.js";
|
|
17
|
+
import {
|
|
18
|
+
directRuleExecutionContextSchema,
|
|
19
|
+
ruleIdExecutionContextSchema
|
|
20
|
+
} from "./data/validators.js";
|
|
9
21
|
export {
|
|
10
|
-
|
|
22
|
+
directRuleExecutionContextSchema,
|
|
23
|
+
executeRuleById,
|
|
24
|
+
executeRuleByRuleId,
|
|
25
|
+
executeRules,
|
|
26
|
+
executeSingleRule,
|
|
27
|
+
findApplicableRules,
|
|
28
|
+
logRuleExecution,
|
|
29
|
+
metadata,
|
|
30
|
+
ruleIdExecutionContextSchema
|
|
11
31
|
};
|
|
12
32
|
//# sourceMappingURL=index.js.map
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"version": 3,
|
|
3
3
|
"sources": ["../../../src/modules/business_rules/index.ts"],
|
|
4
|
-
"sourcesContent": ["import type { ModuleInfo } from '@open-mercato/shared/modules/registry'\n\nexport const metadata: ModuleInfo = {\n name: 'business_rules',\n title: 'Business Rules',\n version: '0.1.0',\n description: 'Business Rules Engine for defining, managing, and executing business logic and automation rules.',\n author: 'Patryk Lewczuk',\n license: 'Proprietary',\n}\n"],
|
|
5
|
-
"mappings": "AAEO,MAAM,WAAuB;AAAA,EAClC,MAAM;AAAA,EACN,OAAO;AAAA,EACP,SAAS;AAAA,EACT,aAAa;AAAA,EACb,QAAQ;AAAA,EACR,SAAS;AACX;",
|
|
4
|
+
"sourcesContent": ["import type { ModuleInfo } from '@open-mercato/shared/modules/registry'\n\nexport const metadata: ModuleInfo = {\n name: 'business_rules',\n title: 'Business Rules',\n version: '0.1.0',\n description: 'Business Rules Engine for defining, managing, and executing business logic and automation rules.',\n author: 'Patryk Lewczuk',\n license: 'Proprietary',\n}\n\n// Export rule engine types and functions for programmatic usage\nexport {\n executeRules,\n executeRuleById,\n executeRuleByRuleId,\n executeSingleRule,\n findApplicableRules,\n logRuleExecution,\n type RuleEngineContext,\n type RuleEngineResult,\n type RuleExecutionResult,\n type RuleDiscoveryOptions,\n type DirectRuleExecutionContext,\n type DirectRuleExecutionResult,\n type RuleIdExecutionContext,\n} from './lib/rule-engine'\n\n// Export validator schemas\nexport {\n directRuleExecutionContextSchema,\n ruleIdExecutionContextSchema,\n type DirectRuleExecutionContextInput,\n type RuleIdExecutionContextInput,\n} from './data/validators'\n"],
|
|
5
|
+
"mappings": "AAEO,MAAM,WAAuB;AAAA,EAClC,MAAM;AAAA,EACN,OAAO;AAAA,EACP,SAAS;AAAA,EACT,aAAa;AAAA,EACb,QAAQ;AAAA,EACR,SAAS;AACX;AAGA;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OAQK;AAGP;AAAA,EACE;AAAA,EACA;AAAA,OAGK;",
|
|
6
6
|
"names": []
|
|
7
7
|
}
|