@prosopo/user-access-policy 2.5.3 → 2.6.1

package/CHANGELOG.md

@@ -0,0 +1,21 @@
+# @prosopo/user-access-policy
+
+## 2.6.1
+
+### Patch Changes
+
+- Updated dependencies [52feffc]
+  - @prosopo/types@2.6.1
+
+## 2.6.0
+
+### Minor Changes
+
+- a0bfc8a: bump all pkg versions since independent versioning applied
+
+### Patch Changes
+
+- Updated dependencies [a0bfc8a]
+  - @prosopo/api-route@2.6.0
+  - @prosopo/common@2.6.0
+  - @prosopo/types@2.6.0

package/dist/cjs/index.cjs

@@ -0,0 +1,28 @@
+"use strict";
+Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
+const apiRulePaths = require("./rules/api/apiRulePaths.cjs");
+const apiRuleRoutesProvider = require("./rules/api/apiRuleRoutesProvider.cjs");
+const getExpressApiRuleRateLimits = require("./rules/api/getExpressApiRuleRateLimits.cjs");
+const blacklistRulesInspector = require("./rules/blacklistRulesInspector.cjs");
+const imageCaptchaConfigRulesResolver = require("./rules/imageCaptchaConfigRulesResolver.cjs");
+const rulesMongooseStorage = require("./rules/mongoose/rulesMongooseStorage.cjs");
+const getRuleMongooseSchema = require("./rules/mongoose/schemas/getRuleMongooseSchema.cjs");
+const createBlacklistInspector = (rulesStorage, logger) => {
+  return new blacklistRulesInspector.BlacklistRulesInspector(rulesStorage, logger);
+};
+const createImageCaptchaConfigResolver = (rulesStorage, logger) => {
+  return new imageCaptchaConfigRulesResolver.ImageCaptchaConfigRulesResolver(rulesStorage, logger);
+};
+const createApiRuleRoutesProvider = (rulesStorage) => {
+  return new apiRuleRoutesProvider.ApiRuleRoutesProvider(rulesStorage);
+};
+const createMongooseRulesStorage = (logger, readingModel, writingModel = null) => {
+  return new rulesMongooseStorage.RulesMongooseStorage(logger, readingModel, writingModel);
+};
+exports.apiRulePaths = apiRulePaths.apiRulePaths;
+exports.getExpressApiRuleRateLimits = getExpressApiRuleRateLimits.getExpressApiRuleRateLimits;
+exports.getRuleMongooseSchema = getRuleMongooseSchema.getRuleMongooseSchema;
+exports.createApiRuleRoutesProvider = createApiRuleRoutesProvider;
+exports.createBlacklistInspector = createBlacklistInspector;
+exports.createImageCaptchaConfigResolver = createImageCaptchaConfigResolver;
+exports.createMongooseRulesStorage = createMongooseRulesStorage;

package/dist/cjs/rules/api/apiRulePaths.cjs

@@ -0,0 +1,7 @@
+"use strict";
+Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
+const apiRulePaths = {
+  INSERT_MANY: "/v1/prosopo/user-access-policy/rules/insert-many",
+  DELETE_MANY: "/v1/prosopo/user-access-policy/rules/delete-many"
+};
+exports.apiRulePaths = apiRulePaths;

package/dist/cjs/rules/api/apiRuleRoutesProvider.cjs

@@ -0,0 +1,23 @@
+"use strict";
+Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
+const apiRulePaths = require("./apiRulePaths.cjs");
+const apiDeleteManyRulesEndpoint = require("./deleteMany/apiDeleteManyRulesEndpoint.cjs");
+const apiInsertManyRulesEndpoint = require("./insertMany/apiInsertManyRulesEndpoint.cjs");
+class ApiRuleRoutesProvider {
+  constructor(rulesStorage) {
+    this.rulesStorage = rulesStorage;
+  }
+  getRoutes() {
+    return [
+      {
+        path: apiRulePaths.apiRulePaths.INSERT_MANY,
+        endpoint: new apiInsertManyRulesEndpoint.ApiInsertManyRulesEndpoint(this.rulesStorage)
+      },
+      {
+        path: apiRulePaths.apiRulePaths.DELETE_MANY,
+        endpoint: new apiDeleteManyRulesEndpoint.ApiDeleteManyRulesEndpoint(this.rulesStorage)
+      }
+    ];
+  }
+}
+exports.ApiRuleRoutesProvider = ApiRuleRoutesProvider;

package/dist/cjs/rules/api/deleteMany/apiDeleteManyRulesArgsSchema.cjs

@@ -0,0 +1,13 @@
+"use strict";
+Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
+const zod = require("zod");
+const ruleIpSchema = require("../../rule/ip/ruleIpSchema.cjs");
+const apiDeleteManyRulesArgsSchema = zod.array(
+  zod.object({
+    clientId: zod.string().optional(),
+    userIp: ruleIpSchema.ruleIpSchema.optional(),
+    userId: zod.string().optional(),
+    ja4: zod.string().optional()
+  })
+);
+exports.apiDeleteManyRulesArgsSchema = apiDeleteManyRulesArgsSchema;

package/dist/cjs/rules/api/deleteMany/apiDeleteManyRulesEndpoint.cjs

@@ -0,0 +1,19 @@
+"use strict";
+Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
+const apiRoute = require("@prosopo/api-route");
+const apiDeleteManyRulesArgsSchema = require("./apiDeleteManyRulesArgsSchema.cjs");
+class ApiDeleteManyRulesEndpoint {
+  constructor(rulesStorage) {
+    this.rulesStorage = rulesStorage;
+  }
+  async processRequest(args) {
+    await this.rulesStorage.deleteMany(args);
+    return {
+      status: apiRoute.ApiEndpointResponseStatus.SUCCESS
+    };
+  }
+  getRequestArgsSchema() {
+    return apiDeleteManyRulesArgsSchema.apiDeleteManyRulesArgsSchema;
+  }
+}
+exports.ApiDeleteManyRulesEndpoint = ApiDeleteManyRulesEndpoint;

package/dist/cjs/rules/api/getExpressApiRuleRateLimits.cjs

@@ -0,0 +1,18 @@
+"use strict";
+Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
+const apiRulePaths = require("./apiRulePaths.cjs");
+const getExpressApiRuleRateLimits = () => {
+  const defaultWindowsMs = 6e4;
+  const defaultLimit = 5;
+  return {
+    [apiRulePaths.apiRulePaths.INSERT_MANY]: {
+      windowMs: process.env.PROSOPO_USER_ACCESS_POLICY_RULE_INSERT_MANY_WINDOW || defaultWindowsMs,
+      limit: process.env.PROSOPO_USER_ACCESS_POLICY_RULE_INSERT_MANY_LIMIT || defaultLimit
+    },
+    [apiRulePaths.apiRulePaths.DELETE_MANY]: {
+      windowMs: process.env.PROSOPO_USER_ACCESS_POLICY_RULE_DELETE_MANY_WINDOW || defaultWindowsMs,
+      limit: process.env.PROSOPO_USER_ACCESS_POLICY_RULE_DELETE_MANY_LIMIT || defaultLimit
+    }
+  };
+};
+exports.getExpressApiRuleRateLimits = getExpressApiRuleRateLimits;

package/dist/cjs/rules/api/insertMany/apiInsertManyRulesArgsSchema.cjs

@@ -0,0 +1,39 @@
+"use strict";
+Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
+const zod = require("zod");
+const ruleConfigSchema = require("../../rule/config/ruleConfigSchema.cjs");
+const apiInsertManyRulesArgsSchema = zod.object({
+  isUserBlocked: zod.boolean(),
+  clientId: zod.string().optional(),
+  description: zod.string().optional(),
+  userIps: zod.object({
+    v4: zod.string().array().optional(),
+    v6: zod.string().array().optional()
+  }),
+  // block multiple user ip ranges
+  userIpMasks: zod.object({
+    v4: zod.object({
+      min: zod.string(),
+      max: zod.string()
+    }).array().optional(),
+    v6: zod.object({
+      min: zod.string(),
+      max: zod.string()
+    }).array().optional()
+  }),
+  // block multiple user ip ranges
+  userIds: zod.string().array().optional(),
+  // block multiple user ids
+  ja4s: zod.string().array().optional(),
+  // block multiple ja4s
+  // setting individual rule values overrides any array values for the same type
+  userIp: zod.object({
+    v4: zod.string().optional(),
+    v6: zod.string().optional()
+  }).optional(),
+  userId: zod.string().optional(),
+  ja4: zod.string().optional(),
+  config: ruleConfigSchema.ruleConfigSchema.optional(),
+  score: zod.number().optional()
+});
+exports.apiInsertManyRulesArgsSchema = apiInsertManyRulesArgsSchema;

package/dist/cjs/rules/api/insertMany/apiInsertManyRulesEndpoint.cjs

@@ -0,0 +1,193 @@
+"use strict";
+Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
+const apiRoute = require("@prosopo/api-route");
+const ipAddress = require("ip-address");
+const ruleIpSchema = require("../../rule/ip/ruleIpSchema.cjs");
+const apiInsertManyRulesArgsSchema = require("./apiInsertManyRulesArgsSchema.cjs");
+class ApiInsertManyRulesEndpoint {
+  constructor(rulesStorage) {
+    this.rulesStorage = rulesStorage;
+  }
+  async processRequest(args) {
+    const singleRule = this.getSingleRule(args);
+    const rules = [
+      ...this.getUserIpRules(args),
+      ...this.getUserIPMaskRules(args),
+      ...this.getUserIdRules(args),
+      ...this.getJa4Rules(args),
+      ...singleRule ? [singleRule] : []
+    ];
+    return new Promise((resolve) => {
+      this.rulesStorage.insertMany(rules).then(() => {
+        resolve({
+          status: apiRoute.ApiEndpointResponseStatus.SUCCESS
+        });
+      }).catch((e) => {
+        resolve({
+          status: apiRoute.ApiEndpointResponseStatus.FAIL
+        });
+      });
+      setTimeout(() => {
+        resolve({
+          status: apiRoute.ApiEndpointResponseStatus.PROCESSING
+        });
+      }, 5e3);
+    });
+  }
+  getRequestArgsSchema() {
+    return apiInsertManyRulesArgsSchema.apiInsertManyRulesArgsSchema;
+  }
+  getUserIpRules(args) {
+    const rules = [];
+    const userIps = args.userIps || [];
+    for (const userIp of userIps.v4 || []) {
+      const ipAddress$1 = new ipAddress.Address4(userIp);
+      rules.push({
+        userIp: ruleIpSchema.ruleIpSchema.parse({
+          v4: {
+            asNumeric: ipAddress$1.bigInt(),
+            asString: ipAddress$1.address
+          }
+        }),
+        isUserBlocked: args.isUserBlocked,
+        description: args.description,
+        clientId: args.clientId,
+        config: args.config,
+        score: args.score
+      });
+    }
+    for (const userIp of userIps.v6 || []) {
+      const ipAddress$1 = new ipAddress.Address6(userIp);
+      rules.push({
+        userIp: ruleIpSchema.ruleIpSchema.parse({
+          v4: {
+            asNumeric: ipAddress$1.bigInt(),
+            asString: ipAddress$1.address
+          }
+        }),
+        isUserBlocked: args.isUserBlocked,
+        description: args.description,
+        clientId: args.clientId,
+        config: args.config,
+        score: args.score
+      });
+    }
+    return rules;
+  }
+  getUserIPMaskRules(args) {
+    const rules = [];
+    const userIpMasks = args.userIpMasks || [];
+    for (const userMask of userIpMasks.v4 || []) {
+      const min = new ipAddress.Address4(userMask.min);
+      const max = new ipAddress.Address4(userMask.max);
+      rules.push({
+        userIp: ruleIpSchema.ruleIpSchema.parse({
+          v4: {
+            asNumeric: min.bigInt(),
+            asString: min.address,
+            mask: {
+              rangeMinAsNumeric: min.bigInt(),
+              rangeMaxAsNumeric: max.bigInt(),
+              asNumeric: Number(min.bigInt())
+            }
+          }
+        }),
+        isUserBlocked: args.isUserBlocked,
+        description: args.description,
+        clientId: args.clientId,
+        config: args.config,
+        score: args.score
+      });
+    }
+    for (const userMask of userIpMasks.v6 || []) {
+      const min = new ipAddress.Address6(userMask.min);
+      const max = new ipAddress.Address6(userMask.max);
+      rules.push({
+        userIp: ruleIpSchema.ruleIpSchema.parse({
+          v6: {
+            asNumeric: min.bigInt(),
+            asString: min.address,
+            mask: {
+              rangeMinAsNumeric: min.bigInt(),
+              rangeMaxAsNumeric: max.bigInt(),
+              asNumeric: Number(min.bigInt())
+            }
+          }
+        }),
+        isUserBlocked: args.isUserBlocked,
+        description: args.description,
+        clientId: args.clientId,
+        config: args.config,
+        score: args.score
+      });
+    }
+    return rules;
+  }
+  getUserIdRules(args) {
+    const rules = [];
+    const userIds = args.userIds || [];
+    for (const userId of userIds) {
+      rules.push({
+        userId,
+        isUserBlocked: args.isUserBlocked,
+        description: args.description,
+        clientId: args.clientId,
+        config: args.config,
+        score: args.score
+      });
+    }
+    return rules;
+  }
+  getJa4Rules(args) {
+    const rules = [];
+    const ja4s = args.ja4s || [];
+    for (const ja4 of ja4s) {
+      rules.push({
+        ja4,
+        isUserBlocked: args.isUserBlocked,
+        description: args.description,
+        clientId: args.clientId,
+        config: args.config,
+        score: args.score
+      });
+    }
+    return rules;
+  }
+  getSingleRule(args) {
+    if (!args.userIp && !args.userId && !args.ja4) {
+      return void 0;
+    }
+    const rule = {
+      isUserBlocked: args.isUserBlocked,
+      ...args.description && { description: args.description },
+      ...args.clientId && { clientId: args.clientId },
+      ...args.config && { config: args.config },
+      ...args.score && { score: args.score },
+      ...args.ja4 && { ja4: args.ja4 },
+      ...args.userId && { userId: args.userId }
+    };
+    if (args.userIp) {
+      const userIp = args.userIp;
+      if (userIp.v4) {
+        const ipAddress$1 = new ipAddress.Address4(userIp.v4);
+        rule.userIp = ruleIpSchema.ruleIpSchema.parse({
+          v4: {
+            asNumeric: ipAddress$1.bigInt(),
+            asString: ipAddress$1.address
+          }
+        });
+      }
+      if (userIp.v6) {
+        const ipAddress$1 = new ipAddress.Address6(userIp.v6);
+        rule.userIp = ruleIpSchema.ruleIpSchema.parse({
+          v6: {
+            asNumeric: ipAddress$1.bigInt(),
+            asString: ipAddress$1.address
+          }
+        });
+      }
+    }
+    return rule;
+  }
+}
+exports.ApiInsertManyRulesEndpoint = ApiInsertManyRulesEndpoint;

package/dist/cjs/rules/blacklistRulesInspector.cjs

@@ -0,0 +1,44 @@
+"use strict";
+Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
+class BlacklistRulesInspector {
+  constructor(rulesStorage, logger) {
+    this.rulesStorage = rulesStorage;
+    this.logger = logger;
+  }
+  async isUserBlacklisted(clientId, userIpAddress, ja4, userId) {
+    this.logger.debug({
+      clientId,
+      userIpAddress,
+      ja4,
+      userId
+    });
+    const accessRules = await this.rulesStorage.find(
+      {
+        clientId,
+        userIpAddress,
+        ja4,
+        userId
+      },
+      {
+        includeRecordsWithPartialFilterMatches: true,
+        includeRecordsWithoutClientId: true
+      }
+    );
+    const blockingRules = accessRules.filter(
+      (accessRule) => accessRule.isUserBlocked
+    );
+    const userBlacklisted = blockingRules.length > 0;
+    if (userBlacklisted) {
+      this.logger.info({
+        userBlacklisted,
+        clientId,
+        userIpAddress: userIpAddress.address.toString(),
+        userId,
+        accessRules: accessRules.length,
+        blockingRules: blockingRules.length
+      });
+    }
+    return userBlacklisted;
+  }
+}
+exports.BlacklistRulesInspector = BlacklistRulesInspector;

package/dist/cjs/rules/imageCaptchaConfigRulesResolver.cjs

@@ -0,0 +1,115 @@
+"use strict";
+Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
+class ImageCaptchaConfigRulesResolver {
+  constructor(rulesStorage, logger, _accessRule = null) {
+    this.rulesStorage = rulesStorage;
+    this.logger = logger;
+    this._accessRule = _accessRule;
+  }
+  get accessRule() {
+    return this._accessRule;
+  }
+  async isConfigDefined(clientId, userIpAddress, ja4, userId) {
+    const accessRule = await this.fetchUserAccessRule(
+      userIpAddress,
+      ja4,
+      userId,
+      clientId
+    );
+    const imageCaptchaConfig = accessRule?.config?.imageCaptcha || null;
+    const configDefined = null !== imageCaptchaConfig;
+    if (configDefined) {
+      this.logger.info({
+        configDefined,
+        clientId,
+        userIpAddress: userIpAddress.toString(),
+        userId,
+        imageCaptchaConfig,
+        ja4
+      });
+    }
+    return configDefined;
+  }
+  async resolveConfig(defaults, userIpAddress, ja4, userId, clientId) {
+    const logArgs = {
+      userIpAddress: userIpAddress.address.toString(),
+      userId,
+      clientId,
+      defaults,
+      ja4
+    };
+    this._accessRule = await this.fetchUserAccessRule(
+      userIpAddress,
+      ja4,
+      userId,
+      clientId
+    );
+    if (null === this.accessRule) {
+      this.logger.debug("ImageCaptchaConfigRulesResolver.resolveConfig", {
+        configDefined: false,
+        ...logArgs
+      });
+      return defaults;
+    }
+    const imageCaptchaConfig = this.accessRule.config?.imageCaptcha || {};
+    const config = this.getImageCaptchaConfig(defaults, imageCaptchaConfig);
+    this.logger.info("ImageCaptchaConfigRulesResolver.resolveConfig", {
+      configDefined: true,
+      imageCaptchaConfig,
+      config,
+      ...logArgs
+    });
+    return config;
+  }
+  async fetchUserAccessRule(userIpAddress, ja4, userId, clientId) {
+    const accessRules = await this.queryUserAccessRules(
+      userIpAddress,
+      ja4,
+      userId,
+      clientId
+    );
+    this.logger.debug("ImageCaptchaConfigRulesResolver.fetchUserAccessRule", {
+      accessRules: accessRules.length,
+      userIpAddress: userIpAddress.address.toString(),
+      userId,
+      clientId,
+      ja4
+    });
+    return this.selectPrimaryUserAccessRule(accessRules);
+  }
+  async queryUserAccessRules(ipAddress, ja4, user, clientId) {
+    return await this.rulesStorage.find(
+      {
+        clientId,
+        userId: user,
+        userIpAddress: ipAddress,
+        ja4
+      },
+      {
+        includeRecordsWithoutClientId: true,
+        includeRecordsWithPartialFilterMatches: true
+      }
+    );
+  }
+  selectPrimaryUserAccessRule(accessRules) {
+    const clientRules = accessRules.filter(
+      (accessRule2) => "string" === typeof accessRule2.clientId
+    );
+    const globalRules = accessRules.filter(
+      (accessRule2) => void 0 === accessRule2.clientId
+    );
+    const accessRule = clientRules.length > 0 ? clientRules.shift() : globalRules.shift();
+    return void 0 === accessRule ? null : accessRule;
+  }
+  getImageCaptchaConfig(defaults, imageCaptchaConfig) {
+    return {
+      solved: {
+        count: imageCaptchaConfig.solvedCount || defaults.solved.count
+      },
+      unsolved: {
+        count: imageCaptchaConfig.unsolvedCount || defaults.unsolved.count
+      }
+    };
+  }
+}
+exports.ImageCaptchaConfigRulesResolver = ImageCaptchaConfigRulesResolver;

package/dist/cjs/rules/mongoose/indexes/rulePerformanceMongooseIndexes.cjs

@@ -0,0 +1,75 @@
+"use strict";
+Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
+const userIpIndexes = [
+  {
+    definition: {
+      "userIp.v4.asNumeric": 1
+    },
+    options: {
+      partialFilterExpression: {
+        "userIp.v4.asNumeric": { $exists: true }
+      }
+    }
+  },
+  {
+    definition: {
+      "userIp.v6.asNumericString": 1
+    },
+    options: {
+      partialFilterExpression: {
+        "userIp.v6.asNumericString": { $exists: true }
+      }
+    }
+  }
+];
+const userIpMaskIndexes = [
+  {
+    definition: {
+      "userIp.v4.mask.rangeMinAsNumeric": 1,
+      "userIp.v4.mask.rangeMaxAsNumeric": 1,
+      "userIp.v4.asNumeric": 1
+    },
+    options: {
+      partialFilterExpression: {
+        "userIp.v4.mask.asNumeric": { $exists: true }
+      }
+    }
+  },
+  {
+    definition: {
+      "userIp.v6.mask.rangeMinAsNumericString": 1,
+      "userIp.v6.mask.rangeMaxAsNumericString": 1
+    },
+    options: {
+      partialFilterExpression: {
+        "userIp.v6.mask.asNumeric": { $exists: true }
+      }
+    }
+  }
+];
+const otherIndexes = [
+  {
+    definition: {
+      userId: 1
+    },
+    options: {
+      unique: true,
+      sparse: true
+    }
+  },
+  {
+    definition: {
+      ja4: 1
+    },
+    options: {
+      unique: true,
+      sparse: true
+    }
+  }
+];
+const rulePerformanceMongooseIndexes = [
+  ...userIpIndexes,
+  ...userIpMaskIndexes,
+  ...otherIndexes
+];
+exports.rulePerformanceMongooseIndexes = rulePerformanceMongooseIndexes;

package/dist/cjs/rules/mongoose/indexes/ruleUniqueMongooseIndexes.cjs

@@ -0,0 +1,137 @@
+"use strict";
+Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
+const globalIpIndexes = [
+  {
+    definition: {
+      "userIp.v4.asNumeric": 1
+    },
+    options: {
+      name: "globalIpV4",
+      unique: true,
+      partialFilterExpression: {
+        clientId: null,
+        "userIp.v4.asNumeric": { $exists: true },
+        "userIp.v4.mask.asNumeric": null
+      }
+    }
+  },
+  {
+    definition: {
+      "userIp.v6.asNumericString": 1
+    },
+    options: {
+      name: "globalIpV6",
+      unique: true,
+      partialFilterExpression: {
+        clientId: null,
+        "userIp.v6.asNumericString": { $exists: true },
+        "userIp.v6.mask.asNumeric": null
+      }
+    }
+  }
+];
+const globalIpMaskIndexes = [
+  {
+    definition: {
+      "userIp.v4.asNumeric": 1,
+      "userIp.v4.mask.asNumeric": 1
+    },
+    options: {
+      name: "globalIpMaskV4",
+      unique: true,
+      partialFilterExpression: {
+        clientId: null,
+        "userIp.v4.asNumeric": { $exists: true },
+        "userIp.v4.mask.asNumeric": { $exists: true }
+      }
+    }
+  },
+  {
+    definition: {
+      "userIp.v6.asNumericString": 1,
+      "userIp.v6.mask.asNumeric": 1
+    },
+    options: {
+      name: "globalIpMaskV6",
+      unique: true,
+      partialFilterExpression: {
+        clientId: null,
+        "userIp.v6.asNumericString": { $exists: true },
+        "userIp.v6.mask.asNumeric": { $exists: true }
+      }
+    }
+  }
+];
+const ipPerClientIndexes = [
+  {
+    definition: {
+      clientId: 1,
+      "userIp.v4.asNumeric": 1
+    },
+    options: {
+      name: "clientIpV4",
+      unique: true,
+      partialFilterExpression: {
+        clientId: { $exists: true },
+        "userIp.v4.asNumeric": { $exists: true },
+        "userIp.v4.mask.asNumeric": null
+      }
+    }
+  },
+  {
+    definition: {
+      clientId: 1,
+      "userIp.v6.asNumericString": 1
+    },
+    options: {
+      name: "clientIpV6",
+      unique: true,
+      partialFilterExpression: {
+        clientId: { $exists: true },
+        "userIp.v6.asNumericString": { $exists: true },
+        "userIp.v6.mask.asNumeric": null
+      }
+    }
+  }
+];
+const ipMaskPerClientIndexes = [
+  {
+    definition: {
+      clientId: 1,
+      "userIp.v4.asNumeric": 1,
+      "userIp.v4.mask.asNumeric": 1
+    },
+    options: {
+      name: "clientIpV4Mask",
+      unique: true,
+      partialFilterExpression: {
+        clientId: { $exists: true },
+        "userIp.v4.asNumeric": { $exists: true },
+        "userIp.v4.mask.asNumeric": { $exists: true }
+      }
+    }
+  },
+  {
+    definition: {
+      clientId: 1,
+      "userIp.v6.asNumericString": 1,
+      "userIp.v6.mask.asNumeric": 1
+    },
+    options: {
+      name: "clientIpV6Mask",
+      unique: true,
+      partialFilterExpression: {
+        clientId: { $exists: true },
+        "userIp.v6.asNumericString": { $exists: true },
+        "userIp.v6.mask.asNumeric": { $exists: true }
+      }
+    }
+  }
+];
+const ruleUniqueMongooseIndexes = [
+  ...globalIpIndexes,
+  ...globalIpMaskIndexes,
+  ...ipMaskPerClientIndexes,
+  ...ipPerClientIndexes
+];
+exports.ruleUniqueMongooseIndexes = ruleUniqueMongooseIndexes;

package/dist/cjs/rules/mongoose/rulesMongooseStorage.cjs

@@ -0,0 +1,177 @@
+"use strict";
+Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
+const common = require("@prosopo/common");
+const ipAddress = require("ip-address");
+const ruleIpVersion = require("../rule/ip/ruleIpVersion.cjs");
+const ruleIpV6NumericMaxLength = require("../rule/ip/v6/ruleIpV6NumericMaxLength.cjs");
+class RulesMongooseStorage {
+  constructor(logger, readingModel, writingModel = null) {
+    this.logger = logger;
+    this.readingModel = readingModel;
+    this.writingModel = writingModel;
+    if (null === this.writingModel) {
+      this.writingModel = this.readingModel;
+    }
+  }
+  async insert(record) {
+    if (!this.writingModel) {
+      throw this.modelNotSetProsopoError();
+    }
+    const filter = {
+      ...record.clientId && { clientId: record.clientId },
+      ...record.userIp && { userIp: record.userIp },
+      ...record.userId && { userId: record.userId },
+      ...record.ja4 && { ja4: record.ja4 }
+    };
+    const validationError = new this.writingModel(record).validateSync();
+    if (validationError) {
+      throw validationError;
+    }
+    const document = await this.writingModel.findOneAndUpdate(
+      filter,
+      record,
+      { new: true, upsert: true, runValidators: true }
+      // 🔥 Enforce schema validation!
+    );
+    const ruleRecord = this.convertMongooseRecordToRuleRecord(
+      document.toObject()
+    );
+    return ruleRecord;
+  }
+  async insertMany(records) {
+    if (!this.writingModel) {
+      throw this.modelNotSetProsopoError();
+    }
+    if (!this.readingModel) {
+      throw this.modelNotSetProsopoError();
+    }
+    const beforeDelete = await this.writingModel.find({});
+    this.logger.debug("Before deletion, DB records:", beforeDelete.length);
+    await this.writingModel.bulkWrite(
+      records.map((record) => {
+        const filter = {
+          ...record.clientId && { clientId: record.clientId },
+          ...record.userIp && { userIp: record.userIp },
+          ...record.userId && { userId: record.userId },
+          ...record.ja4 && { ja4: record.ja4 }
+        };
+        return {
+          deleteOne: {
+            filter
+          }
+        };
+      })
+    );
+    this.logger.debug("After deletion");
+    const afterDelete = await this.readingModel.find({});
+    this.logger.debug("After deletion, DB records:", afterDelete.length);
+    const documents = await this.writingModel.insertMany(records);
+    const objectDocuments = documents.map((document) => document.toObject());
+    const ruleRecords = this.convertMongooseRecordsToRuleRecords(objectDocuments);
+    return ruleRecords;
+  }
+  async find(filters, filterSettings) {
+    if (!this.readingModel) {
+      throw this.modelNotSetProsopoError();
+    }
+    const query = this.createSearchQuery(filters, filterSettings);
+    const mongooseRecords = await this.readingModel.find(query).lean().exec();
+    const ruleRecords = this.convertMongooseRecordsToRuleRecords(mongooseRecords);
+    return ruleRecords;
+  }
+  async deleteMany(recordFilters) {
+    if (!this.writingModel) {
+      throw this.modelNotSetProsopoError();
+    }
+    for (const recordFilter of recordFilters) {
+      await this.writingModel.deleteOne(recordFilter).exec();
+    }
+  }
+  async countRecords() {
+    if (!this.readingModel) {
+      throw this.modelNotSetProsopoError();
+    }
+    const count = await this.readingModel.countDocuments().exec();
+    return count;
+  }
+  modelNotSetProsopoError() {
+    return new common.ProsopoError("USER_ACCESS_POLICY.MONGOOSE_RULE_MODEL_NOT_SET");
+  }
+  createSearchQuery(filters, filterSettings) {
+    const includeRecordsWithoutClientId = filterSettings?.includeRecordsWithoutClientId || false;
+    const includeRecordsWithPartialFilterMatches = filterSettings?.includeRecordsWithPartialFilterMatches || false;
+    const queryParts = [
+      this.getFilterByClientId(includeRecordsWithoutClientId, filters.clientId)
+    ];
+    const queryFilters = this.getSearchQueryFilters(
+      filters,
+      includeRecordsWithPartialFilterMatches
+    );
+    return {
+      $and: queryParts.concat(queryFilters)
+    };
+  }
+  getSearchQueryFilters(filters, includeRecordsWithPartialFilterMatches) {
+    const queryFilters = [];
+    if (filters.userId) {
+      queryFilters.push({ userId: filters.userId });
+    }
+    if (filters.userIpAddress) {
+      queryFilters.push(this.getFilterByUserIp(filters.userIpAddress));
+    }
+    if (filters.ja4) {
+      queryFilters.push({ ja4: filters.ja4 });
+    }
+    return includeRecordsWithPartialFilterMatches && queryFilters.length > 1 ? [{ $or: queryFilters }] : queryFilters;
+  }
+  getFilterByClientId(includeRecordsWithoutClientId, clientId) {
+    const clientIdValue = void 0 === clientId ? { $exists: false } : clientId;
+    const clientIdFilter = {
+      clientId: clientIdValue
+    };
+    return includeRecordsWithoutClientId ? {
+      $or: [clientIdFilter, { clientId: { $exists: false } }]
+    } : clientIdFilter;
+  }
+  getFilterByUserIp(userIpAddress) {
+    return null !== userIpAddress ? this.getFilterByUserIpAddress(userIpAddress) : { userIp: null };
+  }
+  getFilterByUserIpAddress(userIpAddress) {
+    const isIpV4 = userIpAddress instanceof ipAddress.Address4;
+    const userIpVersion = isIpV4 ? ruleIpVersion.RuleIpVersion.v4 : ruleIpVersion.RuleIpVersion.v6;
+    const userIpAsNumeric = isIpV4 ? userIpAddress.bigInt() : (
+      // we must have the exact same string length to guarantee the right comparison.
+      userIpAddress.bigInt().toString().padStart(ruleIpV6NumericMaxLength.RULE_IPV6_NUMERIC_MAX_LENGTH, "0")
+    );
+    const userIpKey = userIpVersion === ruleIpVersion.RuleIpVersion.v4 ? "userIp.v4.asNumeric" : "userIp.v6.asNumericString";
+    const rangeMinKey = userIpVersion === ruleIpVersion.RuleIpVersion.v4 ? "userIp.v4.mask.rangeMinAsNumeric" : "userIp.v6.mask.rangeMinAsNumericString";
+    const rangeMaxKey = userIpVersion === ruleIpVersion.RuleIpVersion.v4 ? "userIp.v4.mask.rangeMaxAsNumeric" : "userIp.v6.mask.rangeMaxAsNumericString";
+    return {
+      $or: [
+        { [userIpKey]: userIpAsNumeric },
+        {
+          [rangeMinKey]: {
+            $lte: userIpAsNumeric
+          },
+          [rangeMaxKey]: {
+            $gte: userIpAsNumeric
+          }
+        }
+      ]
+    };
+  }
+  convertMongooseRecordsToRuleRecords(mongooseRecords) {
+    const ruleRecords = mongooseRecords.map(
+      (mongooseRecord) => this.convertMongooseRecordToRuleRecord(mongooseRecord)
+    );
+    return ruleRecords;
+  }
+  convertMongooseRecordToRuleRecord(mongooseRecord) {
+    const ruleRecord = {
+      ...mongooseRecord,
+      _id: mongooseRecord._id.toString()
+    };
+    return ruleRecord;
+  }
+}
+exports.RulesMongooseStorage = RulesMongooseStorage;

package/dist/cjs/rules/mongoose/schemas/config/configMongooseSchema.cjs

@@ -0,0 +1,14 @@
+"use strict";
+Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
+const mongoose = require("mongoose");
+const imageCaptchaConfigMongooseSchema = require("./imageCaptchaConfigMongooseSchema.cjs");
+const configMongooseSchema = new mongoose.Schema(
+  {
+    imageCaptcha: {
+      type: imageCaptchaConfigMongooseSchema.imageCaptchaConfigMongooseSchema,
+      required: false
+    }
+  },
+  { _id: false }
+);
+exports.configMongooseSchema = configMongooseSchema;

package/dist/cjs/rules/mongoose/schemas/config/imageCaptchaConfigMongooseSchema.cjs

@@ -0,0 +1,17 @@
+"use strict";
+Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
+const mongoose = require("mongoose");
+const imageCaptchaConfigMongooseSchema = new mongoose.Schema(
+  {
+    solvedCount: {
+      type: Number,
+      required: false
+    },
+    unsolvedCount: {
+      type: Number,
+      required: false
+    }
+  },
+  { _id: false }
+);
+exports.imageCaptchaConfigMongooseSchema = imageCaptchaConfigMongooseSchema;

package/dist/cjs/rules/mongoose/schemas/getRuleMongooseSchema.cjs

@@ -0,0 +1,19 @@
+"use strict";
+Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
+const rulePerformanceMongooseIndexes = require("../indexes/rulePerformanceMongooseIndexes.cjs");
+const ruleUniqueMongooseIndexes = require("../indexes/ruleUniqueMongooseIndexes.cjs");
+const ruleMongooseSchema = require("./ruleMongooseSchema.cjs");
+const getRuleMongooseSchema = () => {
+  const ruleMongooseIndexes = [
+    ...rulePerformanceMongooseIndexes.rulePerformanceMongooseIndexes,
+    ...ruleUniqueMongooseIndexes.ruleUniqueMongooseIndexes
+  ];
+  for (const ruleMongooseIndex of ruleMongooseIndexes) {
+    ruleMongooseSchema.ruleMongooseSchema.index(
+      ruleMongooseIndex.definition,
+      ruleMongooseIndex.options
+    );
+  }
+  return ruleMongooseSchema.ruleMongooseSchema;
+};
+exports.getRuleMongooseSchema = getRuleMongooseSchema;

package/dist/cjs/rules/mongoose/schemas/ip/ipMongooseSchema.cjs

@@ -0,0 +1,29 @@
+"use strict";
+Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
+const mongoose = require("mongoose");
+const ipV4MongooseSchema = require("./v4/ipV4MongooseSchema.cjs");
+const ipV6MongooseSchema = require("./v6/ipV6MongooseSchema.cjs");
+const ipMongooseSchema = new mongoose.Schema(
+  {
+    v4: {
+      type: ipV4MongooseSchema.ipV4MongooseSchema,
+      required: [
+        function() {
+          return !this.v6;
+        },
+        "v4 is required when v6 is not set"
+      ]
+    },
+    v6: {
+      type: ipV6MongooseSchema.ipV6MongooseSchema,
+      required: [
+        function() {
+          return !this.v4;
+        },
+        "v6 is required when v4 is not set"
+      ]
+    }
+  },
+  { _id: false }
+);
+exports.ipMongooseSchema = ipMongooseSchema;

package/dist/cjs/rules/mongoose/schemas/ip/v4/ipV4MaskMongooseSchema.cjs

@@ -0,0 +1,14 @@
+"use strict";
+Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
+const mongoose = require("mongoose");
+const ipV4MaskMongooseSchema = new mongoose.Schema(
+  {
+    // Type choice note: Int32 can't store 10 digits of the numeric presentation of ipV4,
+    // so we use BigInt, which is supported by Mongoose and turned into Mongo's Long (Int64)
+    rangeMinAsNumeric: { type: BigInt, required: true },
+    rangeMaxAsNumeric: { type: BigInt, required: true },
+    asNumeric: { type: Number, required: true }
+  },
+  { _id: false }
+);
+exports.ipV4MaskMongooseSchema = ipV4MaskMongooseSchema;

package/dist/cjs/rules/mongoose/schemas/ip/v4/ipV4MongooseSchema.cjs

@@ -0,0 +1,18 @@
+"use strict";
+Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
+const mongoose = require("mongoose");
+const ipV4MaskMongooseSchema = require("./ipV4MaskMongooseSchema.cjs");
+const ipV4MongooseSchema = new mongoose.Schema(
+  {
+    // Type choice note: Int32 can't store 10 digits of the numeric presentation of ipV4,
+    // so we use BigInt, which is supported by Mongoose and turned into Mongo's Long (Int64)
+    asNumeric: { type: BigInt, required: true },
+    asString: { type: String, required: true },
+    mask: {
+      type: ipV4MaskMongooseSchema.ipV4MaskMongooseSchema,
+      required: false
+    }
+  },
+  { _id: false }
+);
+exports.ipV4MongooseSchema = ipV4MongooseSchema;

package/dist/cjs/rules/mongoose/schemas/ip/v6/ipV6MaskMongooseSchema.cjs

@@ -0,0 +1,34 @@
+"use strict";
+Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
+const mongoose = require("mongoose");
+const ruleIpV6NumericMaxLength = require("../../../../rule/ip/v6/ruleIpV6NumericMaxLength.cjs");
+const ipV6MaskMongooseSchema = new mongoose.Schema(
+  {
+    // 1. Type choice note:
+    /**
+     * ipV6 takes 128bits (38 digits), so we can't use Mongo's Long (Int64), and can't even Decimal128,
+     * cause it supports only 34 digits https://www.mongodb.com/docs/manual/reference/bson-types/
+     */
+    // 2. String comparison note
+    /**
+     * Mongo compares strings by unicode codes of each letter, so it works for us,
+     * as long we make sure both strings have the exact same length:
+     * so '10' and '02', never '10' and '2'.
+     */
+    rangeMinAsNumericString: {
+      type: String,
+      required: true,
+      // we must have the exact same string length to guarantee the right comparison.
+      set: (value) => value.padStart(ruleIpV6NumericMaxLength.RULE_IPV6_NUMERIC_MAX_LENGTH, "0")
+    },
+    rangeMaxAsNumericString: {
+      type: String,
+      required: true,
+      // we must have the exact same string length to guarantee the right comparison.
+      set: (value) => value.padStart(ruleIpV6NumericMaxLength.RULE_IPV6_NUMERIC_MAX_LENGTH, "0")
+    },
+    asNumeric: { type: Number, required: true }
+  },
+  { _id: false }
+);
+exports.ipV6MaskMongooseSchema = ipV6MaskMongooseSchema;

package/dist/cjs/rules/mongoose/schemas/ip/v6/ipV6MongooseSchema.cjs

@@ -0,0 +1,33 @@
+"use strict";
+Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
+const mongoose = require("mongoose");
+const ruleIpV6NumericMaxLength = require("../../../../rule/ip/v6/ruleIpV6NumericMaxLength.cjs");
+const ipV6MaskMongooseSchema = require("./ipV6MaskMongooseSchema.cjs");
+const ipV6MongooseSchema = new mongoose.Schema(
+  {
+    // 1. Type choice note:
+    /**
+     * ipV6 takes 128bits (38 digits), so we can't use Mongo's Long (Int64), and can't even Decimal128,
+     * cause it supports only 34 digits https://www.mongodb.com/docs/manual/reference/bson-types/
+     */
+    // 2. String comparison note
+    /**
+     * Mongo compares strings by unicode codes of each letter, so it works for us,
+     * as long we make sure both strings have the exact same length:
+     * so '10' and '02', never '10' and '2'.
+     */
+    asNumericString: {
+      type: String,
+      required: true,
+      // we must have the exact same string length to guarantee the right comparison.
+      set: (value) => value.padStart(ruleIpV6NumericMaxLength.RULE_IPV6_NUMERIC_MAX_LENGTH, "0")
+    },
+    asString: { type: String, required: true },
+    mask: {
+      type: ipV6MaskMongooseSchema.ipV6MaskMongooseSchema,
+      required: false
+    }
+  },
+  { _id: false }
+);
+exports.ipV6MongooseSchema = ipV6MongooseSchema;

package/dist/cjs/rules/mongoose/schemas/ruleMongooseSchema.cjs

@@ -0,0 +1,43 @@
+"use strict";
+Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
+const mongoose = require("mongoose");
+const configMongooseSchema = require("./config/configMongooseSchema.cjs");
+const ipMongooseSchema = require("./ip/ipMongooseSchema.cjs");
+const ruleMongooseSchema = new mongoose.Schema({
+  isUserBlocked: { type: Boolean, required: true },
+  clientId: { type: String, required: false },
+  description: { type: String, required: false },
+  userIp: {
+    type: ipMongooseSchema.ipMongooseSchema,
+    required: [
+      function() {
+        return !this.userId && !this.ja4;
+      },
+      "userIp is required when userId is not set and ja4 is not set"
+    ]
+  },
+  userId: {
+    type: String,
+    required: [
+      function() {
+        return !this.userIp && !this.ja4;
+      },
+      "userId is required when userIp is not set and ja4 is not set"
+    ]
+  },
+  ja4: {
+    type: String,
+    required: [
+      function() {
+        return !this.userIp && !this.userId;
+      },
+      "ja4 is required when userIp is not set and userId is not set"
+    ]
+  },
+  config: {
+    type: configMongooseSchema.configMongooseSchema,
+    required: false
+  },
+  score: { type: Number, required: false }
+});
+exports.ruleMongooseSchema = ruleMongooseSchema;

package/dist/cjs/rules/rule/config/imageCaptcha/imageCaptchaConfigSchema.cjs

@@ -0,0 +1,8 @@
+"use strict";
+Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
+const zod = require("zod");
+const imageCaptchaConfigSchema = zod.object({
+  solvedCount: zod.number().optional(),
+  unsolvedCount: zod.number().optional()
+});
+exports.imageCaptchaConfigSchema = imageCaptchaConfigSchema;

package/dist/cjs/rules/rule/config/ruleConfigSchema.cjs

@@ -0,0 +1,8 @@
+"use strict";
+Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
+const zod = require("zod");
+const imageCaptchaConfigSchema = require("./imageCaptcha/imageCaptchaConfigSchema.cjs");
+const ruleConfigSchema = zod.object({
+  imageCaptcha: imageCaptchaConfigSchema.imageCaptchaConfigSchema.optional()
+});
+exports.ruleConfigSchema = ruleConfigSchema;

package/dist/cjs/rules/rule/ip/ruleIpSchema.cjs

@@ -0,0 +1,10 @@
+"use strict";
+Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
+const zod = require("zod");
+const ruleIpV4Schema = require("./v4/ruleIpV4Schema.cjs");
+const ruleIpV6Schema = require("./v6/ruleIpV6Schema.cjs");
+const ruleIpSchema = zod.object({
+  v4: ruleIpV4Schema.ruleIpV4Schema.optional(),
+  v6: ruleIpV6Schema.ruleIpV6Schema.optional()
+});
+exports.ruleIpSchema = ruleIpSchema;

package/dist/cjs/rules/rule/ip/ruleIpVersion.cjs

@@ -0,0 +1,8 @@
+"use strict";
+Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
+var RuleIpVersion = /* @__PURE__ */ ((RuleIpVersion2) => {
+  RuleIpVersion2["v4"] = "v4";
+  RuleIpVersion2["v6"] = "v6";
+  return RuleIpVersion2;
+})(RuleIpVersion || {});
+exports.RuleIpVersion = RuleIpVersion;

package/dist/cjs/rules/rule/ip/v4/mask/ruleIpV4MaskSchema.cjs

@@ -0,0 +1,9 @@
+"use strict";
+Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
+const zod = require("zod");
+const ruleIpV4MaskSchema = zod.object({
+  rangeMinAsNumeric: zod.bigint(),
+  rangeMaxAsNumeric: zod.bigint(),
+  asNumeric: zod.number()
+});
+exports.ruleIpV4MaskSchema = ruleIpV4MaskSchema;

package/dist/cjs/rules/rule/ip/v4/ruleIpV4Schema.cjs

@@ -0,0 +1,10 @@
+"use strict";
+Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
+const zod = require("zod");
+const ruleIpV4MaskSchema = require("./mask/ruleIpV4MaskSchema.cjs");
+const ruleIpV4Schema = zod.object({
+  asNumeric: zod.bigint(),
+  asString: zod.string(),
+  mask: ruleIpV4MaskSchema.ruleIpV4MaskSchema.optional()
+});
+exports.ruleIpV4Schema = ruleIpV4Schema;

package/dist/cjs/rules/rule/ip/v6/mask/ruleIpV6MaskSchema.cjs

@@ -0,0 +1,9 @@
+"use strict";
+Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
+const zod = require("zod");
+const ruleIpV6MaskSchema = zod.object({
+  rangeMinAsNumericString: zod.string(),
+  rangeMaxAsNumericString: zod.string(),
+  asNumeric: zod.number()
+});
+exports.ruleIpV6MaskSchema = ruleIpV6MaskSchema;

package/dist/cjs/rules/rule/ip/v6/ruleIpV6NumericMaxLength.cjs

@@ -0,0 +1,4 @@
+"use strict";
+Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
+const RULE_IPV6_NUMERIC_MAX_LENGTH = 38;
+exports.RULE_IPV6_NUMERIC_MAX_LENGTH = RULE_IPV6_NUMERIC_MAX_LENGTH;

package/dist/cjs/rules/rule/ip/v6/ruleIpV6Schema.cjs

@@ -0,0 +1,10 @@
+"use strict";
+Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
+const zod = require("zod");
+const ruleIpV6MaskSchema = require("./mask/ruleIpV6MaskSchema.cjs");
+const ruleIpV6Schema = zod.object({
+  asNumericString: zod.string(),
+  asString: zod.string(),
+  mask: ruleIpV6MaskSchema.ruleIpV6MaskSchema.optional()
+});
+exports.ruleIpV6Schema = ruleIpV6Schema;

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@prosopo/user-access-policy",
-	"version": "2.5.3",
+	"version": "2.6.1",
 	"main": "dist/index.js",
 	"type": "module",
 	"engines": {
@@ -23,9 +23,9 @@
 		"storage:benchmark:mongoose:measure-find": "npm run storage:benchmark:mongoose -- measure-find --db-url=mongodb://localhost:27017 --target-ip-v4=0.0.136.184 --target-ip-v6=0000:0000:0000:0000:0000:0000:0000:7530"
 	},
 	"dependencies": {
-		"@prosopo/api-route": "2.5.3",
-		"@prosopo/common": "2.5.3",
-		"@prosopo/types": "2.5.3",
+		"@prosopo/api-route": "2.6.0",
+		"@prosopo/common": "2.6.0",
+		"@prosopo/types": "2.6.1",
 		"ip-address": "10.0.1",
 		"mongoose": "8.6.2",
 		"zod": "3.23.8"
@@ -33,8 +33,8 @@
 	"devDependencies": {
 		"mongodb": "6.9.0",
 		"mongodb-memory-server": "10.0.0",
-		"vite": "5.4.6",
-		"vitest": "2.1.1",
+		"vite": "6.2.3",
+		"vitest": "3.0.9",
 		"yargs": "17.7.2"
 	},
 	"author": "PROSOPO LIMITED <info@prosopo.io>",
@@ -43,5 +43,10 @@
 		"url": "https://github.com/prosopo/captcha/issues"
 	},
 	"homepage": "https://github.com/prosopo/captcha#readme",
-	"sideEffects": false
+	"sideEffects": false,
+	"repository": {
+		"type": "git",
+		"url": "git+https://github.com/prosopo/captcha.git",
+		"directory": "packages/user-access-policy"
+	}
 }