@prosopo/user-access-policy 2.6.4 → 3.1.5

package/CHANGELOG.md

@@ -1,5 +1,85 @@
 # @prosopo/user-access-policy
 
+## 3.1.5
+### Patch Changes
+
+- Updated dependencies [b0d7207]
+  - @prosopo/types@3.0.3
+
+## 3.1.4
+### Patch Changes
+
+  - @prosopo/util@3.0.2
+
+## 3.1.3
+### Patch Changes
+
+  - @prosopo/util@3.0.1
+
+## 3.1.2
+### Patch Changes
+
+- Updated dependencies [f682f0c]
+  - @prosopo/types@3.0.2
+  - @prosopo/common@3.0.2
+  - @prosopo/api-route@2.6.7
+
+## 3.1.1
+### Patch Changes
+
+  - @prosopo/common@3.0.1
+  - @prosopo/types@3.0.1
+  - @prosopo/api-route@2.6.6
+
+## 3.1.0
+### Minor Changes
+
+- 913f2a6: Make custom expiration times work in redis. Make redis internal only and persist data
+
+## 3.0.0
+### Major Changes
+
+- 64b5bcd: Access Controls
+
+### Patch Changes
+
+- Updated dependencies [64b5bcd]
+  - @prosopo/common@3.0.0
+  - @prosopo/types@3.0.0
+  - @prosopo/util@3.0.0
+  - @prosopo/api-route@2.6.5
+
+## 2.6.8
+### Patch Changes
+
+- Updated dependencies [aee3efe]
+  - @prosopo/types@2.10.0
+
+## 2.6.7
+### Patch Changes
+
+- 86c22b8: structured logging
+- Updated dependencies [86c22b8]
+  - @prosopo/api-route@2.6.4
+  - @prosopo/common@2.7.2
+  - @prosopo/types@2.9.1
+
+## 2.6.6
+### Patch Changes
+
+- Updated dependencies [30bb383]
+  - @prosopo/types@2.9.0
+  - @prosopo/common@2.7.1
+  - @prosopo/api-route@2.6.3
+
+## 2.6.5
+### Patch Changes
+
+- Updated dependencies [8f0644a]
+  - @prosopo/common@2.7.0
+  - @prosopo/types@2.8.0
+  - @prosopo/api-route@2.6.2
+
 ## 2.6.4
 
 ### Patch Changes

package/dist/accessPolicy.d.ts

@@ -0,0 +1,169 @@
+import { type ZodRawShape, z } from "zod";
+export declare enum AccessPolicyType {
+    Block = "block",
+    Restrict = "restrict"
+}
+export declare const accessPolicySchema: z.ZodObject<{
+    type: ZodRawShape["type"];
+    captchaType: ZodRawShape["captchaType"];
+    description: ZodRawShape["description"];
+    solvedImagesCount: ZodRawShape["solvedImagesCount"];
+    imageThreshold: ZodRawShape["imageThreshold"];
+    powDifficulty: ZodRawShape["powDifficulty"];
+    unsolvedImagesCount: ZodRawShape["unsolvedImagesCount"];
+    frictionlessScore: ZodRawShape["frictionlessScore"];
+}>;
+export declare const policyScopeSchema: z.ZodObject<{
+    clientId: z.ZodOptional<z.ZodString>;
+    ruleGroupId: z.ZodOptional<z.ZodString>;
+}, "strip", z.ZodTypeAny, {
+    clientId?: string | undefined;
+    ruleGroupId?: string | undefined;
+}, {
+    clientId?: string | undefined;
+    ruleGroupId?: string | undefined;
+}>;
+export declare const userScopeSchema: z.ZodObject<{
+    userId: z.ZodOptional<z.ZodString>;
+    numericIp: z.ZodOptional<z.ZodBigInt>;
+    numericIpMaskMin: z.ZodOptional<z.ZodBigInt>;
+    numericIpMaskMax: z.ZodOptional<z.ZodBigInt>;
+    ja4Hash: z.ZodOptional<z.ZodString>;
+    headersHash: z.ZodOptional<z.ZodString>;
+    userAgentHash: z.ZodOptional<z.ZodString>;
+}, "strip", z.ZodTypeAny, {
+    userId?: string | undefined;
+    numericIp?: bigint | undefined;
+    numericIpMaskMin?: bigint | undefined;
+    numericIpMaskMax?: bigint | undefined;
+    ja4Hash?: string | undefined;
+    headersHash?: string | undefined;
+    userAgentHash?: string | undefined;
+}, {
+    userId?: string | undefined;
+    numericIp?: bigint | undefined;
+    numericIpMaskMin?: bigint | undefined;
+    numericIpMaskMax?: bigint | undefined;
+    ja4Hash?: string | undefined;
+    headersHash?: string | undefined;
+    userAgentHash?: string | undefined;
+}>;
+export declare const userScopeInputSchema: z.ZodEffects<z.ZodObject<z.objectUtil.extendShape<{
+    userId: z.ZodOptional<z.ZodString>;
+    numericIp: z.ZodOptional<z.ZodBigInt>;
+    numericIpMaskMin: z.ZodOptional<z.ZodBigInt>;
+    numericIpMaskMax: z.ZodOptional<z.ZodBigInt>;
+    ja4Hash: z.ZodOptional<z.ZodString>;
+    headersHash: z.ZodOptional<z.ZodString>;
+    userAgentHash: z.ZodOptional<z.ZodString>;
+}, {
+    ip: z.ZodOptional<z.ZodString>;
+    ipMask: z.ZodOptional<z.ZodString>;
+    userAgent: z.ZodOptional<z.ZodString>;
+}>, "strip", z.ZodTypeAny, {
+    userId?: string | undefined;
+    numericIp?: bigint | undefined;
+    numericIpMaskMin?: bigint | undefined;
+    numericIpMaskMax?: bigint | undefined;
+    ja4Hash?: string | undefined;
+    headersHash?: string | undefined;
+    userAgentHash?: string | undefined;
+    ip?: string | undefined;
+    ipMask?: string | undefined;
+    userAgent?: string | undefined;
+}, {
+    userId?: string | undefined;
+    numericIp?: bigint | undefined;
+    numericIpMaskMin?: bigint | undefined;
+    numericIpMaskMax?: bigint | undefined;
+    ja4Hash?: string | undefined;
+    headersHash?: string | undefined;
+    userAgentHash?: string | undefined;
+    ip?: string | undefined;
+    ipMask?: string | undefined;
+    userAgent?: string | undefined;
+}>, {
+    userId?: string | undefined;
+    numericIp?: bigint | undefined;
+    numericIpMaskMin?: bigint | undefined;
+    numericIpMaskMax?: bigint | undefined;
+    ja4Hash?: string | undefined;
+    headersHash?: string | undefined;
+    userAgentHash?: string | undefined;
+}, {
+    userId?: string | undefined;
+    numericIp?: bigint | undefined;
+    numericIpMaskMin?: bigint | undefined;
+    numericIpMaskMax?: bigint | undefined;
+    ja4Hash?: string | undefined;
+    headersHash?: string | undefined;
+    userAgentHash?: string | undefined;
+    ip?: string | undefined;
+    ipMask?: string | undefined;
+    userAgent?: string | undefined;
+}>;
+export type AccessPolicy = z.output<typeof accessPolicySchema>;
+export type PolicyScope = z.output<typeof policyScopeSchema>;
+export type UserScope = z.output<typeof userScopeSchema>;
+export type UserScopeApiInput = z.input<typeof userScopeInputSchema>;
+export type UserScopeApiOutput = z.output<typeof userScopeInputSchema>;
+export declare const accessRuleSchemaExtended: z.ZodObject<Omit<{
+    userId: z.ZodOptional<z.ZodString>;
+    numericIp: z.ZodOptional<z.ZodBigInt>;
+    numericIpMaskMin: z.ZodOptional<z.ZodBigInt>;
+    numericIpMaskMax: z.ZodOptional<z.ZodBigInt>;
+    ja4Hash: z.ZodOptional<z.ZodString>;
+    headersHash: z.ZodOptional<z.ZodString>;
+    userAgentHash: z.ZodOptional<z.ZodString>;
+    ip: z.ZodOptional<z.ZodString>;
+    ipMask: z.ZodOptional<z.ZodString>;
+    userAgent: z.ZodOptional<z.ZodString>;
+    clientId: z.ZodOptional<z.ZodString>;
+    ruleGroupId: z.ZodOptional<z.ZodString>;
+    type: ZodRawShape["type"];
+    captchaType: ZodRawShape["captchaType"];
+    description: ZodRawShape["description"];
+    solvedImagesCount: ZodRawShape["solvedImagesCount"];
+    imageThreshold: ZodRawShape["imageThreshold"];
+    powDifficulty: ZodRawShape["powDifficulty"];
+    unsolvedImagesCount: ZodRawShape["unsolvedImagesCount"];
+    frictionlessScore: ZodRawShape["frictionlessScore"];
+}, "numericIp" | "numericIpMaskMin" | "numericIpMaskMax">, "strip", z.ZodTypeAny, {
+    type?: any;
+    captchaType?: any;
+    description?: any;
+    solvedImagesCount?: any;
+    imageThreshold?: any;
+    powDifficulty?: any;
+    unsolvedImagesCount?: any;
+    frictionlessScore?: any;
+    clientId?: string | undefined;
+    ruleGroupId?: string | undefined;
+    userId?: string | undefined;
+    ja4Hash?: string | undefined;
+    headersHash?: string | undefined;
+    userAgentHash?: string | undefined;
+    ip?: string | undefined;
+    ipMask?: string | undefined;
+    userAgent?: string | undefined;
+}, {
+    type?: any;
+    captchaType?: any;
+    description?: any;
+    solvedImagesCount?: any;
+    imageThreshold?: any;
+    powDifficulty?: any;
+    unsolvedImagesCount?: any;
+    frictionlessScore?: any;
+    clientId?: string | undefined;
+    ruleGroupId?: string | undefined;
+    userId?: string | undefined;
+    ja4Hash?: string | undefined;
+    headersHash?: string | undefined;
+    userAgentHash?: string | undefined;
+    ip?: string | undefined;
+    ipMask?: string | undefined;
+    userAgent?: string | undefined;
+}>;
+export type AccessRuleExtended = z.input<typeof accessRuleSchemaExtended>;
+//# sourceMappingURL=accessPolicy.d.ts.map

package/dist/accessPolicy.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"accessPolicy.d.ts","sourceRoot":"","sources":["../src/accessPolicy.ts"],"names":[],"mappings":"AAiBA,OAAO,EAAE,KAAK,WAAW,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAG1C,oBAAY,gBAAgB;IAC3B,KAAK,UAAU;IACf,QAAQ,aAAa;CACrB;AAED,eAAO,MAAM,kBAAkB,EAAE,CAAC,CAAC,SAAS,CAAC;IAC5C,IAAI,EAAE,WAAW,CAAC,MAAM,CAAC,CAAC;IAC1B,WAAW,EAAE,WAAW,CAAC,aAAa,CAAC,CAAC;IACxC,WAAW,EAAE,WAAW,CAAC,aAAa,CAAC,CAAC;IACxC,iBAAiB,EAAE,WAAW,CAAC,mBAAmB,CAAC,CAAC;IACpD,cAAc,EAAE,WAAW,CAAC,gBAAgB,CAAC,CAAC;IAC9C,aAAa,EAAE,WAAW,CAAC,eAAe,CAAC,CAAC;IAC5C,mBAAmB,EAAE,WAAW,CAAC,qBAAqB,CAAC,CAAC;IACxD,iBAAiB,EAAE,WAAW,CAAC,mBAAmB,CAAC,CAAC;CACpD,CAcC,CAAC;AAEH,eAAO,MAAM,iBAAiB;;;;;;;;;EAG5B,CAAC;AAEH,eAAO,MAAM,eAAe;;;;;;;;;;;;;;;;;;;;;;;;EAS1B,CAAC;AAEH,eAAO,MAAM,oBAAoB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAoC9B,CAAC;AAEJ,MAAM,MAAM,YAAY,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,kBAAkB,CAAC,CAAC;AAC/D,MAAM,MAAM,WAAW,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,iBAAiB,CAAC,CAAC;AAC7D,MAAM,MAAM,SAAS,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,eAAe,CAAC,CAAC;AACzD,MAAM,MAAM,iBAAiB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oBAAoB,CAAC,CAAC;AACrE,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,oBAAoB,CAAC,CAAC;AAEvE,eAAO,MAAM,wBAAwB;;;;;;;;;;;;;UApF9B,WAAW,CAAC,MAAM,CAAC;iBACZ,WAAW,CAAC,aAAa,CAAC;iBAC1B,WAAW,CAAC,aAAa,CAAC;uBACpB,WAAW,CAAC,mBAAmB,CAAC;oBACnC,WAAW,CAAC,gBAAgB,CAAC;mBAC9B,WAAW,CAAC,eAAe,CAAC;yBACtB,WAAW,CAAC,qBAAqB,CAAC;uBACpC,WAAW,CAAC,mBAAmB,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAwFjD,CAAC;AACJ,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,wBAAwB,CAAC,CAAC"}

package/dist/accessPolicy.js

@@ -0,0 +1,65 @@
+import { CaptchaTypeSchema } from "@prosopo/types";
+import { Address4 } from "ip-address";
+import { z } from "zod";
+import { hashUserAgent } from "#policy/util.js";
+export var AccessPolicyType;
+(function (AccessPolicyType) {
+    AccessPolicyType["Block"] = "block";
+    AccessPolicyType["Restrict"] = "restrict";
+})(AccessPolicyType || (AccessPolicyType = {}));
+export const accessPolicySchema = z.object({
+    type: z.nativeEnum(AccessPolicyType),
+    captchaType: CaptchaTypeSchema.optional(),
+    description: z.coerce.string().optional(),
+    solvedImagesCount: z.coerce.number().optional(),
+    imageThreshold: z.coerce.number().optional(),
+    powDifficulty: z.coerce.number().optional(),
+    unsolvedImagesCount: z.coerce.number().optional(),
+    frictionlessScore: z.coerce.number().optional(),
+});
+export const policyScopeSchema = z.object({
+    clientId: z.coerce.string().optional(),
+    ruleGroupId: z.coerce.string().optional(),
+});
+export const userScopeSchema = z.object({
+    userId: z.coerce.string().optional(),
+    numericIp: z.coerce.bigint().optional(),
+    numericIpMaskMin: z.coerce.bigint().optional(),
+    numericIpMaskMax: z.coerce.bigint().optional(),
+    ja4Hash: z.coerce.string().optional(),
+    headersHash: z.coerce.string().optional(),
+    userAgentHash: z.coerce.string().optional(),
+});
+export const userScopeInputSchema = userScopeSchema
+    .extend({
+    ip: z.string().optional(),
+    ipMask: z.string().optional(),
+    userAgent: z.string().optional(),
+})
+    .transform((inputUserScope) => {
+    const { ip, ipMask, userAgent, ...userScope } = inputUserScope;
+    if ("string" === typeof ip) {
+        userScope.numericIp = new Address4(ip).bigInt();
+    }
+    if ("string" === typeof ipMask) {
+        const ipObject = new Address4(ipMask);
+        userScope.numericIpMaskMin = ipObject.startAddress().bigInt();
+        userScope.numericIpMaskMax = ipObject.endAddress().bigInt();
+    }
+    if ("string" === typeof userAgent) {
+        userScope.userAgentHash = hashUserAgent(userAgent);
+    }
+    return userScope;
+});
+export const accessRuleSchemaExtended = z
+    .object({
+    ...accessPolicySchema.shape,
+    ...policyScopeSchema.shape,
+    ...userScopeInputSchema._def.schema.shape,
+})
+    .omit({
+    numericIp: true,
+    numericIpMaskMin: true,
+    numericIpMaskMax: true,
+});
+//# sourceMappingURL=accessPolicy.js.map

package/dist/accessPolicy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"accessPolicy.js","sourceRoot":"","sources":["../src/accessPolicy.ts"],"names":[],"mappings":"AAeA,OAAO,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAC;AACnD,OAAO,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAC;AACtC,OAAO,EAAoB,CAAC,EAAE,MAAM,KAAK,CAAC;AAC1C,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAEhD,MAAM,CAAN,IAAY,gBAGX;AAHD,WAAY,gBAAgB;IAC3B,mCAAe,CAAA;IACf,yCAAqB,CAAA;AACtB,CAAC,EAHW,gBAAgB,KAAhB,gBAAgB,QAG3B;AAED,MAAM,CAAC,MAAM,kBAAkB,GAS1B,CAAC,CAAC,MAAM,CAAC;IACb,IAAI,EAAE,CAAC,CAAC,UAAU,CAAC,gBAAgB,CAAC;IACpC,WAAW,EAAE,iBAAiB,CAAC,QAAQ,EAAE;IACzC,WAAW,EAAE,CAAC,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAEzC,iBAAiB,EAAE,CAAC,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAE/C,cAAc,EAAE,CAAC,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAE5C,aAAa,EAAE,CAAC,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAE3C,mBAAmB,EAAE,CAAC,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAEjD,iBAAiB,EAAE,CAAC,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CAC/C,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC,CAAC,MAAM,CAAC;IACzC,QAAQ,EAAE,CAAC,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACtC,WAAW,EAAE,CAAC,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CACzC,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,eAAe,GAAG,CAAC,CAAC,MAAM,CAAC;IAEvC,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACpC,SAAS,EAAE,CAAC,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACvC,gBAAgB,EAAE,CAAC,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC9C,gBAAgB,EAAE,CAAC,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC9C,OAAO,EAAE,CAAC,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACrC,WAAW,EAAE,CAAC,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACzC,aAAa,EAAE,CAAC,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CAC3C,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,oBAAoB,GAAG,eAAe;KACjD,MAAM,CAAC;IAGP,EAAE,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAEzB,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAE7B,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CAChC,CAAC;KACD,SAAS,CAAC,CAAC,cAAc,EAAE,EAAE;IAE7B,MAAM,EAAE,EAAE,EAAE,MAAM,EAAE,SAAS,EAAE,GAAG,SAAS,EAAE,GAAG,cAAc,CAAC;IAE/D,IAAI,QAAQ,KAAK,OAAO,EAAE,EAAE,CAAC;QAC5B,SAAS,CAAC,SAAS,GAAG,IAAI,QAAQ,CAAC,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC;IACjD,CAAC;IAGD,IAAI,QAAQ,KAAK,OAAO,MAAM,EAAE,CAAC;QAGhC,MAAM,QAAQ,GAAG,IAAI,QAAQ,CAAC,MAAM,CAAC,CAAC;QAGtC,SAAS,CAAC,gBAAgB,GAAG,QAAQ,CAAC,YAAY,EAAE,CAAC,MAAM,EAAE,CAAC;QAG9D,SAAS,CAAC,gBAAgB,GAAG,QAAQ,CAAC,UAAU,EAAE,CAAC,MAAM,EAAE,CAAC;IAC7D,CAAC;IAED,IAAI,QAAQ,KAAK,OAAO,SAAS,EAAE,CAAC;QACnC,SAAS,CAAC,aAAa,GAAG,aAAa,CAAC,SAAS,CAAC,CAAC;IACpD,CAAC;IAED,OAAO,SAAS,CAAC;AAClB,CAAC,CAAC,CAAC;AAQJ,MAAM,CAAC,MAAM,wBAAwB,GAAG,CAAC;KACvC,MAAM,CAAC;IAEP,GAAG,kBAAkB,CAAC,KAAK;IAC3B,GAAG,iBAAiB,CAAC,KAAK;IAC1B,GAAG,oBAAoB,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK;CACzC,CAAC;KACD,IAAI,CAAC;IACL,SAAS,EAAE,IAAI;IACf,gBAAgB,EAAE,IAAI;IACtB,gBAAgB,EAAE,IAAI;CACtB,CAAC,CAAC"}

package/dist/accessPolicyResolver.d.ts

@@ -0,0 +1,115 @@
+import type { Logger } from "@prosopo/common";
+import { z } from "zod";
+import { type AccessPolicy } from "#policy/accessPolicy.js";
+import type { AccessRulesReader } from "#policy/accessRules.js";
+export declare enum ScopeMatch {
+    Exact = "exact",
+    Greedy = "greedy"
+}
+export declare const policyFilterSchema: z.ZodObject<{
+    policyScope: z.ZodOptional<z.ZodObject<{
+        clientId: z.ZodOptional<z.ZodString>;
+        ruleGroupId: z.ZodOptional<z.ZodString>;
+    }, "strip", z.ZodTypeAny, {
+        clientId?: string | undefined;
+        ruleGroupId?: string | undefined;
+    }, {
+        clientId?: string | undefined;
+        ruleGroupId?: string | undefined;
+    }>>;
+    policyScopeMatch: z.ZodDefault<z.ZodNativeEnum<typeof ScopeMatch>>;
+    userScope: z.ZodOptional<z.ZodEffects<z.ZodObject<z.objectUtil.extendShape<{
+        userId: z.ZodOptional<z.ZodString>;
+        numericIp: z.ZodOptional<z.ZodBigInt>;
+        numericIpMaskMin: z.ZodOptional<z.ZodBigInt>;
+        numericIpMaskMax: z.ZodOptional<z.ZodBigInt>;
+        ja4Hash: z.ZodOptional<z.ZodString>;
+        headersHash: z.ZodOptional<z.ZodString>;
+        userAgentHash: z.ZodOptional<z.ZodString>;
+    }, {
+        ip: z.ZodOptional<z.ZodString>;
+        ipMask: z.ZodOptional<z.ZodString>;
+        userAgent: z.ZodOptional<z.ZodString>;
+    }>, "strip", z.ZodTypeAny, {
+        userId?: string | undefined;
+        numericIp?: bigint | undefined;
+        numericIpMaskMin?: bigint | undefined;
+        numericIpMaskMax?: bigint | undefined;
+        ja4Hash?: string | undefined;
+        headersHash?: string | undefined;
+        userAgentHash?: string | undefined;
+        ip?: string | undefined;
+        ipMask?: string | undefined;
+        userAgent?: string | undefined;
+    }, {
+        userId?: string | undefined;
+        numericIp?: bigint | undefined;
+        numericIpMaskMin?: bigint | undefined;
+        numericIpMaskMax?: bigint | undefined;
+        ja4Hash?: string | undefined;
+        headersHash?: string | undefined;
+        userAgentHash?: string | undefined;
+        ip?: string | undefined;
+        ipMask?: string | undefined;
+        userAgent?: string | undefined;
+    }>, {
+        userId?: string | undefined;
+        numericIp?: bigint | undefined;
+        numericIpMaskMin?: bigint | undefined;
+        numericIpMaskMax?: bigint | undefined;
+        ja4Hash?: string | undefined;
+        headersHash?: string | undefined;
+        userAgentHash?: string | undefined;
+    }, {
+        userId?: string | undefined;
+        numericIp?: bigint | undefined;
+        numericIpMaskMin?: bigint | undefined;
+        numericIpMaskMax?: bigint | undefined;
+        ja4Hash?: string | undefined;
+        headersHash?: string | undefined;
+        userAgentHash?: string | undefined;
+        ip?: string | undefined;
+        ipMask?: string | undefined;
+        userAgent?: string | undefined;
+    }>>;
+    userScopeMatch: z.ZodDefault<z.ZodNativeEnum<typeof ScopeMatch>>;
+}, "strip", z.ZodTypeAny, {
+    policyScopeMatch: ScopeMatch;
+    userScopeMatch: ScopeMatch;
+    userScope?: {
+        userId?: string | undefined;
+        numericIp?: bigint | undefined;
+        numericIpMaskMin?: bigint | undefined;
+        numericIpMaskMax?: bigint | undefined;
+        ja4Hash?: string | undefined;
+        headersHash?: string | undefined;
+        userAgentHash?: string | undefined;
+    } | undefined;
+    policyScope?: {
+        clientId?: string | undefined;
+        ruleGroupId?: string | undefined;
+    } | undefined;
+}, {
+    userScope?: {
+        userId?: string | undefined;
+        numericIp?: bigint | undefined;
+        numericIpMaskMin?: bigint | undefined;
+        numericIpMaskMax?: bigint | undefined;
+        ja4Hash?: string | undefined;
+        headersHash?: string | undefined;
+        userAgentHash?: string | undefined;
+        ip?: string | undefined;
+        ipMask?: string | undefined;
+        userAgent?: string | undefined;
+    } | undefined;
+    policyScope?: {
+        clientId?: string | undefined;
+        ruleGroupId?: string | undefined;
+    } | undefined;
+    policyScopeMatch?: ScopeMatch | undefined;
+    userScopeMatch?: ScopeMatch | undefined;
+}>;
+export type PolicyFilter = z.input<typeof policyFilterSchema>;
+export type ResolveAccessPolicy = (filter: PolicyFilter) => Promise<AccessPolicy | undefined>;
+export declare const createAccessPolicyResolver: (accessRulesReader: AccessRulesReader, logger: Logger) => ResolveAccessPolicy;
+//# sourceMappingURL=accessPolicyResolver.d.ts.map

package/dist/accessPolicyResolver.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"accessPolicyResolver.d.ts","sourceRoot":"","sources":["../src/accessPolicyResolver.ts"],"names":[],"mappings":"AAeA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAC;AAC9C,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EACN,KAAK,YAAY,EAIjB,MAAM,yBAAyB,CAAC;AACjC,OAAO,KAAK,EAAc,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AAE5E,oBAAY,UAAU;IACrB,KAAK,UAAU;IACf,MAAM,WAAW;CACjB;AAED,eAAO,MAAM,kBAAkB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAa7B,CAAC;AAGH,MAAM,MAAM,YAAY,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,CAAC;AAE9D,MAAM,MAAM,mBAAmB,GAAG,CACjC,MAAM,EAAE,YAAY,KAChB,OAAO,CAAC,YAAY,GAAG,SAAS,CAAC,CAAC;AAEvC,eAAO,MAAM,0BAA0B,sBACnB,iBAAiB,UAC5B,MAAM,KACZ,mBAuBF,CAAC"}

package/dist/accessPolicyResolver.js

@@ -0,0 +1,44 @@
+import * as util from "node:util";
+import { z } from "zod";
+import { AccessPolicyType, policyScopeSchema, userScopeInputSchema, } from "#policy/accessPolicy.js";
+export var ScopeMatch;
+(function (ScopeMatch) {
+    ScopeMatch["Exact"] = "exact";
+    ScopeMatch["Greedy"] = "greedy";
+})(ScopeMatch || (ScopeMatch = {}));
+export const policyFilterSchema = z.object({
+    policyScope: policyScopeSchema.optional(),
+    policyScopeMatch: z.nativeEnum(ScopeMatch).default(ScopeMatch.Exact),
+    userScope: userScopeInputSchema.optional(),
+    userScopeMatch: z.nativeEnum(ScopeMatch).default(ScopeMatch.Exact),
+});
+export const createAccessPolicyResolver = (accessRulesReader, logger) => {
+    return async (filter) => {
+        const accessRules = await accessRulesReader.findRules(filter);
+        const primaryAccessRule = resolvePrimaryRule(accessRules);
+        logger.debug(() => ({
+            msg: "Resolved access policy",
+            data: {
+                inspect: util.inspect({
+                    filter: filter,
+                    accessRules: accessRules,
+                    primaryAccessRule: primaryAccessRule,
+                }, { depth: null }),
+            },
+        }));
+        return primaryAccessRule;
+    };
+};
+const resolvePrimaryRule = (rules) => {
+    const blockingRules = rules.filter((accessRule) => AccessPolicyType.Block === accessRule.type);
+    const rulesToEvaluate = blockingRules.length > 0 ? blockingRules : rules;
+    return resolveMostLocalRule(rulesToEvaluate);
+};
+const resolveMostLocalRule = (rules) => {
+    const clientRules = rules.filter((accessRule) => "string" === typeof accessRule.clientId);
+    if (clientRules.length > 0) {
+        return clientRules.shift();
+    }
+    return rules.shift();
+};
+//# sourceMappingURL=accessPolicyResolver.js.map

package/dist/accessPolicyResolver.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"accessPolicyResolver.js","sourceRoot":"","sources":["../src/accessPolicyResolver.ts"],"names":[],"mappings":"AAcA,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAElC,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAEN,gBAAgB,EAChB,iBAAiB,EACjB,oBAAoB,GACpB,MAAM,yBAAyB,CAAC;AAGjC,MAAM,CAAN,IAAY,UAGX;AAHD,WAAY,UAAU;IACrB,6BAAe,CAAA;IACf,+BAAiB,CAAA;AAClB,CAAC,EAHW,UAAU,KAAV,UAAU,QAGrB;AAED,MAAM,CAAC,MAAM,kBAAkB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC1C,WAAW,EAAE,iBAAiB,CAAC,QAAQ,EAAE;IAKzC,gBAAgB,EAAE,CAAC,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,KAAK,CAAC;IACpE,SAAS,EAAE,oBAAoB,CAAC,QAAQ,EAAE;IAK1C,cAAc,EAAE,CAAC,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,KAAK,CAAC;CAClE,CAAC,CAAC;AASH,MAAM,CAAC,MAAM,0BAA0B,GAAG,CACzC,iBAAoC,EACpC,MAAc,EACQ,EAAE;IACxB,OAAO,KAAK,EAAE,MAAoB,EAAqC,EAAE;QACxE,MAAM,WAAW,GAAG,MAAM,iBAAiB,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;QAE9D,MAAM,iBAAiB,GAAG,kBAAkB,CAAC,WAAW,CAAC,CAAC;QAE1D,MAAM,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC;YACnB,GAAG,EAAE,wBAAwB;YAE7B,IAAI,EAAE;gBACL,OAAO,EAAE,IAAI,CAAC,OAAO,CACpB;oBACC,MAAM,EAAE,MAAM;oBACd,WAAW,EAAE,WAAW;oBACxB,iBAAiB,EAAE,iBAAiB;iBACpC,EACD,EAAE,KAAK,EAAE,IAAI,EAAE,CACf;aACD;SACD,CAAC,CAAC,CAAC;QAEJ,OAAO,iBAAiB,CAAC;IAC1B,CAAC,CAAC;AACH,CAAC,CAAC;AAEF,MAAM,kBAAkB,GAAG,CAAC,KAAmB,EAA0B,EAAE;IAE1E,MAAM,aAAa,GAAG,KAAK,CAAC,MAAM,CACjC,CAAC,UAAU,EAAE,EAAE,CAAC,gBAAgB,CAAC,KAAK,KAAK,UAAU,CAAC,IAAI,CAC1D,CAAC;IAEF,MAAM,eAAe,GAAG,aAAa,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,KAAK,CAAC;IAEzE,OAAO,oBAAoB,CAAC,eAAe,CAAC,CAAC;AAC9C,CAAC,CAAC;AAEF,MAAM,oBAAoB,GAAG,CAAC,KAAmB,EAA0B,EAAE;IAE5E,MAAM,WAAW,GAAG,KAAK,CAAC,MAAM,CAC/B,CAAC,UAAU,EAAE,EAAE,CAAC,QAAQ,KAAK,OAAO,UAAU,CAAC,QAAQ,CACvD,CAAC;IAEF,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC5B,OAAO,WAAW,CAAC,KAAK,EAAE,CAAC;IAC5B,CAAC;IAED,OAAO,KAAK,CAAC,KAAK,EAAE,CAAC;AACtB,CAAC,CAAC"}

package/dist/accessRules.d.ts

@@ -0,0 +1,16 @@
+import { z } from "zod";
+import { accessPolicySchema, policyScopeSchema, userScopeSchema } from "#policy/accessPolicy.js";
+import type { PolicyFilter } from "#policy/accessPolicyResolver.js";
+export declare const accessRuleSchema: z.ZodObject<typeof accessPolicySchema.shape & typeof policyScopeSchema.shape & typeof userScopeSchema.shape>;
+export type AccessRule = z.infer<typeof accessRuleSchema>;
+export type AccessRulesReader = {
+    findRules(filter: PolicyFilter): Promise<AccessRule[]>;
+    findRuleIds(filter: PolicyFilter): Promise<string[]>;
+};
+export type AccessRulesWriter = {
+    insertRule(rule: AccessRule, expirationTimestampSeconds?: number): Promise<string>;
+    deleteRules(ruleIds: string[]): Promise<void>;
+    deleteAllRules(): Promise<number>;
+};
+export type AccessRulesStorage = AccessRulesReader & AccessRulesWriter;
+//# sourceMappingURL=accessRules.d.ts.map

package/dist/accessRules.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"accessRules.d.ts","sourceRoot":"","sources":["../src/accessRules.ts"],"names":[],"mappings":"AAcA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EACN,kBAAkB,EAClB,iBAAiB,EACjB,eAAe,EACf,MAAM,yBAAyB,CAAC;AACjC,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,iCAAiC,CAAC;AAEpE,eAAO,MAAM,gBAAgB,EAAE,CAAC,CAAC,SAAS,CACzC,OAAO,kBAAkB,CAAC,KAAK,GAC9B,OAAO,iBAAiB,CAAC,KAAK,GAC9B,OAAO,eAAe,CAAC,KAAK,CAM5B,CAAC;AAEH,MAAM,MAAM,UAAU,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,gBAAgB,CAAC,CAAC;AAE1D,MAAM,MAAM,iBAAiB,GAAG;IAC/B,SAAS,CAAC,MAAM,EAAE,YAAY,GAAG,OAAO,CAAC,UAAU,EAAE,CAAC,CAAC;IAEvD,WAAW,CAAC,MAAM,EAAE,YAAY,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;CACrD,CAAC;AAEF,MAAM,MAAM,iBAAiB,GAAG;IAC/B,UAAU,CACT,IAAI,EAAE,UAAU,EAChB,0BAA0B,CAAC,EAAE,MAAM,GACjC,OAAO,CAAC,MAAM,CAAC,CAAC;IAEnB,WAAW,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAE9C,cAAc,IAAI,OAAO,CAAC,MAAM,CAAC,CAAC;CAClC,CAAC;AAEF,MAAM,MAAM,kBAAkB,GAAG,iBAAiB,GAAG,iBAAiB,CAAC"}

package/dist/accessRules.js

@@ -0,0 +1,8 @@
+import { z } from "zod";
+import { accessPolicySchema, policyScopeSchema, userScopeSchema, } from "#policy/accessPolicy.js";
+export const accessRuleSchema = z.object({
+    ...accessPolicySchema.shape,
+    ...policyScopeSchema.shape,
+    ...userScopeSchema.shape,
+});
+//# sourceMappingURL=accessRules.js.map

package/dist/accessRules.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"accessRules.js","sourceRoot":"","sources":["../src/accessRules.ts"],"names":[],"mappings":"AAcA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EACN,kBAAkB,EAClB,iBAAiB,EACjB,eAAe,GACf,MAAM,yBAAyB,CAAC;AAGjC,MAAM,CAAC,MAAM,gBAAgB,GAIzB,CAAC,CAAC,MAAM,CAAC;IAEZ,GAAG,kBAAkB,CAAC,KAAK;IAC3B,GAAG,iBAAiB,CAAC,KAAK;IAC1B,GAAG,eAAe,CAAC,KAAK;CACxB,CAAC,CAAC"}

package/dist/api/accessRuleApiRoutes.d.ts

@@ -0,0 +1,27 @@
+import type { ApiRoute, ApiRoutesProvider } from "@prosopo/api-route";
+import type { AccessRulesStorage } from "#policy/accessRules.js";
+export declare enum accessRuleApiPaths {
+    INSERT_MANY = "/v1/prosopo/user-access-policy/rules/insert-many",
+    DELETE_MANY = "/v1/prosopo/user-access-policy/rules/delete-many",
+    DELETE_ALL = "/v1/prosopo/user-access-policy/rules/delete-all"
+}
+export declare class AccessRuleApiRoutes implements ApiRoutesProvider {
+    private readonly accessRulesStorage;
+    constructor(accessRulesStorage: AccessRulesStorage);
+    getRoutes(): ApiRoute[];
+}
+export declare const getExpressApiRuleRateLimits: () => {
+    "/v1/prosopo/user-access-policy/rules/insert-many": {
+        windowMs: number;
+        limit: number;
+    };
+    "/v1/prosopo/user-access-policy/rules/delete-many": {
+        windowMs: number;
+        limit: number;
+    };
+    "/v1/prosopo/user-access-policy/rules/delete-all": {
+        windowMs: number;
+        limit: number;
+    };
+};
+//# sourceMappingURL=accessRuleApiRoutes.d.ts.map

package/dist/api/accessRuleApiRoutes.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"accessRuleApiRoutes.d.ts","sourceRoot":"","sources":["../../src/api/accessRuleApiRoutes.ts"],"names":[],"mappings":"AAcA,OAAO,KAAK,EAAE,QAAQ,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AACtE,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,wBAAwB,CAAC;AAKjE,oBAAY,kBAAkB;IAC7B,WAAW,qDAAqD;IAChE,WAAW,qDAAqD;IAChE,UAAU,oDAAoD;CAC9D;AAID,qBAAa,mBAAoB,YAAW,iBAAiB;IACzC,OAAO,CAAC,QAAQ,CAAC,kBAAkB;gBAAlB,kBAAkB,EAAE,kBAAkB;IAEnE,SAAS,IAAI,QAAQ,EAAE;CAgB9B;AAED,eAAO,MAAM,2BAA2B;;;;;;;;;;;;;CAoCvC,CAAC"}

package/dist/api/accessRuleApiRoutes.js

@@ -0,0 +1,56 @@
+import { DeleteAllRulesEndpoint } from "#policy/api/deleteAllRulesEndpoint.js";
+import { DeleteRulesEndpoint } from "./deleteRulesEndpoint.js";
+import { InsertRulesEndpoint } from "./insertRulesEndpoint.js";
+export var accessRuleApiPaths;
+(function (accessRuleApiPaths) {
+    accessRuleApiPaths["INSERT_MANY"] = "/v1/prosopo/user-access-policy/rules/insert-many";
+    accessRuleApiPaths["DELETE_MANY"] = "/v1/prosopo/user-access-policy/rules/delete-many";
+    accessRuleApiPaths["DELETE_ALL"] = "/v1/prosopo/user-access-policy/rules/delete-all";
+})(accessRuleApiPaths || (accessRuleApiPaths = {}));
+export class AccessRuleApiRoutes {
+    constructor(accessRulesStorage) {
+        this.accessRulesStorage = accessRulesStorage;
+    }
+    getRoutes() {
+        return [
+            {
+                path: accessRuleApiPaths.INSERT_MANY,
+                endpoint: new InsertRulesEndpoint(this.accessRulesStorage),
+            },
+            {
+                path: accessRuleApiPaths.DELETE_MANY,
+                endpoint: new DeleteRulesEndpoint(this.accessRulesStorage),
+            },
+            {
+                path: accessRuleApiPaths.DELETE_ALL,
+                endpoint: new DeleteAllRulesEndpoint(this.accessRulesStorage),
+            },
+        ];
+    }
+}
+export const getExpressApiRuleRateLimits = () => {
+    const defaultWindowsMs = 60000;
+    const defaultLimit = 5;
+    return {
+        [accessRuleApiPaths.INSERT_MANY]: {
+            windowMs: getIntEnvironmentVariable("PROSOPO_USER_ACCESS_POLICY_RULE_INSERT_MANY_WINDOW") || defaultWindowsMs,
+            limit: getIntEnvironmentVariable("PROSOPO_USER_ACCESS_POLICY_RULE_INSERT_MANY_LIMIT") || defaultLimit,
+        },
+        [accessRuleApiPaths.DELETE_MANY]: {
+            windowMs: getIntEnvironmentVariable("PROSOPO_USER_ACCESS_POLICY_RULE_DELETE_MANY_WINDOW") || defaultWindowsMs,
+            limit: getIntEnvironmentVariable("PROSOPO_USER_ACCESS_POLICY_RULE_DELETE_MANY_LIMIT") || defaultLimit,
+        },
+        [accessRuleApiPaths.DELETE_ALL]: {
+            windowMs: getIntEnvironmentVariable("PROSOPO_USER_ACCESS_POLICY_RULE_DELETE_ALL_WINDOW") || defaultWindowsMs,
+            limit: getIntEnvironmentVariable("PROSOPO_USER_ACCESS_POLICY_RULE_DELETE_ALL_LIMIT") || defaultLimit,
+        },
+    };
+};
+const getIntEnvironmentVariable = (variableName) => {
+    const variableValue = process.env[variableName];
+    const numericValue = variableValue
+        ? Number.parseInt(variableValue)
+        : Number.NaN;
+    return Number.isInteger(numericValue) ? numericValue : undefined;
+};
+//# sourceMappingURL=accessRuleApiRoutes.js.map

package/dist/api/accessRuleApiRoutes.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"accessRuleApiRoutes.js","sourceRoot":"","sources":["../../src/api/accessRuleApiRoutes.ts"],"names":[],"mappings":"AAgBA,OAAO,EAAE,sBAAsB,EAAE,MAAM,uCAAuC,CAAC;AAC/E,OAAO,EAAE,mBAAmB,EAAE,MAAM,0BAA0B,CAAC;AAC/D,OAAO,EAAE,mBAAmB,EAAE,MAAM,0BAA0B,CAAC;AAE/D,MAAM,CAAN,IAAY,kBAIX;AAJD,WAAY,kBAAkB;IAC7B,sFAAgE,CAAA;IAChE,sFAAgE,CAAA;IAChE,oFAA8D,CAAA;AAC/D,CAAC,EAJW,kBAAkB,KAAlB,kBAAkB,QAI7B;AAID,MAAM,OAAO,mBAAmB;IAC/B,YAAoC,kBAAsC;QAAtC,uBAAkB,GAAlB,kBAAkB,CAAoB;IAAG,CAAC;IAEvE,SAAS;QACf,OAAO;YACN;gBACC,IAAI,EAAE,kBAAkB,CAAC,WAAW;gBACpC,QAAQ,EAAE,IAAI,mBAAmB,CAAC,IAAI,CAAC,kBAAkB,CAAC;aAC1D;YACD;gBACC,IAAI,EAAE,kBAAkB,CAAC,WAAW;gBACpC,QAAQ,EAAE,IAAI,mBAAmB,CAAC,IAAI,CAAC,kBAAkB,CAAC;aAC1D;YACD;gBACC,IAAI,EAAE,kBAAkB,CAAC,UAAU;gBACnC,QAAQ,EAAE,IAAI,sBAAsB,CAAC,IAAI,CAAC,kBAAkB,CAAC;aAC7D;SAC8D,CAAC;IAClE,CAAC;CACD;AAED,MAAM,CAAC,MAAM,2BAA2B,GAAG,GAAG,EAAE;IAC/C,MAAM,gBAAgB,GAAG,KAAK,CAAC;IAC/B,MAAM,YAAY,GAAG,CAAC,CAAC;IAEvB,OAAO;QACN,CAAC,kBAAkB,CAAC,WAAW,CAAC,EAAE;YACjC,QAAQ,EACP,yBAAyB,CACxB,oDAAoD,CACpD,IAAI,gBAAgB;YACtB,KAAK,EACJ,yBAAyB,CACxB,mDAAmD,CACnD,IAAI,YAAY;SAClB;QACD,CAAC,kBAAkB,CAAC,WAAW,CAAC,EAAE;YACjC,QAAQ,EACP,yBAAyB,CACxB,oDAAoD,CACpD,IAAI,gBAAgB;YACtB,KAAK,EACJ,yBAAyB,CACxB,mDAAmD,CACnD,IAAI,YAAY;SAClB;QACD,CAAC,kBAAkB,CAAC,UAAU,CAAC,EAAE;YAChC,QAAQ,EACP,yBAAyB,CACxB,mDAAmD,CACnD,IAAI,gBAAgB;YACtB,KAAK,EACJ,yBAAyB,CACxB,kDAAkD,CAClD,IAAI,YAAY;SAClB;KACqD,CAAC;AACzD,CAAC,CAAC;AAEF,MAAM,yBAAyB,GAAG,CACjC,YAAoB,EACC,EAAE;IACvB,MAAM,aAAa,GAAG,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;IAEhD,MAAM,YAAY,GAAG,aAAa;QACjC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,aAAa,CAAC;QAChC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;IAEd,OAAO,MAAM,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS,CAAC;AAClE,CAAC,CAAC"}

package/dist/api/deleteAllRulesEndpoint.d.ts

@@ -0,0 +1,12 @@
+import { type ApiEndpoint, type ApiEndpointResponse } from "@prosopo/api-route";
+import { z } from "zod";
+import type { AccessRulesStorage } from "#policy/accessRules.js";
+export declare const deleteAllRulesEndpointSchema: z.ZodObject<{}, "strip", z.ZodTypeAny, {}, {}>;
+export type DeleteAllRulesEndpointSchema = typeof deleteAllRulesEndpointSchema;
+export declare class DeleteAllRulesEndpoint implements ApiEndpoint<DeleteAllRulesEndpointSchema> {
+    private readonly accessRulesStorage;
+    constructor(accessRulesStorage: AccessRulesStorage);
+    processRequest(args: z.infer<DeleteAllRulesEndpointSchema>): Promise<ApiEndpointResponse>;
+    getRequestArgsSchema(): DeleteAllRulesEndpointSchema;
+}
+//# sourceMappingURL=deleteAllRulesEndpoint.d.ts.map

package/dist/api/deleteAllRulesEndpoint.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"deleteAllRulesEndpoint.d.ts","sourceRoot":"","sources":["../../src/api/deleteAllRulesEndpoint.ts"],"names":[],"mappings":"AAcA,OAAO,EACN,KAAK,WAAW,EAChB,KAAK,mBAAmB,EAExB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,wBAAwB,CAAC;AAEjE,eAAO,MAAM,4BAA4B,gDAAe,CAAC;AAEzD,MAAM,MAAM,4BAA4B,GAAG,OAAO,4BAA4B,CAAC;AAE/E,qBAAa,sBACZ,YAAW,WAAW,CAAC,4BAA4B,CAAC;IAEjC,OAAO,CAAC,QAAQ,CAAC,kBAAkB;gBAAlB,kBAAkB,EAAE,kBAAkB;IAEpE,cAAc,CACnB,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,4BAA4B,CAAC,GACzC,OAAO,CAAC,mBAAmB,CAAC;IAW/B,oBAAoB,IAAI,4BAA4B;CAGpD"}