@prosopo/user-access-policy 2.6.4 → 3.1.5

package/dist/cjs/rules/blacklistRulesInspector.cjs

@@ -1,44 +0,0 @@
-"use strict";
-Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
-class BlacklistRulesInspector {
-  constructor(rulesStorage, logger) {
-    this.rulesStorage = rulesStorage;
-    this.logger = logger;
-  }
-  async isUserBlacklisted(clientId, userIpAddress, ja4, userId) {
-    this.logger.debug({
-      clientId,
-      userIpAddress,
-      ja4,
-      userId
-    });
-    const accessRules = await this.rulesStorage.find(
-      {
-        clientId,
-        userIpAddress,
-        ja4,
-        userId
-      },
-      {
-        includeRecordsWithPartialFilterMatches: true,
-        includeRecordsWithoutClientId: true
-      }
-    );
-    const blockingRules = accessRules.filter(
-      (accessRule) => accessRule.isUserBlocked
-    );
-    const userBlacklisted = blockingRules.length > 0;
-    if (userBlacklisted) {
-      this.logger.info({
-        userBlacklisted,
-        clientId,
-        userIpAddress: userIpAddress.address.toString(),
-        userId,
-        accessRules: accessRules.length,
-        blockingRules: blockingRules.length
-      });
-    }
-    return userBlacklisted;
-  }
-}
-exports.BlacklistRulesInspector = BlacklistRulesInspector;

package/dist/cjs/rules/imageCaptchaConfigRulesResolver.cjs

@@ -1,115 +0,0 @@
-"use strict";
-Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
-class ImageCaptchaConfigRulesResolver {
-  constructor(rulesStorage, logger, _accessRule = null) {
-    this.rulesStorage = rulesStorage;
-    this.logger = logger;
-    this._accessRule = _accessRule;
-  }
-  get accessRule() {
-    return this._accessRule;
-  }
-  async isConfigDefined(clientId, userIpAddress, ja4, userId) {
-    const accessRule = await this.fetchUserAccessRule(
-      userIpAddress,
-      ja4,
-      userId,
-      clientId
-    );
-    const imageCaptchaConfig = accessRule?.config?.imageCaptcha || null;
-    const configDefined = null !== imageCaptchaConfig;
-    if (configDefined) {
-      this.logger.info({
-        configDefined,
-        clientId,
-        userIpAddress: userIpAddress.toString(),
-        userId,
-        imageCaptchaConfig,
-        ja4
-      });
-    }
-    return configDefined;
-  }
-  async resolveConfig(defaults, userIpAddress, ja4, userId, clientId) {
-    const logArgs = {
-      userIpAddress: userIpAddress.address.toString(),
-      userId,
-      clientId,
-      defaults,
-      ja4
-    };
-    this._accessRule = await this.fetchUserAccessRule(
-      userIpAddress,
-      ja4,
-      userId,
-      clientId
-    );
-    if (null === this.accessRule) {
-      this.logger.debug("ImageCaptchaConfigRulesResolver.resolveConfig", {
-        configDefined: false,
-        ...logArgs
-      });
-      return defaults;
-    }
-    const imageCaptchaConfig = this.accessRule.config?.imageCaptcha || {};
-    const config = this.getImageCaptchaConfig(defaults, imageCaptchaConfig);
-    this.logger.info("ImageCaptchaConfigRulesResolver.resolveConfig", {
-      configDefined: true,
-      imageCaptchaConfig,
-      config,
-      ...logArgs
-    });
-    return config;
-  }
-  async fetchUserAccessRule(userIpAddress, ja4, userId, clientId) {
-    const accessRules = await this.queryUserAccessRules(
-      userIpAddress,
-      ja4,
-      userId,
-      clientId
-    );
-    this.logger.debug("ImageCaptchaConfigRulesResolver.fetchUserAccessRule", {
-      accessRules: accessRules.length,
-      userIpAddress: userIpAddress.address.toString(),
-      userId,
-      clientId,
-      ja4
-    });
-    return this.selectPrimaryUserAccessRule(accessRules);
-  }
-  async queryUserAccessRules(ipAddress, ja4, user, clientId) {
-    return await this.rulesStorage.find(
-      {
-        clientId,
-        userId: user,
-        userIpAddress: ipAddress,
-        ja4
-      },
-      {
-        includeRecordsWithoutClientId: true,
-        includeRecordsWithPartialFilterMatches: true
-      }
-    );
-  }
-  selectPrimaryUserAccessRule(accessRules) {
-    const clientRules = accessRules.filter(
-      (accessRule2) => "string" === typeof accessRule2.clientId
-    );
-    const globalRules = accessRules.filter(
-      (accessRule2) => void 0 === accessRule2.clientId
-    );
-    const accessRule = clientRules.length > 0 ? clientRules.shift() : globalRules.shift();
-    return void 0 === accessRule ? null : accessRule;
-  }
-  getImageCaptchaConfig(defaults, imageCaptchaConfig) {
-    return {
-      solved: {
-        count: imageCaptchaConfig.solvedCount || defaults.solved.count
-      },
-      unsolved: {
-        count: imageCaptchaConfig.unsolvedCount || defaults.unsolved.count
-      }
-    };
-  }
-}
-exports.ImageCaptchaConfigRulesResolver = ImageCaptchaConfigRulesResolver;

package/dist/cjs/rules/mongoose/indexes/rulePerformanceMongooseIndexes.cjs

@@ -1,75 +0,0 @@
-"use strict";
-Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
-const userIpIndexes = [
-  {
-    definition: {
-      "userIp.v4.asNumeric": 1
-    },
-    options: {
-      partialFilterExpression: {
-        "userIp.v4.asNumeric": { $exists: true }
-      }
-    }
-  },
-  {
-    definition: {
-      "userIp.v6.asNumericString": 1
-    },
-    options: {
-      partialFilterExpression: {
-        "userIp.v6.asNumericString": { $exists: true }
-      }
-    }
-  }
-];
-const userIpMaskIndexes = [
-  {
-    definition: {
-      "userIp.v4.mask.rangeMinAsNumeric": 1,
-      "userIp.v4.mask.rangeMaxAsNumeric": 1,
-      "userIp.v4.asNumeric": 1
-    },
-    options: {
-      partialFilterExpression: {
-        "userIp.v4.mask.asNumeric": { $exists: true }
-      }
-    }
-  },
-  {
-    definition: {
-      "userIp.v6.mask.rangeMinAsNumericString": 1,
-      "userIp.v6.mask.rangeMaxAsNumericString": 1
-    },
-    options: {
-      partialFilterExpression: {
-        "userIp.v6.mask.asNumeric": { $exists: true }
-      }
-    }
-  }
-];
-const otherIndexes = [
-  {
-    definition: {
-      userId: 1
-    },
-    options: {
-      unique: true,
-      sparse: true
-    }
-  },
-  {
-    definition: {
-      ja4: 1
-    },
-    options: {
-      unique: true,
-      sparse: true
-    }
-  }
-];
-const rulePerformanceMongooseIndexes = [
-  ...userIpIndexes,
-  ...userIpMaskIndexes,
-  ...otherIndexes
-];
-exports.rulePerformanceMongooseIndexes = rulePerformanceMongooseIndexes;

package/dist/cjs/rules/mongoose/indexes/ruleUniqueMongooseIndexes.cjs

@@ -1,137 +0,0 @@
-"use strict";
-Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
-const globalIpIndexes = [
-  {
-    definition: {
-      "userIp.v4.asNumeric": 1
-    },
-    options: {
-      name: "globalIpV4",
-      unique: true,
-      partialFilterExpression: {
-        clientId: null,
-        "userIp.v4.asNumeric": { $exists: true },
-        "userIp.v4.mask.asNumeric": null
-      }
-    }
-  },
-  {
-    definition: {
-      "userIp.v6.asNumericString": 1
-    },
-    options: {
-      name: "globalIpV6",
-      unique: true,
-      partialFilterExpression: {
-        clientId: null,
-        "userIp.v6.asNumericString": { $exists: true },
-        "userIp.v6.mask.asNumeric": null
-      }
-    }
-  }
-];
-const globalIpMaskIndexes = [
-  {
-    definition: {
-      "userIp.v4.asNumeric": 1,
-      "userIp.v4.mask.asNumeric": 1
-    },
-    options: {
-      name: "globalIpMaskV4",
-      unique: true,
-      partialFilterExpression: {
-        clientId: null,
-        "userIp.v4.asNumeric": { $exists: true },
-        "userIp.v4.mask.asNumeric": { $exists: true }
-      }
-    }
-  },
-  {
-    definition: {
-      "userIp.v6.asNumericString": 1,
-      "userIp.v6.mask.asNumeric": 1
-    },
-    options: {
-      name: "globalIpMaskV6",
-      unique: true,
-      partialFilterExpression: {
-        clientId: null,
-        "userIp.v6.asNumericString": { $exists: true },
-        "userIp.v6.mask.asNumeric": { $exists: true }
-      }
-    }
-  }
-];
-const ipPerClientIndexes = [
-  {
-    definition: {
-      clientId: 1,
-      "userIp.v4.asNumeric": 1
-    },
-    options: {
-      name: "clientIpV4",
-      unique: true,
-      partialFilterExpression: {
-        clientId: { $exists: true },
-        "userIp.v4.asNumeric": { $exists: true },
-        "userIp.v4.mask.asNumeric": null
-      }
-    }
-  },
-  {
-    definition: {
-      clientId: 1,
-      "userIp.v6.asNumericString": 1
-    },
-    options: {
-      name: "clientIpV6",
-      unique: true,
-      partialFilterExpression: {
-        clientId: { $exists: true },
-        "userIp.v6.asNumericString": { $exists: true },
-        "userIp.v6.mask.asNumeric": null
-      }
-    }
-  }
-];
-const ipMaskPerClientIndexes = [
-  {
-    definition: {
-      clientId: 1,
-      "userIp.v4.asNumeric": 1,
-      "userIp.v4.mask.asNumeric": 1
-    },
-    options: {
-      name: "clientIpV4Mask",
-      unique: true,
-      partialFilterExpression: {
-        clientId: { $exists: true },
-        "userIp.v4.asNumeric": { $exists: true },
-        "userIp.v4.mask.asNumeric": { $exists: true }
-      }
-    }
-  },
-  {
-    definition: {
-      clientId: 1,
-      "userIp.v6.asNumericString": 1,
-      "userIp.v6.mask.asNumeric": 1
-    },
-    options: {
-      name: "clientIpV6Mask",
-      unique: true,
-      partialFilterExpression: {
-        clientId: { $exists: true },
-        "userIp.v6.asNumericString": { $exists: true },
-        "userIp.v6.mask.asNumeric": { $exists: true }
-      }
-    }
-  }
-];
-const ruleUniqueMongooseIndexes = [
-  ...globalIpIndexes,
-  ...globalIpMaskIndexes,
-  ...ipMaskPerClientIndexes,
-  ...ipPerClientIndexes
-];
-exports.ruleUniqueMongooseIndexes = ruleUniqueMongooseIndexes;

package/dist/cjs/rules/mongoose/rulesMongooseStorage.cjs

@@ -1,177 +0,0 @@
-"use strict";
-Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
-const common = require("@prosopo/common");
-const ipAddress = require("ip-address");
-const ruleIpVersion = require("../rule/ip/ruleIpVersion.cjs");
-const ruleIpV6NumericMaxLength = require("../rule/ip/v6/ruleIpV6NumericMaxLength.cjs");
-class RulesMongooseStorage {
-  constructor(logger, readingModel, writingModel = null) {
-    this.logger = logger;
-    this.readingModel = readingModel;
-    this.writingModel = writingModel;
-    if (null === this.writingModel) {
-      this.writingModel = this.readingModel;
-    }
-  }
-  async insert(record) {
-    if (!this.writingModel) {
-      throw this.modelNotSetProsopoError();
-    }
-    const filter = {
-      ...record.clientId && { clientId: record.clientId },
-      ...record.userIp && { userIp: record.userIp },
-      ...record.userId && { userId: record.userId },
-      ...record.ja4 && { ja4: record.ja4 }
-    };
-    const validationError = new this.writingModel(record).validateSync();
-    if (validationError) {
-      throw validationError;
-    }
-    const document = await this.writingModel.findOneAndUpdate(
-      filter,
-      record,
-      { new: true, upsert: true, runValidators: true }
-      // 🔥 Enforce schema validation!
-    );
-    const ruleRecord = this.convertMongooseRecordToRuleRecord(
-      document.toObject()
-    );
-    return ruleRecord;
-  }
-  async insertMany(records) {
-    if (!this.writingModel) {
-      throw this.modelNotSetProsopoError();
-    }
-    if (!this.readingModel) {
-      throw this.modelNotSetProsopoError();
-    }
-    const beforeDelete = await this.writingModel.find({});
-    this.logger.debug("Before deletion, DB records:", beforeDelete.length);
-    await this.writingModel.bulkWrite(
-      records.map((record) => {
-        const filter = {
-          ...record.clientId && { clientId: record.clientId },
-          ...record.userIp && { userIp: record.userIp },
-          ...record.userId && { userId: record.userId },
-          ...record.ja4 && { ja4: record.ja4 }
-        };
-        return {
-          deleteOne: {
-            filter
-          }
-        };
-      })
-    );
-    this.logger.debug("After deletion");
-    const afterDelete = await this.readingModel.find({});
-    this.logger.debug("After deletion, DB records:", afterDelete.length);
-    const documents = await this.writingModel.insertMany(records);
-    const objectDocuments = documents.map((document) => document.toObject());
-    const ruleRecords = this.convertMongooseRecordsToRuleRecords(objectDocuments);
-    return ruleRecords;
-  }
-  async find(filters, filterSettings) {
-    if (!this.readingModel) {
-      throw this.modelNotSetProsopoError();
-    }
-    const query = this.createSearchQuery(filters, filterSettings);
-    const mongooseRecords = await this.readingModel.find(query).lean().exec();
-    const ruleRecords = this.convertMongooseRecordsToRuleRecords(mongooseRecords);
-    return ruleRecords;
-  }
-  async deleteMany(recordFilters) {
-    if (!this.writingModel) {
-      throw this.modelNotSetProsopoError();
-    }
-    for (const recordFilter of recordFilters) {
-      await this.writingModel.deleteOne(recordFilter).exec();
-    }
-  }
-  async countRecords() {
-    if (!this.readingModel) {
-      throw this.modelNotSetProsopoError();
-    }
-    const count = await this.readingModel.countDocuments().exec();
-    return count;
-  }
-  modelNotSetProsopoError() {
-    return new common.ProsopoError("USER_ACCESS_POLICY.MONGOOSE_RULE_MODEL_NOT_SET");
-  }
-  createSearchQuery(filters, filterSettings) {
-    const includeRecordsWithoutClientId = filterSettings?.includeRecordsWithoutClientId || false;
-    const includeRecordsWithPartialFilterMatches = filterSettings?.includeRecordsWithPartialFilterMatches || false;
-    const queryParts = [
-      this.getFilterByClientId(includeRecordsWithoutClientId, filters.clientId)
-    ];
-    const queryFilters = this.getSearchQueryFilters(
-      filters,
-      includeRecordsWithPartialFilterMatches
-    );
-    return {
-      $and: queryParts.concat(queryFilters)
-    };
-  }
-  getSearchQueryFilters(filters, includeRecordsWithPartialFilterMatches) {
-    const queryFilters = [];
-    if (filters.userId) {
-      queryFilters.push({ userId: filters.userId });
-    }
-    if (filters.userIpAddress) {
-      queryFilters.push(this.getFilterByUserIp(filters.userIpAddress));
-    }
-    if (filters.ja4) {
-      queryFilters.push({ ja4: filters.ja4 });
-    }
-    return includeRecordsWithPartialFilterMatches && queryFilters.length > 1 ? [{ $or: queryFilters }] : queryFilters;
-  }
-  getFilterByClientId(includeRecordsWithoutClientId, clientId) {
-    const clientIdValue = void 0 === clientId ? { $exists: false } : clientId;
-    const clientIdFilter = {
-      clientId: clientIdValue
-    };
-    return includeRecordsWithoutClientId ? {
-      $or: [clientIdFilter, { clientId: { $exists: false } }]
-    } : clientIdFilter;
-  }
-  getFilterByUserIp(userIpAddress) {
-    return null !== userIpAddress ? this.getFilterByUserIpAddress(userIpAddress) : { userIp: null };
-  }
-  getFilterByUserIpAddress(userIpAddress) {
-    const isIpV4 = userIpAddress instanceof ipAddress.Address4;
-    const userIpVersion = isIpV4 ? ruleIpVersion.RuleIpVersion.v4 : ruleIpVersion.RuleIpVersion.v6;
-    const userIpAsNumeric = isIpV4 ? userIpAddress.bigInt() : (
-      // we must have the exact same string length to guarantee the right comparison.
-      userIpAddress.bigInt().toString().padStart(ruleIpV6NumericMaxLength.RULE_IPV6_NUMERIC_MAX_LENGTH, "0")
-    );
-    const userIpKey = userIpVersion === ruleIpVersion.RuleIpVersion.v4 ? "userIp.v4.asNumeric" : "userIp.v6.asNumericString";
-    const rangeMinKey = userIpVersion === ruleIpVersion.RuleIpVersion.v4 ? "userIp.v4.mask.rangeMinAsNumeric" : "userIp.v6.mask.rangeMinAsNumericString";
-    const rangeMaxKey = userIpVersion === ruleIpVersion.RuleIpVersion.v4 ? "userIp.v4.mask.rangeMaxAsNumeric" : "userIp.v6.mask.rangeMaxAsNumericString";
-    return {
-      $or: [
-        { [userIpKey]: userIpAsNumeric },
-        {
-          [rangeMinKey]: {
-            $lte: userIpAsNumeric
-          },
-          [rangeMaxKey]: {
-            $gte: userIpAsNumeric
-          }
-        }
-      ]
-    };
-  }
-  convertMongooseRecordsToRuleRecords(mongooseRecords) {
-    const ruleRecords = mongooseRecords.map(
-      (mongooseRecord) => this.convertMongooseRecordToRuleRecord(mongooseRecord)
-    );
-    return ruleRecords;
-  }
-  convertMongooseRecordToRuleRecord(mongooseRecord) {
-    const ruleRecord = {
-      ...mongooseRecord,
-      _id: mongooseRecord._id.toString()
-    };
-    return ruleRecord;
-  }
-}
-exports.RulesMongooseStorage = RulesMongooseStorage;

package/dist/cjs/rules/mongoose/schemas/config/configMongooseSchema.cjs

@@ -1,14 +0,0 @@
-"use strict";
-Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
-const mongoose = require("mongoose");
-const imageCaptchaConfigMongooseSchema = require("./imageCaptchaConfigMongooseSchema.cjs");
-const configMongooseSchema = new mongoose.Schema(
-  {
-    imageCaptcha: {
-      type: imageCaptchaConfigMongooseSchema.imageCaptchaConfigMongooseSchema,
-      required: false
-    }
-  },
-  { _id: false }
-);
-exports.configMongooseSchema = configMongooseSchema;

package/dist/cjs/rules/mongoose/schemas/config/imageCaptchaConfigMongooseSchema.cjs

@@ -1,17 +0,0 @@
-"use strict";
-Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
-const mongoose = require("mongoose");
-const imageCaptchaConfigMongooseSchema = new mongoose.Schema(
-  {
-    solvedCount: {
-      type: Number,
-      required: false
-    },
-    unsolvedCount: {
-      type: Number,
-      required: false
-    }
-  },
-  { _id: false }
-);
-exports.imageCaptchaConfigMongooseSchema = imageCaptchaConfigMongooseSchema;

package/dist/cjs/rules/mongoose/schemas/getRuleMongooseSchema.cjs

@@ -1,19 +0,0 @@
-"use strict";
-Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
-const rulePerformanceMongooseIndexes = require("../indexes/rulePerformanceMongooseIndexes.cjs");
-const ruleUniqueMongooseIndexes = require("../indexes/ruleUniqueMongooseIndexes.cjs");
-const ruleMongooseSchema = require("./ruleMongooseSchema.cjs");
-const getRuleMongooseSchema = () => {
-  const ruleMongooseIndexes = [
-    ...rulePerformanceMongooseIndexes.rulePerformanceMongooseIndexes,
-    ...ruleUniqueMongooseIndexes.ruleUniqueMongooseIndexes
-  ];
-  for (const ruleMongooseIndex of ruleMongooseIndexes) {
-    ruleMongooseSchema.ruleMongooseSchema.index(
-      ruleMongooseIndex.definition,
-      ruleMongooseIndex.options
-    );
-  }
-  return ruleMongooseSchema.ruleMongooseSchema;
-};
-exports.getRuleMongooseSchema = getRuleMongooseSchema;

package/dist/cjs/rules/mongoose/schemas/ip/ipMongooseSchema.cjs

@@ -1,29 +0,0 @@
-"use strict";
-Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
-const mongoose = require("mongoose");
-const ipV4MongooseSchema = require("./v4/ipV4MongooseSchema.cjs");
-const ipV6MongooseSchema = require("./v6/ipV6MongooseSchema.cjs");
-const ipMongooseSchema = new mongoose.Schema(
-  {
-    v4: {
-      type: ipV4MongooseSchema.ipV4MongooseSchema,
-      required: [
-        function() {
-          return !this.v6;
-        },
-        "v4 is required when v6 is not set"
-      ]
-    },
-    v6: {
-      type: ipV6MongooseSchema.ipV6MongooseSchema,
-      required: [
-        function() {
-          return !this.v4;
-        },
-        "v6 is required when v4 is not set"
-      ]
-    }
-  },
-  { _id: false }
-);
-exports.ipMongooseSchema = ipMongooseSchema;

package/dist/cjs/rules/mongoose/schemas/ip/v4/ipV4MaskMongooseSchema.cjs

@@ -1,14 +0,0 @@
-"use strict";
-Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
-const mongoose = require("mongoose");
-const ipV4MaskMongooseSchema = new mongoose.Schema(
-  {
-    // Type choice note: Int32 can't store 10 digits of the numeric presentation of ipV4,
-    // so we use BigInt, which is supported by Mongoose and turned into Mongo's Long (Int64)
-    rangeMinAsNumeric: { type: BigInt, required: true },
-    rangeMaxAsNumeric: { type: BigInt, required: true },
-    asNumeric: { type: Number, required: true }
-  },
-  { _id: false }
-);
-exports.ipV4MaskMongooseSchema = ipV4MaskMongooseSchema;

package/dist/cjs/rules/mongoose/schemas/ip/v4/ipV4MongooseSchema.cjs

@@ -1,18 +0,0 @@
-"use strict";
-Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
-const mongoose = require("mongoose");
-const ipV4MaskMongooseSchema = require("./ipV4MaskMongooseSchema.cjs");
-const ipV4MongooseSchema = new mongoose.Schema(
-  {
-    // Type choice note: Int32 can't store 10 digits of the numeric presentation of ipV4,
-    // so we use BigInt, which is supported by Mongoose and turned into Mongo's Long (Int64)
-    asNumeric: { type: BigInt, required: true },
-    asString: { type: String, required: true },
-    mask: {
-      type: ipV4MaskMongooseSchema.ipV4MaskMongooseSchema,
-      required: false
-    }
-  },
-  { _id: false }
-);
-exports.ipV4MongooseSchema = ipV4MongooseSchema;