@prosopo/user-access-policy 3.3.0 → 3.3.2

package/CHANGELOG.md

@@ -1,5 +1,41 @@
 # @prosopo/user-access-policy
 
+## 3.3.2
+### Patch Changes
+
+- eb71691: configure typecheck before bundle for vue packages
+- eb71691: make typecheck script always recompile
+- Updated dependencies [eb71691]
+- Updated dependencies [eb71691]
+  - @prosopo/api-route@2.6.9
+  - @prosopo/common@3.1.1
+  - @prosopo/types@3.0.5
+  - @prosopo/util@3.0.4
+  - @prosopo/config@3.1.2
+
+## 3.3.1
+### Patch Changes
+
+- 3573f0b: fix npm scripts bundle command
+- 3573f0b: build using vite, typecheck using tsc
+- efd8102: Add tests for unwrap error helper
+- 3573f0b: standardise all vite based npm scripts for bundling
+- Updated dependencies [52dbf21]
+- Updated dependencies [93d5e50]
+- Updated dependencies [3573f0b]
+- Updated dependencies [3573f0b]
+- Updated dependencies [efd8102]
+- Updated dependencies [93d5e50]
+- Updated dependencies [63519d7]
+- Updated dependencies [f29fc7e]
+- Updated dependencies [3573f0b]
+- Updated dependencies [2d0dd8a]
+  - @prosopo/util@3.0.3
+  - @prosopo/types@3.0.4
+  - @prosopo/api-route@2.6.8
+  - @prosopo/common@3.1.0
+  - @prosopo/config@3.1.1
+
 ## 3.3.0
 ### Minor Changes
 

package/dist/accessPolicy.js

@@ -2,65 +2,79 @@ import { CaptchaTypeSchema } from "@prosopo/types";
 import { getIPAddress } from "@prosopo/util";
 import { Address4 } from "ip-address";
 import { z } from "zod";
-import { hashUserAgent } from "#policy/util.js";
-export var AccessPolicyType;
-(function (AccessPolicyType) {
-    AccessPolicyType["Block"] = "block";
-    AccessPolicyType["Restrict"] = "restrict";
-})(AccessPolicyType || (AccessPolicyType = {}));
-export const accessPolicySchema = z.object({
-    type: z.nativeEnum(AccessPolicyType),
-    captchaType: CaptchaTypeSchema.optional(),
-    description: z.coerce.string().optional(),
-    solvedImagesCount: z.coerce.number().optional(),
-    imageThreshold: z.coerce.number().optional(),
-    powDifficulty: z.coerce.number().optional(),
-    unsolvedImagesCount: z.coerce.number().optional(),
-    frictionlessScore: z.coerce.number().optional(),
+import { hashUserAgent } from "./util.js";
+var AccessPolicyType = /* @__PURE__ */ ((AccessPolicyType2) => {
+  AccessPolicyType2["Block"] = "block";
+  AccessPolicyType2["Restrict"] = "restrict";
+  return AccessPolicyType2;
+})(AccessPolicyType || {});
+const accessPolicySchema = z.object({
+  type: z.nativeEnum(AccessPolicyType),
+  captchaType: CaptchaTypeSchema.optional(),
+  description: z.coerce.string().optional(),
+  // Redis stores values as strings, so coerce is needed to parse properly
+  solvedImagesCount: z.coerce.number().optional(),
+  // the percentage of image panels that must be solved per image CAPTCHA
+  imageThreshold: z.coerce.number().optional(),
+  // the Proof-of-Work difficulty level
+  powDifficulty: z.coerce.number().optional(),
+  // the number of unsolved image CAPTCHA challenges to serve
+  unsolvedImagesCount: z.coerce.number().optional(),
+  // used to increase the user's score
+  frictionlessScore: z.coerce.number().optional()
 });
-export const policyScopeSchema = z.object({
-    clientId: z.coerce.string().optional(),
-    ruleGroupId: z.coerce.string().optional(),
+const policyScopeSchema = z.object({
+  clientId: z.coerce.string().optional(),
+  ruleGroupId: z.coerce.string().optional()
 });
-export const userScopeSchema = z.object({
-    userId: z.coerce.string().optional(),
-    numericIp: z.coerce.bigint().optional(),
-    numericIpMaskMin: z.coerce.bigint().optional(),
-    numericIpMaskMax: z.coerce.bigint().optional(),
-    ja4Hash: z.coerce.string().optional(),
-    headersHash: z.coerce.string().optional(),
-    userAgentHash: z.coerce.string().optional(),
+const userScopeSchema = z.object({
+  // coerce is used for safety, as e.g., incoming userId can be digital
+  userId: z.coerce.string().optional(),
+  numericIp: z.coerce.bigint().optional(),
+  numericIpMaskMin: z.coerce.bigint().optional(),
+  numericIpMaskMax: z.coerce.bigint().optional(),
+  ja4Hash: z.coerce.string().optional(),
+  headersHash: z.coerce.string().optional(),
+  userAgentHash: z.coerce.string().optional()
 });
-export const userScopeInputSchema = userScopeSchema
-    .extend({
-    ip: z.string().optional(),
-    ipMask: z.string().optional(),
-    userAgent: z.string().optional(),
-})
-    .transform((inputUserScope) => {
-    const { ip, ipMask, userAgent, ...userScope } = inputUserScope;
-    if ("string" === typeof ip) {
-        userScope.numericIp = getIPAddress(ip).bigInt();
-    }
-    if ("string" === typeof ipMask) {
-        const ipObject = new Address4(ipMask);
-        userScope.numericIpMaskMin = ipObject.startAddress().bigInt();
-        userScope.numericIpMaskMax = ipObject.endAddress().bigInt();
-    }
-    if ("string" === typeof userAgent) {
-        userScope.userAgentHash = hashUserAgent(userAgent);
-    }
-    return userScope;
+const userScopeInputSchema = userScopeSchema.extend({
+  // human-friendly ip versions. If present, then converted to numeric and removed from the object
+  // 127.0.0.1
+  ip: z.string().optional(),
+  // 127.0.0.1/24
+  ipMask: z.string().optional(),
+  // human friendly user agent
+  userAgent: z.string().optional()
+}).transform((inputUserScope) => {
+  const { ip, ipMask, userAgent, ...userScope } = inputUserScope;
+  if ("string" === typeof ip) {
+    userScope.numericIp = getIPAddress(ip).bigInt();
+  }
+  if ("string" === typeof ipMask) {
+    const ipObject = new Address4(ipMask);
+    userScope.numericIpMaskMin = ipObject.startAddress().bigInt();
+    userScope.numericIpMaskMax = ipObject.endAddress().bigInt();
+  }
+  if ("string" === typeof userAgent) {
+    userScope.userAgentHash = hashUserAgent(userAgent);
+  }
+  return userScope;
 });
-export const accessRuleSchemaExtended = z
-    .object({
-    ...accessPolicySchema.shape,
-    ...policyScopeSchema.shape,
-    ...userScopeInputSchema._def.schema.shape,
-})
-    .omit({
-    numericIp: true,
-    numericIpMaskMin: true,
-    numericIpMaskMax: true,
+const accessRuleSchemaExtended = z.object({
+  // flat structure is used to fit the Redis requirements
+  ...accessPolicySchema.shape,
+  ...policyScopeSchema.shape,
+  ...userScopeInputSchema._def.schema.shape
+}).omit({
+  numericIp: true,
+  numericIpMaskMin: true,
+  numericIpMaskMax: true
 });
-//# sourceMappingURL=accessPolicy.js.map
+export {
+  AccessPolicyType,
+  accessPolicySchema,
+  accessRuleSchemaExtended,
+  policyScopeSchema,
+  userScopeInputSchema,
+  userScopeSchema
+};

package/dist/accessPolicyResolver.js

@@ -1,44 +1,70 @@
 import * as util from "node:util";
 import { z } from "zod";
-import { AccessPolicyType, policyScopeSchema, userScopeInputSchema, } from "#policy/accessPolicy.js";
-export var ScopeMatch;
-(function (ScopeMatch) {
-    ScopeMatch["Exact"] = "exact";
-    ScopeMatch["Greedy"] = "greedy";
-})(ScopeMatch || (ScopeMatch = {}));
-export const policyFilterSchema = z.object({
-    policyScope: policyScopeSchema.optional(),
-    policyScopeMatch: z.nativeEnum(ScopeMatch).default(ScopeMatch.Exact),
-    userScope: userScopeInputSchema.optional(),
-    userScopeMatch: z.nativeEnum(ScopeMatch).default(ScopeMatch.Exact),
+import { userScopeInputSchema, policyScopeSchema, AccessPolicyType } from "./accessPolicy.js";
+var ScopeMatch = /* @__PURE__ */ ((ScopeMatch2) => {
+  ScopeMatch2["Exact"] = "exact";
+  ScopeMatch2["Greedy"] = "greedy";
+  return ScopeMatch2;
+})(ScopeMatch || {});
+const policyFilterSchema = z.object({
+  policyScope: policyScopeSchema.optional(),
+  /**
+   * Exact: "clientId" => client rules, "undefined" => global rules. Used by the API
+   * Greedy: "clientId" => client + global rules, "undefined" => any rules. Used by the Express middleware
+   */
+  policyScopeMatch: z.nativeEnum(ScopeMatch).default(
+    "exact"
+    /* Exact */
+  ),
+  userScope: userScopeInputSchema.optional(),
+  /**
+   * Exact: finds rules where all the given fields matches and doesn't check IP against masks. Used by the API
+   * Greedy: finds rules where any of the given fields match and checks IP against masks. Used by the Express middleware
+   */
+  userScopeMatch: z.nativeEnum(ScopeMatch).default(
+    "exact"
+    /* Exact */
+  )
 });
-export const createAccessPolicyResolver = (accessRulesReader, logger) => {
-    return async (filter) => {
-        const accessRules = await accessRulesReader.findRules(filter);
-        const primaryAccessRule = resolvePrimaryRule(accessRules);
-        logger.debug(() => ({
-            msg: "Resolved access policy",
-            data: {
-                inspect: util.inspect({
-                    filter: filter,
-                    accessRules: accessRules,
-                    primaryAccessRule: primaryAccessRule,
-                }, { depth: null }),
-            },
-        }));
-        return primaryAccessRule;
-    };
+const createAccessPolicyResolver = (accessRulesReader, logger) => {
+  return async (filter) => {
+    const accessRules = await accessRulesReader.findRules(filter);
+    const primaryAccessRule = resolvePrimaryRule(accessRules);
+    logger.debug(() => ({
+      msg: "Resolved access policy",
+      // filter contains BigInt, which can't be handled directly via logger.
+      data: {
+        inspect: util.inspect(
+          {
+            filter,
+            accessRules,
+            primaryAccessRule
+          },
+          { depth: null }
+        )
+      }
+    }));
+    return primaryAccessRule;
+  };
 };
 const resolvePrimaryRule = (rules) => {
-    const blockingRules = rules.filter((accessRule) => AccessPolicyType.Block === accessRule.type);
-    const rulesToEvaluate = blockingRules.length > 0 ? blockingRules : rules;
-    return resolveMostLocalRule(rulesToEvaluate);
+  const blockingRules = rules.filter(
+    (accessRule) => AccessPolicyType.Block === accessRule.type
+  );
+  const rulesToEvaluate = blockingRules.length > 0 ? blockingRules : rules;
+  return resolveMostLocalRule(rulesToEvaluate);
 };
 const resolveMostLocalRule = (rules) => {
-    const clientRules = rules.filter((accessRule) => "string" === typeof accessRule.clientId);
-    if (clientRules.length > 0) {
-        return clientRules.shift();
-    }
-    return rules.shift();
+  const clientRules = rules.filter(
+    (accessRule) => "string" === typeof accessRule.clientId
+  );
+  if (clientRules.length > 0) {
+    return clientRules.shift();
+  }
+  return rules.shift();
+};
+export {
+  ScopeMatch,
+  createAccessPolicyResolver,
+  policyFilterSchema
 };
-//# sourceMappingURL=accessPolicyResolver.js.map

package/dist/accessRules.js

@@ -1,8 +1,11 @@
 import { z } from "zod";
-import { accessPolicySchema, policyScopeSchema, userScopeSchema, } from "#policy/accessPolicy.js";
-export const accessRuleSchema = z.object({
-    ...accessPolicySchema.shape,
-    ...policyScopeSchema.shape,
-    ...userScopeSchema.shape,
+import { userScopeSchema, policyScopeSchema, accessPolicySchema } from "./accessPolicy.js";
+const accessRuleSchema = z.object({
+  // flat structure is used to fit the Redis requirements
+  ...accessPolicySchema.shape,
+  ...policyScopeSchema.shape,
+  ...userScopeSchema.shape
 });
-//# sourceMappingURL=accessRules.js.map
+export {
+  accessRuleSchema
+};

package/dist/api/accessRuleApiRoutes.js

@@ -1,56 +1,79 @@
-import { DeleteAllRulesEndpoint } from "#policy/api/deleteAllRulesEndpoint.js";
+import { DeleteAllRulesEndpoint } from "./deleteAllRulesEndpoint.js";
 import { DeleteRulesEndpoint } from "./deleteRulesEndpoint.js";
 import { InsertRulesEndpoint } from "./insertRulesEndpoint.js";
-export var accessRuleApiPaths;
-(function (accessRuleApiPaths) {
-    accessRuleApiPaths["INSERT_MANY"] = "/v1/prosopo/user-access-policy/rules/insert-many";
-    accessRuleApiPaths["DELETE_MANY"] = "/v1/prosopo/user-access-policy/rules/delete-many";
-    accessRuleApiPaths["DELETE_ALL"] = "/v1/prosopo/user-access-policy/rules/delete-all";
-})(accessRuleApiPaths || (accessRuleApiPaths = {}));
-export class AccessRuleApiRoutes {
-    constructor(accessRulesStorage) {
-        this.accessRulesStorage = accessRulesStorage;
-    }
-    getRoutes() {
-        return [
-            {
-                path: accessRuleApiPaths.INSERT_MANY,
-                endpoint: new InsertRulesEndpoint(this.accessRulesStorage),
-            },
-            {
-                path: accessRuleApiPaths.DELETE_MANY,
-                endpoint: new DeleteRulesEndpoint(this.accessRulesStorage),
-            },
-            {
-                path: accessRuleApiPaths.DELETE_ALL,
-                endpoint: new DeleteAllRulesEndpoint(this.accessRulesStorage),
-            },
-        ];
-    }
+var accessRuleApiPaths = /* @__PURE__ */ ((accessRuleApiPaths2) => {
+  accessRuleApiPaths2["INSERT_MANY"] = "/v1/prosopo/user-access-policy/rules/insert-many";
+  accessRuleApiPaths2["DELETE_MANY"] = "/v1/prosopo/user-access-policy/rules/delete-many";
+  accessRuleApiPaths2["DELETE_ALL"] = "/v1/prosopo/user-access-policy/rules/delete-all";
+  return accessRuleApiPaths2;
+})(accessRuleApiPaths || {});
+class AccessRuleApiRoutes {
+  constructor(accessRulesStorage) {
+    this.accessRulesStorage = accessRulesStorage;
+  }
+  getRoutes() {
+    return [
+      {
+        path: "/v1/prosopo/user-access-policy/rules/insert-many",
+        endpoint: new InsertRulesEndpoint(this.accessRulesStorage)
+      },
+      {
+        path: "/v1/prosopo/user-access-policy/rules/delete-many",
+        endpoint: new DeleteRulesEndpoint(this.accessRulesStorage)
+      },
+      {
+        path: "/v1/prosopo/user-access-policy/rules/delete-all",
+        endpoint: new DeleteAllRulesEndpoint(this.accessRulesStorage)
+      }
+    ];
+  }
 }
-export const getExpressApiRuleRateLimits = () => {
-    const defaultWindowsMs = 60000;
-    const defaultLimit = 5;
-    return {
-        [accessRuleApiPaths.INSERT_MANY]: {
-            windowMs: getIntEnvironmentVariable("PROSOPO_USER_ACCESS_POLICY_RULE_INSERT_MANY_WINDOW") || defaultWindowsMs,
-            limit: getIntEnvironmentVariable("PROSOPO_USER_ACCESS_POLICY_RULE_INSERT_MANY_LIMIT") || defaultLimit,
-        },
-        [accessRuleApiPaths.DELETE_MANY]: {
-            windowMs: getIntEnvironmentVariable("PROSOPO_USER_ACCESS_POLICY_RULE_DELETE_MANY_WINDOW") || defaultWindowsMs,
-            limit: getIntEnvironmentVariable("PROSOPO_USER_ACCESS_POLICY_RULE_DELETE_MANY_LIMIT") || defaultLimit,
-        },
-        [accessRuleApiPaths.DELETE_ALL]: {
-            windowMs: getIntEnvironmentVariable("PROSOPO_USER_ACCESS_POLICY_RULE_DELETE_ALL_WINDOW") || defaultWindowsMs,
-            limit: getIntEnvironmentVariable("PROSOPO_USER_ACCESS_POLICY_RULE_DELETE_ALL_LIMIT") || defaultLimit,
-        },
-    };
+const getExpressApiRuleRateLimits = () => {
+  const defaultWindowsMs = 6e4;
+  const defaultLimit = 5;
+  return {
+    [
+      "/v1/prosopo/user-access-policy/rules/insert-many"
+      /* INSERT_MANY */
+    ]: {
+      windowMs: getIntEnvironmentVariable(
+        "PROSOPO_USER_ACCESS_POLICY_RULE_INSERT_MANY_WINDOW"
+      ) || defaultWindowsMs,
+      limit: getIntEnvironmentVariable(
+        "PROSOPO_USER_ACCESS_POLICY_RULE_INSERT_MANY_LIMIT"
+      ) || defaultLimit
+    },
+    [
+      "/v1/prosopo/user-access-policy/rules/delete-many"
+      /* DELETE_MANY */
+    ]: {
+      windowMs: getIntEnvironmentVariable(
+        "PROSOPO_USER_ACCESS_POLICY_RULE_DELETE_MANY_WINDOW"
+      ) || defaultWindowsMs,
+      limit: getIntEnvironmentVariable(
+        "PROSOPO_USER_ACCESS_POLICY_RULE_DELETE_MANY_LIMIT"
+      ) || defaultLimit
+    },
+    [
+      "/v1/prosopo/user-access-policy/rules/delete-all"
+      /* DELETE_ALL */
+    ]: {
+      windowMs: getIntEnvironmentVariable(
+        "PROSOPO_USER_ACCESS_POLICY_RULE_DELETE_ALL_WINDOW"
+      ) || defaultWindowsMs,
+      limit: getIntEnvironmentVariable(
+        "PROSOPO_USER_ACCESS_POLICY_RULE_DELETE_ALL_LIMIT"
+      ) || defaultLimit
+    }
+  };
 };
 const getIntEnvironmentVariable = (variableName) => {
-    const variableValue = process.env[variableName];
-    const numericValue = variableValue
-        ? Number.parseInt(variableValue)
-        : Number.NaN;
-    return Number.isInteger(numericValue) ? numericValue : undefined;
+  const variableValue = process.env[variableName];
+  const numericValue = variableValue ? Number.parseInt(variableValue) : Number.NaN;
+  return Number.isInteger(numericValue) ? numericValue : void 0;
+};
+export {
+  AccessRuleApiRoutes,
+  accessRuleApiPaths,
+  getExpressApiRuleRateLimits
 };
-//# sourceMappingURL=accessRuleApiRoutes.js.map

package/dist/api/deleteAllRulesEndpoint.js

@@ -1,21 +1,24 @@
-import { ApiEndpointResponseStatus, } from "@prosopo/api-route";
+import { ApiEndpointResponseStatus } from "@prosopo/api-route";
 import { z } from "zod";
-export const deleteAllRulesEndpointSchema = z.object({});
-export class DeleteAllRulesEndpoint {
-    constructor(accessRulesStorage) {
-        this.accessRulesStorage = accessRulesStorage;
-    }
-    async processRequest(args) {
-        const deletedCount = await this.accessRulesStorage.deleteAllRules();
-        return {
-            status: ApiEndpointResponseStatus.SUCCESS,
-            data: {
-                deleted_count: deletedCount,
-            },
-        };
-    }
-    getRequestArgsSchema() {
-        return deleteAllRulesEndpointSchema;
-    }
+const deleteAllRulesEndpointSchema = z.object({});
+class DeleteAllRulesEndpoint {
+  constructor(accessRulesStorage) {
+    this.accessRulesStorage = accessRulesStorage;
+  }
+  async processRequest(args) {
+    const deletedCount = await this.accessRulesStorage.deleteAllRules();
+    return {
+      status: ApiEndpointResponseStatus.SUCCESS,
+      data: {
+        deleted_count: deletedCount
+      }
+    };
+  }
+  getRequestArgsSchema() {
+    return deleteAllRulesEndpointSchema;
+  }
 }
-//# sourceMappingURL=deleteAllRulesEndpoint.js.map
+export {
+  DeleteAllRulesEndpoint,
+  deleteAllRulesEndpointSchema
+};

package/dist/api/deleteRulesEndpoint.js

@@ -1,31 +1,34 @@
-import { ApiEndpointResponseStatus, } from "@prosopo/api-route";
+import { ApiEndpointResponseStatus } from "@prosopo/api-route";
 import { z } from "zod";
-import { policyFilterSchema } from "#policy/accessPolicyResolver.js";
-export const deleteRulesEndpointSchema = z.array(policyFilterSchema);
-export class DeleteRulesEndpoint {
-    constructor(accessRulesStorage) {
-        this.accessRulesStorage = accessRulesStorage;
+import { policyFilterSchema } from "../accessPolicyResolver.js";
+const deleteRulesEndpointSchema = z.array(policyFilterSchema);
+class DeleteRulesEndpoint {
+  constructor(accessRulesStorage) {
+    this.accessRulesStorage = accessRulesStorage;
+  }
+  async processRequest(args) {
+    const allRuleIds = [];
+    for (const accessRuleFilter of args) {
+      const parsedRules = policyFilterSchema.parse(accessRuleFilter);
+      const foundRuleIds = await this.accessRulesStorage.findRuleIds(parsedRules);
+      allRuleIds.push(...foundRuleIds);
     }
-    async processRequest(args) {
-        const allRuleIds = [];
-        for (const accessRuleFilter of args) {
-            const parsedRules = policyFilterSchema.parse(accessRuleFilter);
-            const foundRuleIds = await this.accessRulesStorage.findRuleIds(parsedRules);
-            allRuleIds.push(...foundRuleIds);
-        }
-        const uniqueRuleIds = [...new Set(allRuleIds)];
-        if (uniqueRuleIds.length > 0) {
-            await this.accessRulesStorage.deleteRules(uniqueRuleIds);
-        }
-        return {
-            status: ApiEndpointResponseStatus.SUCCESS,
-            data: {
-                deleted_count: uniqueRuleIds.length,
-            },
-        };
-    }
-    getRequestArgsSchema() {
-        return deleteRulesEndpointSchema;
+    const uniqueRuleIds = [...new Set(allRuleIds)];
+    if (uniqueRuleIds.length > 0) {
+      await this.accessRulesStorage.deleteRules(uniqueRuleIds);
     }
+    return {
+      status: ApiEndpointResponseStatus.SUCCESS,
+      data: {
+        deleted_count: uniqueRuleIds.length
+      }
+    };
+  }
+  getRequestArgsSchema() {
+    return deleteRulesEndpointSchema;
+  }
 }
-//# sourceMappingURL=deleteRulesEndpoint.js.map
+export {
+  DeleteRulesEndpoint,
+  deleteRulesEndpointSchema
+};