@prosopo/user-access-policy 3.3.2 → 3.4.0

package/CHANGELOG.md

@@ -1,5 +1,29 @@
 # @prosopo/user-access-policy
 
+## 3.4.0
+### Minor Changes
+
+- df4e030: Revising UAP rule getters
+
+### Patch Changes
+
+- 91bbe87: configure typecheck before bundle for vue packages
+- 91bbe87: make typecheck script always recompile
+- 346e092: NODE_ENV default to "development"
+- 5d36e05: remove tsc --force
+- Updated dependencies [828066d]
+- Updated dependencies [df4e030]
+- Updated dependencies [91bbe87]
+- Updated dependencies [3ef4fd2]
+- Updated dependencies [91bbe87]
+- Updated dependencies [346e092]
+- Updated dependencies [5d36e05]
+  - @prosopo/api-route@2.6.10
+  - @prosopo/common@3.1.2
+  - @prosopo/types@3.0.6
+  - @prosopo/config@3.1.3
+  - @prosopo/util@3.0.5
+
 ## 3.3.2
 ### Patch Changes
 

package/dist/accessPolicyResolver.js

@@ -1,6 +1,5 @@
-import * as util from "node:util";
 import { z } from "zod";
-import { userScopeInputSchema, policyScopeSchema, AccessPolicyType } from "./accessPolicy.js";
+import { userScopeInputSchema, policyScopeSchema } from "./accessPolicy.js";
 var ScopeMatch = /* @__PURE__ */ ((ScopeMatch2) => {
   ScopeMatch2["Exact"] = "exact";
   ScopeMatch2["Greedy"] = "greedy";
@@ -26,45 +25,7 @@ const policyFilterSchema = z.object({
     /* Exact */
   )
 });
-const createAccessPolicyResolver = (accessRulesReader, logger) => {
-  return async (filter) => {
-    const accessRules = await accessRulesReader.findRules(filter);
-    const primaryAccessRule = resolvePrimaryRule(accessRules);
-    logger.debug(() => ({
-      msg: "Resolved access policy",
-      // filter contains BigInt, which can't be handled directly via logger.
-      data: {
-        inspect: util.inspect(
-          {
-            filter,
-            accessRules,
-            primaryAccessRule
-          },
-          { depth: null }
-        )
-      }
-    }));
-    return primaryAccessRule;
-  };
-};
-const resolvePrimaryRule = (rules) => {
-  const blockingRules = rules.filter(
-    (accessRule) => AccessPolicyType.Block === accessRule.type
-  );
-  const rulesToEvaluate = blockingRules.length > 0 ? blockingRules : rules;
-  return resolveMostLocalRule(rulesToEvaluate);
-};
-const resolveMostLocalRule = (rules) => {
-  const clientRules = rules.filter(
-    (accessRule) => "string" === typeof accessRule.clientId
-  );
-  if (clientRules.length > 0) {
-    return clientRules.shift();
-  }
-  return rules.shift();
-};
 export {
   ScopeMatch,
-  createAccessPolicyResolver,
   policyFilterSchema
 };

package/dist/cjs/accessPolicyResolver.cjs

@@ -1,25 +1,7 @@
 "use strict";
 Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
-const util = require("node:util");
 const zod = require("zod");
 const accessPolicy = require("./accessPolicy.cjs");
-function _interopNamespaceDefault(e) {
-  const n = Object.create(null, { [Symbol.toStringTag]: { value: "Module" } });
-  if (e) {
-    for (const k in e) {
-      if (k !== "default") {
-        const d = Object.getOwnPropertyDescriptor(e, k);
-        Object.defineProperty(n, k, d.get ? d : {
-          enumerable: true,
-          get: () => e[k]
-        });
-      }
-    }
-  }
-  n.default = e;
-  return Object.freeze(n);
-}
-const util__namespace = /* @__PURE__ */ _interopNamespaceDefault(util);
 var ScopeMatch = /* @__PURE__ */ ((ScopeMatch2) => {
   ScopeMatch2["Exact"] = "exact";
   ScopeMatch2["Greedy"] = "greedy";
@@ -45,43 +27,5 @@ const policyFilterSchema = zod.z.object({
     /* Exact */
   )
 });
-const createAccessPolicyResolver = (accessRulesReader, logger) => {
-  return async (filter) => {
-    const accessRules = await accessRulesReader.findRules(filter);
-    const primaryAccessRule = resolvePrimaryRule(accessRules);
-    logger.debug(() => ({
-      msg: "Resolved access policy",
-      // filter contains BigInt, which can't be handled directly via logger.
-      data: {
-        inspect: util__namespace.inspect(
-          {
-            filter,
-            accessRules,
-            primaryAccessRule
-          },
-          { depth: null }
-        )
-      }
-    }));
-    return primaryAccessRule;
-  };
-};
-const resolvePrimaryRule = (rules) => {
-  const blockingRules = rules.filter(
-    (accessRule) => accessPolicy.AccessPolicyType.Block === accessRule.type
-  );
-  const rulesToEvaluate = blockingRules.length > 0 ? blockingRules : rules;
-  return resolveMostLocalRule(rulesToEvaluate);
-};
-const resolveMostLocalRule = (rules) => {
-  const clientRules = rules.filter(
-    (accessRule) => "string" === typeof accessRule.clientId
-  );
-  if (clientRules.length > 0) {
-    return clientRules.shift();
-  }
-  return rules.shift();
-};
 exports.ScopeMatch = ScopeMatch;
-exports.createAccessPolicyResolver = createAccessPolicyResolver;
 exports.policyFilterSchema = policyFilterSchema;

package/dist/cjs/index.cjs

@@ -13,10 +13,10 @@ const createApiRuleRoutesProvider = (rulesStorage) => {
 };
 exports.AccessPolicyType = accessPolicy.AccessPolicyType;
 exports.accessPolicySchema = accessPolicy.accessPolicySchema;
+exports.accessRuleSchemaExtended = accessPolicy.accessRuleSchemaExtended;
 exports.policyScopeSchema = accessPolicy.policyScopeSchema;
 exports.userScopeInputSchema = accessPolicy.userScopeInputSchema;
 exports.ScopeMatch = accessPolicyResolver.ScopeMatch;
-exports.createAccessPolicyResolver = accessPolicyResolver.createAccessPolicyResolver;
 exports.accessRuleApiPaths = accessRuleApiRoutes.accessRuleApiPaths;
 exports.getExpressApiRuleRateLimits = accessRuleApiRoutes.getExpressApiRuleRateLimits;
 exports.deleteAllRulesEndpointSchema = deleteAllRulesEndpoint.deleteAllRulesEndpointSchema;

package/dist/cjs/redis/redisAccessRulesIndex.cjs

@@ -26,11 +26,11 @@ const accessRulesIndex = {
     },
     numericIpMaskMin: search.SCHEMA_FIELD_TYPE.NUMERIC,
     numericIpMaskMax: search.SCHEMA_FIELD_TYPE.NUMERIC,
-    userId: search.SCHEMA_FIELD_TYPE.TAG,
+    userId: { type: search.SCHEMA_FIELD_TYPE.TAG, INDEXMISSING: true },
     numericIp: { type: search.SCHEMA_FIELD_TYPE.NUMERIC, INDEXMISSING: true },
-    ja4Hash: search.SCHEMA_FIELD_TYPE.TAG,
-    headersHash: search.SCHEMA_FIELD_TYPE.TAG,
-    userAgentHash: search.SCHEMA_FIELD_TYPE.TAG
+    ja4Hash: { type: search.SCHEMA_FIELD_TYPE.TAG, INDEXMISSING: true },
+    headersHash: { type: search.SCHEMA_FIELD_TYPE.TAG, INDEXMISSING: true },
+    userAgentHash: { type: search.SCHEMA_FIELD_TYPE.TAG, INDEXMISSING: true }
   },
   // the satisfy statement is to guarantee that the keys are right
   options: {
@@ -38,7 +38,12 @@ const accessRulesIndex = {
     PREFIX: [accessRuleRedisKeyPrefix]
   }
 };
-const createRedisAccessRulesIndex = async (client) => redisIndex.createRedisIndex(client, accessRulesIndex);
+const createRedisAccessRulesIndex = async (client, indexName) => {
+  if (indexName) {
+    accessRulesIndex.name = indexName;
+  }
+  return redisIndex.createRedisIndex(client, accessRulesIndex);
+};
 const numericIndexFields = [
   "numericIp",
   "numericIpMaskMin",
@@ -79,16 +84,28 @@ const getPolicyScopeQuery = (policyScope, scopeMatchType) => {
   return accessPolicyResolver.ScopeMatch.Exact === scopeMatchType ? "ismissing(@clientId)" : "";
 };
 const getUserScopeQuery = (userScope, scopeMatchType) => {
-  const scopeEntries = Object.entries(userScope).filter(([_, value]) => value !== void 0);
-  const scopeJoinType = accessPolicyResolver.ScopeMatch.Exact === scopeMatchType ? " " : " | ";
+  let scopeEntries = Object.entries(userScope);
+  let scopeJoinType = " ";
+  if (scopeMatchType === accessPolicyResolver.ScopeMatch.Greedy) {
+    scopeEntries = scopeEntries.filter(
+      ([_, value]) => value !== void 0
+    );
+    scopeJoinType = " | ";
+  }
   return scopeEntries.map(
     ([scopeFieldName, scopeFieldValue]) => getUserScopeFieldQuery(scopeFieldName, scopeFieldValue, scopeMatchType)
   ).join(scopeJoinType);
 };
 const getUserScopeFieldQuery = (fieldName, fieldValue, matchType) => {
-  if (accessPolicyResolver.ScopeMatch.Greedy === matchType && "function" === typeof greedyFieldComparisons[fieldName]) {
+  if (
+    //ScopeMatch.Greedy === matchType &&
+    "function" === typeof greedyFieldComparisons[fieldName]
+  ) {
     return greedyFieldComparisons[fieldName](fieldValue);
   }
+  if (fieldValue === void 0) {
+    return `ismissing(@${fieldName})`;
+  }
   return numericIndexFields.includes(fieldName) ? `@${fieldName}:[${fieldValue}]` : `@${fieldName}:{${fieldValue}}`;
 };
 const getRedisAccessRuleKey = (rule) => accessRuleRedisKeyPrefix + crypto.createHash(accessRuleContentHashAlgorithm).update(

package/dist/index.js

@@ -1,5 +1,5 @@
-import { AccessPolicyType, accessPolicySchema, policyScopeSchema, userScopeInputSchema } from "./accessPolicy.js";
-import { ScopeMatch, createAccessPolicyResolver } from "./accessPolicyResolver.js";
+import { AccessPolicyType, accessPolicySchema, accessRuleSchemaExtended, policyScopeSchema, userScopeInputSchema } from "./accessPolicy.js";
+import { ScopeMatch } from "./accessPolicyResolver.js";
 import { AccessRuleApiRoutes } from "./api/accessRuleApiRoutes.js";
 import { accessRuleApiPaths, getExpressApiRuleRateLimits } from "./api/accessRuleApiRoutes.js";
 import { deleteAllRulesEndpointSchema } from "./api/deleteAllRulesEndpoint.js";
@@ -15,7 +15,7 @@ export {
   ScopeMatch,
   accessPolicySchema,
   accessRuleApiPaths,
-  createAccessPolicyResolver,
+  accessRuleSchemaExtended,
   createApiRuleRoutesProvider,
   createRedisAccessRulesIndex,
   createRedisAccessRulesStorage,

package/dist/redis/redisAccessRulesIndex.js

@@ -24,11 +24,11 @@ const accessRulesIndex = {
     },
     numericIpMaskMin: SCHEMA_FIELD_TYPE.NUMERIC,
     numericIpMaskMax: SCHEMA_FIELD_TYPE.NUMERIC,
-    userId: SCHEMA_FIELD_TYPE.TAG,
+    userId: { type: SCHEMA_FIELD_TYPE.TAG, INDEXMISSING: true },
     numericIp: { type: SCHEMA_FIELD_TYPE.NUMERIC, INDEXMISSING: true },
-    ja4Hash: SCHEMA_FIELD_TYPE.TAG,
-    headersHash: SCHEMA_FIELD_TYPE.TAG,
-    userAgentHash: SCHEMA_FIELD_TYPE.TAG
+    ja4Hash: { type: SCHEMA_FIELD_TYPE.TAG, INDEXMISSING: true },
+    headersHash: { type: SCHEMA_FIELD_TYPE.TAG, INDEXMISSING: true },
+    userAgentHash: { type: SCHEMA_FIELD_TYPE.TAG, INDEXMISSING: true }
   },
   // the satisfy statement is to guarantee that the keys are right
   options: {
@@ -36,7 +36,12 @@ const accessRulesIndex = {
     PREFIX: [accessRuleRedisKeyPrefix]
   }
 };
-const createRedisAccessRulesIndex = async (client) => createRedisIndex(client, accessRulesIndex);
+const createRedisAccessRulesIndex = async (client, indexName) => {
+  if (indexName) {
+    accessRulesIndex.name = indexName;
+  }
+  return createRedisIndex(client, accessRulesIndex);
+};
 const numericIndexFields = [
   "numericIp",
   "numericIpMaskMin",
@@ -77,16 +82,28 @@ const getPolicyScopeQuery = (policyScope, scopeMatchType) => {
   return ScopeMatch.Exact === scopeMatchType ? "ismissing(@clientId)" : "";
 };
 const getUserScopeQuery = (userScope, scopeMatchType) => {
-  const scopeEntries = Object.entries(userScope).filter(([_, value]) => value !== void 0);
-  const scopeJoinType = ScopeMatch.Exact === scopeMatchType ? " " : " | ";
+  let scopeEntries = Object.entries(userScope);
+  let scopeJoinType = " ";
+  if (scopeMatchType === ScopeMatch.Greedy) {
+    scopeEntries = scopeEntries.filter(
+      ([_, value]) => value !== void 0
+    );
+    scopeJoinType = " | ";
+  }
   return scopeEntries.map(
     ([scopeFieldName, scopeFieldValue]) => getUserScopeFieldQuery(scopeFieldName, scopeFieldValue, scopeMatchType)
   ).join(scopeJoinType);
 };
 const getUserScopeFieldQuery = (fieldName, fieldValue, matchType) => {
-  if (ScopeMatch.Greedy === matchType && "function" === typeof greedyFieldComparisons[fieldName]) {
+  if (
+    //ScopeMatch.Greedy === matchType &&
+    "function" === typeof greedyFieldComparisons[fieldName]
+  ) {
     return greedyFieldComparisons[fieldName](fieldValue);
   }
+  if (fieldValue === void 0) {
+    return `ismissing(@${fieldName})`;
+  }
   return numericIndexFields.includes(fieldName) ? `@${fieldName}:[${fieldValue}]` : `@${fieldName}:{${fieldValue}}`;
 };
 const getRedisAccessRuleKey = (rule) => accessRuleRedisKeyPrefix + crypto.createHash(accessRuleContentHashAlgorithm).update(

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@prosopo/user-access-policy",
-	"version": "3.3.2",
+	"version": "3.4.0",
 	"main": "dist/index.js",
 	"types": "dist/index.d.ts",
 	"type": "module",
@@ -20,23 +20,23 @@
 	},
 	"scripts": {
 		"clean": "del-cli --verbose dist tsconfig.tsbuildinfo",
-		"build": "NODE_ENV=${NODE_ENV:-production}; vite build --config vite.esm.config.ts --mode $NODE_ENV",
+		"build": "NODE_ENV=${NODE_ENV:-development}; vite build --config vite.esm.config.ts --mode $NODE_ENV",
 		"build:tsc": "tsc --build --verbose",
-		"build:cjs": "NODE_ENV=${NODE_ENV:-production}; vite build --config vite.cjs.config.ts --mode $NODE_ENV",
-		"typecheck": "tsc --build --declaration --emitDeclarationOnly --force",
+		"build:cjs": "NODE_ENV=${NODE_ENV:-development}; vite build --config vite.cjs.config.ts --mode $NODE_ENV",
+		"typecheck": "tsc --build --declaration --emitDeclarationOnly",
 		"test": "NODE_ENV=${NODE_ENV:-test}; npx vitest run --config ./vite.test.config.ts"
 	},
 	"dependencies": {
-		"@prosopo/api-route": "2.6.9",
-		"@prosopo/common": "3.1.1",
-		"@prosopo/types": "3.0.5",
-		"@prosopo/util": "3.0.4",
+		"@prosopo/api-route": "2.6.10",
+		"@prosopo/common": "3.1.2",
+		"@prosopo/types": "3.0.6",
+		"@prosopo/util": "3.0.5",
 		"axios": "1.10.0",
 		"esbuild": "0.25.6",
 		"ip-address": "10.0.1",
 		"redis": "5.0.0",
 		"zod": "3.23.8",
-		"@prosopo/config": "3.1.2",
+		"@prosopo/config": "3.1.3",
 		"webpack-dev-server": "5.2.2"
 	},
 	"devDependencies": {