npm - @prosopo/user-access-policy - Versions diffs - 3.3.2 → 3.5.19 - Mend

@prosopo/user-access-policy 3.3.2 → 3.5.19

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (20) hide show

package/CHANGELOG.md +266 -0
package/dist/accessPolicyResolver.js +1 -40
package/dist/api/accessRulesApiClient.js +38 -0
package/dist/cjs/accessPolicyResolver.cjs +0 -56
package/dist/cjs/api/accessRulesApiClient.cjs +38 -0
package/dist/cjs/index.cjs +9 -5
package/dist/cjs/redis/redisRulesIndex.cjs +138 -0
package/dist/cjs/redis/{redisAccessRules.cjs → redisRulesReader.cjs} +30 -40
package/dist/cjs/redis/redisRulesStorage.cjs +21 -0
package/dist/cjs/redis/redisRulesWriter.cjs +73 -0
package/dist/index.js +10 -6
package/dist/redis/redisRulesIndex.js +138 -0
package/dist/redis/{redisAccessRules.js → redisRulesReader.js} +30 -40
package/dist/redis/redisRulesStorage.js +21 -0
package/dist/redis/redisRulesWriter.js +73 -0
package/package.json +19 -14
package/dist/cjs/redis/redisAccessRulesIndex.cjs +0 -113
package/dist/cjs/redis/redisIndex.cjs +0 -22
package/dist/redis/redisAccessRulesIndex.js +0 -113
package/dist/redis/redisIndex.js +0 -22

package/dist/cjs/redis/{redisAccessRules.cjs → redisRulesReader.cjs} RENAMED Viewed

@@ -2,7 +2,7 @@
 Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
 const util = require("node:util");
 const accessRules = require("../accessRules.cjs");
-const redisAccessRulesIndex = require("./redisAccessRulesIndex.cjs");
+const redisRulesIndex = require("./redisRulesIndex.cjs");
 function _interopNamespaceDefault(e) {
   const n = Object.create(null, { [Symbol.toStringTag]: { value: "Module" } });
   if (e) {
@@ -20,19 +20,19 @@ function _interopNamespaceDefault(e) {
   return Object.freeze(n);
 }
 const util__namespace = /* @__PURE__ */ _interopNamespaceDefault(util);
-const createRedisAccessRulesReader = (client, logger) => {
+const createRedisRulesReader = (client, logger) => {
   return {
-    findRules: async (filter, skipEmptyUserScopes = true) => {
-      const query = redisAccessRulesIndex.getRedisAccessRulesQuery(filter);
+    findRules: async (filter, matchingFieldsOnly = false, skipEmptyUserScopes = true) => {
+      const query = redisRulesIndex.getRedisRulesQuery(filter, matchingFieldsOnly);
       if (skipEmptyUserScopes && query === "ismissing(@clientId)") {
         return [];
       }
       let searchReply;
       try {
         searchReply = await client.ft.search(
-          redisAccessRulesIndex.accessRulesRedisIndexName,
+          redisRulesIndex.redisRulesIndexName,
           query,
-          redisAccessRulesIndex.accessRulesRedisSearchOptions
+          redisRulesIndex.redisRulesSearchOptions
         );
         if (searchReply.total > 0) {
           logger.debug(() => ({
@@ -67,16 +67,16 @@ const createRedisAccessRulesReader = (client, logger) => {
         }));
         return [];
       }
-      return extractAccessRulesFromSearchReply(searchReply, logger);
+      return extractRulesFromSearchReply(searchReply, logger);
     },
-    findRuleIds: async (filter) => {
-      const query = redisAccessRulesIndex.getRedisAccessRulesQuery(filter);
+    findRuleIds: async (filter, matchingFieldsOnly = false) => {
+      const query = redisRulesIndex.getRedisRulesQuery(filter, matchingFieldsOnly);
       let searchReply;
       try {
         searchReply = await client.ft.searchNoContent(
-          redisAccessRulesIndex.accessRulesRedisIndexName,
+          redisRulesIndex.redisRulesIndexName,
           query,
-          redisAccessRulesIndex.accessRulesRedisSearchOptions
+          redisRulesIndex.redisRulesSearchOptions
         );
       } catch (e) {
         logger.error(() => ({
@@ -100,38 +100,29 @@ const createRedisAccessRulesReader = (client, logger) => {
     }
   };
 };
-const createRedisAccessRulesWriter = (client) => {
+const getDummyRedisRulesReader = (logger) => {
   return {
-    insertRule: async (rule, expirationTimestamp) => {
-      const ruleKey = redisAccessRulesIndex.getRedisAccessRuleKey(rule);
-      const ruleValue = redisAccessRulesIndex.getRedisAccessRuleValue(rule);
-      await client.hSet(ruleKey, ruleValue);
-      if (expirationTimestamp) {
-        const expiryDate = new Date(expirationTimestamp);
-        if (expiryDate.getUTCFullYear() === 1970) {
-          await client.expireAt(ruleKey, expirationTimestamp);
-        } else {
-          const timestampInSeconds = Math.floor(expirationTimestamp / 1e3);
-          await client.expireAt(ruleKey, timestampInSeconds);
+    findRules: async (filter, matchingFieldsOnly = false, skipEmptyUserScopes = true) => {
+      logger.info(() => ({
+        msg: "Dummy findRules() has no effect (redis is not ready)",
+        data: {
+          filter
         }
-      }
-      return ruleKey;
+      }));
+      return [];
     },
-    deleteRules: async (ruleIds) => void await client.del(ruleIds),
-    deleteAllRules: async () => {
-      const keys = await client.keys(`${redisAccessRulesIndex.accessRuleRedisKeyPrefix}*`);
-      if (keys.length === 0) return 0;
-      return await client.del(keys);
+    findRuleIds: async (filter, matchingFieldsOnly = false) => {
+      logger.info(() => ({
+        msg: "Dummy findRuleIds() has no effect (redis is not ready)",
+        data: {
+          filter
+        }
+      }));
+      return [];
     }
   };
 };
-const createRedisAccessRulesStorage = (client, logger) => {
-  return {
-    ...createRedisAccessRulesReader(client, logger),
-    ...createRedisAccessRulesWriter(client)
-  };
-};
-const extractAccessRulesFromSearchReply = (searchReply, logger) => {
+const extractRulesFromSearchReply = (searchReply, logger) => {
   const accessRules$1 = [];
   searchReply.documents.map(({ id, value: document }) => {
     const parsedDocument = accessRules.accessRuleSchema.safeParse(document);
@@ -147,6 +138,5 @@ const extractAccessRulesFromSearchReply = (searchReply, logger) => {
   });
   return accessRules$1;
 };
-exports.createRedisAccessRulesReader = createRedisAccessRulesReader;
-exports.createRedisAccessRulesStorage = createRedisAccessRulesStorage;
-exports.createRedisAccessRulesWriter = createRedisAccessRulesWriter;
+exports.createRedisRulesReader = createRedisRulesReader;
+exports.getDummyRedisRulesReader = getDummyRedisRulesReader;

package/dist/cjs/redis/redisRulesStorage.cjs ADDED Viewed

@@ -0,0 +1,21 @@
+"use strict";
+Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
+const redisRulesReader = require("./redisRulesReader.cjs");
+const redisRulesWriter = require("./redisRulesWriter.cjs");
+const createRedisAccessRulesStorage = (connection, logger) => {
+  const storage = {
+    ...redisRulesReader.getDummyRedisRulesReader(logger),
+    ...redisRulesWriter.getDummyRedisRulesWriter(logger)
+  };
+  connection.getClient().then((client) => {
+    Object.assign(storage, {
+      ...redisRulesReader.createRedisRulesReader(client, logger),
+      ...redisRulesWriter.createRedisRulesWriter(client)
+    });
+    logger.info(() => ({
+      msg: "RedisAccessRules storage got a ready Redis client"
+    }));
+  });
+  return storage;
+};
+exports.createRedisAccessRulesStorage = createRedisAccessRulesStorage;

package/dist/cjs/redis/redisRulesWriter.cjs ADDED Viewed

@@ -0,0 +1,73 @@
+"use strict";
+Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
+const crypto = require("node:crypto");
+const redisRulesIndex = require("./redisRulesIndex.cjs");
+const redisRuleContentHashAlgorithm = "md5";
+const createRedisRulesWriter = (client) => {
+  return {
+    insertRule: async (rule, expirationTimestamp) => {
+      const ruleKey = getRedisRuleKey(rule);
+      const ruleValue = getRedisRuleValue(rule);
+      await client.hSet(ruleKey, ruleValue);
+      if (expirationTimestamp) {
+        const expiryDate = new Date(expirationTimestamp);
+        if (expiryDate.getUTCFullYear() === 1970) {
+          await client.expireAt(ruleKey, expirationTimestamp);
+        } else {
+          const timestampInSeconds = Math.floor(expirationTimestamp / 1e3);
+          await client.expireAt(ruleKey, timestampInSeconds);
+        }
+      }
+      return ruleKey;
+    },
+    deleteRules: async (ruleIds) => void await client.del(ruleIds),
+    deleteAllRules: async () => {
+      const keys = await client.keys(`${redisRulesIndex.redisRuleKeyPrefix}*`);
+      if (keys.length === 0) return 0;
+      return await client.del(keys);
+    }
+  };
+};
+const getDummyRedisRulesWriter = (logger) => {
+  return {
+    insertRule: async (rule, expirationTimestamp) => {
+      logger.info(() => ({
+        msg: "Dummy insertRule() has no effect (redis is not ready)",
+        data: {
+          rule
+        }
+      }));
+      return "";
+    },
+    deleteRules: async (ruleIds) => {
+      logger.info(() => ({
+        msg: "Dummy deleteRules() has no effect (redis is not ready)",
+        data: {
+          ruleIds
+        }
+      }));
+    },
+    deleteAllRules: async () => {
+      logger.info(() => ({
+        msg: "Dummy deleteAllRules() has no effect (redis is not ready)"
+      }));
+      return 0;
+    }
+  };
+};
+const getRedisRuleKey = (rule) => redisRulesIndex.redisRuleKeyPrefix + crypto.createHash(redisRuleContentHashAlgorithm).update(
+  JSON.stringify(
+    rule,
+    (key, value) => (
+      // JSON.stringify can't handle BigInt itself: throws "Do not know how to serialize a BigInt"
+      "bigint" === typeof value ? value.toString() : value
+    )
+  )
+).digest("hex");
+const getRedisRuleValue = (rule) => Object.fromEntries(
+  Object.entries(rule).map(([key, value]) => [key, String(value)])
+);
+exports.createRedisRulesWriter = createRedisRulesWriter;
+exports.getDummyRedisRulesWriter = getDummyRedisRulesWriter;
+exports.getRedisRuleKey = getRedisRuleKey;
+exports.getRedisRuleValue = getRedisRuleValue;

package/dist/index.js CHANGED Viewed

@@ -1,28 +1,32 @@
-import { AccessPolicyType, accessPolicySchema, policyScopeSchema, userScopeInputSchema } from "./accessPolicy.js";
-import { ScopeMatch, createAccessPolicyResolver } from "./accessPolicyResolver.js";
+import { AccessPolicyType, accessPolicySchema, accessRuleSchemaExtended, policyScopeSchema, userScopeInputSchema } from "./accessPolicy.js";
+import { ScopeMatch } from "./accessPolicyResolver.js";
+import { accessRuleSchema } from "./accessRules.js";
 import { AccessRuleApiRoutes } from "./api/accessRuleApiRoutes.js";
 import { accessRuleApiPaths, getExpressApiRuleRateLimits } from "./api/accessRuleApiRoutes.js";
 import { deleteAllRulesEndpointSchema } from "./api/deleteAllRulesEndpoint.js";
 import { deleteRulesEndpointSchema } from "./api/deleteRulesEndpoint.js";
 import { insertRulesEndpointSchema } from "./api/insertRulesEndpoint.js";
-import { createRedisAccessRulesStorage } from "./redis/redisAccessRules.js";
-import { createRedisAccessRulesIndex } from "./redis/redisAccessRulesIndex.js";
+import { createRedisAccessRulesStorage } from "./redis/redisRulesStorage.js";
+import { redisAccessRulesIndex } from "./redis/redisRulesIndex.js";
+import { AccessRulesApiClient } from "./api/accessRulesApiClient.js";
 const createApiRuleRoutesProvider = (rulesStorage) => {
   return new AccessRuleApiRoutes(rulesStorage);
 };
 export {
   AccessPolicyType,
+  AccessRulesApiClient,
   ScopeMatch,
   accessPolicySchema,
   accessRuleApiPaths,
-  createAccessPolicyResolver,
+  accessRuleSchema,
+  accessRuleSchemaExtended,
   createApiRuleRoutesProvider,
-  createRedisAccessRulesIndex,
   createRedisAccessRulesStorage,
   deleteAllRulesEndpointSchema,
   deleteRulesEndpointSchema,
   getExpressApiRuleRateLimits,
   insertRulesEndpointSchema,
   policyScopeSchema,
+  redisAccessRulesIndex,
   userScopeInputSchema
 };

package/dist/redis/redisRulesIndex.js ADDED Viewed

@@ -0,0 +1,138 @@
+import { SCHEMA_FIELD_TYPE } from "@redis/search";
+import { userScopeSchema } from "../accessPolicy.js";
+import { ScopeMatch } from "../accessPolicyResolver.js";
+const redisRulesIndexName = "index:user-access-rules";
+const redisRuleKeyPrefix = "uar:";
+const redisAccessRulesIndex = {
+  name: redisRulesIndexName,
+  /**
+   * Note on the field type decision
+   *
+   * TAG is designed for the exact value matching
+   * TEXT is designed for the word-based and pattern matching
+   *
+   * For our goal TAG fits perfectly and, more performant
+   */
+  schema: {
+    clientId: {
+      type: SCHEMA_FIELD_TYPE.TAG,
+      // necessary to make possible use of the ismissing() function on this field in the search
+      INDEXMISSING: true
+    },
+    numericIpMaskMin: { type: SCHEMA_FIELD_TYPE.NUMERIC, INDEXMISSING: true },
+    numericIpMaskMax: { type: SCHEMA_FIELD_TYPE.NUMERIC, INDEXMISSING: true },
+    userId: { type: SCHEMA_FIELD_TYPE.TAG, INDEXMISSING: true },
+    numericIp: { type: SCHEMA_FIELD_TYPE.NUMERIC, INDEXMISSING: true },
+    ja4Hash: { type: SCHEMA_FIELD_TYPE.TAG, INDEXMISSING: true },
+    headersHash: { type: SCHEMA_FIELD_TYPE.TAG, INDEXMISSING: true },
+    userAgentHash: { type: SCHEMA_FIELD_TYPE.TAG, INDEXMISSING: true }
+  },
+  // the satisfy statement is to guarantee that the keys are right
+  options: {
+    ON: "HASH",
+    PREFIX: [redisRuleKeyPrefix]
+  }
+};
+const numericIndexFields = [
+  "numericIp",
+  "numericIpMaskMin",
+  "numericIpMaskMax"
+];
+const greedyFieldComparisons = {
+  numericIp: (value, scope) => {
+    if (value !== void 0) {
+      return `( @numericIp:[${value}] | ( @numericIpMaskMin:[-inf ${value}] @numericIpMaskMax:[${value} +inf] ) )`;
+    }
+    if (scope.numericIpMaskMin === void 0 && scope.numericIpMaskMax === void 0) {
+      return "ismissing(@numericIp) ismissing(@numericIpMaskMin) ismissing(@numericIpMaskMax)";
+    }
+    return "";
+  },
+  numericIpMaskMin: (value, scope) => {
+    if (scope.numericIp !== void 0) {
+      return "";
+    }
+    return value !== void 0 ? `@numericIpMaskMin:[-inf ${value}]` : "ismissing(@numericIpMaskMin)";
+  },
+  numericIpMaskMax: (value, scope) => {
+    if (scope.numericIp !== void 0) {
+      return "";
+    }
+    return value !== void 0 ? `@numericIpMaskMax:[${value} +inf]` : "ismissing(@numericIpMaskMax)";
+  }
+};
+const redisRulesSearchOptions = {
+  // #2 is a required option when the 'ismissing()' function is in the query body
+  DIALECT: 2
+};
+const getRedisRulesQuery = (filter, matchingFieldsOnly) => {
+  const { policyScope, userScope } = filter;
+  const policyScopeFilter = getPolicyScopeQuery(
+    policyScope,
+    filter.policyScopeMatch
+  );
+  if (userScope && Object.keys(userScope).length > 0) {
+    const userScopeFilter = getUserScopeQuery(
+      userScope,
+      filter.userScopeMatch,
+      matchingFieldsOnly
+    );
+    return `${policyScopeFilter} ( ${userScopeFilter} )`;
+  }
+  return policyScopeFilter ? policyScopeFilter : "*";
+};
+const getPolicyScopeQuery = (policyScope, scopeMatchType) => {
+  const clientId = policyScope?.clientId;
+  if ("string" === typeof clientId) {
+    return ScopeMatch.Exact === scopeMatchType ? `@clientId:{${clientId}}` : `( @clientId:{${clientId}} | ismissing(@clientId) )`;
+  }
+  return ScopeMatch.Exact === scopeMatchType ? "ismissing(@clientId)" : "";
+};
+const getUserScopeQuery = (userScope, scopeMatchType, matchingFieldsOnly) => {
+  let scopeEntries = Object.entries(userScope);
+  let scopeJoinType = " ";
+  if (scopeMatchType === ScopeMatch.Greedy) {
+    scopeEntries = scopeEntries.filter(
+      ([_, value]) => value !== void 0
+    );
+    scopeJoinType = " | ";
+  }
+  if (matchingFieldsOnly) {
+    const scopeMap = new Map(scopeEntries);
+    if (scopeMap.has("numericIp") && scopeMap.get("numericIp") === void 0) {
+      scopeMap.set("numericIpMaskMin", void 0);
+      scopeMap.set("numericIpMaskMax", void 0);
+    }
+    for (const name of Object.keys(userScopeSchema.shape)) {
+      if (!scopeMap.has(name)) {
+        scopeMap.set(name, void 0);
+      }
+    }
+    scopeEntries = [...scopeMap.entries()];
+  }
+  const scopeObj = Object.fromEntries(scopeEntries);
+  return scopeEntries.map(
+    ([scopeFieldName, scopeFieldValue]) => getUserScopeFieldQuery(
+      scopeFieldName,
+      scopeFieldValue,
+      scopeMatchType,
+      scopeObj
+    )
+  ).filter(Boolean).join(scopeJoinType);
+};
+const getUserScopeFieldQuery = (fieldName, fieldValue, matchType, fullScope) => {
+  if ("function" === typeof greedyFieldComparisons[fieldName]) {
+    return greedyFieldComparisons[fieldName](fieldValue, fullScope);
+  }
+  if (fieldValue === void 0) {
+    return `ismissing(@${fieldName})`;
+  }
+  return numericIndexFields.includes(fieldName) ? `@${fieldName}:[${fieldValue}]` : `@${fieldName}:{${fieldValue}}`;
+};
+export {
+  getRedisRulesQuery,
+  redisAccessRulesIndex,
+  redisRuleKeyPrefix,
+  redisRulesIndexName,
+  redisRulesSearchOptions
+};

package/dist/redis/{redisAccessRules.js → redisRulesReader.js} RENAMED Viewed

@@ -1,19 +1,19 @@
 import * as util from "node:util";
 import { accessRuleSchema } from "../accessRules.js";
-import { getRedisAccessRulesQuery, accessRulesRedisIndexName, accessRulesRedisSearchOptions, accessRuleRedisKeyPrefix, getRedisAccessRuleKey, getRedisAccessRuleValue } from "./redisAccessRulesIndex.js";
-const createRedisAccessRulesReader = (client, logger) => {
+import { getRedisRulesQuery, redisRulesIndexName, redisRulesSearchOptions } from "./redisRulesIndex.js";
+const createRedisRulesReader = (client, logger) => {
   return {
-    findRules: async (filter, skipEmptyUserScopes = true) => {
-      const query = getRedisAccessRulesQuery(filter);
+    findRules: async (filter, matchingFieldsOnly = false, skipEmptyUserScopes = true) => {
+      const query = getRedisRulesQuery(filter, matchingFieldsOnly);
       if (skipEmptyUserScopes && query === "ismissing(@clientId)") {
         return [];
       }
       let searchReply;
       try {
         searchReply = await client.ft.search(
-          accessRulesRedisIndexName,
+          redisRulesIndexName,
           query,
-          accessRulesRedisSearchOptions
+          redisRulesSearchOptions
         );
         if (searchReply.total > 0) {
           logger.debug(() => ({
@@ -48,16 +48,16 @@ const createRedisAccessRulesReader = (client, logger) => {
         }));
         return [];
       }
-      return extractAccessRulesFromSearchReply(searchReply, logger);
+      return extractRulesFromSearchReply(searchReply, logger);
     },
-    findRuleIds: async (filter) => {
-      const query = getRedisAccessRulesQuery(filter);
+    findRuleIds: async (filter, matchingFieldsOnly = false) => {
+      const query = getRedisRulesQuery(filter, matchingFieldsOnly);
       let searchReply;
       try {
         searchReply = await client.ft.searchNoContent(
-          accessRulesRedisIndexName,
+          redisRulesIndexName,
           query,
-          accessRulesRedisSearchOptions
+          redisRulesSearchOptions
         );
       } catch (e) {
         logger.error(() => ({
@@ -81,38 +81,29 @@ const createRedisAccessRulesReader = (client, logger) => {
     }
   };
 };
-const createRedisAccessRulesWriter = (client) => {
+const getDummyRedisRulesReader = (logger) => {
   return {
-    insertRule: async (rule, expirationTimestamp) => {
-      const ruleKey = getRedisAccessRuleKey(rule);
-      const ruleValue = getRedisAccessRuleValue(rule);
-      await client.hSet(ruleKey, ruleValue);
-      if (expirationTimestamp) {
-        const expiryDate = new Date(expirationTimestamp);
-        if (expiryDate.getUTCFullYear() === 1970) {
-          await client.expireAt(ruleKey, expirationTimestamp);
-        } else {
-          const timestampInSeconds = Math.floor(expirationTimestamp / 1e3);
-          await client.expireAt(ruleKey, timestampInSeconds);
+    findRules: async (filter, matchingFieldsOnly = false, skipEmptyUserScopes = true) => {
+      logger.info(() => ({
+        msg: "Dummy findRules() has no effect (redis is not ready)",
+        data: {
+          filter
         }
-      }
-      return ruleKey;
+      }));
+      return [];
     },
-    deleteRules: async (ruleIds) => void await client.del(ruleIds),
-    deleteAllRules: async () => {
-      const keys = await client.keys(`${accessRuleRedisKeyPrefix}*`);
-      if (keys.length === 0) return 0;
-      return await client.del(keys);
+    findRuleIds: async (filter, matchingFieldsOnly = false) => {
+      logger.info(() => ({
+        msg: "Dummy findRuleIds() has no effect (redis is not ready)",
+        data: {
+          filter
+        }
+      }));
+      return [];
     }
   };
 };
-const createRedisAccessRulesStorage = (client, logger) => {
-  return {
-    ...createRedisAccessRulesReader(client, logger),
-    ...createRedisAccessRulesWriter(client)
-  };
-};
-const extractAccessRulesFromSearchReply = (searchReply, logger) => {
+const extractRulesFromSearchReply = (searchReply, logger) => {
   const accessRules = [];
   searchReply.documents.map(({ id, value: document }) => {
     const parsedDocument = accessRuleSchema.safeParse(document);
@@ -129,7 +120,6 @@ const extractAccessRulesFromSearchReply = (searchReply, logger) => {
   return accessRules;
 };
 export {
-  createRedisAccessRulesReader,
-  createRedisAccessRulesStorage,
-  createRedisAccessRulesWriter
+  createRedisRulesReader,
+  getDummyRedisRulesReader
 };

package/dist/redis/redisRulesStorage.js ADDED Viewed

@@ -0,0 +1,21 @@
+import { getDummyRedisRulesReader, createRedisRulesReader } from "./redisRulesReader.js";
+import { getDummyRedisRulesWriter, createRedisRulesWriter } from "./redisRulesWriter.js";
+const createRedisAccessRulesStorage = (connection, logger) => {
+  const storage = {
+    ...getDummyRedisRulesReader(logger),
+    ...getDummyRedisRulesWriter(logger)
+  };
+  connection.getClient().then((client) => {
+    Object.assign(storage, {
+      ...createRedisRulesReader(client, logger),
+      ...createRedisRulesWriter(client)
+    });
+    logger.info(() => ({
+      msg: "RedisAccessRules storage got a ready Redis client"
+    }));
+  });
+  return storage;
+};
+export {
+  createRedisAccessRulesStorage
+};

package/dist/redis/redisRulesWriter.js ADDED Viewed

@@ -0,0 +1,73 @@
+import crypto from "node:crypto";
+import { redisRuleKeyPrefix } from "./redisRulesIndex.js";
+const redisRuleContentHashAlgorithm = "md5";
+const createRedisRulesWriter = (client) => {
+  return {
+    insertRule: async (rule, expirationTimestamp) => {
+      const ruleKey = getRedisRuleKey(rule);
+      const ruleValue = getRedisRuleValue(rule);
+      await client.hSet(ruleKey, ruleValue);
+      if (expirationTimestamp) {
+        const expiryDate = new Date(expirationTimestamp);
+        if (expiryDate.getUTCFullYear() === 1970) {
+          await client.expireAt(ruleKey, expirationTimestamp);
+        } else {
+          const timestampInSeconds = Math.floor(expirationTimestamp / 1e3);
+          await client.expireAt(ruleKey, timestampInSeconds);
+        }
+      }
+      return ruleKey;
+    },
+    deleteRules: async (ruleIds) => void await client.del(ruleIds),
+    deleteAllRules: async () => {
+      const keys = await client.keys(`${redisRuleKeyPrefix}*`);
+      if (keys.length === 0) return 0;
+      return await client.del(keys);
+    }
+  };
+};
+const getDummyRedisRulesWriter = (logger) => {
+  return {
+    insertRule: async (rule, expirationTimestamp) => {
+      logger.info(() => ({
+        msg: "Dummy insertRule() has no effect (redis is not ready)",
+        data: {
+          rule
+        }
+      }));
+      return "";
+    },
+    deleteRules: async (ruleIds) => {
+      logger.info(() => ({
+        msg: "Dummy deleteRules() has no effect (redis is not ready)",
+        data: {
+          ruleIds
+        }
+      }));
+    },
+    deleteAllRules: async () => {
+      logger.info(() => ({
+        msg: "Dummy deleteAllRules() has no effect (redis is not ready)"
+      }));
+      return 0;
+    }
+  };
+};
+const getRedisRuleKey = (rule) => redisRuleKeyPrefix + crypto.createHash(redisRuleContentHashAlgorithm).update(
+  JSON.stringify(
+    rule,
+    (key, value) => (
+      // JSON.stringify can't handle BigInt itself: throws "Do not know how to serialize a BigInt"
+      "bigint" === typeof value ? value.toString() : value
+    )
+  )
+).digest("hex");
+const getRedisRuleValue = (rule) => Object.fromEntries(
+  Object.entries(rule).map(([key, value]) => [key, String(value)])
+);
+export {
+  createRedisRulesWriter,
+  getDummyRedisRulesWriter,
+  getRedisRuleKey,
+  getRedisRuleValue
+};

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
 	"name": "@prosopo/user-access-policy",
-	"version": "3.3.2",
+	"version": "3.5.19",
 	"main": "dist/index.js",
 	"types": "dist/index.d.ts",
 	"type": "module",
@@ -20,26 +20,31 @@
 	},
 	"scripts": {
 		"clean": "del-cli --verbose dist tsconfig.tsbuildinfo",
-		"build": "NODE_ENV=${NODE_ENV:-production}; vite build --config vite.esm.config.ts --mode $NODE_ENV",
+		"build": "NODE_ENV=${NODE_ENV:-development}; vite build --config vite.esm.config.ts --mode $NODE_ENV",
 		"build:tsc": "tsc --build --verbose",
-		"build:cjs": "NODE_ENV=${NODE_ENV:-production}; vite build --config vite.cjs.config.ts --mode $NODE_ENV",
-		"typecheck": "tsc --build --declaration --emitDeclarationOnly --force",
-		"test": "NODE_ENV=${NODE_ENV:-test}; npx vitest run --config ./vite.test.config.ts"
+		"build:cjs": "NODE_ENV=${NODE_ENV:-development}; vite build --config vite.cjs.config.ts --mode $NODE_ENV",
+		"typecheck": "tsc --project tsconfig.types.json",
+		"test:unit": "NODE_ENV=${NODE_ENV:-test}; TEST_TYPE=unit npx vitest run --config ./vite.test.config.ts",
+		"test:integration": "NODE_ENV=${NODE_ENV:-test}; NX_PARALLEL=1 TEST_TYPE=integration npx vitest run --config ./vite.test.config.ts",
+		"test": "npm run test:unit && npm run test:integration"
 	},
 	"dependencies": {
-		"@prosopo/api-route": "2.6.9",
-		"@prosopo/common": "3.1.1",
-		"@prosopo/types": "3.0.5",
-		"@prosopo/util": "3.0.4",
-		"axios": "1.10.0",
-		"esbuild": "0.25.6",
+		"@prosopo/api": "3.1.24",
+		"@prosopo/api-route": "2.6.28",
+		"@prosopo/common": "3.1.20",
+		"@prosopo/redis-client": "1.0.5",
+		"@prosopo/types": "3.5.3",
+		"@prosopo/util": "3.1.5",
+		"@redis/search": "5.0.0",
+		"dotenv": "16.4.5",
 		"ip-address": "10.0.1",
 		"redis": "5.0.0",
-		"zod": "3.23.8",
-		"@prosopo/config": "3.1.2",
-		"webpack-dev-server": "5.2.2"
+		"zod": "3.23.8"
 	},
 	"devDependencies": {
+		"@prosopo/config": "3.1.20",
+		"@prosopo/util-crypto": "13.5.22",
+		"@types/node": "22.10.2",
 		"vite": "6.3.5",
 		"vitest": "3.0.9",
 		"yargs": "17.7.2"