@prosopo/user-access-policy 3.4.0 → 3.5.19

package/CHANGELOG.md

@@ -1,5 +1,247 @@
 # @prosopo/user-access-policy
 
+## 3.5.19
+### Patch Changes
+
+  - @prosopo/api@3.1.24
+  - @prosopo/api-route@2.6.28
+  - @prosopo/common@3.1.20
+  - @prosopo/redis-client@1.0.5
+  - @prosopo/types@3.5.3
+  - @prosopo/util@3.1.5
+
+## 3.5.18
+### Patch Changes
+
+- 5659b24: Release 3.4.4
+- Updated dependencies [f912439]
+- Updated dependencies [5659b24]
+  - @prosopo/common@3.1.19
+  - @prosopo/redis-client@1.0.4
+  - @prosopo/api-route@2.6.27
+  - @prosopo/types@3.5.2
+  - @prosopo/util@3.1.4
+  - @prosopo/api@3.1.23
+
+## 3.5.17
+### Patch Changes
+
+- 50c4120: Release 3.4.3
+- Updated dependencies [52cd544]
+- Updated dependencies [b117ba3]
+- Updated dependencies [50c4120]
+  - @prosopo/types@3.5.1
+  - @prosopo/redis-client@1.0.3
+  - @prosopo/api-route@2.6.26
+  - @prosopo/common@3.1.18
+  - @prosopo/util@3.1.3
+  - @prosopo/api@3.1.22
+
+## 3.5.16
+### Patch Changes
+
+- 618703f: Release 3.4.2
+- Updated dependencies [618703f]
+- Updated dependencies [e20ad6b]
+  - @prosopo/redis-client@1.0.2
+  - @prosopo/api-route@2.6.25
+  - @prosopo/common@3.1.17
+  - @prosopo/types@3.5.0
+  - @prosopo/util@3.1.2
+  - @prosopo/api@3.1.21
+
+## 3.5.15
+### Patch Changes
+
+- 11303d9: feat/pluggable-redis
+- 11303d9: Release 3.4.0
+- 18cb28b: Release 3.4.1
+- 11303d9: feat/pluggable-redis
+- Updated dependencies [11303d9]
+- Updated dependencies [11303d9]
+- Updated dependencies [18cb28b]
+- Updated dependencies [11303d9]
+  - @prosopo/redis-client@1.0.1
+  - @prosopo/api-route@2.6.24
+  - @prosopo/common@3.1.16
+  - @prosopo/types@3.4.1
+  - @prosopo/util@3.1.1
+  - @prosopo/api@3.1.20
+
+## 3.5.14
+### Patch Changes
+
+- f3f7aec: Release 3.4.0
+- Updated dependencies [f3f7aec]
+- Updated dependencies [6768f14]
+  - @prosopo/api-route@2.6.23
+  - @prosopo/common@3.1.15
+  - @prosopo/types@3.4.0
+  - @prosopo/util@3.1.0
+  - @prosopo/config@3.1.15
+
+## 3.5.13
+### Patch Changes
+
+- Release 3.3.1
+- 0824221: Release 3.2.4
+- Updated dependencies [97edf3f]
+- Updated dependencies
+- Updated dependencies [0824221]
+  - @prosopo/types@3.3.0
+  - @prosopo/api-route@2.6.22
+  - @prosopo/common@3.1.14
+  - @prosopo/util@3.0.17
+  - @prosopo/config@3.1.14
+
+## 3.5.12
+### Patch Changes
+
+- 008d112: Release 3.3.0
+- Updated dependencies [509be28]
+- Updated dependencies [008d112]
+  - @prosopo/types@3.2.1
+  - @prosopo/api-route@2.6.21
+  - @prosopo/common@3.1.13
+  - @prosopo/util@3.0.16
+  - @prosopo/config@3.1.13
+
+## 3.5.11
+### Patch Changes
+
+- 0824221: Release 3.2.4
+- Updated dependencies [cf48565]
+- Updated dependencies [0824221]
+  - @prosopo/types@3.2.0
+  - @prosopo/api-route@2.6.20
+  - @prosopo/common@3.1.12
+  - @prosopo/util@3.0.15
+  - @prosopo/config@3.1.12
+
+## 3.5.10
+### Patch Changes
+
+- 1a23649: Release 3.2.3
+- Updated dependencies [0d1a33e]
+- Updated dependencies [0d1a33e]
+- Updated dependencies [1a23649]
+  - @prosopo/types@3.1.4
+  - @prosopo/api-route@2.6.19
+  - @prosopo/common@3.1.11
+  - @prosopo/util@3.0.14
+  - @prosopo/config@3.1.11
+
+## 3.5.9
+### Patch Changes
+
+- 657a827: Release 3.2.2
+- Updated dependencies [657a827]
+  - @prosopo/api-route@2.6.18
+  - @prosopo/common@3.1.10
+  - @prosopo/types@3.1.3
+  - @prosopo/util@3.0.13
+  - @prosopo/config@3.1.10
+
+## 3.5.8
+### Patch Changes
+
+- 4440947: fix type-only tsc compilation
+- 7bdaca6: Release 3.2.1
+- Updated dependencies [4440947]
+- Updated dependencies [7bdaca6]
+- Updated dependencies [809b984]
+- Updated dependencies [1249ce0]
+- Updated dependencies [809b984]
+  - @prosopo/api-route@2.6.17
+  - @prosopo/common@3.1.9
+  - @prosopo/types@3.1.2
+  - @prosopo/util@3.0.12
+  - @prosopo/config@3.1.9
+
+## 3.5.7
+### Patch Changes
+
+- 6fe8570: Release 3.2.0
+- Updated dependencies [1f980c4]
+- Updated dependencies [6fe8570]
+  - @prosopo/types@3.1.1
+  - @prosopo/api-route@2.6.16
+  - @prosopo/common@3.1.8
+  - @prosopo/util@3.0.11
+  - @prosopo/config@3.1.8
+
+## 3.5.6
+### Patch Changes
+
+- f304be9: Release 3.1.13
+- Updated dependencies [f304be9]
+- Updated dependencies [8bdc7f0]
+  - @prosopo/api-route@2.6.15
+  - @prosopo/common@3.1.7
+  - @prosopo/types@3.1.0
+  - @prosopo/util@3.0.10
+  - @prosopo/config@3.1.7
+
+## 3.5.5
+### Patch Changes
+
+- a07db04: Release 3.1.12
+- Updated dependencies [9eed772]
+- Updated dependencies [ebb0168]
+  - @prosopo/config@3.1.6
+  - @prosopo/util@3.0.9
+  - @prosopo/api-route@2.6.14
+  - @prosopo/common@3.1.6
+  - @prosopo/types@3.0.10
+
+## 3.5.4
+### Patch Changes
+
+- 553025d: Index
+
+## 3.5.3
+### Patch Changes
+
+- 6960643: lint detect missing and unneccessary imports
+- Updated dependencies [6960643]
+  - @prosopo/api-route@2.6.13
+  - @prosopo/common@3.1.5
+  - @prosopo/types@3.0.9
+  - @prosopo/util@3.0.8
+
+## 3.5.2
+### Patch Changes
+
+- Updated dependencies [30e7d4d]
+  - @prosopo/config@3.1.5
+  - @prosopo/api-route@2.6.12
+  - @prosopo/common@3.1.4
+  - @prosopo/types@3.0.8
+  - @prosopo/util@3.0.7
+
+## 3.5.1
+### Patch Changes
+
+- 1f3a02f: Release 3.1.8
+
+## 3.5.0
+### Minor Changes
+
+- e0628d9: Make sure rules don't leak between IPs
+
+## 3.4.1
+### Patch Changes
+
+- a49b538: Extra tests
+- e090e2f: More tests
+- Updated dependencies [44ffda2]
+- Updated dependencies [a49b538]
+  - @prosopo/config@3.1.4
+  - @prosopo/common@3.1.3
+  - @prosopo/api-route@2.6.11
+  - @prosopo/types@3.0.7
+  - @prosopo/util@3.0.6
+
 ## 3.4.0
 ### Minor Changes
 

package/dist/api/accessRulesApiClient.js

@@ -0,0 +1,38 @@
+import { ApiClient } from "@prosopo/api";
+import { accessRuleApiPaths } from "./accessRuleApiRoutes.js";
+class AccessRulesApiClient extends ApiClient {
+  insertMany(toInsert, timestamp, signature) {
+    return this.post(accessRuleApiPaths.INSERT_MANY, toInsert, {
+      headers: {
+        "Prosopo-Site-Key": this.account,
+        timestamp,
+        signature
+      }
+    });
+  }
+  deleteMany(toDelete, timestamp, signature) {
+    return this.post(accessRuleApiPaths.DELETE_MANY, toDelete, {
+      headers: {
+        "Prosopo-Site-Key": this.account,
+        timestamp,
+        signature
+      }
+    });
+  }
+  deleteAll(timestamp, signature) {
+    return this.post(
+      accessRuleApiPaths.DELETE_ALL,
+      {},
+      {
+        headers: {
+          "Prosopo-Site-Key": this.account,
+          timestamp,
+          signature
+        }
+      }
+    );
+  }
+}
+export {
+  AccessRulesApiClient
+};

package/dist/cjs/api/accessRulesApiClient.cjs

@@ -0,0 +1,38 @@
+"use strict";
+Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
+const api = require("@prosopo/api");
+const accessRuleApiRoutes = require("./accessRuleApiRoutes.cjs");
+class AccessRulesApiClient extends api.ApiClient {
+  insertMany(toInsert, timestamp, signature) {
+    return this.post(accessRuleApiRoutes.accessRuleApiPaths.INSERT_MANY, toInsert, {
+      headers: {
+        "Prosopo-Site-Key": this.account,
+        timestamp,
+        signature
+      }
+    });
+  }
+  deleteMany(toDelete, timestamp, signature) {
+    return this.post(accessRuleApiRoutes.accessRuleApiPaths.DELETE_MANY, toDelete, {
+      headers: {
+        "Prosopo-Site-Key": this.account,
+        timestamp,
+        signature
+      }
+    });
+  }
+  deleteAll(timestamp, signature) {
+    return this.post(
+      accessRuleApiRoutes.accessRuleApiPaths.DELETE_ALL,
+      {},
+      {
+        headers: {
+          "Prosopo-Site-Key": this.account,
+          timestamp,
+          signature
+        }
+      }
+    );
+  }
+}
+exports.AccessRulesApiClient = AccessRulesApiClient;

package/dist/cjs/index.cjs

@@ -2,12 +2,14 @@
 Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
 const accessPolicy = require("./accessPolicy.cjs");
 const accessPolicyResolver = require("./accessPolicyResolver.cjs");
+const accessRules = require("./accessRules.cjs");
 const accessRuleApiRoutes = require("./api/accessRuleApiRoutes.cjs");
 const deleteAllRulesEndpoint = require("./api/deleteAllRulesEndpoint.cjs");
 const deleteRulesEndpoint = require("./api/deleteRulesEndpoint.cjs");
 const insertRulesEndpoint = require("./api/insertRulesEndpoint.cjs");
-const redisAccessRules = require("./redis/redisAccessRules.cjs");
-const redisAccessRulesIndex = require("./redis/redisAccessRulesIndex.cjs");
+const redisRulesStorage = require("./redis/redisRulesStorage.cjs");
+const redisRulesIndex = require("./redis/redisRulesIndex.cjs");
+const accessRulesApiClient = require("./api/accessRulesApiClient.cjs");
 const createApiRuleRoutesProvider = (rulesStorage) => {
   return new accessRuleApiRoutes.AccessRuleApiRoutes(rulesStorage);
 };
@@ -17,11 +19,13 @@ exports.accessRuleSchemaExtended = accessPolicy.accessRuleSchemaExtended;
 exports.policyScopeSchema = accessPolicy.policyScopeSchema;
 exports.userScopeInputSchema = accessPolicy.userScopeInputSchema;
 exports.ScopeMatch = accessPolicyResolver.ScopeMatch;
+exports.accessRuleSchema = accessRules.accessRuleSchema;
 exports.accessRuleApiPaths = accessRuleApiRoutes.accessRuleApiPaths;
 exports.getExpressApiRuleRateLimits = accessRuleApiRoutes.getExpressApiRuleRateLimits;
 exports.deleteAllRulesEndpointSchema = deleteAllRulesEndpoint.deleteAllRulesEndpointSchema;
 exports.deleteRulesEndpointSchema = deleteRulesEndpoint.deleteRulesEndpointSchema;
 exports.insertRulesEndpointSchema = insertRulesEndpoint.insertRulesEndpointSchema;
-exports.createRedisAccessRulesStorage = redisAccessRules.createRedisAccessRulesStorage;
-exports.createRedisAccessRulesIndex = redisAccessRulesIndex.createRedisAccessRulesIndex;
+exports.createRedisAccessRulesStorage = redisRulesStorage.createRedisAccessRulesStorage;
+exports.redisAccessRulesIndex = redisRulesIndex.redisAccessRulesIndex;
+exports.AccessRulesApiClient = accessRulesApiClient.AccessRulesApiClient;
 exports.createApiRuleRoutesProvider = createApiRuleRoutesProvider;

package/dist/cjs/redis/{redisAccessRulesIndex.cjs → redisRulesIndex.cjs}

@@ -1,15 +1,12 @@
 "use strict";
 Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
-const crypto = require("node:crypto");
 const search = require("@redis/search");
+const accessPolicy = require("../accessPolicy.cjs");
 const accessPolicyResolver = require("../accessPolicyResolver.cjs");
-const redisIndex = require("./redisIndex.cjs");
-const accessRulesRedisIndexName = "index:user-access-rules";
-const accessRuleRedisKeyPrefix = "uar:";
-const accessRuleContentHashAlgorithm = "md5";
-const DEFAULT_SEARCH_LIMIT = 1e3;
-const accessRulesIndex = {
-  name: accessRulesRedisIndexName,
+const redisRulesIndexName = "index:user-access-rules";
+const redisRuleKeyPrefix = "uar:";
+const redisAccessRulesIndex = {
+  name: redisRulesIndexName,
   /**
    * Note on the field type decision
    *
@@ -24,8 +21,8 @@ const accessRulesIndex = {
       // necessary to make possible use of the ismissing() function on this field in the search
       INDEXMISSING: true
     },
-    numericIpMaskMin: search.SCHEMA_FIELD_TYPE.NUMERIC,
-    numericIpMaskMax: search.SCHEMA_FIELD_TYPE.NUMERIC,
+    numericIpMaskMin: { type: search.SCHEMA_FIELD_TYPE.NUMERIC, INDEXMISSING: true },
+    numericIpMaskMax: { type: search.SCHEMA_FIELD_TYPE.NUMERIC, INDEXMISSING: true },
     userId: { type: search.SCHEMA_FIELD_TYPE.TAG, INDEXMISSING: true },
     numericIp: { type: search.SCHEMA_FIELD_TYPE.NUMERIC, INDEXMISSING: true },
     ja4Hash: { type: search.SCHEMA_FIELD_TYPE.TAG, INDEXMISSING: true },
@@ -35,43 +32,53 @@ const accessRulesIndex = {
   // the satisfy statement is to guarantee that the keys are right
   options: {
     ON: "HASH",
-    PREFIX: [accessRuleRedisKeyPrefix]
+    PREFIX: [redisRuleKeyPrefix]
   }
 };
-const createRedisAccessRulesIndex = async (client, indexName) => {
-  if (indexName) {
-    accessRulesIndex.name = indexName;
-  }
-  return redisIndex.createRedisIndex(client, accessRulesIndex);
-};
 const numericIndexFields = [
   "numericIp",
   "numericIpMaskMin",
   "numericIpMaskMax"
 ];
 const greedyFieldComparisons = {
-  numericIp: (value) => `( @numericIp:[${value}] | ( @numericIpMaskMin:[-inf ${value}] @numericIpMaskMax:[${value} +inf] ) )`
+  numericIp: (value, scope) => {
+    if (value !== void 0) {
+      return `( @numericIp:[${value}] | ( @numericIpMaskMin:[-inf ${value}] @numericIpMaskMax:[${value} +inf] ) )`;
+    }
+    if (scope.numericIpMaskMin === void 0 && scope.numericIpMaskMax === void 0) {
+      return "ismissing(@numericIp) ismissing(@numericIpMaskMin) ismissing(@numericIpMaskMax)";
+    }
+    return "";
+  },
+  numericIpMaskMin: (value, scope) => {
+    if (scope.numericIp !== void 0) {
+      return "";
+    }
+    return value !== void 0 ? `@numericIpMaskMin:[-inf ${value}]` : "ismissing(@numericIpMaskMin)";
+  },
+  numericIpMaskMax: (value, scope) => {
+    if (scope.numericIp !== void 0) {
+      return "";
+    }
+    return value !== void 0 ? `@numericIpMaskMax:[${value} +inf]` : "ismissing(@numericIpMaskMax)";
+  }
 };
-const accessRulesRedisSearchOptions = {
+const redisRulesSearchOptions = {
   // #2 is a required option when the 'ismissing()' function is in the query body
   DIALECT: 2
 };
-const accessRulesRedisDeleteOptions = {
-  // #2 is a required option when the 'ismissing()' function is in the query body
-  DIALECT: 2,
-  LIMIT: {
-    from: 0,
-    size: DEFAULT_SEARCH_LIMIT
-  }
-};
-const getRedisAccessRulesQuery = (filter) => {
+const getRedisRulesQuery = (filter, matchingFieldsOnly) => {
   const { policyScope, userScope } = filter;
   const policyScopeFilter = getPolicyScopeQuery(
     policyScope,
     filter.policyScopeMatch
   );
   if (userScope && Object.keys(userScope).length > 0) {
-    const userScopeFilter = getUserScopeQuery(userScope, filter.userScopeMatch);
+    const userScopeFilter = getUserScopeQuery(
+      userScope,
+      filter.userScopeMatch,
+      matchingFieldsOnly
+    );
     return `${policyScopeFilter} ( ${userScopeFilter} )`;
   }
   return policyScopeFilter ? policyScopeFilter : "*";
@@ -83,7 +90,7 @@ const getPolicyScopeQuery = (policyScope, scopeMatchType) => {
   }
   return accessPolicyResolver.ScopeMatch.Exact === scopeMatchType ? "ismissing(@clientId)" : "";
 };
-const getUserScopeQuery = (userScope, scopeMatchType) => {
+const getUserScopeQuery = (userScope, scopeMatchType, matchingFieldsOnly) => {
   let scopeEntries = Object.entries(userScope);
   let scopeJoinType = " ";
   if (scopeMatchType === accessPolicyResolver.ScopeMatch.Greedy) {
@@ -92,39 +99,40 @@ const getUserScopeQuery = (userScope, scopeMatchType) => {
     );
     scopeJoinType = " | ";
   }
+  if (matchingFieldsOnly) {
+    const scopeMap = new Map(scopeEntries);
+    if (scopeMap.has("numericIp") && scopeMap.get("numericIp") === void 0) {
+      scopeMap.set("numericIpMaskMin", void 0);
+      scopeMap.set("numericIpMaskMax", void 0);
+    }
+    for (const name of Object.keys(accessPolicy.userScopeSchema.shape)) {
+      if (!scopeMap.has(name)) {
+        scopeMap.set(name, void 0);
+      }
+    }
+    scopeEntries = [...scopeMap.entries()];
+  }
+  const scopeObj = Object.fromEntries(scopeEntries);
   return scopeEntries.map(
-    ([scopeFieldName, scopeFieldValue]) => getUserScopeFieldQuery(scopeFieldName, scopeFieldValue, scopeMatchType)
-  ).join(scopeJoinType);
+    ([scopeFieldName, scopeFieldValue]) => getUserScopeFieldQuery(
+      scopeFieldName,
+      scopeFieldValue,
+      scopeMatchType,
+      scopeObj
+    )
+  ).filter(Boolean).join(scopeJoinType);
 };
-const getUserScopeFieldQuery = (fieldName, fieldValue, matchType) => {
-  if (
-    //ScopeMatch.Greedy === matchType &&
-    "function" === typeof greedyFieldComparisons[fieldName]
-  ) {
-    return greedyFieldComparisons[fieldName](fieldValue);
+const getUserScopeFieldQuery = (fieldName, fieldValue, matchType, fullScope) => {
+  if ("function" === typeof greedyFieldComparisons[fieldName]) {
+    return greedyFieldComparisons[fieldName](fieldValue, fullScope);
   }
   if (fieldValue === void 0) {
     return `ismissing(@${fieldName})`;
   }
   return numericIndexFields.includes(fieldName) ? `@${fieldName}:[${fieldValue}]` : `@${fieldName}:{${fieldValue}}`;
 };
-const getRedisAccessRuleKey = (rule) => accessRuleRedisKeyPrefix + crypto.createHash(accessRuleContentHashAlgorithm).update(
-  JSON.stringify(
-    rule,
-    (key, value) => (
-      // JSON.stringify can't handle BigInt itself: throws "Do not know how to serialize a BigInt"
-      "bigint" === typeof value ? value.toString() : value
-    )
-  )
-).digest("hex");
-const getRedisAccessRuleValue = (rule) => Object.fromEntries(
-  Object.entries(rule).map(([key, value]) => [key, String(value)])
-);
-exports.accessRuleRedisKeyPrefix = accessRuleRedisKeyPrefix;
-exports.accessRulesRedisDeleteOptions = accessRulesRedisDeleteOptions;
-exports.accessRulesRedisIndexName = accessRulesRedisIndexName;
-exports.accessRulesRedisSearchOptions = accessRulesRedisSearchOptions;
-exports.createRedisAccessRulesIndex = createRedisAccessRulesIndex;
-exports.getRedisAccessRuleKey = getRedisAccessRuleKey;
-exports.getRedisAccessRuleValue = getRedisAccessRuleValue;
-exports.getRedisAccessRulesQuery = getRedisAccessRulesQuery;
+exports.getRedisRulesQuery = getRedisRulesQuery;
+exports.redisAccessRulesIndex = redisAccessRulesIndex;
+exports.redisRuleKeyPrefix = redisRuleKeyPrefix;
+exports.redisRulesIndexName = redisRulesIndexName;
+exports.redisRulesSearchOptions = redisRulesSearchOptions;

package/dist/cjs/redis/{redisAccessRules.cjs → redisRulesReader.cjs}

@@ -2,7 +2,7 @@
 Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
 const util = require("node:util");
 const accessRules = require("../accessRules.cjs");
-const redisAccessRulesIndex = require("./redisAccessRulesIndex.cjs");
+const redisRulesIndex = require("./redisRulesIndex.cjs");
 function _interopNamespaceDefault(e) {
   const n = Object.create(null, { [Symbol.toStringTag]: { value: "Module" } });
   if (e) {
@@ -20,19 +20,19 @@ function _interopNamespaceDefault(e) {
   return Object.freeze(n);
 }
 const util__namespace = /* @__PURE__ */ _interopNamespaceDefault(util);
-const createRedisAccessRulesReader = (client, logger) => {
+const createRedisRulesReader = (client, logger) => {
   return {
-    findRules: async (filter, skipEmptyUserScopes = true) => {
-      const query = redisAccessRulesIndex.getRedisAccessRulesQuery(filter);
+    findRules: async (filter, matchingFieldsOnly = false, skipEmptyUserScopes = true) => {
+      const query = redisRulesIndex.getRedisRulesQuery(filter, matchingFieldsOnly);
       if (skipEmptyUserScopes && query === "ismissing(@clientId)") {
         return [];
       }
       let searchReply;
       try {
         searchReply = await client.ft.search(
-          redisAccessRulesIndex.accessRulesRedisIndexName,
+          redisRulesIndex.redisRulesIndexName,
           query,
-          redisAccessRulesIndex.accessRulesRedisSearchOptions
+          redisRulesIndex.redisRulesSearchOptions
         );
         if (searchReply.total > 0) {
           logger.debug(() => ({
@@ -67,16 +67,16 @@ const createRedisAccessRulesReader = (client, logger) => {
         }));
         return [];
       }
-      return extractAccessRulesFromSearchReply(searchReply, logger);
+      return extractRulesFromSearchReply(searchReply, logger);
     },
-    findRuleIds: async (filter) => {
-      const query = redisAccessRulesIndex.getRedisAccessRulesQuery(filter);
+    findRuleIds: async (filter, matchingFieldsOnly = false) => {
+      const query = redisRulesIndex.getRedisRulesQuery(filter, matchingFieldsOnly);
       let searchReply;
       try {
         searchReply = await client.ft.searchNoContent(
-          redisAccessRulesIndex.accessRulesRedisIndexName,
+          redisRulesIndex.redisRulesIndexName,
           query,
-          redisAccessRulesIndex.accessRulesRedisSearchOptions
+          redisRulesIndex.redisRulesSearchOptions
         );
       } catch (e) {
         logger.error(() => ({
@@ -100,38 +100,29 @@ const createRedisAccessRulesReader = (client, logger) => {
     }
   };
 };
-const createRedisAccessRulesWriter = (client) => {
+const getDummyRedisRulesReader = (logger) => {
   return {
-    insertRule: async (rule, expirationTimestamp) => {
-      const ruleKey = redisAccessRulesIndex.getRedisAccessRuleKey(rule);
-      const ruleValue = redisAccessRulesIndex.getRedisAccessRuleValue(rule);
-      await client.hSet(ruleKey, ruleValue);
-      if (expirationTimestamp) {
-        const expiryDate = new Date(expirationTimestamp);
-        if (expiryDate.getUTCFullYear() === 1970) {
-          await client.expireAt(ruleKey, expirationTimestamp);
-        } else {
-          const timestampInSeconds = Math.floor(expirationTimestamp / 1e3);
-          await client.expireAt(ruleKey, timestampInSeconds);
+    findRules: async (filter, matchingFieldsOnly = false, skipEmptyUserScopes = true) => {
+      logger.info(() => ({
+        msg: "Dummy findRules() has no effect (redis is not ready)",
+        data: {
+          filter
         }
-      }
-      return ruleKey;
+      }));
+      return [];
     },
-    deleteRules: async (ruleIds) => void await client.del(ruleIds),
-    deleteAllRules: async () => {
-      const keys = await client.keys(`${redisAccessRulesIndex.accessRuleRedisKeyPrefix}*`);
-      if (keys.length === 0) return 0;
-      return await client.del(keys);
+    findRuleIds: async (filter, matchingFieldsOnly = false) => {
+      logger.info(() => ({
+        msg: "Dummy findRuleIds() has no effect (redis is not ready)",
+        data: {
+          filter
+        }
+      }));
+      return [];
     }
   };
 };
-const createRedisAccessRulesStorage = (client, logger) => {
-  return {
-    ...createRedisAccessRulesReader(client, logger),
-    ...createRedisAccessRulesWriter(client)
-  };
-};
-const extractAccessRulesFromSearchReply = (searchReply, logger) => {
+const extractRulesFromSearchReply = (searchReply, logger) => {
   const accessRules$1 = [];
   searchReply.documents.map(({ id, value: document }) => {
     const parsedDocument = accessRules.accessRuleSchema.safeParse(document);
@@ -147,6 +138,5 @@ const extractAccessRulesFromSearchReply = (searchReply, logger) => {
   });
   return accessRules$1;
 };
-exports.createRedisAccessRulesReader = createRedisAccessRulesReader;
-exports.createRedisAccessRulesStorage = createRedisAccessRulesStorage;
-exports.createRedisAccessRulesWriter = createRedisAccessRulesWriter;
+exports.createRedisRulesReader = createRedisRulesReader;
+exports.getDummyRedisRulesReader = getDummyRedisRulesReader;

package/dist/cjs/redis/redisRulesStorage.cjs

@@ -0,0 +1,21 @@
+"use strict";
+Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
+const redisRulesReader = require("./redisRulesReader.cjs");
+const redisRulesWriter = require("./redisRulesWriter.cjs");
+const createRedisAccessRulesStorage = (connection, logger) => {
+  const storage = {
+    ...redisRulesReader.getDummyRedisRulesReader(logger),
+    ...redisRulesWriter.getDummyRedisRulesWriter(logger)
+  };
+  connection.getClient().then((client) => {
+    Object.assign(storage, {
+      ...redisRulesReader.createRedisRulesReader(client, logger),
+      ...redisRulesWriter.createRedisRulesWriter(client)
+    });
+    logger.info(() => ({
+      msg: "RedisAccessRules storage got a ready Redis client"
+    }));
+  });
+  return storage;
+};
+exports.createRedisAccessRulesStorage = createRedisAccessRulesStorage;

package/dist/cjs/redis/redisRulesWriter.cjs

@@ -0,0 +1,73 @@
+"use strict";
+Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
+const crypto = require("node:crypto");
+const redisRulesIndex = require("./redisRulesIndex.cjs");
+const redisRuleContentHashAlgorithm = "md5";
+const createRedisRulesWriter = (client) => {
+  return {
+    insertRule: async (rule, expirationTimestamp) => {
+      const ruleKey = getRedisRuleKey(rule);
+      const ruleValue = getRedisRuleValue(rule);
+      await client.hSet(ruleKey, ruleValue);
+      if (expirationTimestamp) {
+        const expiryDate = new Date(expirationTimestamp);
+        if (expiryDate.getUTCFullYear() === 1970) {
+          await client.expireAt(ruleKey, expirationTimestamp);
+        } else {
+          const timestampInSeconds = Math.floor(expirationTimestamp / 1e3);
+          await client.expireAt(ruleKey, timestampInSeconds);
+        }
+      }
+      return ruleKey;
+    },
+    deleteRules: async (ruleIds) => void await client.del(ruleIds),
+    deleteAllRules: async () => {
+      const keys = await client.keys(`${redisRulesIndex.redisRuleKeyPrefix}*`);
+      if (keys.length === 0) return 0;
+      return await client.del(keys);
+    }
+  };
+};
+const getDummyRedisRulesWriter = (logger) => {
+  return {
+    insertRule: async (rule, expirationTimestamp) => {
+      logger.info(() => ({
+        msg: "Dummy insertRule() has no effect (redis is not ready)",
+        data: {
+          rule
+        }
+      }));
+      return "";
+    },
+    deleteRules: async (ruleIds) => {
+      logger.info(() => ({
+        msg: "Dummy deleteRules() has no effect (redis is not ready)",
+        data: {
+          ruleIds
+        }
+      }));
+    },
+    deleteAllRules: async () => {
+      logger.info(() => ({
+        msg: "Dummy deleteAllRules() has no effect (redis is not ready)"
+      }));
+      return 0;
+    }
+  };
+};
+const getRedisRuleKey = (rule) => redisRulesIndex.redisRuleKeyPrefix + crypto.createHash(redisRuleContentHashAlgorithm).update(
+  JSON.stringify(
+    rule,
+    (key, value) => (
+      // JSON.stringify can't handle BigInt itself: throws "Do not know how to serialize a BigInt"
+      "bigint" === typeof value ? value.toString() : value
+    )
+  )
+).digest("hex");
+const getRedisRuleValue = (rule) => Object.fromEntries(
+  Object.entries(rule).map(([key, value]) => [key, String(value)])
+);
+exports.createRedisRulesWriter = createRedisRulesWriter;
+exports.getDummyRedisRulesWriter = getDummyRedisRulesWriter;
+exports.getRedisRuleKey = getRedisRuleKey;
+exports.getRedisRuleValue = getRedisRuleValue;

package/dist/index.js

@@ -1,28 +1,32 @@
 import { AccessPolicyType, accessPolicySchema, accessRuleSchemaExtended, policyScopeSchema, userScopeInputSchema } from "./accessPolicy.js";
 import { ScopeMatch } from "./accessPolicyResolver.js";
+import { accessRuleSchema } from "./accessRules.js";
 import { AccessRuleApiRoutes } from "./api/accessRuleApiRoutes.js";
 import { accessRuleApiPaths, getExpressApiRuleRateLimits } from "./api/accessRuleApiRoutes.js";
 import { deleteAllRulesEndpointSchema } from "./api/deleteAllRulesEndpoint.js";
 import { deleteRulesEndpointSchema } from "./api/deleteRulesEndpoint.js";
 import { insertRulesEndpointSchema } from "./api/insertRulesEndpoint.js";
-import { createRedisAccessRulesStorage } from "./redis/redisAccessRules.js";
-import { createRedisAccessRulesIndex } from "./redis/redisAccessRulesIndex.js";
+import { createRedisAccessRulesStorage } from "./redis/redisRulesStorage.js";
+import { redisAccessRulesIndex } from "./redis/redisRulesIndex.js";
+import { AccessRulesApiClient } from "./api/accessRulesApiClient.js";
 const createApiRuleRoutesProvider = (rulesStorage) => {
   return new AccessRuleApiRoutes(rulesStorage);
 };
 export {
   AccessPolicyType,
+  AccessRulesApiClient,
   ScopeMatch,
   accessPolicySchema,
   accessRuleApiPaths,
+  accessRuleSchema,
   accessRuleSchemaExtended,
   createApiRuleRoutesProvider,
-  createRedisAccessRulesIndex,
   createRedisAccessRulesStorage,
   deleteAllRulesEndpointSchema,
   deleteRulesEndpointSchema,
   getExpressApiRuleRateLimits,
   insertRulesEndpointSchema,
   policyScopeSchema,
+  redisAccessRulesIndex,
   userScopeInputSchema
 };

package/dist/redis/{redisAccessRulesIndex.js → redisRulesIndex.js}

@@ -1,13 +1,10 @@
-import crypto from "node:crypto";
 import { SCHEMA_FIELD_TYPE } from "@redis/search";
+import { userScopeSchema } from "../accessPolicy.js";
 import { ScopeMatch } from "../accessPolicyResolver.js";
-import { createRedisIndex } from "./redisIndex.js";
-const accessRulesRedisIndexName = "index:user-access-rules";
-const accessRuleRedisKeyPrefix = "uar:";
-const accessRuleContentHashAlgorithm = "md5";
-const DEFAULT_SEARCH_LIMIT = 1e3;
-const accessRulesIndex = {
-  name: accessRulesRedisIndexName,
+const redisRulesIndexName = "index:user-access-rules";
+const redisRuleKeyPrefix = "uar:";
+const redisAccessRulesIndex = {
+  name: redisRulesIndexName,
   /**
    * Note on the field type decision
    *
@@ -22,8 +19,8 @@ const accessRulesIndex = {
       // necessary to make possible use of the ismissing() function on this field in the search
       INDEXMISSING: true
     },
-    numericIpMaskMin: SCHEMA_FIELD_TYPE.NUMERIC,
-    numericIpMaskMax: SCHEMA_FIELD_TYPE.NUMERIC,
+    numericIpMaskMin: { type: SCHEMA_FIELD_TYPE.NUMERIC, INDEXMISSING: true },
+    numericIpMaskMax: { type: SCHEMA_FIELD_TYPE.NUMERIC, INDEXMISSING: true },
     userId: { type: SCHEMA_FIELD_TYPE.TAG, INDEXMISSING: true },
     numericIp: { type: SCHEMA_FIELD_TYPE.NUMERIC, INDEXMISSING: true },
     ja4Hash: { type: SCHEMA_FIELD_TYPE.TAG, INDEXMISSING: true },
@@ -33,43 +30,53 @@ const accessRulesIndex = {
   // the satisfy statement is to guarantee that the keys are right
   options: {
     ON: "HASH",
-    PREFIX: [accessRuleRedisKeyPrefix]
+    PREFIX: [redisRuleKeyPrefix]
   }
 };
-const createRedisAccessRulesIndex = async (client, indexName) => {
-  if (indexName) {
-    accessRulesIndex.name = indexName;
-  }
-  return createRedisIndex(client, accessRulesIndex);
-};
 const numericIndexFields = [
   "numericIp",
   "numericIpMaskMin",
   "numericIpMaskMax"
 ];
 const greedyFieldComparisons = {
-  numericIp: (value) => `( @numericIp:[${value}] | ( @numericIpMaskMin:[-inf ${value}] @numericIpMaskMax:[${value} +inf] ) )`
+  numericIp: (value, scope) => {
+    if (value !== void 0) {
+      return `( @numericIp:[${value}] | ( @numericIpMaskMin:[-inf ${value}] @numericIpMaskMax:[${value} +inf] ) )`;
+    }
+    if (scope.numericIpMaskMin === void 0 && scope.numericIpMaskMax === void 0) {
+      return "ismissing(@numericIp) ismissing(@numericIpMaskMin) ismissing(@numericIpMaskMax)";
+    }
+    return "";
+  },
+  numericIpMaskMin: (value, scope) => {
+    if (scope.numericIp !== void 0) {
+      return "";
+    }
+    return value !== void 0 ? `@numericIpMaskMin:[-inf ${value}]` : "ismissing(@numericIpMaskMin)";
+  },
+  numericIpMaskMax: (value, scope) => {
+    if (scope.numericIp !== void 0) {
+      return "";
+    }
+    return value !== void 0 ? `@numericIpMaskMax:[${value} +inf]` : "ismissing(@numericIpMaskMax)";
+  }
 };
-const accessRulesRedisSearchOptions = {
+const redisRulesSearchOptions = {
   // #2 is a required option when the 'ismissing()' function is in the query body
   DIALECT: 2
 };
-const accessRulesRedisDeleteOptions = {
-  // #2 is a required option when the 'ismissing()' function is in the query body
-  DIALECT: 2,
-  LIMIT: {
-    from: 0,
-    size: DEFAULT_SEARCH_LIMIT
-  }
-};
-const getRedisAccessRulesQuery = (filter) => {
+const getRedisRulesQuery = (filter, matchingFieldsOnly) => {
   const { policyScope, userScope } = filter;
   const policyScopeFilter = getPolicyScopeQuery(
     policyScope,
     filter.policyScopeMatch
   );
   if (userScope && Object.keys(userScope).length > 0) {
-    const userScopeFilter = getUserScopeQuery(userScope, filter.userScopeMatch);
+    const userScopeFilter = getUserScopeQuery(
+      userScope,
+      filter.userScopeMatch,
+      matchingFieldsOnly
+    );
     return `${policyScopeFilter} ( ${userScopeFilter} )`;
   }
   return policyScopeFilter ? policyScopeFilter : "*";
@@ -81,7 +88,7 @@ const getPolicyScopeQuery = (policyScope, scopeMatchType) => {
   }
   return ScopeMatch.Exact === scopeMatchType ? "ismissing(@clientId)" : "";
 };
-const getUserScopeQuery = (userScope, scopeMatchType) => {
+const getUserScopeQuery = (userScope, scopeMatchType, matchingFieldsOnly) => {
   let scopeEntries = Object.entries(userScope);
   let scopeJoinType = " ";
   if (scopeMatchType === ScopeMatch.Greedy) {
@@ -90,41 +97,42 @@ const getUserScopeQuery = (userScope, scopeMatchType) => {
     );
     scopeJoinType = " | ";
   }
+  if (matchingFieldsOnly) {
+    const scopeMap = new Map(scopeEntries);
+    if (scopeMap.has("numericIp") && scopeMap.get("numericIp") === void 0) {
+      scopeMap.set("numericIpMaskMin", void 0);
+      scopeMap.set("numericIpMaskMax", void 0);
+    }
+    for (const name of Object.keys(userScopeSchema.shape)) {
+      if (!scopeMap.has(name)) {
+        scopeMap.set(name, void 0);
+      }
+    }
+    scopeEntries = [...scopeMap.entries()];
+  }
+  const scopeObj = Object.fromEntries(scopeEntries);
   return scopeEntries.map(
-    ([scopeFieldName, scopeFieldValue]) => getUserScopeFieldQuery(scopeFieldName, scopeFieldValue, scopeMatchType)
-  ).join(scopeJoinType);
+    ([scopeFieldName, scopeFieldValue]) => getUserScopeFieldQuery(
+      scopeFieldName,
+      scopeFieldValue,
+      scopeMatchType,
+      scopeObj
+    )
+  ).filter(Boolean).join(scopeJoinType);
 };
-const getUserScopeFieldQuery = (fieldName, fieldValue, matchType) => {
-  if (
-    //ScopeMatch.Greedy === matchType &&
-    "function" === typeof greedyFieldComparisons[fieldName]
-  ) {
-    return greedyFieldComparisons[fieldName](fieldValue);
+const getUserScopeFieldQuery = (fieldName, fieldValue, matchType, fullScope) => {
+  if ("function" === typeof greedyFieldComparisons[fieldName]) {
+    return greedyFieldComparisons[fieldName](fieldValue, fullScope);
   }
   if (fieldValue === void 0) {
     return `ismissing(@${fieldName})`;
   }
   return numericIndexFields.includes(fieldName) ? `@${fieldName}:[${fieldValue}]` : `@${fieldName}:{${fieldValue}}`;
 };
-const getRedisAccessRuleKey = (rule) => accessRuleRedisKeyPrefix + crypto.createHash(accessRuleContentHashAlgorithm).update(
-  JSON.stringify(
-    rule,
-    (key, value) => (
-      // JSON.stringify can't handle BigInt itself: throws "Do not know how to serialize a BigInt"
-      "bigint" === typeof value ? value.toString() : value
-    )
-  )
-).digest("hex");
-const getRedisAccessRuleValue = (rule) => Object.fromEntries(
-  Object.entries(rule).map(([key, value]) => [key, String(value)])
-);
 export {
-  accessRuleRedisKeyPrefix,
-  accessRulesRedisDeleteOptions,
-  accessRulesRedisIndexName,
-  accessRulesRedisSearchOptions,
-  createRedisAccessRulesIndex,
-  getRedisAccessRuleKey,
-  getRedisAccessRuleValue,
-  getRedisAccessRulesQuery
+  getRedisRulesQuery,
+  redisAccessRulesIndex,
+  redisRuleKeyPrefix,
+  redisRulesIndexName,
+  redisRulesSearchOptions
 };

package/dist/redis/{redisAccessRules.js → redisRulesReader.js}

@@ -1,19 +1,19 @@
 import * as util from "node:util";
 import { accessRuleSchema } from "../accessRules.js";
-import { getRedisAccessRulesQuery, accessRulesRedisIndexName, accessRulesRedisSearchOptions, accessRuleRedisKeyPrefix, getRedisAccessRuleKey, getRedisAccessRuleValue } from "./redisAccessRulesIndex.js";
-const createRedisAccessRulesReader = (client, logger) => {
+import { getRedisRulesQuery, redisRulesIndexName, redisRulesSearchOptions } from "./redisRulesIndex.js";
+const createRedisRulesReader = (client, logger) => {
   return {
-    findRules: async (filter, skipEmptyUserScopes = true) => {
-      const query = getRedisAccessRulesQuery(filter);
+    findRules: async (filter, matchingFieldsOnly = false, skipEmptyUserScopes = true) => {
+      const query = getRedisRulesQuery(filter, matchingFieldsOnly);
       if (skipEmptyUserScopes && query === "ismissing(@clientId)") {
         return [];
       }
       let searchReply;
       try {
         searchReply = await client.ft.search(
-          accessRulesRedisIndexName,
+          redisRulesIndexName,
           query,
-          accessRulesRedisSearchOptions
+          redisRulesSearchOptions
         );
         if (searchReply.total > 0) {
           logger.debug(() => ({
@@ -48,16 +48,16 @@ const createRedisAccessRulesReader = (client, logger) => {
         }));
         return [];
       }
-      return extractAccessRulesFromSearchReply(searchReply, logger);
+      return extractRulesFromSearchReply(searchReply, logger);
     },
-    findRuleIds: async (filter) => {
-      const query = getRedisAccessRulesQuery(filter);
+    findRuleIds: async (filter, matchingFieldsOnly = false) => {
+      const query = getRedisRulesQuery(filter, matchingFieldsOnly);
       let searchReply;
       try {
         searchReply = await client.ft.searchNoContent(
-          accessRulesRedisIndexName,
+          redisRulesIndexName,
           query,
-          accessRulesRedisSearchOptions
+          redisRulesSearchOptions
         );
       } catch (e) {
         logger.error(() => ({
@@ -81,38 +81,29 @@ const createRedisAccessRulesReader = (client, logger) => {
     }
   };
 };
-const createRedisAccessRulesWriter = (client) => {
+const getDummyRedisRulesReader = (logger) => {
   return {
-    insertRule: async (rule, expirationTimestamp) => {
-      const ruleKey = getRedisAccessRuleKey(rule);
-      const ruleValue = getRedisAccessRuleValue(rule);
-      await client.hSet(ruleKey, ruleValue);
-      if (expirationTimestamp) {
-        const expiryDate = new Date(expirationTimestamp);
-        if (expiryDate.getUTCFullYear() === 1970) {
-          await client.expireAt(ruleKey, expirationTimestamp);
-        } else {
-          const timestampInSeconds = Math.floor(expirationTimestamp / 1e3);
-          await client.expireAt(ruleKey, timestampInSeconds);
+    findRules: async (filter, matchingFieldsOnly = false, skipEmptyUserScopes = true) => {
+      logger.info(() => ({
+        msg: "Dummy findRules() has no effect (redis is not ready)",
+        data: {
+          filter
         }
-      }
-      return ruleKey;
+      }));
+      return [];
     },
-    deleteRules: async (ruleIds) => void await client.del(ruleIds),
-    deleteAllRules: async () => {
-      const keys = await client.keys(`${accessRuleRedisKeyPrefix}*`);
-      if (keys.length === 0) return 0;
-      return await client.del(keys);
+    findRuleIds: async (filter, matchingFieldsOnly = false) => {
+      logger.info(() => ({
+        msg: "Dummy findRuleIds() has no effect (redis is not ready)",
+        data: {
+          filter
+        }
+      }));
+      return [];
     }
   };
 };
-const createRedisAccessRulesStorage = (client, logger) => {
-  return {
-    ...createRedisAccessRulesReader(client, logger),
-    ...createRedisAccessRulesWriter(client)
-  };
-};
-const extractAccessRulesFromSearchReply = (searchReply, logger) => {
+const extractRulesFromSearchReply = (searchReply, logger) => {
   const accessRules = [];
   searchReply.documents.map(({ id, value: document }) => {
     const parsedDocument = accessRuleSchema.safeParse(document);
@@ -129,7 +120,6 @@ const extractAccessRulesFromSearchReply = (searchReply, logger) => {
   return accessRules;
 };
 export {
-  createRedisAccessRulesReader,
-  createRedisAccessRulesStorage,
-  createRedisAccessRulesWriter
+  createRedisRulesReader,
+  getDummyRedisRulesReader
 };

package/dist/redis/redisRulesStorage.js

@@ -0,0 +1,21 @@
+import { getDummyRedisRulesReader, createRedisRulesReader } from "./redisRulesReader.js";
+import { getDummyRedisRulesWriter, createRedisRulesWriter } from "./redisRulesWriter.js";
+const createRedisAccessRulesStorage = (connection, logger) => {
+  const storage = {
+    ...getDummyRedisRulesReader(logger),
+    ...getDummyRedisRulesWriter(logger)
+  };
+  connection.getClient().then((client) => {
+    Object.assign(storage, {
+      ...createRedisRulesReader(client, logger),
+      ...createRedisRulesWriter(client)
+    });
+    logger.info(() => ({
+      msg: "RedisAccessRules storage got a ready Redis client"
+    }));
+  });
+  return storage;
+};
+export {
+  createRedisAccessRulesStorage
+};

package/dist/redis/redisRulesWriter.js

@@ -0,0 +1,73 @@
+import crypto from "node:crypto";
+import { redisRuleKeyPrefix } from "./redisRulesIndex.js";
+const redisRuleContentHashAlgorithm = "md5";
+const createRedisRulesWriter = (client) => {
+  return {
+    insertRule: async (rule, expirationTimestamp) => {
+      const ruleKey = getRedisRuleKey(rule);
+      const ruleValue = getRedisRuleValue(rule);
+      await client.hSet(ruleKey, ruleValue);
+      if (expirationTimestamp) {
+        const expiryDate = new Date(expirationTimestamp);
+        if (expiryDate.getUTCFullYear() === 1970) {
+          await client.expireAt(ruleKey, expirationTimestamp);
+        } else {
+          const timestampInSeconds = Math.floor(expirationTimestamp / 1e3);
+          await client.expireAt(ruleKey, timestampInSeconds);
+        }
+      }
+      return ruleKey;
+    },
+    deleteRules: async (ruleIds) => void await client.del(ruleIds),
+    deleteAllRules: async () => {
+      const keys = await client.keys(`${redisRuleKeyPrefix}*`);
+      if (keys.length === 0) return 0;
+      return await client.del(keys);
+    }
+  };
+};
+const getDummyRedisRulesWriter = (logger) => {
+  return {
+    insertRule: async (rule, expirationTimestamp) => {
+      logger.info(() => ({
+        msg: "Dummy insertRule() has no effect (redis is not ready)",
+        data: {
+          rule
+        }
+      }));
+      return "";
+    },
+    deleteRules: async (ruleIds) => {
+      logger.info(() => ({
+        msg: "Dummy deleteRules() has no effect (redis is not ready)",
+        data: {
+          ruleIds
+        }
+      }));
+    },
+    deleteAllRules: async () => {
+      logger.info(() => ({
+        msg: "Dummy deleteAllRules() has no effect (redis is not ready)"
+      }));
+      return 0;
+    }
+  };
+};
+const getRedisRuleKey = (rule) => redisRuleKeyPrefix + crypto.createHash(redisRuleContentHashAlgorithm).update(
+  JSON.stringify(
+    rule,
+    (key, value) => (
+      // JSON.stringify can't handle BigInt itself: throws "Do not know how to serialize a BigInt"
+      "bigint" === typeof value ? value.toString() : value
+    )
+  )
+).digest("hex");
+const getRedisRuleValue = (rule) => Object.fromEntries(
+  Object.entries(rule).map(([key, value]) => [key, String(value)])
+);
+export {
+  createRedisRulesWriter,
+  getDummyRedisRulesWriter,
+  getRedisRuleKey,
+  getRedisRuleValue
+};

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@prosopo/user-access-policy",
-	"version": "3.4.0",
+	"version": "3.5.19",
 	"main": "dist/index.js",
 	"types": "dist/index.d.ts",
 	"type": "module",
@@ -23,23 +23,28 @@
 		"build": "NODE_ENV=${NODE_ENV:-development}; vite build --config vite.esm.config.ts --mode $NODE_ENV",
 		"build:tsc": "tsc --build --verbose",
 		"build:cjs": "NODE_ENV=${NODE_ENV:-development}; vite build --config vite.cjs.config.ts --mode $NODE_ENV",
-		"typecheck": "tsc --build --declaration --emitDeclarationOnly",
-		"test": "NODE_ENV=${NODE_ENV:-test}; npx vitest run --config ./vite.test.config.ts"
+		"typecheck": "tsc --project tsconfig.types.json",
+		"test:unit": "NODE_ENV=${NODE_ENV:-test}; TEST_TYPE=unit npx vitest run --config ./vite.test.config.ts",
+		"test:integration": "NODE_ENV=${NODE_ENV:-test}; NX_PARALLEL=1 TEST_TYPE=integration npx vitest run --config ./vite.test.config.ts",
+		"test": "npm run test:unit && npm run test:integration"
 	},
 	"dependencies": {
-		"@prosopo/api-route": "2.6.10",
-		"@prosopo/common": "3.1.2",
-		"@prosopo/types": "3.0.6",
-		"@prosopo/util": "3.0.5",
-		"axios": "1.10.0",
-		"esbuild": "0.25.6",
+		"@prosopo/api": "3.1.24",
+		"@prosopo/api-route": "2.6.28",
+		"@prosopo/common": "3.1.20",
+		"@prosopo/redis-client": "1.0.5",
+		"@prosopo/types": "3.5.3",
+		"@prosopo/util": "3.1.5",
+		"@redis/search": "5.0.0",
+		"dotenv": "16.4.5",
 		"ip-address": "10.0.1",
 		"redis": "5.0.0",
-		"zod": "3.23.8",
-		"@prosopo/config": "3.1.3",
-		"webpack-dev-server": "5.2.2"
+		"zod": "3.23.8"
 	},
 	"devDependencies": {
+		"@prosopo/config": "3.1.20",
+		"@prosopo/util-crypto": "13.5.22",
+		"@types/node": "22.10.2",
 		"vite": "6.3.5",
 		"vitest": "3.0.9",
 		"yargs": "17.7.2"

package/dist/cjs/redis/redisIndex.cjs

@@ -1,22 +0,0 @@
-"use strict";
-Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
-const crypto = require("node:crypto");
-const redisIndexHashesRecordKey = "_index_hashes";
-const redisIndexHashAlgorithm = "sha256";
-const createRedisIndex = async (client, index) => {
-  const indexHash = createIndexHash(index);
-  const existingIndexes = await client.ft._LIST();
-  if (existingIndexes.includes(index.name)) {
-    const existingIndexHash = await fetchIndexHash(client, index.name);
-    if (indexHash === existingIndexHash) {
-      return;
-    }
-    await client.ft.dropIndex(index.name);
-  }
-  await client.ft.create(index.name, index.schema, index.options);
-  await saveIndexHash(client, index.name, indexHash);
-};
-const createIndexHash = (index) => crypto.createHash(redisIndexHashAlgorithm).update(JSON.stringify(index)).digest("hex");
-const fetchIndexHash = async (client, indexName) => client.hGet(redisIndexHashesRecordKey, indexName);
-const saveIndexHash = async (client, indexName, indexHash) => client.hSet(redisIndexHashesRecordKey, indexName, indexHash);
-exports.createRedisIndex = createRedisIndex;

package/dist/redis/redisIndex.js

@@ -1,22 +0,0 @@
-import crypto from "node:crypto";
-const redisIndexHashesRecordKey = "_index_hashes";
-const redisIndexHashAlgorithm = "sha256";
-const createRedisIndex = async (client, index) => {
-  const indexHash = createIndexHash(index);
-  const existingIndexes = await client.ft._LIST();
-  if (existingIndexes.includes(index.name)) {
-    const existingIndexHash = await fetchIndexHash(client, index.name);
-    if (indexHash === existingIndexHash) {
-      return;
-    }
-    await client.ft.dropIndex(index.name);
-  }
-  await client.ft.create(index.name, index.schema, index.options);
-  await saveIndexHash(client, index.name, indexHash);
-};
-const createIndexHash = (index) => crypto.createHash(redisIndexHashAlgorithm).update(JSON.stringify(index)).digest("hex");
-const fetchIndexHash = async (client, indexName) => client.hGet(redisIndexHashesRecordKey, indexName);
-const saveIndexHash = async (client, indexName, indexHash) => client.hSet(redisIndexHashesRecordKey, indexName, indexHash);
-export {
-  createRedisIndex
-};