@prosopo/user-access-policy 3.4.0 → 3.5.27

package/dist/cjs/redis/reader/redisAggregate.cjs

@@ -0,0 +1,60 @@
+"use strict";
+Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
+const zod = require("zod");
+const redisRulesQuery = require("./redisRulesQuery.cjs");
+const redisClient = require("../redisClient.cjs");
+const redisRuleIndex = require("../redisRuleIndex.cjs");
+const aggregateRedisKeys = async (client, query, logger, batchHandler) => {
+  const keyField = "__key";
+  const recordSchema = zod.z.object({
+    // it's a reserved name for the record key
+    [keyField]: zod.z.string()
+  });
+  const foundKeys = [];
+  const addRecordKeys = async (records) => {
+    const parsedRecords = redisClient.parseRedisRecords(records, recordSchema, logger);
+    const recordKeys = parsedRecords.map((record) => record[keyField]);
+    if (batchHandler) {
+      await batchHandler(recordKeys);
+    } else {
+      foundKeys.push(...recordKeys);
+      logger.debug(() => ({
+        msg: "Processed aggregation batch",
+        data: {
+          size: recordKeys.length
+        }
+      }));
+    }
+  };
+  await executeAggregation(
+    client,
+    query,
+    {
+      // #2 is a required option when the 'ismissing()' function is in the query body
+      DIALECT: redisRulesQuery.REDIS_QUERY_DIALECT,
+      COUNT: redisClient.REDIS_BATCH_SIZE,
+      LOAD: `@${keyField}`
+    },
+    addRecordKeys
+  );
+  return foundKeys;
+};
+const executeAggregation = async (client, query, aggregateOptions, handleBatch) => {
+  const initialReply = await client.ft.aggregateWithCursor(
+    redisRuleIndex.ACCESS_RULES_REDIS_INDEX_NAME,
+    query,
+    aggregateOptions
+  );
+  await handleBatch(initialReply.results);
+  let cursor = initialReply.cursor;
+  while (0 !== cursor) {
+    const batchReply = await client.ft.cursorRead(
+      redisRuleIndex.ACCESS_RULES_REDIS_INDEX_NAME,
+      cursor,
+      { COUNT: aggregateOptions.COUNT }
+    );
+    await handleBatch(batchReply.results);
+    cursor = batchReply.cursor;
+  }
+};
+exports.aggregateRedisKeys = aggregateRedisKeys;

package/dist/cjs/redis/reader/redisRulesQuery.cjs

@@ -0,0 +1,99 @@
+"use strict";
+Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
+const userScopeInput = require("../../ruleInput/userScopeInput.cjs");
+const rulesStorage = require("../../rulesStorage.cjs");
+const REDIS_QUERY_DIALECT = 2;
+const userIpQueries = {
+  numericIp: (value, scope) => {
+    if (void 0 !== value) {
+      return `( @numericIp:[${value} ${value}] | ( @numericIpMaskMin:[-inf ${value}] @numericIpMaskMax:[${value} +inf] ) )`;
+    }
+    if (scope.numericIpMaskMin === void 0 && scope.numericIpMaskMax === void 0) {
+      return "ismissing(@numericIp) ismissing(@numericIpMaskMin) ismissing(@numericIpMaskMax)";
+    }
+    return "";
+  },
+  numericIpMaskMin: (value, scope) => {
+    if (scope.numericIp !== void 0) {
+      return "";
+    }
+    return value !== void 0 ? `@numericIpMaskMin:[-inf ${value}]` : "ismissing(@numericIpMaskMin)";
+  },
+  numericIpMaskMax: (value, scope) => {
+    if (scope.numericIp !== void 0) {
+      return "";
+    }
+    return value !== void 0 ? `@numericIpMaskMax:[${value} +inf]` : "ismissing(@numericIpMaskMax)";
+  }
+};
+const getUserScopeQuery = (userScope, FilterScopeMatchType, matchingFieldsOnly) => {
+  let scopeEntries = Object.entries(userScope);
+  let scopeJoinType = " ";
+  if (FilterScopeMatchType === rulesStorage.FilterScopeMatch.Greedy) {
+    scopeEntries = scopeEntries.filter(
+      ([_, value]) => value !== void 0
+    );
+    scopeJoinType = " | ";
+  }
+  if (matchingFieldsOnly) {
+    const scopeMap = new Map(scopeEntries);
+    if (scopeMap.has("numericIp") && scopeMap.get("numericIp") === void 0) {
+      scopeMap.set("numericIpMaskMin", void 0);
+      scopeMap.set("numericIpMaskMax", void 0);
+    }
+    for (const name of Object.keys(userScopeInput.userScopeSchema.shape)) {
+      if (!scopeMap.has(name)) {
+        scopeMap.set(name, void 0);
+      }
+    }
+    scopeEntries = [...scopeMap.entries()];
+  }
+  const scopeObj = Object.fromEntries(scopeEntries);
+  return scopeEntries.map(
+    ([scopeFieldName, scopeFieldValue]) => getUserScopeFieldQuery(
+      scopeFieldName,
+      scopeFieldValue,
+      FilterScopeMatchType,
+      scopeObj
+    )
+  ).filter(Boolean).join(scopeJoinType);
+};
+const getUserScopeFieldQuery = (fieldName, fieldValue, scopeMatch, fullScope) => {
+  if (fieldName in userIpQueries) {
+    const queryBuilder = userIpQueries[fieldName];
+    return queryBuilder(fieldValue, fullScope);
+  }
+  return void 0 === fieldValue ? `ismissing(@${fieldName})` : `@${fieldName}:{${fieldValue}}`;
+};
+const getPolicyScopeQuery = (policyScope, scopeMatch) => {
+  const clientId = policyScope?.clientId;
+  if ("string" === typeof clientId) {
+    return rulesStorage.FilterScopeMatch.Exact === scopeMatch ? `@clientId:{${clientId}}` : `( @clientId:{${clientId}} | ismissing(@clientId) )`;
+  }
+  return rulesStorage.FilterScopeMatch.Exact === scopeMatch ? "ismissing(@clientId)" : "";
+};
+const getRulesRedisQuery = (filter, matchingFieldsOnly) => {
+  const { policyScope, userScope } = filter;
+  const queryParts = [];
+  if (filter.groupId) {
+    queryParts.push(`@groupId:{${filter.groupId}}`);
+  }
+  const policyScopeQuery = getPolicyScopeQuery(
+    policyScope,
+    filter.policyScopeMatch
+  );
+  if (policyScopeQuery) {
+    queryParts.push(policyScopeQuery);
+  }
+  if (userScope && Object.keys(userScope).length > 0) {
+    const userScopeFilter = getUserScopeQuery(
+      userScope,
+      filter.userScopeMatch,
+      matchingFieldsOnly
+    );
+    queryParts.push(`( ${userScopeFilter} )`);
+  }
+  return queryParts.length > 0 ? queryParts.join(" ") : "*";
+};
+exports.REDIS_QUERY_DIALECT = REDIS_QUERY_DIALECT;
+exports.getRulesRedisQuery = getRulesRedisQuery;

package/dist/cjs/redis/reader/redisRulesReader.cjs

@@ -0,0 +1,230 @@
+"use strict";
+Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
+const util = require("node:util");
+const common = require("@prosopo/common");
+const redisRulesQuery = require("./redisRulesQuery.cjs");
+const redisClient = require("../redisClient.cjs");
+const redisRuleIndex = require("../redisRuleIndex.cjs");
+const ruleInput = require("../../ruleInput/ruleInput.cjs");
+const redisAggregate = require("./redisAggregate.cjs");
+function _interopNamespaceDefault(e) {
+  const n = Object.create(null, { [Symbol.toStringTag]: { value: "Module" } });
+  if (e) {
+    for (const k in e) {
+      if (k !== "default") {
+        const d = Object.getOwnPropertyDescriptor(e, k);
+        Object.defineProperty(n, k, d.get ? d : {
+          enumerable: true,
+          get: () => e[k]
+        });
+      }
+    }
+  }
+  n.default = e;
+  return Object.freeze(n);
+}
+const util__namespace = /* @__PURE__ */ _interopNamespaceDefault(util);
+class RedisRulesReader {
+  constructor(client, logger) {
+    this.client = client;
+    this.logger = logger;
+  }
+  async getMissingRuleIds(ruleIds) {
+    const ruleKeys = this.getRuleKeys(ruleIds);
+    const keyBatches = common.chunkIntoBatches(ruleKeys, redisClient.REDIS_BATCH_SIZE);
+    const missingKeyBatches = await common.executeBatchesSequentially(
+      keyBatches,
+      async (keysBatch) => redisClient.getMissingRedisKeys(this.client, keysBatch)
+    );
+    return missingKeyBatches.flat().map((ruleKey) => ruleKey.slice(redisRuleIndex.ACCESS_RULE_REDIS_KEY_PREFIX.length));
+  }
+  async fetchRules(ruleIds) {
+    const ruleKeys = this.getRuleKeys(ruleIds);
+    const keyBatches = common.chunkIntoBatches(ruleKeys, redisClient.REDIS_BATCH_SIZE);
+    const entryBatches = await common.executeBatchesSequentially(
+      keyBatches,
+      (keysBatch) => this.fetchRuleEntries(keysBatch)
+    );
+    return entryBatches.flat();
+  }
+  async findRules(filter, matchingFieldsOnly = false, skipEmptyUserScopes = true) {
+    const query = redisRulesQuery.getRulesRedisQuery(filter, matchingFieldsOnly);
+    if (skipEmptyUserScopes && query === "ismissing(@clientId)") {
+      return [];
+    }
+    let searchReply;
+    try {
+      searchReply = await this.client.ft.search(
+        redisRuleIndex.ACCESS_RULES_REDIS_INDEX_NAME,
+        query,
+        {
+          DIALECT: redisRulesQuery.REDIS_QUERY_DIALECT,
+          // FT.search doesn't support "unlimited" selects
+          LIMIT: {
+            from: 0,
+            size: redisClient.REDIS_BATCH_SIZE
+          }
+        }
+      );
+      if (searchReply.total > 0) {
+        this.logger.debug(() => ({
+          msg: "Executed search query",
+          data: {
+            inspect: util__namespace.inspect(
+              {
+                filter,
+                searchReply,
+                query
+              },
+              { depth: null }
+            )
+          }
+        }));
+      }
+    } catch (e) {
+      this.logger.error(() => ({
+        err: e,
+        data: {
+          inspect: util__namespace.inspect(
+            {
+              query,
+              filter
+            },
+            {
+              depth: null
+            }
+          )
+        },
+        msg: "failed to execute search query"
+      }));
+      return [];
+    }
+    const records = searchReply.documents.map(({ value }) => value);
+    return redisClient.parseRedisRecords(records, ruleInput.accessRuleInput, this.logger);
+  }
+  async findRuleIds(filter, matchingFieldsOnly = false) {
+    const query = redisRulesQuery.getRulesRedisQuery(filter, matchingFieldsOnly);
+    let ruleIds = [];
+    try {
+      const ruleKeys = await redisAggregate.aggregateRedisKeys(
+        this.client,
+        query,
+        this.logger
+      );
+      ruleIds = ruleKeys.map(
+        (ruleKey) => ruleKey.slice(redisRuleIndex.ACCESS_RULE_REDIS_KEY_PREFIX.length)
+      );
+    } catch (e) {
+      this.logger.error(() => ({
+        err: e,
+        data: {
+          inspect: util__namespace.inspect(
+            {
+              query,
+              filter
+            },
+            {
+              depth: null
+            }
+          )
+        },
+        msg: "Failed to execute search query for rule IDs"
+      }));
+      return [];
+    }
+    this.logger.debug(() => ({
+      msg: "Executed search query for rule IDs",
+      data: {
+        query,
+        foundCount: ruleIds.length,
+        foundIds: ruleIds
+      }
+    }));
+    return ruleIds;
+  }
+  async fetchAllRuleIds(batchHandler) {
+    const keysBatchHandler = async (keys) => {
+      const ids = keys.map(
+        (ruleKey) => ruleKey.slice(redisRuleIndex.ACCESS_RULE_REDIS_KEY_PREFIX.length)
+      );
+      await batchHandler(ids);
+    };
+    await redisAggregate.aggregateRedisKeys(this.client, "*", this.logger, keysBatchHandler);
+  }
+  async fetchRuleEntries(keys) {
+    const { records, expirations } = await redisClient.fetchRedisHashRecords(
+      this.client,
+      keys,
+      this.logger
+    );
+    const entries = [];
+    for (const [index, ruleData] of records.entries()) {
+      const isRulePresent = Object.keys(ruleData).length > 0;
+      if (isRulePresent) {
+        const rule = redisClient.parseRedisRecords(
+          [ruleData],
+          ruleInput.accessRuleInput,
+          this.logger
+        )[0];
+        if (rule) {
+          entries.push({
+            rule,
+            expiresUnixTimestamp: expirations[index]
+          });
+        }
+      }
+    }
+    return entries;
+  }
+  getRuleKeys(ruleIds) {
+    return ruleIds.map((id) => `${redisRuleIndex.ACCESS_RULE_REDIS_KEY_PREFIX}${id}`);
+  }
+}
+class DummyRedisRulesReader {
+  constructor(logger) {
+    this.logger = logger;
+  }
+  async getMissingRuleIds(ruleIds) {
+    this.logger.info(() => ({
+      msg: "Dummy getMissingRuleIds() has no effect (redis is not ready)",
+      data: {
+        ruleIds
+      }
+    }));
+    return [];
+  }
+  async fetchRules(ruleIds) {
+    this.logger.info(() => ({
+      msg: "Dummy fetchRule() has no effect (redis is not ready)",
+      data: {
+        ruleIds
+      }
+    }));
+    return [];
+  }
+  async findRules(filter, matchingFieldsOnly = false, skipEmptyUserScopes = true) {
+    this.logger.info(() => ({
+      msg: "Dummy findRules() has no effect (redis is not ready)",
+      data: {
+        filter
+      }
+    }));
+    return [];
+  }
+  async findRuleIds(filter, matchingFieldsOnly = false) {
+    this.logger.info(() => ({
+      msg: "Dummy findRuleIds() has no effect (redis is not ready)",
+      data: {
+        filter
+      }
+    }));
+    return [];
+  }
+  async fetchAllRuleIds(batchHandler) {
+    this.logger.info(() => ({
+      msg: "Dummy fetchAllRuleIds() has no effect (redis is not ready)"
+    }));
+  }
+}
+exports.DummyRedisRulesReader = DummyRedisRulesReader;
+exports.RedisRulesReader = RedisRulesReader;

package/dist/cjs/redis/redisAccessRules.cjs

@@ -22,8 +22,8 @@ function _interopNamespaceDefault(e) {
 const util__namespace = /* @__PURE__ */ _interopNamespaceDefault(util);
 const createRedisAccessRulesReader = (client, logger) => {
   return {
-    findRules: async (filter, skipEmptyUserScopes = true) => {
-      const query = redisAccessRulesIndex.getRedisAccessRulesQuery(filter);
+    findRules: async (filter, matchingFieldsOnly = false, skipEmptyUserScopes = true) => {
+      const query = redisAccessRulesIndex.getRedisAccessRulesQuery(filter, matchingFieldsOnly);
       if (skipEmptyUserScopes && query === "ismissing(@clientId)") {
         return [];
       }
@@ -69,8 +69,8 @@ const createRedisAccessRulesReader = (client, logger) => {
       }
       return extractAccessRulesFromSearchReply(searchReply, logger);
     },
-    findRuleIds: async (filter) => {
-      const query = redisAccessRulesIndex.getRedisAccessRulesQuery(filter);
+    findRuleIds: async (filter, matchingFieldsOnly = false) => {
+      const query = redisAccessRulesIndex.getRedisAccessRulesQuery(filter, matchingFieldsOnly);
       let searchReply;
       try {
         searchReply = await client.ft.searchNoContent(

package/dist/cjs/redis/redisAccessRulesIndex.cjs

@@ -2,6 +2,7 @@
 Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
 const crypto = require("node:crypto");
 const search = require("@redis/search");
+const accessPolicy = require("../accessPolicy.cjs");
 const accessPolicyResolver = require("../accessPolicyResolver.cjs");
 const redisIndex = require("./redisIndex.cjs");
 const accessRulesRedisIndexName = "index:user-access-rules";
@@ -24,8 +25,8 @@ const accessRulesIndex = {
       // necessary to make possible use of the ismissing() function on this field in the search
       INDEXMISSING: true
     },
-    numericIpMaskMin: search.SCHEMA_FIELD_TYPE.NUMERIC,
-    numericIpMaskMax: search.SCHEMA_FIELD_TYPE.NUMERIC,
+    numericIpMaskMin: { type: search.SCHEMA_FIELD_TYPE.NUMERIC, INDEXMISSING: true },
+    numericIpMaskMax: { type: search.SCHEMA_FIELD_TYPE.NUMERIC, INDEXMISSING: true },
     userId: { type: search.SCHEMA_FIELD_TYPE.TAG, INDEXMISSING: true },
     numericIp: { type: search.SCHEMA_FIELD_TYPE.NUMERIC, INDEXMISSING: true },
     ja4Hash: { type: search.SCHEMA_FIELD_TYPE.TAG, INDEXMISSING: true },
@@ -50,7 +51,27 @@ const numericIndexFields = [
   "numericIpMaskMax"
 ];
 const greedyFieldComparisons = {
-  numericIp: (value) => `( @numericIp:[${value}] | ( @numericIpMaskMin:[-inf ${value}] @numericIpMaskMax:[${value} +inf] ) )`
+  numericIp: (value, scope) => {
+    if (value !== void 0) {
+      return `( @numericIp:[${value}] | ( @numericIpMaskMin:[-inf ${value}] @numericIpMaskMax:[${value} +inf] ) )`;
+    }
+    if (scope.numericIpMaskMin === void 0 && scope.numericIpMaskMax === void 0) {
+      return "ismissing(@numericIp) ismissing(@numericIpMaskMin) ismissing(@numericIpMaskMax)";
+    }
+    return "";
+  },
+  numericIpMaskMin: (value, scope) => {
+    if (scope.numericIp !== void 0) {
+      return "";
+    }
+    return value !== void 0 ? `@numericIpMaskMin:[-inf ${value}]` : "ismissing(@numericIpMaskMin)";
+  },
+  numericIpMaskMax: (value, scope) => {
+    if (scope.numericIp !== void 0) {
+      return "";
+    }
+    return value !== void 0 ? `@numericIpMaskMax:[${value} +inf]` : "ismissing(@numericIpMaskMax)";
+  }
 };
 const accessRulesRedisSearchOptions = {
   // #2 is a required option when the 'ismissing()' function is in the query body
@@ -64,14 +85,18 @@ const accessRulesRedisDeleteOptions = {
     size: DEFAULT_SEARCH_LIMIT
   }
 };
-const getRedisAccessRulesQuery = (filter) => {
+const getRedisAccessRulesQuery = (filter, matchingFieldsOnly) => {
   const { policyScope, userScope } = filter;
   const policyScopeFilter = getPolicyScopeQuery(
     policyScope,
     filter.policyScopeMatch
   );
   if (userScope && Object.keys(userScope).length > 0) {
-    const userScopeFilter = getUserScopeQuery(userScope, filter.userScopeMatch);
+    const userScopeFilter = getUserScopeQuery(
+      userScope,
+      filter.userScopeMatch,
+      matchingFieldsOnly
+    );
     return `${policyScopeFilter} ( ${userScopeFilter} )`;
   }
   return policyScopeFilter ? policyScopeFilter : "*";
@@ -83,7 +108,7 @@ const getPolicyScopeQuery = (policyScope, scopeMatchType) => {
   }
   return accessPolicyResolver.ScopeMatch.Exact === scopeMatchType ? "ismissing(@clientId)" : "";
 };
-const getUserScopeQuery = (userScope, scopeMatchType) => {
+const getUserScopeQuery = (userScope, scopeMatchType, matchingFieldsOnly) => {
   let scopeEntries = Object.entries(userScope);
   let scopeJoinType = " ";
   if (scopeMatchType === accessPolicyResolver.ScopeMatch.Greedy) {
@@ -92,16 +117,32 @@ const getUserScopeQuery = (userScope, scopeMatchType) => {
     );
     scopeJoinType = " | ";
   }
+  if (matchingFieldsOnly) {
+    const scopeMap = new Map(scopeEntries);
+    if (scopeMap.has("numericIp") && scopeMap.get("numericIp") === void 0) {
+      scopeMap.set("numericIpMaskMin", void 0);
+      scopeMap.set("numericIpMaskMax", void 0);
+    }
+    for (const name of Object.keys(accessPolicy.userScopeSchema.shape)) {
+      if (!scopeMap.has(name)) {
+        scopeMap.set(name, void 0);
+      }
+    }
+    scopeEntries = [...scopeMap.entries()];
+  }
+  const scopeObj = Object.fromEntries(scopeEntries);
   return scopeEntries.map(
-    ([scopeFieldName, scopeFieldValue]) => getUserScopeFieldQuery(scopeFieldName, scopeFieldValue, scopeMatchType)
-  ).join(scopeJoinType);
+    ([scopeFieldName, scopeFieldValue]) => getUserScopeFieldQuery(
+      scopeFieldName,
+      scopeFieldValue,
+      scopeMatchType,
+      scopeObj
+    )
+  ).filter(Boolean).join(scopeJoinType);
 };
-const getUserScopeFieldQuery = (fieldName, fieldValue, matchType) => {
-  if (
-    //ScopeMatch.Greedy === matchType &&
-    "function" === typeof greedyFieldComparisons[fieldName]
-  ) {
-    return greedyFieldComparisons[fieldName](fieldValue);
+const getUserScopeFieldQuery = (fieldName, fieldValue, matchType, fullScope) => {
+  if ("function" === typeof greedyFieldComparisons[fieldName]) {
+    return greedyFieldComparisons[fieldName](fieldValue, fullScope);
   }
   if (fieldValue === void 0) {
     return `ismissing(@${fieldName})`;

package/dist/cjs/redis/redisClient.cjs

@@ -0,0 +1,67 @@
+"use strict";
+Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
+const zod = require("zod");
+const REDIS_BATCH_SIZE = 1e3;
+const getMissingRedisKeys = async (client, keys) => {
+  const queries = client.multi();
+  keys.map((key) => {
+    queries.exists(key);
+  });
+  const records = await queries.exec();
+  const missingKeys = [];
+  records.map((exists, recordIndex) => {
+    if ("0" === String(exists)) {
+      const key = keys[recordIndex];
+      if (key) {
+        missingKeys.push(key);
+      }
+    }
+  });
+  return missingKeys;
+};
+const fetchRedisHashRecords = async (client, keys, logger) => {
+  const rulesPipe = client.multi();
+  const expirationPipe = client.multi();
+  for (const key of keys) {
+    rulesPipe.hGetAll(key);
+    expirationPipe.expireTime(key);
+  }
+  const records = await rulesPipe.exec();
+  const expirationRecords = await expirationPipe.exec();
+  return {
+    records,
+    expirations: parseExpirationRecords(expirationRecords, logger)
+  };
+};
+const parseRedisRecords = (records, recordSchema, logger) => records.flatMap((record) => {
+  const parseResult = recordSchema.safeParse(record);
+  if (parseResult.success) {
+    return [parseResult.data];
+  }
+  logger.error(() => ({
+    msg: "Failed to parse Redis record",
+    data: { record, error: parseResult.error }
+  }));
+  return [];
+});
+const expirationRecordSchema = zod.z.coerce.number();
+const UNSET_EXPIRATION_VALUE = -1;
+const parseExpirationRecords = (records, logger) => records.flatMap((record) => {
+  const parseResult = expirationRecordSchema.safeParse(record);
+  if (parseResult.success) {
+    const expiration = UNSET_EXPIRATION_VALUE === parseResult.data ? void 0 : parseResult.data;
+    return [expiration];
+  }
+  logger.error(() => ({
+    msg: "Failed to parse Redis expiration record",
+    data: {
+      record,
+      error: parseResult.error
+    }
+  }));
+  return [void 0];
+});
+exports.REDIS_BATCH_SIZE = REDIS_BATCH_SIZE;
+exports.fetchRedisHashRecords = fetchRedisHashRecords;
+exports.getMissingRedisKeys = getMissingRedisKeys;
+exports.parseRedisRecords = parseRedisRecords;

package/dist/cjs/redis/redisRuleIndex.cjs

@@ -0,0 +1,50 @@
+"use strict";
+Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
+const search = require("@redis/search");
+const transformRule = require("../transformRule.cjs");
+const userIpRedisSchema = {
+  numericIpMaskMin: { type: search.SCHEMA_FIELD_TYPE.NUMERIC, INDEXMISSING: true },
+  numericIpMaskMax: { type: search.SCHEMA_FIELD_TYPE.NUMERIC, INDEXMISSING: true },
+  numericIp: { type: search.SCHEMA_FIELD_TYPE.NUMERIC, INDEXMISSING: true }
+};
+const userAttributesRedisSchema = {
+  userId: { type: search.SCHEMA_FIELD_TYPE.TAG, INDEXMISSING: true },
+  ja4Hash: { type: search.SCHEMA_FIELD_TYPE.TAG, INDEXMISSING: true },
+  headersHash: { type: search.SCHEMA_FIELD_TYPE.TAG, INDEXMISSING: true },
+  userAgentHash: { type: search.SCHEMA_FIELD_TYPE.TAG, INDEXMISSING: true }
+};
+const userScopeRedisSchema = {
+  ...userAttributesRedisSchema,
+  ...userIpRedisSchema
+};
+const policyScopeRedisSchema = {
+  clientId: {
+    type: search.SCHEMA_FIELD_TYPE.TAG,
+    INDEXMISSING: true
+  }
+};
+const accessRuleRedisSchema = {
+  ...policyScopeRedisSchema,
+  ...userScopeRedisSchema,
+  groupId: { type: search.SCHEMA_FIELD_TYPE.TAG, INDEXMISSING: true }
+};
+const ACCESS_RULES_REDIS_INDEX_NAME = "index:user-access-rules";
+const ACCESS_RULE_REDIS_KEY_PREFIX = "uar:";
+const accessRulesRedisIndex = {
+  name: ACCESS_RULES_REDIS_INDEX_NAME,
+  schema: accessRuleRedisSchema,
+  options: {
+    ON: "HASH",
+    PREFIX: [ACCESS_RULE_REDIS_KEY_PREFIX]
+  }
+};
+const getAccessRuleRedisKey = (rule) => ACCESS_RULE_REDIS_KEY_PREFIX + transformRule.makeAccessRuleHash(rule);
+exports.ACCESS_RULES_REDIS_INDEX_NAME = ACCESS_RULES_REDIS_INDEX_NAME;
+exports.ACCESS_RULE_REDIS_KEY_PREFIX = ACCESS_RULE_REDIS_KEY_PREFIX;
+exports.accessRuleRedisSchema = accessRuleRedisSchema;
+exports.accessRulesRedisIndex = accessRulesRedisIndex;
+exports.getAccessRuleRedisKey = getAccessRuleRedisKey;
+exports.policyScopeRedisSchema = policyScopeRedisSchema;
+exports.userAttributesRedisSchema = userAttributesRedisSchema;
+exports.userIpRedisSchema = userIpRedisSchema;
+exports.userScopeRedisSchema = userScopeRedisSchema;

package/dist/cjs/redis/redisRulesStorage.cjs

@@ -0,0 +1,34 @@
+"use strict";
+Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
+const redisRulesReader = require("./reader/redisRulesReader.cjs");
+const redisRulesWriter = require("./redisRulesWriter.cjs");
+const createRedisAccessRulesStorage = (connection, logger) => {
+  const storage = composeStorage(
+    new redisRulesReader.DummyRedisRulesReader(logger),
+    new redisRulesWriter.DummyRedisRulesWriter(logger)
+  );
+  connection.getClient().then((client) => {
+    const realStorage = composeStorage(
+      new redisRulesReader.RedisRulesReader(client, logger),
+      new redisRulesWriter.RedisRulesWriter(client, logger)
+    );
+    Object.assign(storage, realStorage);
+    logger.info(() => ({
+      msg: "RedisAccessRules storage got a ready Redis client"
+    }));
+  });
+  return storage;
+};
+const composeStorage = (reader, writer) => ({
+  // reader
+  fetchRules: reader.fetchRules.bind(reader),
+  getMissingRuleIds: reader.getMissingRuleIds.bind(reader),
+  findRules: reader.findRules.bind(reader),
+  findRuleIds: reader.findRuleIds.bind(reader),
+  fetchAllRuleIds: reader.fetchAllRuleIds.bind(reader),
+  // writer
+  insertRules: writer.insertRules.bind(writer),
+  deleteRules: writer.deleteRules.bind(writer),
+  deleteAllRules: writer.deleteAllRules.bind(writer)
+});
+exports.createRedisAccessRulesStorage = createRedisAccessRulesStorage;