@prosopo/user-access-policy 3.4.0 → 3.5.27

package/dist/tests/redis/redisAccessRules.unit.test.js

@@ -0,0 +1,198 @@
+import { describe, expect, it } from "vitest";
+import { ScopeMatch } from "#policy/accessPolicyResolver.js";
+import { getRedisAccessRulesQuery } from "#policy/redis/redisAccessRulesIndex.js";
+describe("getUserScopeQuery", () => {
+    it("puts ismissing(x) for field x passed in as `undefined` when user scope match is exact", () => {
+        const filter = {
+            userScope: {
+                numericIp: BigInt(100),
+                ja4Hash: "ja4Hash",
+                userAgentHash: undefined,
+            },
+            userScopeMatch: ScopeMatch.Exact,
+        };
+        const query = getRedisAccessRulesQuery(filter, false);
+        expect(query).toBe(" ( ( @numericIp:[100] | ( @numericIpMaskMin:[-inf 100] @numericIpMaskMax:[100 +inf] ) ) @ja4Hash:{ja4Hash} ismissing(@userAgentHash) )");
+    });
+    it("puts ismissing(x) for field x passed in as `undefined` when user scope match is exact and for missing fields when matchingFieldsOnly is set", () => {
+        const filter = {
+            userScope: {
+                numericIp: BigInt(100),
+                ja4Hash: "ja4Hash",
+                userAgentHash: undefined,
+            },
+            userScopeMatch: ScopeMatch.Exact,
+        };
+        const query = getRedisAccessRulesQuery(filter, true);
+        expect(query).toBe(" ( ( @numericIp:[100] | ( @numericIpMaskMin:[-inf 100] @numericIpMaskMax:[100 +inf] ) ) @ja4Hash:{ja4Hash} ismissing(@userAgentHash) ismissing(@userId) ismissing(@headersHash) )");
+    });
+    it("puts ismissing(x) for multiple fields passed in as `undefined` when user scope match is exact", () => {
+        const filter = {
+            userScope: {
+                numericIp: BigInt(100),
+                ja4Hash: "ja4Hash",
+                userAgentHash: undefined,
+                headersHash: undefined,
+                userId: undefined,
+            },
+            userScopeMatch: ScopeMatch.Exact,
+        };
+        const query = getRedisAccessRulesQuery(filter, false);
+        expect(query).toBe(" ( ( @numericIp:[100] | ( @numericIpMaskMin:[-inf 100] @numericIpMaskMax:[100 +inf] ) ) @ja4Hash:{ja4Hash} ismissing(@userAgentHash) ismissing(@headersHash) ismissing(@userId) )");
+    });
+    it("does not put ismissing(x) for multiple fields passed in as `undefined` when user scope match is greedy", () => {
+        const filter = {
+            userScope: {
+                numericIp: BigInt(100),
+                ja4Hash: "ja4Hash",
+                userAgentHash: undefined,
+                headersHash: undefined,
+                userId: undefined,
+            },
+            userScopeMatch: ScopeMatch.Greedy,
+        };
+        const query = getRedisAccessRulesQuery(filter, false);
+        expect(query).toBe(" ( ( @numericIp:[100] | ( @numericIpMaskMin:[-inf 100] @numericIpMaskMax:[100 +inf] ) ) | @ja4Hash:{ja4Hash} )");
+    });
+    it("puts ismissing(x) for multiple fields passed in as `undefined` when user scope match is exact 2", () => {
+        const filter = {
+            userScope: {
+                numericIp: undefined,
+                ja4Hash: "ja4Hash",
+                userAgentHash: undefined,
+                headersHash: undefined,
+                userId: undefined,
+            },
+            userScopeMatch: ScopeMatch.Exact,
+        };
+        const query = getRedisAccessRulesQuery(filter, false);
+        expect(query).toBe(" ( ismissing(@numericIp) ismissing(@numericIpMaskMin) ismissing(@numericIpMaskMax) @ja4Hash:{ja4Hash} ismissing(@userAgentHash) ismissing(@headersHash) ismissing(@userId) )");
+    });
+    it("does not put ismissing(numericIpMaskMin) and does not put ismissing(numericIpMaskMax) when numericIp is passed in", () => {
+        const filter = {
+            userScope: {
+                numericIp: BigInt(100),
+                ja4Hash: "ja4Hash",
+                userAgentHash: undefined,
+                headersHash: undefined,
+                userId: undefined,
+            },
+            userScopeMatch: ScopeMatch.Exact,
+        };
+        const query = getRedisAccessRulesQuery(filter, true);
+        expect(query).toBe(" ( ( @numericIp:[100] | ( @numericIpMaskMin:[-inf 100] @numericIpMaskMax:[100 +inf] ) ) @ja4Hash:{ja4Hash} ismissing(@userAgentHash) ismissing(@headersHash) ismissing(@userId) )");
+    });
+    it("does not put ismissing(numericIp) when numericIpMaskMin and numericIpMaskMax are passed in", () => {
+        const filter = {
+            userScope: {
+                numericIpMaskMin: BigInt(100),
+                numericIpMaskMax: BigInt(200),
+                ja4Hash: "ja4Hash",
+                userAgentHash: undefined,
+                headersHash: undefined,
+                userId: undefined,
+            },
+            userScopeMatch: ScopeMatch.Exact,
+        };
+        const query = getRedisAccessRulesQuery(filter, true);
+        expect(query).toBe(" ( @numericIpMaskMin:[-inf 100] @numericIpMaskMax:[200 +inf] @ja4Hash:{ja4Hash} ismissing(@userAgentHash) ismissing(@headersHash) ismissing(@userId) )");
+    });
+});
+describe("getUserScopeQuery", () => {
+    it("puts ismissing(x) for field x passed in as `undefined` when user scope match is exact", () => {
+        const filter = {
+            userScope: {
+                numericIp: BigInt(100),
+                ja4Hash: "ja4Hash",
+                userAgentHash: undefined,
+            },
+            userScopeMatch: ScopeMatch.Exact,
+        };
+        const query = getRedisAccessRulesQuery(filter, false);
+        expect(query).toBe(" ( ( @numericIp:[100] | ( @numericIpMaskMin:[-inf 100] @numericIpMaskMax:[100 +inf] ) ) @ja4Hash:{ja4Hash} ismissing(@userAgentHash) )");
+    });
+    it("puts ismissing(x) for field x passed in as `undefined` when user scope match is exact and for missing fields when matchingFieldsOnly is set", () => {
+        const filter = {
+            userScope: {
+                numericIp: BigInt(100),
+                ja4Hash: "ja4Hash",
+                userAgentHash: undefined,
+            },
+            userScopeMatch: ScopeMatch.Exact,
+        };
+        const query = getRedisAccessRulesQuery(filter, true);
+        expect(query).toBe(" ( ( @numericIp:[100] | ( @numericIpMaskMin:[-inf 100] @numericIpMaskMax:[100 +inf] ) ) @ja4Hash:{ja4Hash} ismissing(@userAgentHash) ismissing(@userId) ismissing(@headersHash) )");
+    });
+    it("puts ismissing(x) for multiple fields passed in as `undefined` when user scope match is exact", () => {
+        const filter = {
+            userScope: {
+                numericIp: BigInt(100),
+                ja4Hash: "ja4Hash",
+                userAgentHash: undefined,
+                headersHash: undefined,
+                userId: undefined,
+            },
+            userScopeMatch: ScopeMatch.Exact,
+        };
+        const query = getRedisAccessRulesQuery(filter, false);
+        expect(query).toBe(" ( ( @numericIp:[100] | ( @numericIpMaskMin:[-inf 100] @numericIpMaskMax:[100 +inf] ) ) @ja4Hash:{ja4Hash} ismissing(@userAgentHash) ismissing(@headersHash) ismissing(@userId) )");
+    });
+    it("does not put ismissing(x) for multiple fields passed in as `undefined` when user scope match is greedy", () => {
+        const filter = {
+            userScope: {
+                numericIp: BigInt(100),
+                ja4Hash: "ja4Hash",
+                userAgentHash: undefined,
+                headersHash: undefined,
+                userId: undefined,
+            },
+            userScopeMatch: ScopeMatch.Greedy,
+        };
+        const query = getRedisAccessRulesQuery(filter, false);
+        expect(query).toBe(" ( ( @numericIp:[100] | ( @numericIpMaskMin:[-inf 100] @numericIpMaskMax:[100 +inf] ) ) | @ja4Hash:{ja4Hash} )");
+    });
+    it("puts ismissing(x) for multiple fields passed in as `undefined` when user scope match is exact 2", () => {
+        const filter = {
+            userScope: {
+                numericIp: undefined,
+                ja4Hash: "ja4Hash",
+                userAgentHash: undefined,
+                headersHash: undefined,
+                userId: undefined,
+            },
+            userScopeMatch: ScopeMatch.Exact,
+        };
+        const query = getRedisAccessRulesQuery(filter, false);
+        expect(query).toBe(" ( ismissing(@numericIp) ismissing(@numericIpMaskMin) ismissing(@numericIpMaskMax) @ja4Hash:{ja4Hash} ismissing(@userAgentHash) ismissing(@headersHash) ismissing(@userId) )");
+    });
+    it("does not put ismissing(numericIpMaskMin) and does not put ismissing(numericIpMaskMax) when numericIp is passed in", () => {
+        const filter = {
+            userScope: {
+                numericIp: BigInt(100),
+                ja4Hash: "ja4Hash",
+                userAgentHash: undefined,
+                headersHash: undefined,
+                userId: undefined,
+            },
+            userScopeMatch: ScopeMatch.Exact,
+        };
+        const query = getRedisAccessRulesQuery(filter, true);
+        expect(query).toBe(" ( ( @numericIp:[100] | ( @numericIpMaskMin:[-inf 100] @numericIpMaskMax:[100 +inf] ) ) @ja4Hash:{ja4Hash} ismissing(@userAgentHash) ismissing(@headersHash) ismissing(@userId) )");
+    });
+    it("does not put ismissing(numericIp) when numericIpMaskMin and numericIpMaskMax are passed in", () => {
+        const filter = {
+            userScope: {
+                numericIpMaskMin: BigInt(100),
+                numericIpMaskMax: BigInt(200),
+                ja4Hash: "ja4Hash",
+                userAgentHash: undefined,
+                headersHash: undefined,
+                userId: undefined,
+            },
+            userScopeMatch: ScopeMatch.Exact,
+        };
+        const query = getRedisAccessRulesQuery(filter, true);
+        expect(query).toBe(" ( @numericIpMaskMin:[-inf 100] @numericIpMaskMax:[200 +inf] @ja4Hash:{ja4Hash} ismissing(@userAgentHash) ismissing(@headersHash) ismissing(@userId) )");
+    });
+});
+//# sourceMappingURL=redisAccessRules.unit.test.js.map

package/dist/tests/redis/redisAccessRules.unit.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"redisAccessRules.unit.test.js","sourceRoot":"","sources":["../../../src/tests/redis/redisAccessRules.unit.test.ts"],"names":[],"mappings":"AAcA,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,QAAQ,CAAC;AAC9C,OAAO,EAAqB,UAAU,EAAE,MAAM,iCAAiC,CAAC;AAChF,OAAO,EAAE,wBAAwB,EAAE,MAAM,wCAAwC,CAAC;AAElF,QAAQ,CAAC,mBAAmB,EAAE,GAAG,EAAE;IAClC,EAAE,CAAC,uFAAuF,EAAE,GAAG,EAAE;QAChG,MAAM,MAAM,GAAG;YACd,SAAS,EAAE;gBACV,SAAS,EAAE,MAAM,CAAC,GAAG,CAAC;gBACtB,OAAO,EAAE,SAAS;gBAClB,aAAa,EAAE,SAAS;aACxB;YACD,cAAc,EAAE,UAAU,CAAC,KAAK;SAChB,CAAC;QAElB,MAAM,KAAK,GAAG,wBAAwB,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;QAEtD,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CACjB,wIAAwI,CACxI,CAAC;IACH,CAAC,CAAC,CAAC;IACH,EAAE,CAAC,6IAA6I,EAAE,GAAG,EAAE;QACtJ,MAAM,MAAM,GAAG;YACd,SAAS,EAAE;gBACV,SAAS,EAAE,MAAM,CAAC,GAAG,CAAC;gBACtB,OAAO,EAAE,SAAS;gBAClB,aAAa,EAAE,SAAS;aACxB;YACD,cAAc,EAAE,UAAU,CAAC,KAAK;SAChB,CAAC;QAElB,MAAM,KAAK,GAAG,wBAAwB,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;QAErD,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CACjB,mLAAmL,CACnL,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,+FAA+F,EAAE,GAAG,EAAE;QACxG,MAAM,MAAM,GAAG;YACd,SAAS,EAAE;gBACV,SAAS,EAAE,MAAM,CAAC,GAAG,CAAC;gBACtB,OAAO,EAAE,SAAS;gBAClB,aAAa,EAAE,SAAS;gBACxB,WAAW,EAAE,SAAS;gBACtB,MAAM,EAAE,SAAS;aACjB;YACD,cAAc,EAAE,UAAU,CAAC,KAAK;SAChB,CAAC;QAElB,MAAM,KAAK,GAAG,wBAAwB,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;QAEtD,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CACjB,mLAAmL,CACnL,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,wGAAwG,EAAE,GAAG,EAAE;QACjH,MAAM,MAAM,GAAG;YACd,SAAS,EAAE;gBACV,SAAS,EAAE,MAAM,CAAC,GAAG,CAAC;gBACtB,OAAO,EAAE,SAAS;gBAClB,aAAa,EAAE,SAAS;gBACxB,WAAW,EAAE,SAAS;gBACtB,MAAM,EAAE,SAAS;aACjB;YACD,cAAc,EAAE,UAAU,CAAC,MAAM;SACjB,CAAC;QAElB,MAAM,KAAK,GAAG,wBAAwB,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;QAEtD,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CACjB,gHAAgH,CAChH,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,iGAAiG,EAAE,GAAG,EAAE;QAC1G,MAAM,MAAM,GAAG;YACd,SAAS,EAAE;gBACV,SAAS,EAAE,SAAS;gBACpB,OAAO,EAAE,SAAS;gBAClB,aAAa,EAAE,SAAS;gBACxB,WAAW,EAAE,SAAS;gBACtB,MAAM,EAAE,SAAS;aACjB;YACD,cAAc,EAAE,UAAU,CAAC,KAAK;SAChB,CAAC;QAElB,MAAM,KAAK,GAAG,wBAAwB,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;QAEtD,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CACjB,8KAA8K,CAC9K,CAAC;IACH,CAAC,CAAC,CAAC;IACH,EAAE,CAAC,mHAAmH,EAAE,GAAG,EAAE;QAC5H,MAAM,MAAM,GAAG;YACd,SAAS,EAAE;gBACV,SAAS,EAAE,MAAM,CAAC,GAAG,CAAC;gBACtB,OAAO,EAAE,SAAS;gBAClB,aAAa,EAAE,SAAS;gBACxB,WAAW,EAAE,SAAS;gBACtB,MAAM,EAAE,SAAS;aACjB;YACD,cAAc,EAAE,UAAU,CAAC,KAAK;SAChB,CAAC;QAElB,MAAM,KAAK,GAAG,wBAAwB,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;QAErD,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CACjB,mLAAmL,CACnL,CAAC;IACH,CAAC,CAAC,CAAC;IACH,EAAE,CAAC,4FAA4F,EAAE,GAAG,EAAE;QACrG,MAAM,MAAM,GAAG;YACd,SAAS,EAAE;gBACV,gBAAgB,EAAE,MAAM,CAAC,GAAG,CAAC;gBAC7B,gBAAgB,EAAE,MAAM,CAAC,GAAG,CAAC;gBAC7B,OAAO,EAAE,SAAS;gBAClB,aAAa,EAAE,SAAS;gBACxB,WAAW,EAAE,SAAS;gBACtB,MAAM,EAAE,SAAS;aACjB;YACD,cAAc,EAAE,UAAU,CAAC,KAAK;SAChB,CAAC;QAElB,MAAM,KAAK,GAAG,wBAAwB,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;QAErD,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CACjB,wJAAwJ,CACxJ,CAAC;IACH,CAAC,CAAC,CAAC;AACJ,CAAC,CAAC,CAAC;AACH,QAAQ,CAAC,mBAAmB,EAAE,GAAG,EAAE;IAClC,EAAE,CAAC,uFAAuF,EAAE,GAAG,EAAE;QAChG,MAAM,MAAM,GAAG;YACd,SAAS,EAAE;gBACV,SAAS,EAAE,MAAM,CAAC,GAAG,CAAC;gBACtB,OAAO,EAAE,SAAS;gBAClB,aAAa,EAAE,SAAS;aACxB;YACD,cAAc,EAAE,UAAU,CAAC,KAAK;SAChB,CAAC;QAElB,MAAM,KAAK,GAAG,wBAAwB,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;QAEtD,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CACjB,wIAAwI,CACxI,CAAC;IACH,CAAC,CAAC,CAAC;IACH,EAAE,CAAC,6IAA6I,EAAE,GAAG,EAAE;QACtJ,MAAM,MAAM,GAAG;YACd,SAAS,EAAE;gBACV,SAAS,EAAE,MAAM,CAAC,GAAG,CAAC;gBACtB,OAAO,EAAE,SAAS;gBAClB,aAAa,EAAE,SAAS;aACxB;YACD,cAAc,EAAE,UAAU,CAAC,KAAK;SAChB,CAAC;QAElB,MAAM,KAAK,GAAG,wBAAwB,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;QAErD,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CACjB,mLAAmL,CACnL,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,+FAA+F,EAAE,GAAG,EAAE;QACxG,MAAM,MAAM,GAAG;YACd,SAAS,EAAE;gBACV,SAAS,EAAE,MAAM,CAAC,GAAG,CAAC;gBACtB,OAAO,EAAE,SAAS;gBAClB,aAAa,EAAE,SAAS;gBACxB,WAAW,EAAE,SAAS;gBACtB,MAAM,EAAE,SAAS;aACjB;YACD,cAAc,EAAE,UAAU,CAAC,KAAK;SAChB,CAAC;QAElB,MAAM,KAAK,GAAG,wBAAwB,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;QAEtD,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CACjB,mLAAmL,CACnL,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,wGAAwG,EAAE,GAAG,EAAE;QACjH,MAAM,MAAM,GAAG;YACd,SAAS,EAAE;gBACV,SAAS,EAAE,MAAM,CAAC,GAAG,CAAC;gBACtB,OAAO,EAAE,SAAS;gBAClB,aAAa,EAAE,SAAS;gBACxB,WAAW,EAAE,SAAS;gBACtB,MAAM,EAAE,SAAS;aACjB;YACD,cAAc,EAAE,UAAU,CAAC,MAAM;SACjB,CAAC;QAElB,MAAM,KAAK,GAAG,wBAAwB,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;QAEtD,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CACjB,gHAAgH,CAChH,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,iGAAiG,EAAE,GAAG,EAAE;QAC1G,MAAM,MAAM,GAAG;YACd,SAAS,EAAE;gBACV,SAAS,EAAE,SAAS;gBACpB,OAAO,EAAE,SAAS;gBAClB,aAAa,EAAE,SAAS;gBACxB,WAAW,EAAE,SAAS;gBACtB,MAAM,EAAE,SAAS;aACjB;YACD,cAAc,EAAE,UAAU,CAAC,KAAK;SAChB,CAAC;QAElB,MAAM,KAAK,GAAG,wBAAwB,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;QAEtD,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CACjB,8KAA8K,CAC9K,CAAC;IACH,CAAC,CAAC,CAAC;IACH,EAAE,CAAC,mHAAmH,EAAE,GAAG,EAAE;QAC5H,MAAM,MAAM,GAAG;YACd,SAAS,EAAE;gBACV,SAAS,EAAE,MAAM,CAAC,GAAG,CAAC;gBACtB,OAAO,EAAE,SAAS;gBAClB,aAAa,EAAE,SAAS;gBACxB,WAAW,EAAE,SAAS;gBACtB,MAAM,EAAE,SAAS;aACjB;YACD,cAAc,EAAE,UAAU,CAAC,KAAK;SAChB,CAAC;QAElB,MAAM,KAAK,GAAG,wBAAwB,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;QAErD,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CACjB,mLAAmL,CACnL,CAAC;IACH,CAAC,CAAC,CAAC;IACH,EAAE,CAAC,4FAA4F,EAAE,GAAG,EAAE;QACrG,MAAM,MAAM,GAAG;YACd,SAAS,EAAE;gBACV,gBAAgB,EAAE,MAAM,CAAC,GAAG,CAAC;gBAC7B,gBAAgB,EAAE,MAAM,CAAC,GAAG,CAAC;gBAC7B,OAAO,EAAE,SAAS;gBAClB,aAAa,EAAE,SAAS;gBACxB,WAAW,EAAE,SAAS;gBACtB,MAAM,EAAE,SAAS;aACjB;YACD,cAAc,EAAE,UAAU,CAAC,KAAK;SAChB,CAAC;QAElB,MAAM,KAAK,GAAG,wBAAwB,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;QAErD,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CACjB,wJAAwJ,CACxJ,CAAC;IACH,CAAC,CAAC,CAAC;AACJ,CAAC,CAAC,CAAC"}

package/dist/tests/redis/redisIndex.integration.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=redisIndex.integration.test.d.ts.map

package/dist/tests/redis/redisIndex.integration.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"redisIndex.integration.test.d.ts","sourceRoot":"","sources":["../../../src/tests/redis/redisIndex.integration.test.ts"],"names":[],"mappings":""}

package/dist/tests/redis/redisIndex.integration.test.js

@@ -0,0 +1,80 @@
+import { SCHEMA_FIELD_TYPE } from "@redis/search";
+import { beforeAll, describe, expect, test, } from "vitest";
+import { createRedisIndex } from "#policy/redis/redisIndex.js";
+import { createTestRedisClient } from "./testRedisClient.js";
+let indexCount = 0;
+const getTestIndexName = () => `index:${indexCount++}`;
+describe("redisIndex", () => {
+    let redisClient;
+    beforeAll(async () => {
+        redisClient = await createTestRedisClient();
+    });
+    test("creates new index", async () => {
+        const redisIndex = {
+            name: getTestIndexName(),
+            schema: {
+                tagField: SCHEMA_FIELD_TYPE.TAG,
+            },
+            options: {},
+        };
+        await createRedisIndex(redisClient, redisIndex);
+        const indexNames = await redisClient.ft._LIST();
+        expect(indexNames).toContain(redisIndex.name);
+    });
+    test("does not re-create existing index when no changes declared", async () => {
+        const redisIndex = {
+            name: getTestIndexName(),
+            schema: {
+                tagField: SCHEMA_FIELD_TYPE.TAG,
+            },
+            options: {},
+        };
+        await createRedisIndex(redisClient, redisIndex);
+        await redisClient.ft.alter(redisIndex.name, {
+            anotherField: SCHEMA_FIELD_TYPE.TAG,
+        });
+        await createRedisIndex(redisClient, redisIndex);
+        const indexNames = await redisClient.ft._LIST();
+        const actualIndexInfo = await redisClient.ft.info(redisIndex.name);
+        expect(indexNames).toContain(redisIndex.name);
+        expect(actualIndexInfo.attributes.length).toBe(2);
+    });
+    test("re-creates existing index when schema changes made", async () => {
+        const redisIndex = {
+            name: getTestIndexName(),
+            schema: {
+                tagField: SCHEMA_FIELD_TYPE.TAG,
+            },
+            options: {},
+        };
+        await createRedisIndex(redisClient, redisIndex);
+        redisIndex.schema = {
+            ...redisIndex.schema,
+            newField: SCHEMA_FIELD_TYPE.TAG,
+        };
+        await createRedisIndex(redisClient, redisIndex);
+        const indexNames = await redisClient.ft._LIST();
+        const actualIndexInfo = await redisClient.ft.info(redisIndex.name);
+        expect(indexNames).toContain(redisIndex.name);
+        expect(actualIndexInfo.attributes.length).toBe(2);
+    });
+    test("re-creates existing index when option changes made", async () => {
+        const redisIndex = {
+            name: getTestIndexName(),
+            schema: {
+                tagField: SCHEMA_FIELD_TYPE.TAG,
+            },
+            options: {},
+        };
+        await createRedisIndex(redisClient, redisIndex);
+        redisIndex.options = {
+            ON: "HASH",
+        };
+        await createRedisIndex(redisClient, redisIndex);
+        const indexNames = await redisClient.ft._LIST();
+        const actualIndexInfo = await redisClient.ft.info(redisIndex.name);
+        expect(indexNames).toContain(redisIndex.name);
+        expect(actualIndexInfo.index_definition.key_type).toBe("HASH");
+    });
+});
+//# sourceMappingURL=redisIndex.integration.test.js.map

package/dist/tests/redis/redisIndex.integration.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"redisIndex.integration.test.js","sourceRoot":"","sources":["../../../src/tests/redis/redisIndex.integration.test.ts"],"names":[],"mappings":"AAcA,OAAO,EAAE,iBAAiB,EAAE,MAAM,eAAe,CAAC;AAElD,OAAO,EAEN,SAAS,EAET,QAAQ,EACR,MAAM,EACN,IAAI,GACJ,MAAM,QAAQ,CAAC;AAChB,OAAO,EAAmB,gBAAgB,EAAE,MAAM,6BAA6B,CAAC;AAChF,OAAO,EAAE,qBAAqB,EAAE,MAAM,sBAAsB,CAAC;AAE7D,IAAI,UAAU,GAAG,CAAC,CAAC;AACnB,MAAM,gBAAgB,GAAG,GAAG,EAAE,CAAC,SAAS,UAAU,EAAE,EAAE,CAAC;AAEvD,QAAQ,CAAC,YAAY,EAAE,GAAG,EAAE;IAC3B,IAAI,WAA4B,CAAC;IAEjC,SAAS,CAAC,KAAK,IAAI,EAAE;QACpB,WAAW,GAAG,MAAM,qBAAqB,EAAE,CAAC;IAC7C,CAAC,CAAC,CAAC;IAEH,IAAI,CAAC,mBAAmB,EAAE,KAAK,IAAI,EAAE;QAEpC,MAAM,UAAU,GAAe;YAC9B,IAAI,EAAE,gBAAgB,EAAE;YACxB,MAAM,EAAE;gBACP,QAAQ,EAAE,iBAAiB,CAAC,GAAG;aAC/B;YACD,OAAO,EAAE,EAAE;SACX,CAAC;QAGF,MAAM,gBAAgB,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC;QAGhD,MAAM,UAAU,GAAG,MAAM,WAAW,CAAC,EAAE,CAAC,KAAK,EAAE,CAAC;QAEhD,MAAM,CAAC,UAAU,CAAC,CAAC,SAAS,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;IAC/C,CAAC,CAAC,CAAC;IAEH,IAAI,CAAC,4DAA4D,EAAE,KAAK,IAAI,EAAE;QAE7E,MAAM,UAAU,GAAe;YAC9B,IAAI,EAAE,gBAAgB,EAAE;YACxB,MAAM,EAAE;gBACP,QAAQ,EAAE,iBAAiB,CAAC,GAAG;aAC/B;YACD,OAAO,EAAE,EAAE;SACX,CAAC;QAGF,MAAM,gBAAgB,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC;QAEhD,MAAM,WAAW,CAAC,EAAE,CAAC,KAAK,CAAC,UAAU,CAAC,IAAI,EAAE;YAC3C,YAAY,EAAE,iBAAiB,CAAC,GAAG;SACnC,CAAC,CAAC;QAGH,MAAM,gBAAgB,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC;QAGhD,MAAM,UAAU,GAAG,MAAM,WAAW,CAAC,EAAE,CAAC,KAAK,EAAE,CAAC;QAChD,MAAM,eAAe,GAAG,MAAM,WAAW,CAAC,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;QAEnE,MAAM,CAAC,UAAU,CAAC,CAAC,SAAS,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;QAG9C,MAAM,CAAC,eAAe,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACnD,CAAC,CAAC,CAAC;IAEH,IAAI,CAAC,oDAAoD,EAAE,KAAK,IAAI,EAAE;QAErE,MAAM,UAAU,GAAe;YAC9B,IAAI,EAAE,gBAAgB,EAAE;YACxB,MAAM,EAAE;gBACP,QAAQ,EAAE,iBAAiB,CAAC,GAAG;aAC/B;YACD,OAAO,EAAE,EAAE;SACX,CAAC;QAGF,MAAM,gBAAgB,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC;QAEhD,UAAU,CAAC,MAAM,GAAG;YACnB,GAAG,UAAU,CAAC,MAAM;YACpB,QAAQ,EAAE,iBAAiB,CAAC,GAAG;SAC/B,CAAC;QAEF,MAAM,gBAAgB,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC;QAGhD,MAAM,UAAU,GAAG,MAAM,WAAW,CAAC,EAAE,CAAC,KAAK,EAAE,CAAC;QAChD,MAAM,eAAe,GAAG,MAAM,WAAW,CAAC,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;QAEnE,MAAM,CAAC,UAAU,CAAC,CAAC,SAAS,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;QAE9C,MAAM,CAAC,eAAe,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACnD,CAAC,CAAC,CAAC;IAEH,IAAI,CAAC,oDAAoD,EAAE,KAAK,IAAI,EAAE;QAErE,MAAM,UAAU,GAAe;YAC9B,IAAI,EAAE,gBAAgB,EAAE;YACxB,MAAM,EAAE;gBACP,QAAQ,EAAE,iBAAiB,CAAC,GAAG;aAC/B;YACD,OAAO,EAAE,EAAE;SACX,CAAC;QAGF,MAAM,gBAAgB,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC;QAEhD,UAAU,CAAC,OAAO,GAAG;YACpB,EAAE,EAAE,MAAe;SACnB,CAAC;QAEF,MAAM,gBAAgB,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC;QAGhD,MAAM,UAAU,GAAG,MAAM,WAAW,CAAC,EAAE,CAAC,KAAK,EAAE,CAAC;QAChD,MAAM,eAAe,GAAG,MAAM,WAAW,CAAC,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;QAEnE,MAAM,CAAC,UAAU,CAAC,CAAC,SAAS,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;QAC9C,MAAM,CAAC,eAAe,CAAC,gBAAgB,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAChE,CAAC,CAAC,CAAC;AACJ,CAAC,CAAC,CAAC"}

package/dist/tests/redis/redisRulesIndex.unit.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=redisRulesIndex.unit.test.d.ts.map

package/dist/tests/redis/redisRulesIndex.unit.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"redisRulesIndex.unit.test.d.ts","sourceRoot":"","sources":["../../../src/tests/redis/redisRulesIndex.unit.test.ts"],"names":[],"mappings":""}

package/dist/tests/redis/redisRulesIndex.unit.test.js

@@ -0,0 +1,101 @@
+import { describe, expect, it } from "vitest";
+import { ScopeMatch } from "#policy/accessPolicyResolver.js";
+import { getRedisRulesQuery } from "#policy/redis/redisRulesIndex.js";
+describe("getUserScopeQuery", () => {
+    it("puts ismissing(x) for field x passed in as `undefined` when user scope match is exact", () => {
+        const filter = {
+            userScope: {
+                numericIp: BigInt(100),
+                ja4Hash: "ja4Hash",
+                userAgentHash: undefined,
+            },
+            userScopeMatch: ScopeMatch.Exact,
+        };
+        const query = getRedisRulesQuery(filter, false);
+        expect(query).toBe(" ( ( @numericIp:[100] | ( @numericIpMaskMin:[-inf 100] @numericIpMaskMax:[100 +inf] ) ) @ja4Hash:{ja4Hash} ismissing(@userAgentHash) )");
+    });
+    it("puts ismissing(x) for field x passed in as `undefined` when user scope match is exact and for missing fields when matchingFieldsOnly is set", () => {
+        const filter = {
+            userScope: {
+                numericIp: BigInt(100),
+                ja4Hash: "ja4Hash",
+                userAgentHash: undefined,
+            },
+            userScopeMatch: ScopeMatch.Exact,
+        };
+        const query = getRedisRulesQuery(filter, true);
+        expect(query).toBe(" ( ( @numericIp:[100] | ( @numericIpMaskMin:[-inf 100] @numericIpMaskMax:[100 +inf] ) ) @ja4Hash:{ja4Hash} ismissing(@userAgentHash) ismissing(@userId) ismissing(@headersHash) )");
+    });
+    it("puts ismissing(x) for multiple fields passed in as `undefined` when user scope match is exact", () => {
+        const filter = {
+            userScope: {
+                numericIp: BigInt(100),
+                ja4Hash: "ja4Hash",
+                userAgentHash: undefined,
+                headersHash: undefined,
+                userId: undefined,
+            },
+            userScopeMatch: ScopeMatch.Exact,
+        };
+        const query = getRedisRulesQuery(filter, false);
+        expect(query).toBe(" ( ( @numericIp:[100] | ( @numericIpMaskMin:[-inf 100] @numericIpMaskMax:[100 +inf] ) ) @ja4Hash:{ja4Hash} ismissing(@userAgentHash) ismissing(@headersHash) ismissing(@userId) )");
+    });
+    it("does not put ismissing(x) for multiple fields passed in as `undefined` when user scope match is greedy", () => {
+        const filter = {
+            userScope: {
+                numericIp: BigInt(100),
+                ja4Hash: "ja4Hash",
+                userAgentHash: undefined,
+                headersHash: undefined,
+                userId: undefined,
+            },
+            userScopeMatch: ScopeMatch.Greedy,
+        };
+        const query = getRedisRulesQuery(filter, false);
+        expect(query).toBe(" ( ( @numericIp:[100] | ( @numericIpMaskMin:[-inf 100] @numericIpMaskMax:[100 +inf] ) ) | @ja4Hash:{ja4Hash} )");
+    });
+    it("puts ismissing(x) for multiple fields passed in as `undefined` when user scope match is exact 2", () => {
+        const filter = {
+            userScope: {
+                numericIp: undefined,
+                ja4Hash: "ja4Hash",
+                userAgentHash: undefined,
+                headersHash: undefined,
+                userId: undefined,
+            },
+            userScopeMatch: ScopeMatch.Exact,
+        };
+        const query = getRedisRulesQuery(filter, false);
+        expect(query).toBe(" ( ismissing(@numericIp) ismissing(@numericIpMaskMin) ismissing(@numericIpMaskMax) @ja4Hash:{ja4Hash} ismissing(@userAgentHash) ismissing(@headersHash) ismissing(@userId) )");
+    });
+    it("does not put ismissing(numericIpMaskMin) and does not put ismissing(numericIpMaskMax) when numericIp is passed in", () => {
+        const filter = {
+            userScope: {
+                numericIp: BigInt(100),
+                ja4Hash: "ja4Hash",
+                userAgentHash: undefined,
+                headersHash: undefined,
+                userId: undefined,
+            },
+            userScopeMatch: ScopeMatch.Exact,
+        };
+        const query = getRedisRulesQuery(filter, true);
+        expect(query).toBe(" ( ( @numericIp:[100] | ( @numericIpMaskMin:[-inf 100] @numericIpMaskMax:[100 +inf] ) ) @ja4Hash:{ja4Hash} ismissing(@userAgentHash) ismissing(@headersHash) ismissing(@userId) )");
+    });
+    it("does not put ismissing(numericIp) when numericIpMaskMin and numericIpMaskMax are passed in", () => {
+        const filter = {
+            userScope: {
+                numericIpMaskMin: BigInt(100),
+                numericIpMaskMax: BigInt(200),
+                ja4Hash: "ja4Hash",
+                userAgentHash: undefined,
+                headersHash: undefined,
+                userId: undefined,
+            },
+            userScopeMatch: ScopeMatch.Exact,
+        };
+        const query = getRedisRulesQuery(filter, true);
+        expect(query).toBe(" ( @numericIpMaskMin:[-inf 100] @numericIpMaskMax:[200 +inf] @ja4Hash:{ja4Hash} ismissing(@userAgentHash) ismissing(@headersHash) ismissing(@userId) )");
+    });
+});
+//# sourceMappingURL=redisRulesIndex.unit.test.js.map

package/dist/tests/redis/redisRulesIndex.unit.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"redisRulesIndex.unit.test.js","sourceRoot":"","sources":["../../../src/tests/redis/redisRulesIndex.unit.test.ts"],"names":[],"mappings":"AAcA,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,QAAQ,CAAC;AAC9C,OAAO,EAAqB,UAAU,EAAE,MAAM,iCAAiC,CAAC;AAChF,OAAO,EAAE,kBAAkB,EAAE,MAAM,kCAAkC,CAAC;AAEtE,QAAQ,CAAC,mBAAmB,EAAE,GAAG,EAAE;IAClC,EAAE,CAAC,uFAAuF,EAAE,GAAG,EAAE;QAChG,MAAM,MAAM,GAAG;YACd,SAAS,EAAE;gBACV,SAAS,EAAE,MAAM,CAAC,GAAG,CAAC;gBACtB,OAAO,EAAE,SAAS;gBAClB,aAAa,EAAE,SAAS;aACxB;YACD,cAAc,EAAE,UAAU,CAAC,KAAK;SAChB,CAAC;QAElB,MAAM,KAAK,GAAG,kBAAkB,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;QAEhD,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CACjB,wIAAwI,CACxI,CAAC;IACH,CAAC,CAAC,CAAC;IACH,EAAE,CAAC,6IAA6I,EAAE,GAAG,EAAE;QACtJ,MAAM,MAAM,GAAG;YACd,SAAS,EAAE;gBACV,SAAS,EAAE,MAAM,CAAC,GAAG,CAAC;gBACtB,OAAO,EAAE,SAAS;gBAClB,aAAa,EAAE,SAAS;aACxB;YACD,cAAc,EAAE,UAAU,CAAC,KAAK;SAChB,CAAC;QAElB,MAAM,KAAK,GAAG,kBAAkB,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;QAE/C,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CACjB,mLAAmL,CACnL,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,+FAA+F,EAAE,GAAG,EAAE;QACxG,MAAM,MAAM,GAAG;YACd,SAAS,EAAE;gBACV,SAAS,EAAE,MAAM,CAAC,GAAG,CAAC;gBACtB,OAAO,EAAE,SAAS;gBAClB,aAAa,EAAE,SAAS;gBACxB,WAAW,EAAE,SAAS;gBACtB,MAAM,EAAE,SAAS;aACjB;YACD,cAAc,EAAE,UAAU,CAAC,KAAK;SAChB,CAAC;QAElB,MAAM,KAAK,GAAG,kBAAkB,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;QAEhD,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CACjB,mLAAmL,CACnL,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,wGAAwG,EAAE,GAAG,EAAE;QACjH,MAAM,MAAM,GAAG;YACd,SAAS,EAAE;gBACV,SAAS,EAAE,MAAM,CAAC,GAAG,CAAC;gBACtB,OAAO,EAAE,SAAS;gBAClB,aAAa,EAAE,SAAS;gBACxB,WAAW,EAAE,SAAS;gBACtB,MAAM,EAAE,SAAS;aACjB;YACD,cAAc,EAAE,UAAU,CAAC,MAAM;SACjB,CAAC;QAElB,MAAM,KAAK,GAAG,kBAAkB,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;QAEhD,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CACjB,gHAAgH,CAChH,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,iGAAiG,EAAE,GAAG,EAAE;QAC1G,MAAM,MAAM,GAAG;YACd,SAAS,EAAE;gBACV,SAAS,EAAE,SAAS;gBACpB,OAAO,EAAE,SAAS;gBAClB,aAAa,EAAE,SAAS;gBACxB,WAAW,EAAE,SAAS;gBACtB,MAAM,EAAE,SAAS;aACjB;YACD,cAAc,EAAE,UAAU,CAAC,KAAK;SAChB,CAAC;QAElB,MAAM,KAAK,GAAG,kBAAkB,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;QAEhD,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CACjB,8KAA8K,CAC9K,CAAC;IACH,CAAC,CAAC,CAAC;IACH,EAAE,CAAC,mHAAmH,EAAE,GAAG,EAAE;QAC5H,MAAM,MAAM,GAAG;YACd,SAAS,EAAE;gBACV,SAAS,EAAE,MAAM,CAAC,GAAG,CAAC;gBACtB,OAAO,EAAE,SAAS;gBAClB,aAAa,EAAE,SAAS;gBACxB,WAAW,EAAE,SAAS;gBACtB,MAAM,EAAE,SAAS;aACjB;YACD,cAAc,EAAE,UAAU,CAAC,KAAK;SAChB,CAAC;QAElB,MAAM,KAAK,GAAG,kBAAkB,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;QAE/C,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CACjB,mLAAmL,CACnL,CAAC;IACH,CAAC,CAAC,CAAC;IACH,EAAE,CAAC,4FAA4F,EAAE,GAAG,EAAE;QACrG,MAAM,MAAM,GAAG;YACd,SAAS,EAAE;gBACV,gBAAgB,EAAE,MAAM,CAAC,GAAG,CAAC;gBAC7B,gBAAgB,EAAE,MAAM,CAAC,GAAG,CAAC;gBAC7B,OAAO,EAAE,SAAS;gBAClB,aAAa,EAAE,SAAS;gBACxB,WAAW,EAAE,SAAS;gBACtB,MAAM,EAAE,SAAS;aACjB;YACD,cAAc,EAAE,UAAU,CAAC,KAAK;SAChB,CAAC;QAElB,MAAM,KAAK,GAAG,kBAAkB,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;QAE/C,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CACjB,wJAAwJ,CACxJ,CAAC;IACH,CAAC,CAAC,CAAC;AACJ,CAAC,CAAC,CAAC"}

package/dist/tests/redis/redisRulesStorage.integration.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=redisRulesStorage.integration.test.d.ts.map

package/dist/tests/redis/redisRulesStorage.integration.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"redisRulesStorage.integration.test.d.ts","sourceRoot":"","sources":["../../../src/tests/redis/redisRulesStorage.integration.test.ts"],"names":[],"mappings":""}