@prosopo/user-access-policy 3.5.19 → 3.5.27

package/dist/cjs/redis/reader/redisAggregate.cjs

@@ -0,0 +1,60 @@
+"use strict";
+Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
+const zod = require("zod");
+const redisRulesQuery = require("./redisRulesQuery.cjs");
+const redisClient = require("../redisClient.cjs");
+const redisRuleIndex = require("../redisRuleIndex.cjs");
+const aggregateRedisKeys = async (client, query, logger, batchHandler) => {
+  const keyField = "__key";
+  const recordSchema = zod.z.object({
+    // it's a reserved name for the record key
+    [keyField]: zod.z.string()
+  });
+  const foundKeys = [];
+  const addRecordKeys = async (records) => {
+    const parsedRecords = redisClient.parseRedisRecords(records, recordSchema, logger);
+    const recordKeys = parsedRecords.map((record) => record[keyField]);
+    if (batchHandler) {
+      await batchHandler(recordKeys);
+    } else {
+      foundKeys.push(...recordKeys);
+      logger.debug(() => ({
+        msg: "Processed aggregation batch",
+        data: {
+          size: recordKeys.length
+        }
+      }));
+    }
+  };
+  await executeAggregation(
+    client,
+    query,
+    {
+      // #2 is a required option when the 'ismissing()' function is in the query body
+      DIALECT: redisRulesQuery.REDIS_QUERY_DIALECT,
+      COUNT: redisClient.REDIS_BATCH_SIZE,
+      LOAD: `@${keyField}`
+    },
+    addRecordKeys
+  );
+  return foundKeys;
+};
+const executeAggregation = async (client, query, aggregateOptions, handleBatch) => {
+  const initialReply = await client.ft.aggregateWithCursor(
+    redisRuleIndex.ACCESS_RULES_REDIS_INDEX_NAME,
+    query,
+    aggregateOptions
+  );
+  await handleBatch(initialReply.results);
+  let cursor = initialReply.cursor;
+  while (0 !== cursor) {
+    const batchReply = await client.ft.cursorRead(
+      redisRuleIndex.ACCESS_RULES_REDIS_INDEX_NAME,
+      cursor,
+      { COUNT: aggregateOptions.COUNT }
+    );
+    await handleBatch(batchReply.results);
+    cursor = batchReply.cursor;
+  }
+};
+exports.aggregateRedisKeys = aggregateRedisKeys;

package/dist/cjs/redis/reader/redisRulesQuery.cjs

@@ -0,0 +1,99 @@
+"use strict";
+Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
+const userScopeInput = require("../../ruleInput/userScopeInput.cjs");
+const rulesStorage = require("../../rulesStorage.cjs");
+const REDIS_QUERY_DIALECT = 2;
+const userIpQueries = {
+  numericIp: (value, scope) => {
+    if (void 0 !== value) {
+      return `( @numericIp:[${value} ${value}] | ( @numericIpMaskMin:[-inf ${value}] @numericIpMaskMax:[${value} +inf] ) )`;
+    }
+    if (scope.numericIpMaskMin === void 0 && scope.numericIpMaskMax === void 0) {
+      return "ismissing(@numericIp) ismissing(@numericIpMaskMin) ismissing(@numericIpMaskMax)";
+    }
+    return "";
+  },
+  numericIpMaskMin: (value, scope) => {
+    if (scope.numericIp !== void 0) {
+      return "";
+    }
+    return value !== void 0 ? `@numericIpMaskMin:[-inf ${value}]` : "ismissing(@numericIpMaskMin)";
+  },
+  numericIpMaskMax: (value, scope) => {
+    if (scope.numericIp !== void 0) {
+      return "";
+    }
+    return value !== void 0 ? `@numericIpMaskMax:[${value} +inf]` : "ismissing(@numericIpMaskMax)";
+  }
+};
+const getUserScopeQuery = (userScope, FilterScopeMatchType, matchingFieldsOnly) => {
+  let scopeEntries = Object.entries(userScope);
+  let scopeJoinType = " ";
+  if (FilterScopeMatchType === rulesStorage.FilterScopeMatch.Greedy) {
+    scopeEntries = scopeEntries.filter(
+      ([_, value]) => value !== void 0
+    );
+    scopeJoinType = " | ";
+  }
+  if (matchingFieldsOnly) {
+    const scopeMap = new Map(scopeEntries);
+    if (scopeMap.has("numericIp") && scopeMap.get("numericIp") === void 0) {
+      scopeMap.set("numericIpMaskMin", void 0);
+      scopeMap.set("numericIpMaskMax", void 0);
+    }
+    for (const name of Object.keys(userScopeInput.userScopeSchema.shape)) {
+      if (!scopeMap.has(name)) {
+        scopeMap.set(name, void 0);
+      }
+    }
+    scopeEntries = [...scopeMap.entries()];
+  }
+  const scopeObj = Object.fromEntries(scopeEntries);
+  return scopeEntries.map(
+    ([scopeFieldName, scopeFieldValue]) => getUserScopeFieldQuery(
+      scopeFieldName,
+      scopeFieldValue,
+      FilterScopeMatchType,
+      scopeObj
+    )
+  ).filter(Boolean).join(scopeJoinType);
+};
+const getUserScopeFieldQuery = (fieldName, fieldValue, scopeMatch, fullScope) => {
+  if (fieldName in userIpQueries) {
+    const queryBuilder = userIpQueries[fieldName];
+    return queryBuilder(fieldValue, fullScope);
+  }
+  return void 0 === fieldValue ? `ismissing(@${fieldName})` : `@${fieldName}:{${fieldValue}}`;
+};
+const getPolicyScopeQuery = (policyScope, scopeMatch) => {
+  const clientId = policyScope?.clientId;
+  if ("string" === typeof clientId) {
+    return rulesStorage.FilterScopeMatch.Exact === scopeMatch ? `@clientId:{${clientId}}` : `( @clientId:{${clientId}} | ismissing(@clientId) )`;
+  }
+  return rulesStorage.FilterScopeMatch.Exact === scopeMatch ? "ismissing(@clientId)" : "";
+};
+const getRulesRedisQuery = (filter, matchingFieldsOnly) => {
+  const { policyScope, userScope } = filter;
+  const queryParts = [];
+  if (filter.groupId) {
+    queryParts.push(`@groupId:{${filter.groupId}}`);
+  }
+  const policyScopeQuery = getPolicyScopeQuery(
+    policyScope,
+    filter.policyScopeMatch
+  );
+  if (policyScopeQuery) {
+    queryParts.push(policyScopeQuery);
+  }
+  if (userScope && Object.keys(userScope).length > 0) {
+    const userScopeFilter = getUserScopeQuery(
+      userScope,
+      filter.userScopeMatch,
+      matchingFieldsOnly
+    );
+    queryParts.push(`( ${userScopeFilter} )`);
+  }
+  return queryParts.length > 0 ? queryParts.join(" ") : "*";
+};
+exports.REDIS_QUERY_DIALECT = REDIS_QUERY_DIALECT;
+exports.getRulesRedisQuery = getRulesRedisQuery;

package/dist/cjs/redis/reader/redisRulesReader.cjs

@@ -0,0 +1,230 @@
+"use strict";
+Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
+const util = require("node:util");
+const common = require("@prosopo/common");
+const redisRulesQuery = require("./redisRulesQuery.cjs");
+const redisClient = require("../redisClient.cjs");
+const redisRuleIndex = require("../redisRuleIndex.cjs");
+const ruleInput = require("../../ruleInput/ruleInput.cjs");
+const redisAggregate = require("./redisAggregate.cjs");
+function _interopNamespaceDefault(e) {
+  const n = Object.create(null, { [Symbol.toStringTag]: { value: "Module" } });
+  if (e) {
+    for (const k in e) {
+      if (k !== "default") {
+        const d = Object.getOwnPropertyDescriptor(e, k);
+        Object.defineProperty(n, k, d.get ? d : {
+          enumerable: true,
+          get: () => e[k]
+        });
+      }
+    }
+  }
+  n.default = e;
+  return Object.freeze(n);
+}
+const util__namespace = /* @__PURE__ */ _interopNamespaceDefault(util);
+class RedisRulesReader {
+  constructor(client, logger) {
+    this.client = client;
+    this.logger = logger;
+  }
+  async getMissingRuleIds(ruleIds) {
+    const ruleKeys = this.getRuleKeys(ruleIds);
+    const keyBatches = common.chunkIntoBatches(ruleKeys, redisClient.REDIS_BATCH_SIZE);
+    const missingKeyBatches = await common.executeBatchesSequentially(
+      keyBatches,
+      async (keysBatch) => redisClient.getMissingRedisKeys(this.client, keysBatch)
+    );
+    return missingKeyBatches.flat().map((ruleKey) => ruleKey.slice(redisRuleIndex.ACCESS_RULE_REDIS_KEY_PREFIX.length));
+  }
+  async fetchRules(ruleIds) {
+    const ruleKeys = this.getRuleKeys(ruleIds);
+    const keyBatches = common.chunkIntoBatches(ruleKeys, redisClient.REDIS_BATCH_SIZE);
+    const entryBatches = await common.executeBatchesSequentially(
+      keyBatches,
+      (keysBatch) => this.fetchRuleEntries(keysBatch)
+    );
+    return entryBatches.flat();
+  }
+  async findRules(filter, matchingFieldsOnly = false, skipEmptyUserScopes = true) {
+    const query = redisRulesQuery.getRulesRedisQuery(filter, matchingFieldsOnly);
+    if (skipEmptyUserScopes && query === "ismissing(@clientId)") {
+      return [];
+    }
+    let searchReply;
+    try {
+      searchReply = await this.client.ft.search(
+        redisRuleIndex.ACCESS_RULES_REDIS_INDEX_NAME,
+        query,
+        {
+          DIALECT: redisRulesQuery.REDIS_QUERY_DIALECT,
+          // FT.search doesn't support "unlimited" selects
+          LIMIT: {
+            from: 0,
+            size: redisClient.REDIS_BATCH_SIZE
+          }
+        }
+      );
+      if (searchReply.total > 0) {
+        this.logger.debug(() => ({
+          msg: "Executed search query",
+          data: {
+            inspect: util__namespace.inspect(
+              {
+                filter,
+                searchReply,
+                query
+              },
+              { depth: null }
+            )
+          }
+        }));
+      }
+    } catch (e) {
+      this.logger.error(() => ({
+        err: e,
+        data: {
+          inspect: util__namespace.inspect(
+            {
+              query,
+              filter
+            },
+            {
+              depth: null
+            }
+          )
+        },
+        msg: "failed to execute search query"
+      }));
+      return [];
+    }
+    const records = searchReply.documents.map(({ value }) => value);
+    return redisClient.parseRedisRecords(records, ruleInput.accessRuleInput, this.logger);
+  }
+  async findRuleIds(filter, matchingFieldsOnly = false) {
+    const query = redisRulesQuery.getRulesRedisQuery(filter, matchingFieldsOnly);
+    let ruleIds = [];
+    try {
+      const ruleKeys = await redisAggregate.aggregateRedisKeys(
+        this.client,
+        query,
+        this.logger
+      );
+      ruleIds = ruleKeys.map(
+        (ruleKey) => ruleKey.slice(redisRuleIndex.ACCESS_RULE_REDIS_KEY_PREFIX.length)
+      );
+    } catch (e) {
+      this.logger.error(() => ({
+        err: e,
+        data: {
+          inspect: util__namespace.inspect(
+            {
+              query,
+              filter
+            },
+            {
+              depth: null
+            }
+          )
+        },
+        msg: "Failed to execute search query for rule IDs"
+      }));
+      return [];
+    }
+    this.logger.debug(() => ({
+      msg: "Executed search query for rule IDs",
+      data: {
+        query,
+        foundCount: ruleIds.length,
+        foundIds: ruleIds
+      }
+    }));
+    return ruleIds;
+  }
+  async fetchAllRuleIds(batchHandler) {
+    const keysBatchHandler = async (keys) => {
+      const ids = keys.map(
+        (ruleKey) => ruleKey.slice(redisRuleIndex.ACCESS_RULE_REDIS_KEY_PREFIX.length)
+      );
+      await batchHandler(ids);
+    };
+    await redisAggregate.aggregateRedisKeys(this.client, "*", this.logger, keysBatchHandler);
+  }
+  async fetchRuleEntries(keys) {
+    const { records, expirations } = await redisClient.fetchRedisHashRecords(
+      this.client,
+      keys,
+      this.logger
+    );
+    const entries = [];
+    for (const [index, ruleData] of records.entries()) {
+      const isRulePresent = Object.keys(ruleData).length > 0;
+      if (isRulePresent) {
+        const rule = redisClient.parseRedisRecords(
+          [ruleData],
+          ruleInput.accessRuleInput,
+          this.logger
+        )[0];
+        if (rule) {
+          entries.push({
+            rule,
+            expiresUnixTimestamp: expirations[index]
+          });
+        }
+      }
+    }
+    return entries;
+  }
+  getRuleKeys(ruleIds) {
+    return ruleIds.map((id) => `${redisRuleIndex.ACCESS_RULE_REDIS_KEY_PREFIX}${id}`);
+  }
+}
+class DummyRedisRulesReader {
+  constructor(logger) {
+    this.logger = logger;
+  }
+  async getMissingRuleIds(ruleIds) {
+    this.logger.info(() => ({
+      msg: "Dummy getMissingRuleIds() has no effect (redis is not ready)",
+      data: {
+        ruleIds
+      }
+    }));
+    return [];
+  }
+  async fetchRules(ruleIds) {
+    this.logger.info(() => ({
+      msg: "Dummy fetchRule() has no effect (redis is not ready)",
+      data: {
+        ruleIds
+      }
+    }));
+    return [];
+  }
+  async findRules(filter, matchingFieldsOnly = false, skipEmptyUserScopes = true) {
+    this.logger.info(() => ({
+      msg: "Dummy findRules() has no effect (redis is not ready)",
+      data: {
+        filter
+      }
+    }));
+    return [];
+  }
+  async findRuleIds(filter, matchingFieldsOnly = false) {
+    this.logger.info(() => ({
+      msg: "Dummy findRuleIds() has no effect (redis is not ready)",
+      data: {
+        filter
+      }
+    }));
+    return [];
+  }
+  async fetchAllRuleIds(batchHandler) {
+    this.logger.info(() => ({
+      msg: "Dummy fetchAllRuleIds() has no effect (redis is not ready)"
+    }));
+  }
+}
+exports.DummyRedisRulesReader = DummyRedisRulesReader;
+exports.RedisRulesReader = RedisRulesReader;

package/dist/cjs/redis/{redisRulesReader.cjs → redisAccessRules.cjs}

@@ -2,7 +2,7 @@
 Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
 const util = require("node:util");
 const accessRules = require("../accessRules.cjs");
-const redisRulesIndex = require("./redisRulesIndex.cjs");
+const redisAccessRulesIndex = require("./redisAccessRulesIndex.cjs");
 function _interopNamespaceDefault(e) {
   const n = Object.create(null, { [Symbol.toStringTag]: { value: "Module" } });
   if (e) {
@@ -20,19 +20,19 @@ function _interopNamespaceDefault(e) {
   return Object.freeze(n);
 }
 const util__namespace = /* @__PURE__ */ _interopNamespaceDefault(util);
-const createRedisRulesReader = (client, logger) => {
+const createRedisAccessRulesReader = (client, logger) => {
   return {
     findRules: async (filter, matchingFieldsOnly = false, skipEmptyUserScopes = true) => {
-      const query = redisRulesIndex.getRedisRulesQuery(filter, matchingFieldsOnly);
+      const query = redisAccessRulesIndex.getRedisAccessRulesQuery(filter, matchingFieldsOnly);
       if (skipEmptyUserScopes && query === "ismissing(@clientId)") {
         return [];
       }
       let searchReply;
       try {
         searchReply = await client.ft.search(
-          redisRulesIndex.redisRulesIndexName,
+          redisAccessRulesIndex.accessRulesRedisIndexName,
           query,
-          redisRulesIndex.redisRulesSearchOptions
+          redisAccessRulesIndex.accessRulesRedisSearchOptions
         );
         if (searchReply.total > 0) {
           logger.debug(() => ({
@@ -67,16 +67,16 @@ const createRedisRulesReader = (client, logger) => {
         }));
         return [];
       }
-      return extractRulesFromSearchReply(searchReply, logger);
+      return extractAccessRulesFromSearchReply(searchReply, logger);
     },
     findRuleIds: async (filter, matchingFieldsOnly = false) => {
-      const query = redisRulesIndex.getRedisRulesQuery(filter, matchingFieldsOnly);
+      const query = redisAccessRulesIndex.getRedisAccessRulesQuery(filter, matchingFieldsOnly);
       let searchReply;
       try {
         searchReply = await client.ft.searchNoContent(
-          redisRulesIndex.redisRulesIndexName,
+          redisAccessRulesIndex.accessRulesRedisIndexName,
           query,
-          redisRulesIndex.redisRulesSearchOptions
+          redisAccessRulesIndex.accessRulesRedisSearchOptions
         );
       } catch (e) {
         logger.error(() => ({
@@ -100,29 +100,38 @@ const createRedisRulesReader = (client, logger) => {
     }
   };
 };
-const getDummyRedisRulesReader = (logger) => {
+const createRedisAccessRulesWriter = (client) => {
   return {
-    findRules: async (filter, matchingFieldsOnly = false, skipEmptyUserScopes = true) => {
-      logger.info(() => ({
-        msg: "Dummy findRules() has no effect (redis is not ready)",
-        data: {
-          filter
+    insertRule: async (rule, expirationTimestamp) => {
+      const ruleKey = redisAccessRulesIndex.getRedisAccessRuleKey(rule);
+      const ruleValue = redisAccessRulesIndex.getRedisAccessRuleValue(rule);
+      await client.hSet(ruleKey, ruleValue);
+      if (expirationTimestamp) {
+        const expiryDate = new Date(expirationTimestamp);
+        if (expiryDate.getUTCFullYear() === 1970) {
+          await client.expireAt(ruleKey, expirationTimestamp);
+        } else {
+          const timestampInSeconds = Math.floor(expirationTimestamp / 1e3);
+          await client.expireAt(ruleKey, timestampInSeconds);
         }
-      }));
-      return [];
+      }
+      return ruleKey;
     },
-    findRuleIds: async (filter, matchingFieldsOnly = false) => {
-      logger.info(() => ({
-        msg: "Dummy findRuleIds() has no effect (redis is not ready)",
-        data: {
-          filter
-        }
-      }));
-      return [];
+    deleteRules: async (ruleIds) => void await client.del(ruleIds),
+    deleteAllRules: async () => {
+      const keys = await client.keys(`${redisAccessRulesIndex.accessRuleRedisKeyPrefix}*`);
+      if (keys.length === 0) return 0;
+      return await client.del(keys);
     }
   };
 };
-const extractRulesFromSearchReply = (searchReply, logger) => {
+const createRedisAccessRulesStorage = (client, logger) => {
+  return {
+    ...createRedisAccessRulesReader(client, logger),
+    ...createRedisAccessRulesWriter(client)
+  };
+};
+const extractAccessRulesFromSearchReply = (searchReply, logger) => {
   const accessRules$1 = [];
   searchReply.documents.map(({ id, value: document }) => {
     const parsedDocument = accessRules.accessRuleSchema.safeParse(document);
@@ -138,5 +147,6 @@ const extractRulesFromSearchReply = (searchReply, logger) => {
   });
   return accessRules$1;
 };
-exports.createRedisRulesReader = createRedisRulesReader;
-exports.getDummyRedisRulesReader = getDummyRedisRulesReader;
+exports.createRedisAccessRulesReader = createRedisAccessRulesReader;
+exports.createRedisAccessRulesStorage = createRedisAccessRulesStorage;
+exports.createRedisAccessRulesWriter = createRedisAccessRulesWriter;

package/dist/cjs/redis/{redisRulesIndex.cjs → redisAccessRulesIndex.cjs}

@@ -1,12 +1,16 @@
 "use strict";
 Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
+const crypto = require("node:crypto");
 const search = require("@redis/search");
 const accessPolicy = require("../accessPolicy.cjs");
 const accessPolicyResolver = require("../accessPolicyResolver.cjs");
-const redisRulesIndexName = "index:user-access-rules";
-const redisRuleKeyPrefix = "uar:";
-const redisAccessRulesIndex = {
-  name: redisRulesIndexName,
+const redisIndex = require("./redisIndex.cjs");
+const accessRulesRedisIndexName = "index:user-access-rules";
+const accessRuleRedisKeyPrefix = "uar:";
+const accessRuleContentHashAlgorithm = "md5";
+const DEFAULT_SEARCH_LIMIT = 1e3;
+const accessRulesIndex = {
+  name: accessRulesRedisIndexName,
   /**
    * Note on the field type decision
    *
@@ -32,9 +36,15 @@ const redisAccessRulesIndex = {
   // the satisfy statement is to guarantee that the keys are right
   options: {
     ON: "HASH",
-    PREFIX: [redisRuleKeyPrefix]
+    PREFIX: [accessRuleRedisKeyPrefix]
   }
 };
+const createRedisAccessRulesIndex = async (client, indexName) => {
+  if (indexName) {
+    accessRulesIndex.name = indexName;
+  }
+  return redisIndex.createRedisIndex(client, accessRulesIndex);
+};
 const numericIndexFields = [
   "numericIp",
   "numericIpMaskMin",
@@ -63,11 +73,19 @@ const greedyFieldComparisons = {
     return value !== void 0 ? `@numericIpMaskMax:[${value} +inf]` : "ismissing(@numericIpMaskMax)";
   }
 };
-const redisRulesSearchOptions = {
+const accessRulesRedisSearchOptions = {
   // #2 is a required option when the 'ismissing()' function is in the query body
   DIALECT: 2
 };
-const getRedisRulesQuery = (filter, matchingFieldsOnly) => {
+const accessRulesRedisDeleteOptions = {
+  // #2 is a required option when the 'ismissing()' function is in the query body
+  DIALECT: 2,
+  LIMIT: {
+    from: 0,
+    size: DEFAULT_SEARCH_LIMIT
+  }
+};
+const getRedisAccessRulesQuery = (filter, matchingFieldsOnly) => {
   const { policyScope, userScope } = filter;
   const policyScopeFilter = getPolicyScopeQuery(
     policyScope,
@@ -131,8 +149,23 @@ const getUserScopeFieldQuery = (fieldName, fieldValue, matchType, fullScope) =>
   }
   return numericIndexFields.includes(fieldName) ? `@${fieldName}:[${fieldValue}]` : `@${fieldName}:{${fieldValue}}`;
 };
-exports.getRedisRulesQuery = getRedisRulesQuery;
-exports.redisAccessRulesIndex = redisAccessRulesIndex;
-exports.redisRuleKeyPrefix = redisRuleKeyPrefix;
-exports.redisRulesIndexName = redisRulesIndexName;
-exports.redisRulesSearchOptions = redisRulesSearchOptions;
+const getRedisAccessRuleKey = (rule) => accessRuleRedisKeyPrefix + crypto.createHash(accessRuleContentHashAlgorithm).update(
+  JSON.stringify(
+    rule,
+    (key, value) => (
+      // JSON.stringify can't handle BigInt itself: throws "Do not know how to serialize a BigInt"
+      "bigint" === typeof value ? value.toString() : value
+    )
+  )
+).digest("hex");
+const getRedisAccessRuleValue = (rule) => Object.fromEntries(
+  Object.entries(rule).map(([key, value]) => [key, String(value)])
+);
+exports.accessRuleRedisKeyPrefix = accessRuleRedisKeyPrefix;
+exports.accessRulesRedisDeleteOptions = accessRulesRedisDeleteOptions;
+exports.accessRulesRedisIndexName = accessRulesRedisIndexName;
+exports.accessRulesRedisSearchOptions = accessRulesRedisSearchOptions;
+exports.createRedisAccessRulesIndex = createRedisAccessRulesIndex;
+exports.getRedisAccessRuleKey = getRedisAccessRuleKey;
+exports.getRedisAccessRuleValue = getRedisAccessRuleValue;
+exports.getRedisAccessRulesQuery = getRedisAccessRulesQuery;

package/dist/cjs/redis/redisClient.cjs

@@ -0,0 +1,67 @@
+"use strict";
+Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
+const zod = require("zod");
+const REDIS_BATCH_SIZE = 1e3;
+const getMissingRedisKeys = async (client, keys) => {
+  const queries = client.multi();
+  keys.map((key) => {
+    queries.exists(key);
+  });
+  const records = await queries.exec();
+  const missingKeys = [];
+  records.map((exists, recordIndex) => {
+    if ("0" === String(exists)) {
+      const key = keys[recordIndex];
+      if (key) {
+        missingKeys.push(key);
+      }
+    }
+  });
+  return missingKeys;
+};
+const fetchRedisHashRecords = async (client, keys, logger) => {
+  const rulesPipe = client.multi();
+  const expirationPipe = client.multi();
+  for (const key of keys) {
+    rulesPipe.hGetAll(key);
+    expirationPipe.expireTime(key);
+  }
+  const records = await rulesPipe.exec();
+  const expirationRecords = await expirationPipe.exec();
+  return {
+    records,
+    expirations: parseExpirationRecords(expirationRecords, logger)
+  };
+};
+const parseRedisRecords = (records, recordSchema, logger) => records.flatMap((record) => {
+  const parseResult = recordSchema.safeParse(record);
+  if (parseResult.success) {
+    return [parseResult.data];
+  }
+  logger.error(() => ({
+    msg: "Failed to parse Redis record",
+    data: { record, error: parseResult.error }
+  }));
+  return [];
+});
+const expirationRecordSchema = zod.z.coerce.number();
+const UNSET_EXPIRATION_VALUE = -1;
+const parseExpirationRecords = (records, logger) => records.flatMap((record) => {
+  const parseResult = expirationRecordSchema.safeParse(record);
+  if (parseResult.success) {
+    const expiration = UNSET_EXPIRATION_VALUE === parseResult.data ? void 0 : parseResult.data;
+    return [expiration];
+  }
+  logger.error(() => ({
+    msg: "Failed to parse Redis expiration record",
+    data: {
+      record,
+      error: parseResult.error
+    }
+  }));
+  return [void 0];
+});
+exports.REDIS_BATCH_SIZE = REDIS_BATCH_SIZE;
+exports.fetchRedisHashRecords = fetchRedisHashRecords;
+exports.getMissingRedisKeys = getMissingRedisKeys;
+exports.parseRedisRecords = parseRedisRecords;

package/dist/cjs/redis/redisIndex.cjs

@@ -0,0 +1,22 @@
+"use strict";
+Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
+const crypto = require("node:crypto");
+const redisIndexHashesRecordKey = "_index_hashes";
+const redisIndexHashAlgorithm = "sha256";
+const createRedisIndex = async (client, index) => {
+  const indexHash = createIndexHash(index);
+  const existingIndexes = await client.ft._LIST();
+  if (existingIndexes.includes(index.name)) {
+    const existingIndexHash = await fetchIndexHash(client, index.name);
+    if (indexHash === existingIndexHash) {
+      return;
+    }
+    await client.ft.dropIndex(index.name);
+  }
+  await client.ft.create(index.name, index.schema, index.options);
+  await saveIndexHash(client, index.name, indexHash);
+};
+const createIndexHash = (index) => crypto.createHash(redisIndexHashAlgorithm).update(JSON.stringify(index)).digest("hex");
+const fetchIndexHash = async (client, indexName) => client.hGet(redisIndexHashesRecordKey, indexName);
+const saveIndexHash = async (client, indexName, indexHash) => client.hSet(redisIndexHashesRecordKey, indexName, indexHash);
+exports.createRedisIndex = createRedisIndex;