@prosopo/user-access-policy 3.5.19 → 3.5.27

package/dist/redis/redisRulesWriter.js

@@ -1,73 +1,100 @@
-import crypto from "node:crypto";
-import { redisRuleKeyPrefix } from "./redisRulesIndex.js";
-const redisRuleContentHashAlgorithm = "md5";
-const createRedisRulesWriter = (client) => {
-  return {
-    insertRule: async (rule, expirationTimestamp) => {
-      const ruleKey = getRedisRuleKey(rule);
+import { chunkIntoBatches, executeBatchesSequentially } from "@prosopo/common";
+import { REDIS_BATCH_SIZE } from "./redisClient.js";
+import { ACCESS_RULE_REDIS_KEY_PREFIX, getAccessRuleRedisKey } from "./redisRuleIndex.js";
+class RedisRulesWriter {
+  constructor(client, logger) {
+    this.client = client;
+    this.logger = logger;
+  }
+  async insertRules(ruleEntries) {
+    const entryBatches = chunkIntoBatches(ruleEntries, REDIS_BATCH_SIZE);
+    const keyBatches = await executeBatchesSequentially(
+      entryBatches,
+      async (entriesBatch) => this.insertRuleEntries(entriesBatch)
+    );
+    return keyBatches.flatMap(
+      (ruleKey) => ruleKey.slice(ACCESS_RULE_REDIS_KEY_PREFIX.length)
+    );
+  }
+  async deleteRules(ruleIds) {
+    const ruleKeys = ruleIds.map(
+      (ruleId) => ACCESS_RULE_REDIS_KEY_PREFIX + ruleId
+    );
+    const keyBatches = chunkIntoBatches(ruleKeys, REDIS_BATCH_SIZE);
+    await executeBatchesSequentially(keyBatches, async (keysBatch) => {
+      const queries = this.client.multi();
+      for (const ruleKey of keysBatch) {
+        queries.del(ruleKey);
+      }
+      await queries.exec();
+    });
+  }
+  async deleteAllRules() {
+    let cursor = "0";
+    let total = 0;
+    do {
+      const reply = await this.client.scan(cursor, {
+        MATCH: `${ACCESS_RULE_REDIS_KEY_PREFIX}*`,
+        COUNT: REDIS_BATCH_SIZE
+      });
+      const ids = reply.keys.map(
+        (key) => key.slice(ACCESS_RULE_REDIS_KEY_PREFIX.length)
+      );
+      await this.deleteRules(ids);
+      total += ids.length;
+      cursor = reply.cursor;
+    } while ("0" !== cursor);
+    return total;
+  }
+  async insertRuleEntries(ruleEntries) {
+    const queries = this.client.multi();
+    const ruleKeys = ruleEntries.map((ruleEntry) => {
+      const { rule, expiresUnixTimestamp } = ruleEntry;
+      const ruleKey = getAccessRuleRedisKey(rule);
       const ruleValue = getRedisRuleValue(rule);
-      await client.hSet(ruleKey, ruleValue);
-      if (expirationTimestamp) {
-        const expiryDate = new Date(expirationTimestamp);
-        if (expiryDate.getUTCFullYear() === 1970) {
-          await client.expireAt(ruleKey, expirationTimestamp);
-        } else {
-          const timestampInSeconds = Math.floor(expirationTimestamp / 1e3);
-          await client.expireAt(ruleKey, timestampInSeconds);
-        }
+      queries.hSet(ruleKey, ruleValue);
+      if (expiresUnixTimestamp) {
+        queries.expireAt(ruleKey, expiresUnixTimestamp);
       }
       return ruleKey;
-    },
-    deleteRules: async (ruleIds) => void await client.del(ruleIds),
-    deleteAllRules: async () => {
-      const keys = await client.keys(`${redisRuleKeyPrefix}*`);
-      if (keys.length === 0) return 0;
-      return await client.del(keys);
-    }
-  };
-};
-const getDummyRedisRulesWriter = (logger) => {
-  return {
-    insertRule: async (rule, expirationTimestamp) => {
-      logger.info(() => ({
-        msg: "Dummy insertRule() has no effect (redis is not ready)",
-        data: {
-          rule
-        }
-      }));
-      return "";
-    },
-    deleteRules: async (ruleIds) => {
-      logger.info(() => ({
-        msg: "Dummy deleteRules() has no effect (redis is not ready)",
-        data: {
-          ruleIds
-        }
-      }));
-    },
-    deleteAllRules: async () => {
-      logger.info(() => ({
-        msg: "Dummy deleteAllRules() has no effect (redis is not ready)"
-      }));
-      return 0;
-    }
-  };
-};
-const getRedisRuleKey = (rule) => redisRuleKeyPrefix + crypto.createHash(redisRuleContentHashAlgorithm).update(
-  JSON.stringify(
-    rule,
-    (key, value) => (
-      // JSON.stringify can't handle BigInt itself: throws "Do not know how to serialize a BigInt"
-      "bigint" === typeof value ? value.toString() : value
-    )
-  )
-).digest("hex");
+    });
+    await queries.exec();
+    return ruleKeys;
+  }
+}
 const getRedisRuleValue = (rule) => Object.fromEntries(
   Object.entries(rule).map(([key, value]) => [key, String(value)])
 );
+class DummyRedisRulesWriter {
+  constructor(logger) {
+    this.logger = logger;
+  }
+  async insertRules(ruleEntries) {
+    this.logger.info(() => ({
+      msg: "Dummy insertRules() has no effect (redis is not ready)",
+      data: {
+        ruleEntries
+      }
+    }));
+    return [];
+  }
+  async deleteRules(ruleIds) {
+    this.logger.info(() => ({
+      msg: "Dummy deleteRules() has no effect (redis is not ready)",
+      data: {
+        ruleIds
+      }
+    }));
+  }
+  async deleteAllRules() {
+    this.logger.info(() => ({
+      msg: "Dummy deleteAllRules() has no effect (redis is not ready)"
+    }));
+    return 0;
+  }
+}
 export {
-  createRedisRulesWriter,
-  getDummyRedisRulesWriter,
-  getRedisRuleKey,
+  DummyRedisRulesWriter,
+  RedisRulesWriter,
   getRedisRuleValue
 };

package/dist/redis/redisRulesWriter.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"redisRulesWriter.js","sourceRoot":"","sources":["../../src/redis/redisRulesWriter.ts"],"names":[],"mappings":"AAcA,OAAO,EAEN,gBAAgB,EAChB,0BAA0B,GAC1B,MAAM,iBAAiB,CAAC;AAEzB,OAAO,EAAE,gBAAgB,EAAE,MAAM,8BAA8B,CAAC;AAMhE,OAAO,EACN,4BAA4B,EAC5B,qBAAqB,GACrB,MAAM,qBAAqB,CAAC;AAE7B,MAAM,OAAO,gBAAgB;IAC5B,YACkB,MAAuB,EACvB,MAAc;QADd,WAAM,GAAN,MAAM,CAAiB;QACvB,WAAM,GAAN,MAAM,CAAQ;IAC7B,CAAC;IAEJ,KAAK,CAAC,WAAW,CAAC,WAA8B;QAC/C,MAAM,YAAY,GAAG,gBAAgB,CAAC,WAAW,EAAE,gBAAgB,CAAC,CAAC;QAErE,MAAM,UAAU,GAAG,MAAM,0BAA0B,CAClD,YAAY,EACZ,KAAK,EAAE,YAAY,EAAE,EAAE,CAAC,IAAI,CAAC,iBAAiB,CAAC,YAAY,CAAC,CAC5D,CAAC;QAEF,OAAO,UAAU,CAAC,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CACrC,OAAO,CAAC,KAAK,CAAC,4BAA4B,CAAC,MAAM,CAAC,CAClD,CAAC;IACH,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,OAAiB;QAClC,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAC3B,CAAC,MAAM,EAAE,EAAE,CAAC,4BAA4B,GAAG,MAAM,CACjD,CAAC;QAEF,MAAM,UAAU,GAAG,gBAAgB,CAAC,QAAQ,EAAE,gBAAgB,CAAC,CAAC;QAEhE,MAAM,0BAA0B,CAAC,UAAU,EAAE,KAAK,EAAE,SAAS,EAAE,EAAE;YAChE,MAAM,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;YAEpC,KAAK,MAAM,OAAO,IAAI,SAAS,EAAE,CAAC;gBACjC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YACtB,CAAC;YAED,MAAM,OAAO,CAAC,IAAI,EAAE,CAAC;QACtB,CAAC,CAAC,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,cAAc;QACnB,IAAI,MAAM,GAAG,GAAG,CAAC;QACjB,IAAI,KAAK,GAAG,CAAC,CAAC;QAEd,GAAG,CAAC;YACH,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE;gBAC5C,KAAK,EAAE,GAAG,4BAA4B,GAAG;gBACzC,KAAK,EAAE,gBAAgB;aACvB,CAAC,CAAC;YAEH,MAAM,GAAG,GAAG,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAClC,GAAG,CAAC,KAAK,CAAC,4BAA4B,CAAC,MAAM,CAAC,CAC9C,CAAC;YACF,MAAM,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;YAE5B,KAAK,IAAI,GAAG,CAAC,MAAM,CAAC;YACpB,MAAM,GAAG,KAAK,CAAC,MAAM,CAAC;QACvB,CAAC,QAAQ,GAAG,KAAK,MAAM,EAAE;QAEzB,OAAO,KAAK,CAAC;IACd,CAAC;IAES,KAAK,CAAC,iBAAiB,CAChC,WAA8B;QAE9B,MAAM,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;QAEpC,MAAM,QAAQ,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC,SAAS,EAAE,EAAE;YAC9C,MAAM,EAAE,IAAI,EAAE,oBAAoB,EAAE,GAAG,SAAS,CAAC;YAEjD,MAAM,OAAO,GAAG,qBAAqB,CAAC,IAAI,CAAC,CAAC;YAC5C,MAAM,SAAS,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;YAE1C,OAAO,CAAC,IAAI,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;YAEjC,IAAI,oBAAoB,EAAE,CAAC;gBAC1B,OAAO,CAAC,QAAQ,CAAC,OAAO,EAAE,oBAAoB,CAAC,CAAC;YACjD,CAAC;YAED,OAAO,OAAO,CAAC;QAChB,CAAC,CAAC,CAAC;QAEH,MAAM,OAAO,CAAC,IAAI,EAAE,CAAC;QAErB,OAAO,QAAQ,CAAC;IACjB,CAAC;CACD;AAED,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC,IAAgB,EAA0B,EAAE,CAC7E,MAAM,CAAC,WAAW,CACjB,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAChE,CAAC;AAEH,MAAM,OAAO,qBAAqB;IACjC,YAA6B,MAAc;QAAd,WAAM,GAAN,MAAM,CAAQ;IAAG,CAAC;IAE/C,KAAK,CAAC,WAAW,CAAC,WAA8B;QAC/C,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;YACvB,GAAG,EAAE,wDAAwD;YAC7D,IAAI,EAAE;gBACL,WAAW;aACX;SACD,CAAC,CAAC,CAAC;QAEJ,OAAO,EAAE,CAAC;IACX,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,OAAiB;QAClC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;YACvB,GAAG,EAAE,wDAAwD;YAC7D,IAAI,EAAE;gBACL,OAAO;aACP;SACD,CAAC,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,cAAc;QACnB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;YACvB,GAAG,EAAE,2DAA2D;SAChE,CAAC,CAAC,CAAC;QAEJ,OAAO,CAAC,CAAC;IACV,CAAC;CACD"}

package/dist/rule.d.ts

@@ -0,0 +1,34 @@
+import type { CaptchaType } from "@prosopo/types";
+export declare enum AccessPolicyType {
+    Block = "block",
+    Restrict = "restrict"
+}
+export type AccessPolicy = {
+    type: AccessPolicyType;
+    captchaType?: CaptchaType;
+    description?: string;
+    solvedImagesCount?: number;
+    imageThreshold?: number;
+    powDifficulty?: number;
+    unsolvedImagesCount?: number;
+    frictionlessScore?: number;
+};
+export type PolicyScope = {
+    clientId?: string;
+};
+export type UserIp = {
+    numericIp?: bigint;
+    numericIpMaskMin?: bigint;
+    numericIpMaskMax?: bigint;
+};
+export type UserAttributes = {
+    userId?: string;
+    ja4Hash?: string;
+    headersHash?: string;
+    userAgentHash?: string;
+};
+export type UserScope = UserAttributes & UserIp;
+export type AccessRule = AccessPolicy & PolicyScope & UserScope & {
+    groupId?: string;
+};
+//# sourceMappingURL=rule.d.ts.map

package/dist/rule.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"rule.d.ts","sourceRoot":"","sources":["../src/rule.ts"],"names":[],"mappings":"AAaA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAElD,oBAAY,gBAAgB;IAC3B,KAAK,UAAU;IACf,QAAQ,aAAa;CACrB;AAED,MAAM,MAAM,YAAY,GAAG;IAC1B,IAAI,EAAE,gBAAgB,CAAC;IACvB,WAAW,CAAC,EAAE,WAAW,CAAC;IAC1B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,iBAAiB,CAAC,EAAE,MAAM,CAAC;CAC3B,CAAC;AAEF,MAAM,MAAM,WAAW,GAAG;IACzB,QAAQ,CAAC,EAAE,MAAM,CAAC;CAClB,CAAC;AAEF,MAAM,MAAM,MAAM,GAAG;IACpB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,gBAAgB,CAAC,EAAE,MAAM,CAAC;CAC1B,CAAC;AAEF,MAAM,MAAM,cAAc,GAAG;IAC5B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,aAAa,CAAC,EAAE,MAAM,CAAC;CACvB,CAAC;AAEF,MAAM,MAAM,SAAS,GAAG,cAAc,GAAG,MAAM,CAAC;AAGhD,MAAM,MAAM,UAAU,GAAG,YAAY,GACpC,WAAW,GACX,SAAS,GAAG;IACX,OAAO,CAAC,EAAE,MAAM,CAAC;CACjB,CAAC"}

package/dist/rule.js

@@ -0,0 +1,8 @@
+var AccessPolicyType = /* @__PURE__ */ ((AccessPolicyType2) => {
+  AccessPolicyType2["Block"] = "block";
+  AccessPolicyType2["Restrict"] = "restrict";
+  return AccessPolicyType2;
+})(AccessPolicyType || {});
+export {
+  AccessPolicyType
+};

package/dist/rule.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"rule.js","sourceRoot":"","sources":["../src/rule.ts"],"names":[],"mappings":"AAeA,MAAM,CAAN,IAAY,gBAGX;AAHD,WAAY,gBAAgB;IAC3B,mCAAe,CAAA;IACf,yCAAqB,CAAA;AACtB,CAAC,EAHW,gBAAgB,KAAhB,gBAAgB,QAG3B"}

package/dist/ruleInput/.export.d.ts

@@ -0,0 +1,4 @@
+export { accessRuleInput, type AccessRulesFilterInput } from "./ruleInput.js";
+export { accessPolicyInput, policyScopeInput } from "./policyInput.js";
+export { userScopeInput } from "./userScopeInput.js";
+//# sourceMappingURL=.export.d.ts.map

package/dist/ruleInput/.export.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":".export.d.ts","sourceRoot":"","sources":["../../src/ruleInput/.export.ts"],"names":[],"mappings":"AAcA,OAAO,EAAE,eAAe,EAAE,KAAK,sBAAsB,EAAE,MAAM,gBAAgB,CAAC;AAE9E,OAAO,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AAEvE,OAAO,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC"}

package/dist/ruleInput/.export.js

@@ -0,0 +1,9 @@
+import { accessRuleInput } from "./ruleInput.js";
+import { accessPolicyInput, policyScopeInput } from "./policyInput.js";
+import { userScopeInput } from "./userScopeInput.js";
+export {
+  accessPolicyInput,
+  accessRuleInput,
+  policyScopeInput,
+  userScopeInput
+};

package/dist/ruleInput/.export.js.map

@@ -0,0 +1 @@
+{"version":3,"file":".export.js","sourceRoot":"","sources":["../../src/ruleInput/.export.ts"],"names":[],"mappings":"AAcA,OAAO,EAAE,eAAe,EAA+B,MAAM,gBAAgB,CAAC;AAE9E,OAAO,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AAEvE,OAAO,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC"}

package/dist/ruleInput/policyInput.d.ts

@@ -0,0 +1,38 @@
+import { z } from "zod";
+import { AccessPolicyType } from "#policy/rule.js";
+export declare const accessPolicyInput: z.ZodObject<{
+    type: z.ZodNativeEnum<typeof AccessPolicyType>;
+    captchaType: z.ZodOptional<z.ZodNativeEnum<typeof import("@prosopo/types").CaptchaType>>;
+    description: z.ZodOptional<z.ZodString>;
+    solvedImagesCount: z.ZodOptional<z.ZodNumber>;
+    imageThreshold: z.ZodOptional<z.ZodNumber>;
+    powDifficulty: z.ZodOptional<z.ZodNumber>;
+    unsolvedImagesCount: z.ZodOptional<z.ZodNumber>;
+    frictionlessScore: z.ZodOptional<z.ZodNumber>;
+}, "strip", z.ZodTypeAny, {
+    type: AccessPolicyType;
+    captchaType?: import("@prosopo/types").CaptchaType | undefined;
+    description?: string | undefined;
+    solvedImagesCount?: number | undefined;
+    imageThreshold?: number | undefined;
+    powDifficulty?: number | undefined;
+    unsolvedImagesCount?: number | undefined;
+    frictionlessScore?: number | undefined;
+}, {
+    type: AccessPolicyType;
+    captchaType?: import("@prosopo/types").CaptchaType | undefined;
+    description?: string | undefined;
+    solvedImagesCount?: number | undefined;
+    imageThreshold?: number | undefined;
+    powDifficulty?: number | undefined;
+    unsolvedImagesCount?: number | undefined;
+    frictionlessScore?: number | undefined;
+}>;
+export declare const policyScopeInput: z.ZodObject<{
+    clientId: z.ZodOptional<z.ZodString>;
+}, "strip", z.ZodTypeAny, {
+    clientId?: string | undefined;
+}, {
+    clientId?: string | undefined;
+}>;
+//# sourceMappingURL=policyInput.d.ts.map

package/dist/ruleInput/policyInput.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"policyInput.d.ts","sourceRoot":"","sources":["../../src/ruleInput/policyInput.ts"],"names":[],"mappings":"AAgBA,OAAO,EAAgB,CAAC,EAAE,MAAM,KAAK,CAAC;AACtC,OAAO,EAEN,gBAAgB,EAEhB,MAAM,iBAAiB,CAAC;AAEzB,eAAO,MAAM,iBAAiB;;;;;;;;;;;;;;;;;;;;;;;;;;;EAcoC,CAAC;AAEnE,eAAO,MAAM,gBAAgB;;;;;;EAEmC,CAAC"}

package/dist/ruleInput/policyInput.js

@@ -0,0 +1,25 @@
+import { CaptchaTypeSchema } from "@prosopo/types";
+import { z } from "zod";
+import { AccessPolicyType } from "../rule.js";
+const accessPolicyInput = z.object({
+  type: z.nativeEnum(AccessPolicyType),
+  captchaType: CaptchaTypeSchema.optional(),
+  description: z.coerce.string().optional(),
+  // Redis stores values as strings, so coerce is needed to parse properly
+  solvedImagesCount: z.coerce.number().optional(),
+  // the percentage of image panels that must be solved per image CAPTCHA
+  imageThreshold: z.coerce.number().optional(),
+  // the Proof-of-Work difficulty level
+  powDifficulty: z.coerce.number().optional(),
+  // the number of unsolved image CAPTCHA challenges to serve
+  unsolvedImagesCount: z.coerce.number().optional(),
+  // used to increase the user's score
+  frictionlessScore: z.coerce.number().optional()
+});
+const policyScopeInput = z.object({
+  clientId: z.coerce.string().optional()
+});
+export {
+  accessPolicyInput,
+  policyScopeInput
+};

package/dist/ruleInput/policyInput.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"policyInput.js","sourceRoot":"","sources":["../../src/ruleInput/policyInput.ts"],"names":[],"mappings":"AAeA,OAAO,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAC;AACnD,OAAO,EAAgB,CAAC,EAAE,MAAM,KAAK,CAAC;AACtC,OAAO,EAEN,gBAAgB,GAEhB,MAAM,iBAAiB,CAAC;AAEzB,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC,CAAC,MAAM,CAAC;IACzC,IAAI,EAAE,CAAC,CAAC,UAAU,CAAC,gBAAgB,CAAC;IACpC,WAAW,EAAE,iBAAiB,CAAC,QAAQ,EAAE;IACzC,WAAW,EAAE,CAAC,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAEzC,iBAAiB,EAAE,CAAC,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAE/C,cAAc,EAAE,CAAC,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAE5C,aAAa,EAAE,CAAC,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAE3C,mBAAmB,EAAE,CAAC,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAEjD,iBAAiB,EAAE,CAAC,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CACf,CAAiC,CAAC;AAEnE,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,CAAC,MAAM,CAAC;IACxC,QAAQ,EAAE,CAAC,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CACP,CAAgC,CAAC"}

package/dist/ruleInput/ruleInput.d.ts

@@ -0,0 +1,145 @@
+import { type ZodType, z } from "zod";
+import type { AccessPolicy, AccessRule, PolicyScope } from "#policy/rule.js";
+import { type AccessRulesFilter, FilterScopeMatch } from "#policy/rulesStorage.js";
+import { type UserScopeInput } from "./userScopeInput.js";
+type RuleGroupInput = {
+    groupId?: string;
+    ruleGroupId?: string;
+};
+export type AccessRuleInput = AccessPolicy & PolicyScope & UserScopeInput & RuleGroupInput;
+export declare const accessRuleInput: ZodType<AccessRule>;
+export declare const ruleEntryInput: z.ZodObject<{
+    rule: ZodType<AccessRule, z.ZodTypeDef, AccessRule>;
+    expiresUnixTimestamp: z.ZodOptional<z.ZodNumber>;
+}, "strip", z.ZodTypeAny, {
+    rule: AccessPolicy & PolicyScope & import("#policy/rule.js").UserAttributes & import("#policy/rule.js").UserIp & {
+        groupId?: string;
+    };
+    expiresUnixTimestamp?: number | undefined;
+}, {
+    rule: AccessPolicy & PolicyScope & import("#policy/rule.js").UserAttributes & import("#policy/rule.js").UserIp & {
+        groupId?: string;
+    };
+    expiresUnixTimestamp?: number | undefined;
+}>;
+export type AccessRulesFilterInput = AccessRulesFilter & {
+    userScope?: UserScopeInput;
+    policyScopes?: PolicyScope[];
+};
+export declare const accessRulesFilterInput: z.ZodObject<{
+    policyScope: z.ZodOptional<z.ZodObject<{
+        clientId: z.ZodOptional<z.ZodString>;
+    }, "strip", z.ZodTypeAny, {
+        clientId?: string | undefined;
+    }, {
+        clientId?: string | undefined;
+    }>>;
+    policyScopes: z.ZodOptional<z.ZodArray<z.ZodObject<{
+        clientId: z.ZodOptional<z.ZodString>;
+    }, "strip", z.ZodTypeAny, {
+        clientId?: string | undefined;
+    }, {
+        clientId?: string | undefined;
+    }>, "many">>;
+    policyScopeMatch: z.ZodDefault<z.ZodNativeEnum<typeof FilterScopeMatch>>;
+    userScope: z.ZodOptional<z.ZodEffects<z.ZodIntersection<z.ZodIntersection<z.ZodObject<{}, "strip", z.ZodTypeAny, {}, {}>, z.ZodEffects<z.ZodObject<{
+        ip: z.ZodOptional<z.ZodString>;
+        ipMask: z.ZodOptional<z.ZodString>;
+        numericIp: z.ZodOptional<z.ZodBigInt>;
+        numericIpMaskMin: z.ZodOptional<z.ZodBigInt>;
+        numericIpMaskMax: z.ZodOptional<z.ZodBigInt>;
+    }, "strip", z.ZodTypeAny, {
+        ip?: string | undefined;
+        ipMask?: string | undefined;
+        numericIp?: bigint | undefined;
+        numericIpMaskMin?: bigint | undefined;
+        numericIpMaskMax?: bigint | undefined;
+    }, {
+        ip?: string | undefined;
+        ipMask?: string | undefined;
+        numericIp?: bigint | undefined;
+        numericIpMaskMin?: bigint | undefined;
+        numericIpMaskMax?: bigint | undefined;
+    }>, import("#policy/rule.js").UserIp, {
+        ip?: string | undefined;
+        ipMask?: string | undefined;
+        numericIp?: bigint | undefined;
+        numericIpMaskMin?: bigint | undefined;
+        numericIpMaskMax?: bigint | undefined;
+    }>>, z.ZodEffects<z.ZodObject<{
+        userAgent: z.ZodOptional<z.ZodString>;
+        userId: z.ZodOptional<z.ZodString>;
+        ja4Hash: z.ZodOptional<z.ZodString>;
+        headersHash: z.ZodOptional<z.ZodString>;
+        userAgentHash: z.ZodOptional<z.ZodString>;
+    }, "strip", z.ZodTypeAny, {
+        userAgentHash?: string | undefined;
+        userId?: string | undefined;
+        ja4Hash?: string | undefined;
+        headersHash?: string | undefined;
+        userAgent?: string | undefined;
+    }, {
+        userAgentHash?: string | undefined;
+        userId?: string | undefined;
+        ja4Hash?: string | undefined;
+        headersHash?: string | undefined;
+        userAgent?: string | undefined;
+    }>, import("#policy/rule.js").UserAttributes, {
+        userAgentHash?: string | undefined;
+        userId?: string | undefined;
+        ja4Hash?: string | undefined;
+        headersHash?: string | undefined;
+        userAgent?: string | undefined;
+    }>>, UserScopeInput, {} & {
+        ip?: string | undefined;
+        ipMask?: string | undefined;
+        numericIp?: bigint | undefined;
+        numericIpMaskMin?: bigint | undefined;
+        numericIpMaskMax?: bigint | undefined;
+    } & {
+        userAgentHash?: string | undefined;
+        userId?: string | undefined;
+        ja4Hash?: string | undefined;
+        headersHash?: string | undefined;
+        userAgent?: string | undefined;
+    }>>;
+    userScopeMatch: z.ZodDefault<z.ZodNativeEnum<typeof FilterScopeMatch>>;
+    groupId: z.ZodOptional<z.ZodString>;
+}, "strip", z.ZodTypeAny, {
+    policyScopeMatch: FilterScopeMatch;
+    userScopeMatch: FilterScopeMatch;
+    userScope?: UserScopeInput | undefined;
+    groupId?: string | undefined;
+    policyScope?: {
+        clientId?: string | undefined;
+    } | undefined;
+    policyScopes?: {
+        clientId?: string | undefined;
+    }[] | undefined;
+}, {
+    userScope?: ({} & {
+        ip?: string | undefined;
+        ipMask?: string | undefined;
+        numericIp?: bigint | undefined;
+        numericIpMaskMin?: bigint | undefined;
+        numericIpMaskMax?: bigint | undefined;
+    } & {
+        userAgentHash?: string | undefined;
+        userId?: string | undefined;
+        ja4Hash?: string | undefined;
+        headersHash?: string | undefined;
+        userAgent?: string | undefined;
+    }) | undefined;
+    groupId?: string | undefined;
+    policyScope?: {
+        clientId?: string | undefined;
+    } | undefined;
+    policyScopeMatch?: FilterScopeMatch | undefined;
+    userScopeMatch?: FilterScopeMatch | undefined;
+    policyScopes?: {
+        clientId?: string | undefined;
+    }[] | undefined;
+}>;
+export declare const getAccessRuleFiltersFromInput: (filterInput: AccessRulesFilterInput) => AccessRulesFilter[];
+export {};
+//# sourceMappingURL=ruleInput.d.ts.map

package/dist/ruleInput/ruleInput.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ruleInput.d.ts","sourceRoot":"","sources":["../../src/ruleInput/ruleInput.ts"],"names":[],"mappings":"AAeA,OAAO,EAAE,KAAK,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACtC,OAAO,KAAK,EAAE,YAAY,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAC7E,OAAO,EAEN,KAAK,iBAAiB,EACtB,gBAAgB,EAChB,MAAM,yBAAyB,CAAC;AAEjC,OAAO,EAAE,KAAK,cAAc,EAAkB,MAAM,qBAAqB,CAAC;AAE1E,KAAK,cAAc,GAAG;IACrB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,WAAW,CAAC,EAAE,MAAM,CAAC;CACrB,CAAC;AAEF,MAAM,MAAM,eAAe,GAAG,YAAY,GACzC,WAAW,GACX,cAAc,GACd,cAAc,CAAC;AAiBhB,eAAO,MAAM,eAAe,EAAE,OAAO,CAAC,UAAU,CAQkB,CAAC;AAEnE,eAAO,MAAM,cAAc;;;;;;;;;;;;;EAG6C,CAAC;AAEzE,MAAM,MAAM,sBAAsB,GAAG,iBAAiB,GAAG;IACxD,SAAS,CAAC,EAAE,cAAc,CAAC;IAC3B,YAAY,CAAC,EAAE,WAAW,EAAE,CAAC;CAC7B,CAAC;AAEF,eAAO,MAAM,sBAAsB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAWmD,CAAC;AAEvF,eAAO,MAAM,6BAA6B,gBAC5B,sBAAsB,KACjC,iBAAiB,EAiBnB,CAAC"}

package/dist/ruleInput/ruleInput.js

@@ -0,0 +1,50 @@
+import { z } from "zod";
+import { FilterScopeMatch } from "../rulesStorage.js";
+import { policyScopeInput, accessPolicyInput } from "./policyInput.js";
+import { userScopeInput } from "./userScopeInput.js";
+const ruleGroupInput = z.object({
+  groupId: z.coerce.string().optional(),
+  ruleGroupId: z.coerce.string().optional()
+}).transform((ruleGroupInput2) => {
+  const { ruleGroupId, ...ruleGroup } = ruleGroupInput2;
+  if ("string" === typeof ruleGroupId) {
+    ruleGroup.groupId = ruleGroupId;
+  }
+  return ruleGroup;
+});
+const accessRuleInput = z.object({
+  ...accessPolicyInput.shape,
+  ...policyScopeInput.shape
+}).and(userScopeInput).and(ruleGroupInput).transform((ruleInput) => ruleInput);
+const ruleEntryInput = z.object({
+  rule: accessRuleInput,
+  expiresUnixTimestamp: z.coerce.number().optional()
+});
+const accessRulesFilterInput = z.object({
+  policyScope: policyScopeInput.optional(),
+  policyScopes: z.array(policyScopeInput).optional(),
+  policyScopeMatch: z.nativeEnum(FilterScopeMatch).default(FilterScopeMatch.Exact),
+  userScope: userScopeInput.optional(),
+  userScopeMatch: z.nativeEnum(FilterScopeMatch).default(FilterScopeMatch.Exact),
+  groupId: z.string().optional()
+});
+const getAccessRuleFiltersFromInput = (filterInput) => {
+  const { policyScopes, policyScope, ...filterBase } = filterInput;
+  const allPolicyScopes = policyScopes || [];
+  if (policyScope) {
+    allPolicyScopes.push(policyScope);
+  }
+  if (allPolicyScopes.length > 0) {
+    return allPolicyScopes.map((policyScope2) => ({
+      ...filterBase,
+      policyScope: policyScope2
+    }));
+  }
+  return [filterBase];
+};
+export {
+  accessRuleInput,
+  accessRulesFilterInput,
+  getAccessRuleFiltersFromInput,
+  ruleEntryInput
+};

package/dist/ruleInput/ruleInput.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ruleInput.js","sourceRoot":"","sources":["../../src/ruleInput/ruleInput.ts"],"names":[],"mappings":"AAeA,OAAO,EAAgB,CAAC,EAAE,MAAM,KAAK,CAAC;AAEtC,OAAO,EAGN,gBAAgB,GAChB,MAAM,yBAAyB,CAAC;AACjC,OAAO,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AACvE,OAAO,EAAuB,cAAc,EAAE,MAAM,qBAAqB,CAAC;AAY1E,MAAM,cAAc,GAAG,CAAC;KACtB,MAAM,CAAC;IACP,OAAO,EAAE,CAAC,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACrC,WAAW,EAAE,CAAC,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CACP,CAAC;KACnC,SAAS,CAAC,CAAC,cAA8B,EAAE,EAAE;IAC7C,MAAM,EAAE,WAAW,EAAE,GAAG,SAAS,EAAE,GAAG,cAAc,CAAC;IAErD,IAAI,QAAQ,KAAK,OAAO,WAAW,EAAE,CAAC;QACrC,SAAS,CAAC,OAAO,GAAG,WAAW,CAAC;IACjC,CAAC;IAED,OAAO,SAAS,CAAC;AAClB,CAAC,CAAC,CAAC;AAEJ,MAAM,CAAC,MAAM,eAAe,GAAwB,CAAC;KACnD,MAAM,CAAC;IACP,GAAG,iBAAiB,CAAC,KAAK;IAC1B,GAAG,gBAAgB,CAAC,KAAK;CACzB,CAAC;KACD,GAAG,CAAC,cAAc,CAAC;KACnB,GAAG,CAAC,cAAc,CAAC;KAEnB,SAAS,CAAC,CAAC,SAA0B,EAAc,EAAE,CAAC,SAAS,CAAC,CAAC;AAEnE,MAAM,CAAC,MAAM,cAAc,GAAG,CAAC,CAAC,MAAM,CAAC;IACtC,IAAI,EAAE,eAAe;IACrB,oBAAoB,EAAE,CAAC,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CACf,CAAoC,CAAC;AAOzE,MAAM,CAAC,MAAM,sBAAsB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC9C,WAAW,EAAE,gBAAgB,CAAC,QAAQ,EAAE;IACxC,YAAY,EAAE,CAAC,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC,QAAQ,EAAE;IAClD,gBAAgB,EAAE,CAAC;SACjB,UAAU,CAAC,gBAAgB,CAAC;SAC5B,OAAO,CAAC,gBAAgB,CAAC,KAAK,CAAC;IACjC,SAAS,EAAE,cAAc,CAAC,QAAQ,EAAE;IACpC,cAAc,EAAE,CAAC;SACf,UAAU,CAAC,gBAAgB,CAAC;SAC5B,OAAO,CAAC,gBAAgB,CAAC,KAAK,CAAC;IACjC,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CACY,CAA2C,CAAC;AAEvF,MAAM,CAAC,MAAM,6BAA6B,GAAG,CAC5C,WAAmC,EACb,EAAE;IACxB,MAAM,EAAE,YAAY,EAAE,WAAW,EAAE,GAAG,UAAU,EAAE,GAAG,WAAW,CAAC;IAEjE,MAAM,eAAe,GAAG,YAAY,IAAI,EAAE,CAAC;IAE3C,IAAI,WAAW,EAAE,CAAC;QACjB,eAAe,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;IACnC,CAAC;IAED,IAAI,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAChC,OAAO,eAAe,CAAC,GAAG,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;YAC5C,GAAG,UAAU;YACb,WAAW;SACX,CAAC,CAAC,CAAC;IACL,CAAC;IAED,OAAO,CAAC,UAAU,CAAC,CAAC;AACrB,CAAC,CAAC"}

package/dist/ruleInput/userScopeInput.d.ts

@@ -0,0 +1,93 @@
+import { z } from "zod";
+import type { UserAttributes, UserIp } from "#policy/rule.js";
+import type { UserAttributesRecord, UserIpRecord } from "#policy/ruleRecord.js";
+export type UserAttributesInput = UserAttributes & UserAttributesRecord;
+export type UserIpInput = UserIp & UserIpRecord;
+export type UserScopeInput = UserAttributesInput & UserIpInput;
+export declare const userScopeSchema: z.ZodObject<{
+    userId: z.ZodOptional<z.ZodString>;
+    ja4Hash: z.ZodOptional<z.ZodString>;
+    headersHash: z.ZodOptional<z.ZodString>;
+    userAgentHash: z.ZodOptional<z.ZodString>;
+    numericIp: z.ZodOptional<z.ZodBigInt>;
+    numericIpMaskMin: z.ZodOptional<z.ZodBigInt>;
+    numericIpMaskMax: z.ZodOptional<z.ZodBigInt>;
+}, "strip", z.ZodTypeAny, {
+    userAgentHash?: string | undefined;
+    userId?: string | undefined;
+    ja4Hash?: string | undefined;
+    headersHash?: string | undefined;
+    numericIp?: bigint | undefined;
+    numericIpMaskMin?: bigint | undefined;
+    numericIpMaskMax?: bigint | undefined;
+}, {
+    userAgentHash?: string | undefined;
+    userId?: string | undefined;
+    ja4Hash?: string | undefined;
+    headersHash?: string | undefined;
+    numericIp?: bigint | undefined;
+    numericIpMaskMin?: bigint | undefined;
+    numericIpMaskMax?: bigint | undefined;
+}>;
+export declare const userScopeInput: z.ZodEffects<z.ZodIntersection<z.ZodIntersection<z.ZodObject<{}, "strip", z.ZodTypeAny, {}, {}>, z.ZodEffects<z.ZodObject<{
+    ip: z.ZodOptional<z.ZodString>;
+    ipMask: z.ZodOptional<z.ZodString>;
+    numericIp: z.ZodOptional<z.ZodBigInt>;
+    numericIpMaskMin: z.ZodOptional<z.ZodBigInt>;
+    numericIpMaskMax: z.ZodOptional<z.ZodBigInt>;
+}, "strip", z.ZodTypeAny, {
+    ip?: string | undefined;
+    ipMask?: string | undefined;
+    numericIp?: bigint | undefined;
+    numericIpMaskMin?: bigint | undefined;
+    numericIpMaskMax?: bigint | undefined;
+}, {
+    ip?: string | undefined;
+    ipMask?: string | undefined;
+    numericIp?: bigint | undefined;
+    numericIpMaskMin?: bigint | undefined;
+    numericIpMaskMax?: bigint | undefined;
+}>, UserIp, {
+    ip?: string | undefined;
+    ipMask?: string | undefined;
+    numericIp?: bigint | undefined;
+    numericIpMaskMin?: bigint | undefined;
+    numericIpMaskMax?: bigint | undefined;
+}>>, z.ZodEffects<z.ZodObject<{
+    userAgent: z.ZodOptional<z.ZodString>;
+    userId: z.ZodOptional<z.ZodString>;
+    ja4Hash: z.ZodOptional<z.ZodString>;
+    headersHash: z.ZodOptional<z.ZodString>;
+    userAgentHash: z.ZodOptional<z.ZodString>;
+}, "strip", z.ZodTypeAny, {
+    userAgentHash?: string | undefined;
+    userId?: string | undefined;
+    ja4Hash?: string | undefined;
+    headersHash?: string | undefined;
+    userAgent?: string | undefined;
+}, {
+    userAgentHash?: string | undefined;
+    userId?: string | undefined;
+    ja4Hash?: string | undefined;
+    headersHash?: string | undefined;
+    userAgent?: string | undefined;
+}>, UserAttributes, {
+    userAgentHash?: string | undefined;
+    userId?: string | undefined;
+    ja4Hash?: string | undefined;
+    headersHash?: string | undefined;
+    userAgent?: string | undefined;
+}>>, UserScopeInput, {} & {
+    ip?: string | undefined;
+    ipMask?: string | undefined;
+    numericIp?: bigint | undefined;
+    numericIpMaskMin?: bigint | undefined;
+    numericIpMaskMax?: bigint | undefined;
+} & {
+    userAgentHash?: string | undefined;
+    userId?: string | undefined;
+    ja4Hash?: string | undefined;
+    headersHash?: string | undefined;
+    userAgent?: string | undefined;
+}>;
+//# sourceMappingURL=userScopeInput.d.ts.map

package/dist/ruleInput/userScopeInput.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"userScopeInput.d.ts","sourceRoot":"","sources":["../../src/ruleInput/userScopeInput.ts"],"names":[],"mappings":"AAkBA,OAAO,EAAgB,CAAC,EAAE,MAAM,KAAK,CAAC;AACtC,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,EAAa,MAAM,iBAAiB,CAAC;AACzE,OAAO,KAAK,EAAE,oBAAoB,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AAEhF,MAAM,MAAM,mBAAmB,GAAG,cAAc,GAAG,oBAAoB,CAAC;AA6BxE,MAAM,MAAM,WAAW,GAAG,MAAM,GAAG,YAAY,CAAC;AAsChD,MAAM,MAAM,cAAc,GAAG,mBAAmB,GAAG,WAAW,CAAC;AAE/D,eAAO,MAAM,eAAe;;;;;;;;;;;;;;;;;;;;;;;;EAGgC,CAAC;AAE7D,eAAO,MAAM,cAAc;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAQzB,CAAC"}