@prosopo/user-access-policy 3.5.19 → 3.5.28

package/CHANGELOG.md

@@ -1,5 +1,89 @@
 # @prosopo/user-access-policy
 
+## 3.5.28
+### Patch Changes
+
+- 8ce9205: enhance/uap-rules-push
+- 8ce9205: Change engine requirements
+- b6e98b2: Run npm audit
+- Updated dependencies [15ae7cf]
+- Updated dependencies [bb5f41c]
+- Updated dependencies [8ce9205]
+- Updated dependencies [b6e98b2]
+  - @prosopo/types@3.6.0
+  - @prosopo/util@3.2.0
+  - @prosopo/redis-client@1.0.7
+  - @prosopo/api-route@2.6.30
+  - @prosopo/common@3.1.22
+  - @prosopo/api@3.1.33
+
+## 3.5.27
+### Patch Changes
+
+- Updated dependencies [8f1773a]
+  - @prosopo/types@3.5.11
+  - @prosopo/api@3.1.32
+
+## 3.5.26
+### Patch Changes
+
+- Updated dependencies [cb8ab85]
+  - @prosopo/types@3.5.10
+  - @prosopo/api@3.1.31
+
+## 3.5.25
+### Patch Changes
+
+- 005ce66: Split load balancer into URL fn and getter fn for private repo
+- Updated dependencies [43907e8]
+- Updated dependencies [005ce66]
+- Updated dependencies [7101036]
+  - @prosopo/types@3.5.9
+  - @prosopo/util@3.1.7
+  - @prosopo/api@3.1.30
+
+## 3.5.24
+### Patch Changes
+
+- Updated dependencies [e5c259d]
+  - @prosopo/types@3.5.8
+  - @prosopo/api@3.1.29
+
+## 3.5.23
+### Patch Changes
+
+- c9d8fdf: feat/access-policy-group
+- b8185a4: feat/uap-rules-syncer
+- Updated dependencies [c9d8fdf]
+- Updated dependencies [b8185a4]
+  - @prosopo/api@3.1.28
+  - @prosopo/common@3.1.21
+  - @prosopo/api-route@2.6.29
+  - @prosopo/redis-client@1.0.6
+  - @prosopo/types@3.5.7
+  - @prosopo/util@3.1.6
+
+## 3.5.22
+### Patch Changes
+
+- Updated dependencies [5d11a81]
+  - @prosopo/types@3.5.6
+  - @prosopo/api@3.1.27
+
+## 3.5.21
+### Patch Changes
+
+- Updated dependencies [494c5a8]
+  - @prosopo/types@3.5.5
+  - @prosopo/api@3.1.26
+
+## 3.5.20
+### Patch Changes
+
+- Updated dependencies [08ff50f]
+  - @prosopo/types@3.5.4
+  - @prosopo/api@3.1.25
+
 ## 3.5.19
 ### Patch Changes
 

package/dist/.export.js

@@ -0,0 +1,21 @@
+import "./ruleInput/.export.js";
+import { makeAccessRuleHash, transformAccessRuleIntoRecord, transformAccessRuleRecordIntoRule } from "./transformRule.js";
+import { AccessPolicyType } from "./rule.js";
+import { FilterScopeMatch } from "./rulesStorage.js";
+import { getUserScopeRecordFromAccessRuleRecord, userScopeRecordFields } from "./ruleRecord.js";
+import { accessRuleInput } from "./ruleInput/ruleInput.js";
+import { accessPolicyInput, policyScopeInput } from "./ruleInput/policyInput.js";
+import { userScopeInput } from "./ruleInput/userScopeInput.js";
+export {
+  AccessPolicyType,
+  FilterScopeMatch,
+  accessPolicyInput,
+  accessRuleInput,
+  getUserScopeRecordFromAccessRuleRecord,
+  makeAccessRuleHash,
+  policyScopeInput,
+  transformAccessRuleIntoRecord,
+  transformAccessRuleRecordIntoRule,
+  userScopeInput,
+  userScopeRecordFields
+};

package/dist/api/.export.js

@@ -0,0 +1,11 @@
+import "./delete/.export.js";
+import "./read/.export.js";
+import "./write/.export.js";
+import { AccessRuleApiRoutes, accessRuleApiPaths, getExpressApiRuleRateLimits } from "./ruleApiRoutes.js";
+import { AccessRulesApiClient } from "./rulesApiClient.js";
+export {
+  AccessRuleApiRoutes,
+  AccessRulesApiClient,
+  accessRuleApiPaths,
+  getExpressApiRuleRateLimits
+};

package/dist/api/delete/.export.js

@@ -0,0 +1 @@
+

package/dist/api/{deleteAllRulesEndpoint.js → delete/deleteAllRules.js}

@@ -1,12 +1,17 @@
 import { ApiEndpointResponseStatus } from "@prosopo/api-route";
-import { z } from "zod";
-const deleteAllRulesEndpointSchema = z.object({});
 class DeleteAllRulesEndpoint {
-  constructor(accessRulesStorage) {
+  constructor(accessRulesStorage, logger) {
     this.accessRulesStorage = accessRulesStorage;
+    this.logger = logger;
   }
-  async processRequest(args) {
+  getRequestArgsSchema() {
+  }
+  async processRequest() {
     const deletedCount = await this.accessRulesStorage.deleteAllRules();
+    this.logger.info(() => ({
+      msg: "Endpoint deleted all access rules",
+      data: { deletedCount }
+    }));
     return {
       status: ApiEndpointResponseStatus.SUCCESS,
       data: {
@@ -14,11 +19,7 @@ class DeleteAllRulesEndpoint {
       }
     };
   }
-  getRequestArgsSchema() {
-    return deleteAllRulesEndpointSchema;
-  }
 }
 export {
-  DeleteAllRulesEndpoint,
-  deleteAllRulesEndpointSchema
+  DeleteAllRulesEndpoint
 };

package/dist/api/delete/deleteRuleGroups.js

@@ -0,0 +1,52 @@
+import { ApiEndpointResponseStatus } from "@prosopo/api-route";
+import { z } from "zod";
+import { FilterScopeMatch } from "../../rulesStorage.js";
+class DeleteRuleGroupsEndpoint {
+  constructor(accessRulesStorage, logger) {
+    this.accessRulesStorage = accessRulesStorage;
+    this.logger = logger;
+  }
+  getRequestArgsSchema() {
+    return z.array(
+      z.object({
+        clientIds: z.string().array(),
+        groupId: z.string()
+      })
+    );
+  }
+  async processRequest(args) {
+    const foundRuleIdPromises = args.flatMap(
+      (ruleToDelete) => ruleToDelete.clientIds.map(
+        (clientId) => this.accessRulesStorage.findRuleIds({
+          policyScope: {
+            clientId
+          },
+          policyScopeMatch: FilterScopeMatch.Exact,
+          groupId: ruleToDelete.groupId
+        })
+      )
+    );
+    const foundRuleIds = await Promise.all(foundRuleIdPromises);
+    const ruleIds = foundRuleIds.flat();
+    const uniqueRuleIds = [...new Set(ruleIds)];
+    if (uniqueRuleIds.length > 0) {
+      await this.accessRulesStorage.deleteRules(uniqueRuleIds);
+    }
+    this.logger.info(() => ({
+      msg: "Endpoint deleted rule groups",
+      data: {
+        args,
+        uniqueRuleIds
+      }
+    }));
+    return {
+      status: ApiEndpointResponseStatus.SUCCESS,
+      data: {
+        deleted_count: uniqueRuleIds.length
+      }
+    };
+  }
+}
+export {
+  DeleteRuleGroupsEndpoint
+};

package/dist/api/delete/deleteRules.js

@@ -0,0 +1,43 @@
+import { ApiEndpointResponseStatus } from "@prosopo/api-route";
+import { executeBatchesSequentially } from "@prosopo/common";
+import { z } from "zod";
+import { accessRulesFilterInput, getAccessRuleFiltersFromInput } from "../../ruleInput/ruleInput.js";
+class DeleteRulesEndpoint {
+  constructor(accessRulesStorage, logger) {
+    this.accessRulesStorage = accessRulesStorage;
+    this.logger = logger;
+  }
+  getRequestArgsSchema() {
+    return z.array(accessRulesFilterInput);
+  }
+  async processRequest(args) {
+    let deletedCount = 0;
+    for (const rulesFilterInput of args) {
+      const ruleFilters = getAccessRuleFiltersFromInput(rulesFilterInput);
+      await executeBatchesSequentially(ruleFilters, async (ruleFilter) => {
+        const ruleIds = await this.accessRulesStorage.findRuleIds(ruleFilter);
+        const uniqueRuleIds = [...new Set(ruleIds)];
+        if (uniqueRuleIds.length > 0) {
+          await this.accessRulesStorage.deleteRules(uniqueRuleIds);
+          deletedCount += uniqueRuleIds.length;
+          this.logger.info(() => ({
+            msg: "Endpoint deleted rules",
+            data: {
+              rulesFilterInput,
+              uniqueRuleIds
+            }
+          }));
+        }
+      });
+    }
+    return {
+      status: ApiEndpointResponseStatus.SUCCESS,
+      data: {
+        deleted_count: deletedCount
+      }
+    };
+  }
+}
+export {
+  DeleteRulesEndpoint
+};

package/dist/api/read/.export.js

@@ -0,0 +1 @@
+

package/dist/api/read/fetchRules.js

@@ -0,0 +1,43 @@
+import { ApiEndpointResponseStatus } from "@prosopo/api-route";
+import { z } from "zod";
+import { ruleEntryInput } from "../../ruleInput/ruleInput.js";
+const fetchRulesResponse = z.object({
+  ruleEntries: ruleEntryInput.array()
+});
+class FetchRulesEndpoint {
+  constructor(accessRulesStorage, logger) {
+    this.accessRulesStorage = accessRulesStorage;
+    this.logger = logger;
+  }
+  getRequestArgsSchema() {
+    return z.object({
+      ids: z.string().array()
+    });
+  }
+  async processRequest(args) {
+    const ruleEntries = await this.accessRulesStorage.fetchRules(args.ids);
+    this.logger.info(() => ({
+      msg: "Endpoint fetched rules",
+      data: {
+        requestedCount: args.ids.length,
+        foundCount: ruleEntries.length
+      }
+    }));
+    this.logger.debug(() => ({
+      msg: "Fetched rule details",
+      data: {
+        ruleEntries
+      }
+    }));
+    return {
+      status: ApiEndpointResponseStatus.SUCCESS,
+      data: {
+        ruleEntries
+      }
+    };
+  }
+}
+export {
+  FetchRulesEndpoint,
+  fetchRulesResponse
+};

package/dist/api/read/findRuleIds.js

@@ -0,0 +1,50 @@
+import { ApiEndpointResponseStatus } from "@prosopo/api-route";
+import { executeBatchesSequentially } from "@prosopo/common";
+import { z } from "zod";
+import { accessRulesFilterInput, getAccessRuleFiltersFromInput } from "../../ruleInput/ruleInput.js";
+const ruleIdsResponse = z.object({
+  ruleIds: z.string().array()
+});
+class FindRuleIdsEndpoint {
+  constructor(accessRulesStorage, logger) {
+    this.accessRulesStorage = accessRulesStorage;
+    this.logger = logger;
+  }
+  getRequestArgsSchema() {
+    return z.array(accessRulesFilterInput);
+  }
+  async processRequest(args) {
+    const ruleIdBatches = await executeBatchesSequentially(
+      args,
+      async (rulesFilterInput) => {
+        const ruleFilters = getAccessRuleFiltersFromInput(rulesFilterInput);
+        const ruleIds2 = await executeBatchesSequentially(
+          ruleFilters,
+          (ruleFilter) => this.accessRulesStorage.findRuleIds(ruleFilter)
+        );
+        return ruleIds2.flat();
+      }
+    );
+    const ruleIds = ruleIdBatches.flat();
+    const uniqueRuleIds = [...new Set(ruleIds)];
+    this.logger.info(() => ({
+      msg: "Endpoint found rules",
+      data: {
+        totalFoundCount: ruleIds.length,
+        uniqueFoundCount: uniqueRuleIds.length,
+        searchFilters: args,
+        foundIds: uniqueRuleIds
+      }
+    }));
+    return {
+      status: ApiEndpointResponseStatus.SUCCESS,
+      data: {
+        ruleIds: uniqueRuleIds
+      }
+    };
+  }
+}
+export {
+  FindRuleIdsEndpoint,
+  ruleIdsResponse
+};

package/dist/api/read/getMissingIds.js

@@ -0,0 +1,41 @@
+import { ApiEndpointResponseStatus } from "@prosopo/api-route";
+import { z } from "zod";
+const missingIdsResponse = z.object({
+  ids: z.string().array()
+});
+class GetMissingIdsEndpoint {
+  constructor(accessRulesStorage, logger) {
+    this.accessRulesStorage = accessRulesStorage;
+    this.logger = logger;
+  }
+  getRequestArgsSchema() {
+    return z.string().array();
+  }
+  async processRequest(args) {
+    const missingIds = await this.accessRulesStorage.getMissingRuleIds(args);
+    this.logger.info(() => ({
+      msg: "Endpoint checked missing ids",
+      data: {
+        idsToCheck: args.length,
+        missingIds: missingIds.length
+      }
+    }));
+    this.logger.debug(() => ({
+      msg: "Missing id details",
+      data: {
+        idsToCheck: args,
+        missingIds
+      }
+    }));
+    return {
+      status: ApiEndpointResponseStatus.SUCCESS,
+      data: {
+        ids: missingIds
+      }
+    };
+  }
+}
+export {
+  GetMissingIdsEndpoint,
+  missingIdsResponse
+};

package/dist/api/ruleApiRoutes.js

@@ -0,0 +1,131 @@
+import { FetchRulesEndpoint } from "./read/fetchRules.js";
+import { FindRuleIdsEndpoint } from "./read/findRuleIds.js";
+import { GetMissingIdsEndpoint } from "./read/getMissingIds.js";
+import { RehashRulesEndpoint } from "./write/rehashRules.js";
+import { DeleteAllRulesEndpoint } from "./delete/deleteAllRules.js";
+import { DeleteRuleGroupsEndpoint } from "./delete/deleteRuleGroups.js";
+import { DeleteRulesEndpoint } from "./delete/deleteRules.js";
+import { InsertRulesEndpoint } from "./write/insertRules.js";
+var accessRuleApiPaths = /* @__PURE__ */ ((accessRuleApiPaths2) => {
+  accessRuleApiPaths2["DELETE_ALL"] = "/v1/prosopo/user-access-policy/rules/delete-all";
+  accessRuleApiPaths2["DELETE_GROUPS"] = "/v1/prosopo/user-access-policy/rules/delete-groups";
+  accessRuleApiPaths2["DELETE_MANY"] = "/v1/prosopo/user-access-policy/rules/delete-many";
+  accessRuleApiPaths2["FETCH_MANY"] = "/v1/prosopo/user-access-policy/rules/fetch-many";
+  accessRuleApiPaths2["FIND_IDS"] = "/v1/prosopo/user-access-policy/rules/find-ids";
+  accessRuleApiPaths2["GET_MISSING_IDS"] = "/v1/prosopo/user-access-policy/rules/get-missing-ids";
+  accessRuleApiPaths2["INSERT_MANY"] = "/v1/prosopo/user-access-policy/rules/insert-many";
+  accessRuleApiPaths2["REHASH_ALL"] = "/v1/prosopo/user-access-policy/rules/rehash-all";
+  return accessRuleApiPaths2;
+})(accessRuleApiPaths || {});
+class AccessRuleApiRoutes {
+  constructor(accessRulesStorage, logger) {
+    this.accessRulesStorage = accessRulesStorage;
+    this.logger = logger;
+  }
+  getRoutes() {
+    return {
+      ...this.makeDeleteEndpoints(),
+      ...this.makeReadEndpoints(),
+      ...this.makeWriteEndpoints()
+    };
+  }
+  makeDeleteEndpoints() {
+    return {
+      [
+        "/v1/prosopo/user-access-policy/rules/delete-all"
+        /* DELETE_ALL */
+      ]: new DeleteAllRulesEndpoint(
+        this.accessRulesStorage,
+        this.logger
+      ),
+      [
+        "/v1/prosopo/user-access-policy/rules/delete-groups"
+        /* DELETE_GROUPS */
+      ]: new DeleteRuleGroupsEndpoint(
+        this.accessRulesStorage,
+        this.logger
+      ),
+      [
+        "/v1/prosopo/user-access-policy/rules/delete-many"
+        /* DELETE_MANY */
+      ]: new DeleteRulesEndpoint(
+        this.accessRulesStorage,
+        this.logger
+      )
+    };
+  }
+  makeReadEndpoints() {
+    return {
+      [
+        "/v1/prosopo/user-access-policy/rules/fetch-many"
+        /* FETCH_MANY */
+      ]: new FetchRulesEndpoint(
+        this.accessRulesStorage,
+        this.logger
+      ),
+      [
+        "/v1/prosopo/user-access-policy/rules/find-ids"
+        /* FIND_IDS */
+      ]: new FindRuleIdsEndpoint(
+        this.accessRulesStorage,
+        this.logger
+      ),
+      [
+        "/v1/prosopo/user-access-policy/rules/get-missing-ids"
+        /* GET_MISSING_IDS */
+      ]: new GetMissingIdsEndpoint(
+        this.accessRulesStorage,
+        this.logger
+      )
+    };
+  }
+  makeWriteEndpoints() {
+    return {
+      [
+        "/v1/prosopo/user-access-policy/rules/insert-many"
+        /* INSERT_MANY */
+      ]: new InsertRulesEndpoint(
+        this.accessRulesStorage,
+        this.logger
+      ),
+      [
+        "/v1/prosopo/user-access-policy/rules/rehash-all"
+        /* REHASH_ALL */
+      ]: new RehashRulesEndpoint(
+        this.accessRulesStorage,
+        this.logger
+      )
+    };
+  }
+}
+const getExpressApiRuleRateLimits = () => {
+  const defaults = {
+    limit: 5,
+    windowSeconds: 10
+  };
+  const defaultWindowMs = defaults.windowSeconds * 1e3;
+  const rateLimitEntries = Object.entries(accessRuleApiPaths).map(
+    ([endpointName, endpointPath]) => [
+      endpointPath,
+      {
+        windowMs: getIntEnvironmentVariable(
+          `PROSOPO_USER_ACCESS_POLICY_RULE_${endpointName}_WINDOW`
+        ) || defaultWindowMs,
+        limit: getIntEnvironmentVariable(
+          `PROSOPO_USER_ACCESS_POLICY_RULE_${endpointName}_LIMIT`
+        ) || defaults.limit
+      }
+    ]
+  );
+  return Object.fromEntries(rateLimitEntries);
+};
+const getIntEnvironmentVariable = (variableName) => {
+  const variableValue = process.env[variableName];
+  const numericValue = variableValue ? Number.parseInt(variableValue) : Number.NaN;
+  return Number.isInteger(numericValue) ? numericValue : void 0;
+};
+export {
+  AccessRuleApiRoutes,
+  accessRuleApiPaths,
+  getExpressApiRuleRateLimits
+};

package/dist/api/rulesApiClient.js

@@ -0,0 +1,93 @@
+import { ApiClient } from "@prosopo/api";
+import { fetchRulesResponse } from "./read/fetchRules.js";
+import { ruleIdsResponse } from "./read/findRuleIds.js";
+import { missingIdsResponse } from "./read/getMissingIds.js";
+import { accessRuleApiPaths } from "./ruleApiRoutes.js";
+class AccessRulesApiClient extends ApiClient {
+  //// delete
+  deleteMany(filters, timestamp, signature) {
+    return this.post(
+      accessRuleApiPaths.DELETE_MANY,
+      filters,
+      this.getAuthHeaders(timestamp, signature)
+    );
+  }
+  deleteGroups(siteGroups, timestamp, signature) {
+    return this.post(
+      accessRuleApiPaths.DELETE_GROUPS,
+      siteGroups,
+      this.getAuthHeaders(timestamp, signature)
+    );
+  }
+  deleteAll(timestamp, signature) {
+    return this.post(
+      accessRuleApiPaths.DELETE_ALL,
+      {},
+      this.getAuthHeaders(timestamp, signature)
+    );
+  }
+  //// read
+  async getMissingIds(idsToCheck, timestamp, signature) {
+    const endpointResponse = await this.post(
+      accessRuleApiPaths.GET_MISSING_IDS,
+      idsToCheck,
+      this.getAuthHeaders(timestamp, signature)
+    );
+    const parsedData = missingIdsResponse.safeParse(endpointResponse.data);
+    return {
+      ...endpointResponse,
+      data: parsedData.success ? parsedData.data : void 0
+    };
+  }
+  async fetchMany(fetchOptions, timestamp, signature) {
+    const endpointResponse = await this.post(
+      accessRuleApiPaths.FETCH_MANY,
+      fetchOptions,
+      this.getAuthHeaders(timestamp, signature)
+    );
+    const parsedData = fetchRulesResponse.safeParse(endpointResponse.data);
+    return {
+      ...endpointResponse,
+      data: parsedData.success ? parsedData.data : void 0
+    };
+  }
+  async findIds(filters, timestamp, signature) {
+    const endpointResponse = await this.post(
+      accessRuleApiPaths.FIND_IDS,
+      filters,
+      this.getAuthHeaders(timestamp, signature)
+    );
+    const parsedData = ruleIdsResponse.safeParse(endpointResponse.data);
+    return {
+      ...endpointResponse,
+      data: parsedData.success ? parsedData.data : void 0
+    };
+  }
+  //// write
+  async rehashAll(timestamp, signature) {
+    return this.post(
+      accessRuleApiPaths.REHASH_ALL,
+      {},
+      this.getAuthHeaders(timestamp, signature)
+    );
+  }
+  insertMany(ruleGroups, timestamp, signature) {
+    return this.post(
+      accessRuleApiPaths.INSERT_MANY,
+      ruleGroups,
+      this.getAuthHeaders(timestamp, signature)
+    );
+  }
+  getAuthHeaders(timestamp, signature) {
+    return {
+      headers: {
+        "Prosopo-Site-Key": this.account,
+        timestamp,
+        signature
+      }
+    };
+  }
+}
+export {
+  AccessRulesApiClient
+};

package/dist/api/write/.export.js

@@ -0,0 +1 @@
+