@prosopo/user-access-policy 3.5.19 → 3.5.28

package/dist/api/insertRulesEndpoint.js

@@ -1,62 +0,0 @@
-import { ApiEndpointResponseStatus } from "@prosopo/api-route";
-import { getLogger, LogLevel } from "@prosopo/common";
-import { z } from "zod";
-import { userScopeInputSchema, policyScopeSchema, accessPolicySchema } from "../accessPolicy.js";
-const insertRulesEndpointSchema = z.object({
-  accessPolicy: accessPolicySchema,
-  policyScope: policyScopeSchema.optional(),
-  userScopes: z.array(userScopeInputSchema),
-  expirationTimestamp: z.number().optional().transform((val) => val !== void 0 ? Math.floor(val) : val)
-});
-class InsertRulesEndpoint {
-  constructor(accessRulesWriter) {
-    this.accessRulesWriter = accessRulesWriter;
-  }
-  async processRequest(args, logger) {
-    logger = logger || getLogger(LogLevel.enum.info, "InsertRulesEndpoint");
-    const timeoutPromise = new Promise((resolve) => {
-      setTimeout(() => {
-        resolve({
-          status: ApiEndpointResponseStatus.PROCESSING
-        });
-      }, 5e3);
-    });
-    const createRulesPromise = this.createRules(args).then(() => ({
-      status: ApiEndpointResponseStatus.SUCCESS
-    })).catch((error) => {
-      if (logger?.getLogLevel() === LogLevel.enum.debug) {
-        logger.error(() => ({
-          err: error,
-          data: { args },
-          msg: "Failed to insert access rules"
-        }));
-      }
-      return {
-        status: ApiEndpointResponseStatus.FAIL
-      };
-    });
-    return Promise.race([timeoutPromise, createRulesPromise]);
-  }
-  getRequestArgsSchema() {
-    return insertRulesEndpointSchema;
-  }
-  async createRules(args) {
-    const policyScope = args.policyScope || {};
-    const createPromises = [];
-    for (const userScope of args.userScopes) {
-      const rule = {
-        ...args.accessPolicy,
-        ...policyScope,
-        ...userScope
-      };
-      createPromises.push(
-        this.accessRulesWriter.insertRule(rule, args.expirationTimestamp)
-      );
-    }
-    return Promise.all(createPromises);
-  }
-}
-export {
-  InsertRulesEndpoint,
-  insertRulesEndpointSchema
-};

package/dist/cjs/accessPolicy.cjs

@@ -1,80 +0,0 @@
-"use strict";
-Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
-const types = require("@prosopo/types");
-const util = require("@prosopo/util");
-const ipAddress = require("ip-address");
-const zod = require("zod");
-const util$1 = require("./util.cjs");
-var AccessPolicyType = /* @__PURE__ */ ((AccessPolicyType2) => {
-  AccessPolicyType2["Block"] = "block";
-  AccessPolicyType2["Restrict"] = "restrict";
-  return AccessPolicyType2;
-})(AccessPolicyType || {});
-const accessPolicySchema = zod.z.object({
-  type: zod.z.nativeEnum(AccessPolicyType),
-  captchaType: types.CaptchaTypeSchema.optional(),
-  description: zod.z.coerce.string().optional(),
-  // Redis stores values as strings, so coerce is needed to parse properly
-  solvedImagesCount: zod.z.coerce.number().optional(),
-  // the percentage of image panels that must be solved per image CAPTCHA
-  imageThreshold: zod.z.coerce.number().optional(),
-  // the Proof-of-Work difficulty level
-  powDifficulty: zod.z.coerce.number().optional(),
-  // the number of unsolved image CAPTCHA challenges to serve
-  unsolvedImagesCount: zod.z.coerce.number().optional(),
-  // used to increase the user's score
-  frictionlessScore: zod.z.coerce.number().optional()
-});
-const policyScopeSchema = zod.z.object({
-  clientId: zod.z.coerce.string().optional(),
-  ruleGroupId: zod.z.coerce.string().optional()
-});
-const userScopeSchema = zod.z.object({
-  // coerce is used for safety, as e.g., incoming userId can be digital
-  userId: zod.z.coerce.string().optional(),
-  numericIp: zod.z.coerce.bigint().optional(),
-  numericIpMaskMin: zod.z.coerce.bigint().optional(),
-  numericIpMaskMax: zod.z.coerce.bigint().optional(),
-  ja4Hash: zod.z.coerce.string().optional(),
-  headersHash: zod.z.coerce.string().optional(),
-  userAgentHash: zod.z.coerce.string().optional()
-});
-const userScopeInputSchema = userScopeSchema.extend({
-  // human-friendly ip versions. If present, then converted to numeric and removed from the object
-  // 127.0.0.1
-  ip: zod.z.string().optional(),
-  // 127.0.0.1/24
-  ipMask: zod.z.string().optional(),
-  // human friendly user agent
-  userAgent: zod.z.string().optional()
-}).transform((inputUserScope) => {
-  const { ip, ipMask, userAgent, ...userScope } = inputUserScope;
-  if ("string" === typeof ip) {
-    userScope.numericIp = util.getIPAddress(ip).bigInt();
-  }
-  if ("string" === typeof ipMask) {
-    const ipObject = new ipAddress.Address4(ipMask);
-    userScope.numericIpMaskMin = ipObject.startAddress().bigInt();
-    userScope.numericIpMaskMax = ipObject.endAddress().bigInt();
-  }
-  if ("string" === typeof userAgent) {
-    userScope.userAgentHash = util$1.hashUserAgent(userAgent);
-  }
-  return userScope;
-});
-const accessRuleSchemaExtended = zod.z.object({
-  // flat structure is used to fit the Redis requirements
-  ...accessPolicySchema.shape,
-  ...policyScopeSchema.shape,
-  ...userScopeInputSchema._def.schema.shape
-}).omit({
-  numericIp: true,
-  numericIpMaskMin: true,
-  numericIpMaskMax: true
-});
-exports.AccessPolicyType = AccessPolicyType;
-exports.accessPolicySchema = accessPolicySchema;
-exports.accessRuleSchemaExtended = accessRuleSchemaExtended;
-exports.policyScopeSchema = policyScopeSchema;
-exports.userScopeInputSchema = userScopeInputSchema;
-exports.userScopeSchema = userScopeSchema;

package/dist/cjs/accessPolicyResolver.cjs

@@ -1,31 +0,0 @@
-"use strict";
-Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
-const zod = require("zod");
-const accessPolicy = require("./accessPolicy.cjs");
-var ScopeMatch = /* @__PURE__ */ ((ScopeMatch2) => {
-  ScopeMatch2["Exact"] = "exact";
-  ScopeMatch2["Greedy"] = "greedy";
-  return ScopeMatch2;
-})(ScopeMatch || {});
-const policyFilterSchema = zod.z.object({
-  policyScope: accessPolicy.policyScopeSchema.optional(),
-  /**
-   * Exact: "clientId" => client rules, "undefined" => global rules. Used by the API
-   * Greedy: "clientId" => client + global rules, "undefined" => any rules. Used by the Express middleware
-   */
-  policyScopeMatch: zod.z.nativeEnum(ScopeMatch).default(
-    "exact"
-    /* Exact */
-  ),
-  userScope: accessPolicy.userScopeInputSchema.optional(),
-  /**
-   * Exact: finds rules where all the given fields matches and doesn't check IP against masks. Used by the API
-   * Greedy: finds rules where any of the given fields match and checks IP against masks. Used by the Express middleware
-   */
-  userScopeMatch: zod.z.nativeEnum(ScopeMatch).default(
-    "exact"
-    /* Exact */
-  )
-});
-exports.ScopeMatch = ScopeMatch;
-exports.policyFilterSchema = policyFilterSchema;

package/dist/cjs/accessRules.cjs

@@ -1,11 +0,0 @@
-"use strict";
-Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
-const zod = require("zod");
-const accessPolicy = require("./accessPolicy.cjs");
-const accessRuleSchema = zod.z.object({
-  // flat structure is used to fit the Redis requirements
-  ...accessPolicy.accessPolicySchema.shape,
-  ...accessPolicy.policyScopeSchema.shape,
-  ...accessPolicy.userScopeSchema.shape
-});
-exports.accessRuleSchema = accessRuleSchema;

package/dist/cjs/api/accessRuleApiRoutes.cjs

@@ -1,79 +0,0 @@
-"use strict";
-Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
-const deleteAllRulesEndpoint = require("./deleteAllRulesEndpoint.cjs");
-const deleteRulesEndpoint = require("./deleteRulesEndpoint.cjs");
-const insertRulesEndpoint = require("./insertRulesEndpoint.cjs");
-var accessRuleApiPaths = /* @__PURE__ */ ((accessRuleApiPaths2) => {
-  accessRuleApiPaths2["INSERT_MANY"] = "/v1/prosopo/user-access-policy/rules/insert-many";
-  accessRuleApiPaths2["DELETE_MANY"] = "/v1/prosopo/user-access-policy/rules/delete-many";
-  accessRuleApiPaths2["DELETE_ALL"] = "/v1/prosopo/user-access-policy/rules/delete-all";
-  return accessRuleApiPaths2;
-})(accessRuleApiPaths || {});
-class AccessRuleApiRoutes {
-  constructor(accessRulesStorage) {
-    this.accessRulesStorage = accessRulesStorage;
-  }
-  getRoutes() {
-    return [
-      {
-        path: "/v1/prosopo/user-access-policy/rules/insert-many",
-        endpoint: new insertRulesEndpoint.InsertRulesEndpoint(this.accessRulesStorage)
-      },
-      {
-        path: "/v1/prosopo/user-access-policy/rules/delete-many",
-        endpoint: new deleteRulesEndpoint.DeleteRulesEndpoint(this.accessRulesStorage)
-      },
-      {
-        path: "/v1/prosopo/user-access-policy/rules/delete-all",
-        endpoint: new deleteAllRulesEndpoint.DeleteAllRulesEndpoint(this.accessRulesStorage)
-      }
-    ];
-  }
-}
-const getExpressApiRuleRateLimits = () => {
-  const defaultWindowsMs = 6e4;
-  const defaultLimit = 5;
-  return {
-    [
-      "/v1/prosopo/user-access-policy/rules/insert-many"
-      /* INSERT_MANY */
-    ]: {
-      windowMs: getIntEnvironmentVariable(
-        "PROSOPO_USER_ACCESS_POLICY_RULE_INSERT_MANY_WINDOW"
-      ) || defaultWindowsMs,
-      limit: getIntEnvironmentVariable(
-        "PROSOPO_USER_ACCESS_POLICY_RULE_INSERT_MANY_LIMIT"
-      ) || defaultLimit
-    },
-    [
-      "/v1/prosopo/user-access-policy/rules/delete-many"
-      /* DELETE_MANY */
-    ]: {
-      windowMs: getIntEnvironmentVariable(
-        "PROSOPO_USER_ACCESS_POLICY_RULE_DELETE_MANY_WINDOW"
-      ) || defaultWindowsMs,
-      limit: getIntEnvironmentVariable(
-        "PROSOPO_USER_ACCESS_POLICY_RULE_DELETE_MANY_LIMIT"
-      ) || defaultLimit
-    },
-    [
-      "/v1/prosopo/user-access-policy/rules/delete-all"
-      /* DELETE_ALL */
-    ]: {
-      windowMs: getIntEnvironmentVariable(
-        "PROSOPO_USER_ACCESS_POLICY_RULE_DELETE_ALL_WINDOW"
-      ) || defaultWindowsMs,
-      limit: getIntEnvironmentVariable(
-        "PROSOPO_USER_ACCESS_POLICY_RULE_DELETE_ALL_LIMIT"
-      ) || defaultLimit
-    }
-  };
-};
-const getIntEnvironmentVariable = (variableName) => {
-  const variableValue = process.env[variableName];
-  const numericValue = variableValue ? Number.parseInt(variableValue) : Number.NaN;
-  return Number.isInteger(numericValue) ? numericValue : void 0;
-};
-exports.AccessRuleApiRoutes = AccessRuleApiRoutes;
-exports.accessRuleApiPaths = accessRuleApiPaths;
-exports.getExpressApiRuleRateLimits = getExpressApiRuleRateLimits;

package/dist/cjs/api/accessRulesApiClient.cjs

@@ -1,38 +0,0 @@
-"use strict";
-Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
-const api = require("@prosopo/api");
-const accessRuleApiRoutes = require("./accessRuleApiRoutes.cjs");
-class AccessRulesApiClient extends api.ApiClient {
-  insertMany(toInsert, timestamp, signature) {
-    return this.post(accessRuleApiRoutes.accessRuleApiPaths.INSERT_MANY, toInsert, {
-      headers: {
-        "Prosopo-Site-Key": this.account,
-        timestamp,
-        signature
-      }
-    });
-  }
-  deleteMany(toDelete, timestamp, signature) {
-    return this.post(accessRuleApiRoutes.accessRuleApiPaths.DELETE_MANY, toDelete, {
-      headers: {
-        "Prosopo-Site-Key": this.account,
-        timestamp,
-        signature
-      }
-    });
-  }
-  deleteAll(timestamp, signature) {
-    return this.post(
-      accessRuleApiRoutes.accessRuleApiPaths.DELETE_ALL,
-      {},
-      {
-        headers: {
-          "Prosopo-Site-Key": this.account,
-          timestamp,
-          signature
-        }
-      }
-    );
-  }
-}
-exports.AccessRulesApiClient = AccessRulesApiClient;

package/dist/cjs/api/deleteRulesEndpoint.cjs

@@ -1,34 +0,0 @@
-"use strict";
-Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
-const apiRoute = require("@prosopo/api-route");
-const zod = require("zod");
-const accessPolicyResolver = require("../accessPolicyResolver.cjs");
-const deleteRulesEndpointSchema = zod.z.array(accessPolicyResolver.policyFilterSchema);
-class DeleteRulesEndpoint {
-  constructor(accessRulesStorage) {
-    this.accessRulesStorage = accessRulesStorage;
-  }
-  async processRequest(args) {
-    const allRuleIds = [];
-    for (const accessRuleFilter of args) {
-      const parsedRules = accessPolicyResolver.policyFilterSchema.parse(accessRuleFilter);
-      const foundRuleIds = await this.accessRulesStorage.findRuleIds(parsedRules);
-      allRuleIds.push(...foundRuleIds);
-    }
-    const uniqueRuleIds = [...new Set(allRuleIds)];
-    if (uniqueRuleIds.length > 0) {
-      await this.accessRulesStorage.deleteRules(uniqueRuleIds);
-    }
-    return {
-      status: apiRoute.ApiEndpointResponseStatus.SUCCESS,
-      data: {
-        deleted_count: uniqueRuleIds.length
-      }
-    };
-  }
-  getRequestArgsSchema() {
-    return deleteRulesEndpointSchema;
-  }
-}
-exports.DeleteRulesEndpoint = DeleteRulesEndpoint;
-exports.deleteRulesEndpointSchema = deleteRulesEndpointSchema;

package/dist/cjs/api/insertRulesEndpoint.cjs

@@ -1,62 +0,0 @@
-"use strict";
-Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
-const apiRoute = require("@prosopo/api-route");
-const common = require("@prosopo/common");
-const zod = require("zod");
-const accessPolicy = require("../accessPolicy.cjs");
-const insertRulesEndpointSchema = zod.z.object({
-  accessPolicy: accessPolicy.accessPolicySchema,
-  policyScope: accessPolicy.policyScopeSchema.optional(),
-  userScopes: zod.z.array(accessPolicy.userScopeInputSchema),
-  expirationTimestamp: zod.z.number().optional().transform((val) => val !== void 0 ? Math.floor(val) : val)
-});
-class InsertRulesEndpoint {
-  constructor(accessRulesWriter) {
-    this.accessRulesWriter = accessRulesWriter;
-  }
-  async processRequest(args, logger) {
-    logger = logger || common.getLogger(common.LogLevel.enum.info, "InsertRulesEndpoint");
-    const timeoutPromise = new Promise((resolve) => {
-      setTimeout(() => {
-        resolve({
-          status: apiRoute.ApiEndpointResponseStatus.PROCESSING
-        });
-      }, 5e3);
-    });
-    const createRulesPromise = this.createRules(args).then(() => ({
-      status: apiRoute.ApiEndpointResponseStatus.SUCCESS
-    })).catch((error) => {
-      if (logger?.getLogLevel() === common.LogLevel.enum.debug) {
-        logger.error(() => ({
-          err: error,
-          data: { args },
-          msg: "Failed to insert access rules"
-        }));
-      }
-      return {
-        status: apiRoute.ApiEndpointResponseStatus.FAIL
-      };
-    });
-    return Promise.race([timeoutPromise, createRulesPromise]);
-  }
-  getRequestArgsSchema() {
-    return insertRulesEndpointSchema;
-  }
-  async createRules(args) {
-    const policyScope = args.policyScope || {};
-    const createPromises = [];
-    for (const userScope of args.userScopes) {
-      const rule = {
-        ...args.accessPolicy,
-        ...policyScope,
-        ...userScope
-      };
-      createPromises.push(
-        this.accessRulesWriter.insertRule(rule, args.expirationTimestamp)
-      );
-    }
-    return Promise.all(createPromises);
-  }
-}
-exports.InsertRulesEndpoint = InsertRulesEndpoint;
-exports.insertRulesEndpointSchema = insertRulesEndpointSchema;

package/dist/cjs/index.cjs

@@ -1,31 +0,0 @@
-"use strict";
-Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
-const accessPolicy = require("./accessPolicy.cjs");
-const accessPolicyResolver = require("./accessPolicyResolver.cjs");
-const accessRules = require("./accessRules.cjs");
-const accessRuleApiRoutes = require("./api/accessRuleApiRoutes.cjs");
-const deleteAllRulesEndpoint = require("./api/deleteAllRulesEndpoint.cjs");
-const deleteRulesEndpoint = require("./api/deleteRulesEndpoint.cjs");
-const insertRulesEndpoint = require("./api/insertRulesEndpoint.cjs");
-const redisRulesStorage = require("./redis/redisRulesStorage.cjs");
-const redisRulesIndex = require("./redis/redisRulesIndex.cjs");
-const accessRulesApiClient = require("./api/accessRulesApiClient.cjs");
-const createApiRuleRoutesProvider = (rulesStorage) => {
-  return new accessRuleApiRoutes.AccessRuleApiRoutes(rulesStorage);
-};
-exports.AccessPolicyType = accessPolicy.AccessPolicyType;
-exports.accessPolicySchema = accessPolicy.accessPolicySchema;
-exports.accessRuleSchemaExtended = accessPolicy.accessRuleSchemaExtended;
-exports.policyScopeSchema = accessPolicy.policyScopeSchema;
-exports.userScopeInputSchema = accessPolicy.userScopeInputSchema;
-exports.ScopeMatch = accessPolicyResolver.ScopeMatch;
-exports.accessRuleSchema = accessRules.accessRuleSchema;
-exports.accessRuleApiPaths = accessRuleApiRoutes.accessRuleApiPaths;
-exports.getExpressApiRuleRateLimits = accessRuleApiRoutes.getExpressApiRuleRateLimits;
-exports.deleteAllRulesEndpointSchema = deleteAllRulesEndpoint.deleteAllRulesEndpointSchema;
-exports.deleteRulesEndpointSchema = deleteRulesEndpoint.deleteRulesEndpointSchema;
-exports.insertRulesEndpointSchema = insertRulesEndpoint.insertRulesEndpointSchema;
-exports.createRedisAccessRulesStorage = redisRulesStorage.createRedisAccessRulesStorage;
-exports.redisAccessRulesIndex = redisRulesIndex.redisAccessRulesIndex;
-exports.AccessRulesApiClient = accessRulesApiClient.AccessRulesApiClient;
-exports.createApiRuleRoutesProvider = createApiRuleRoutesProvider;

package/dist/cjs/redis/redisRulesIndex.cjs

@@ -1,138 +0,0 @@
-"use strict";
-Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
-const search = require("@redis/search");
-const accessPolicy = require("../accessPolicy.cjs");
-const accessPolicyResolver = require("../accessPolicyResolver.cjs");
-const redisRulesIndexName = "index:user-access-rules";
-const redisRuleKeyPrefix = "uar:";
-const redisAccessRulesIndex = {
-  name: redisRulesIndexName,
-  /**
-   * Note on the field type decision
-   *
-   * TAG is designed for the exact value matching
-   * TEXT is designed for the word-based and pattern matching
-   *
-   * For our goal TAG fits perfectly and, more performant
-   */
-  schema: {
-    clientId: {
-      type: search.SCHEMA_FIELD_TYPE.TAG,
-      // necessary to make possible use of the ismissing() function on this field in the search
-      INDEXMISSING: true
-    },
-    numericIpMaskMin: { type: search.SCHEMA_FIELD_TYPE.NUMERIC, INDEXMISSING: true },
-    numericIpMaskMax: { type: search.SCHEMA_FIELD_TYPE.NUMERIC, INDEXMISSING: true },
-    userId: { type: search.SCHEMA_FIELD_TYPE.TAG, INDEXMISSING: true },
-    numericIp: { type: search.SCHEMA_FIELD_TYPE.NUMERIC, INDEXMISSING: true },
-    ja4Hash: { type: search.SCHEMA_FIELD_TYPE.TAG, INDEXMISSING: true },
-    headersHash: { type: search.SCHEMA_FIELD_TYPE.TAG, INDEXMISSING: true },
-    userAgentHash: { type: search.SCHEMA_FIELD_TYPE.TAG, INDEXMISSING: true }
-  },
-  // the satisfy statement is to guarantee that the keys are right
-  options: {
-    ON: "HASH",
-    PREFIX: [redisRuleKeyPrefix]
-  }
-};
-const numericIndexFields = [
-  "numericIp",
-  "numericIpMaskMin",
-  "numericIpMaskMax"
-];
-const greedyFieldComparisons = {
-  numericIp: (value, scope) => {
-    if (value !== void 0) {
-      return `( @numericIp:[${value}] | ( @numericIpMaskMin:[-inf ${value}] @numericIpMaskMax:[${value} +inf] ) )`;
-    }
-    if (scope.numericIpMaskMin === void 0 && scope.numericIpMaskMax === void 0) {
-      return "ismissing(@numericIp) ismissing(@numericIpMaskMin) ismissing(@numericIpMaskMax)";
-    }
-    return "";
-  },
-  numericIpMaskMin: (value, scope) => {
-    if (scope.numericIp !== void 0) {
-      return "";
-    }
-    return value !== void 0 ? `@numericIpMaskMin:[-inf ${value}]` : "ismissing(@numericIpMaskMin)";
-  },
-  numericIpMaskMax: (value, scope) => {
-    if (scope.numericIp !== void 0) {
-      return "";
-    }
-    return value !== void 0 ? `@numericIpMaskMax:[${value} +inf]` : "ismissing(@numericIpMaskMax)";
-  }
-};
-const redisRulesSearchOptions = {
-  // #2 is a required option when the 'ismissing()' function is in the query body
-  DIALECT: 2
-};
-const getRedisRulesQuery = (filter, matchingFieldsOnly) => {
-  const { policyScope, userScope } = filter;
-  const policyScopeFilter = getPolicyScopeQuery(
-    policyScope,
-    filter.policyScopeMatch
-  );
-  if (userScope && Object.keys(userScope).length > 0) {
-    const userScopeFilter = getUserScopeQuery(
-      userScope,
-      filter.userScopeMatch,
-      matchingFieldsOnly
-    );
-    return `${policyScopeFilter} ( ${userScopeFilter} )`;
-  }
-  return policyScopeFilter ? policyScopeFilter : "*";
-};
-const getPolicyScopeQuery = (policyScope, scopeMatchType) => {
-  const clientId = policyScope?.clientId;
-  if ("string" === typeof clientId) {
-    return accessPolicyResolver.ScopeMatch.Exact === scopeMatchType ? `@clientId:{${clientId}}` : `( @clientId:{${clientId}} | ismissing(@clientId) )`;
-  }
-  return accessPolicyResolver.ScopeMatch.Exact === scopeMatchType ? "ismissing(@clientId)" : "";
-};
-const getUserScopeQuery = (userScope, scopeMatchType, matchingFieldsOnly) => {
-  let scopeEntries = Object.entries(userScope);
-  let scopeJoinType = " ";
-  if (scopeMatchType === accessPolicyResolver.ScopeMatch.Greedy) {
-    scopeEntries = scopeEntries.filter(
-      ([_, value]) => value !== void 0
-    );
-    scopeJoinType = " | ";
-  }
-  if (matchingFieldsOnly) {
-    const scopeMap = new Map(scopeEntries);
-    if (scopeMap.has("numericIp") && scopeMap.get("numericIp") === void 0) {
-      scopeMap.set("numericIpMaskMin", void 0);
-      scopeMap.set("numericIpMaskMax", void 0);
-    }
-    for (const name of Object.keys(accessPolicy.userScopeSchema.shape)) {
-      if (!scopeMap.has(name)) {
-        scopeMap.set(name, void 0);
-      }
-    }
-    scopeEntries = [...scopeMap.entries()];
-  }
-  const scopeObj = Object.fromEntries(scopeEntries);
-  return scopeEntries.map(
-    ([scopeFieldName, scopeFieldValue]) => getUserScopeFieldQuery(
-      scopeFieldName,
-      scopeFieldValue,
-      scopeMatchType,
-      scopeObj
-    )
-  ).filter(Boolean).join(scopeJoinType);
-};
-const getUserScopeFieldQuery = (fieldName, fieldValue, matchType, fullScope) => {
-  if ("function" === typeof greedyFieldComparisons[fieldName]) {
-    return greedyFieldComparisons[fieldName](fieldValue, fullScope);
-  }
-  if (fieldValue === void 0) {
-    return `ismissing(@${fieldName})`;
-  }
-  return numericIndexFields.includes(fieldName) ? `@${fieldName}:[${fieldValue}]` : `@${fieldName}:{${fieldValue}}`;
-};
-exports.getRedisRulesQuery = getRedisRulesQuery;
-exports.redisAccessRulesIndex = redisAccessRulesIndex;
-exports.redisRuleKeyPrefix = redisRuleKeyPrefix;
-exports.redisRulesIndexName = redisRulesIndexName;
-exports.redisRulesSearchOptions = redisRulesSearchOptions;