@prosopo/user-access-policy 3.5.31 → 3.6.0

package/dist/api/rulesApiClient.d.ts

@@ -0,0 +1,20 @@
+import { ApiClient } from "@prosopo/api";
+import type { ApiEndpointResponse } from "@prosopo/api-route";
+import { type FetchRulesEndpointResponse, type FetchRulesOptions } from "#policy/api/read/fetchRules.js";
+import { type RuleIdsEndpointResponse } from "#policy/api/read/findRuleIds.js";
+import { type MissingIds, type MissingIdsEndpointResponse } from "#policy/api/read/getMissingIds.js";
+import type { AccessRulesFilterInput } from "#policy/ruleInput/ruleInput.js";
+import type { DeleteSiteGroups } from "./delete/deleteRuleGroups.js";
+import type { InsertRulesGroup } from "./write/insertRules.js";
+export declare class AccessRulesApiClient extends ApiClient {
+    deleteMany(filters: AccessRulesFilterInput[], timestamp: string, signature: string): Promise<ApiEndpointResponse>;
+    deleteGroups(siteGroups: DeleteSiteGroups, timestamp: string, signature: string): Promise<ApiEndpointResponse>;
+    deleteAll(timestamp: string, signature: string): Promise<ApiEndpointResponse>;
+    getMissingIds(idsToCheck: MissingIds, timestamp: string, signature: string): Promise<MissingIdsEndpointResponse>;
+    fetchMany(fetchOptions: FetchRulesOptions, timestamp: string, signature: string): Promise<FetchRulesEndpointResponse>;
+    findIds(filters: AccessRulesFilterInput[], timestamp: string, signature: string): Promise<RuleIdsEndpointResponse>;
+    rehashAll(timestamp: string, signature: string): Promise<ApiEndpointResponse>;
+    insertMany(ruleGroups: InsertRulesGroup[], timestamp: string, signature: string): Promise<ApiEndpointResponse>;
+    protected getAuthHeaders(timestamp: string, signature: string): RequestInit;
+}
+//# sourceMappingURL=rulesApiClient.d.ts.map

package/dist/api/rulesApiClient.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"rulesApiClient.d.ts","sourceRoot":"","sources":["../../src/api/rulesApiClient.ts"],"names":[],"mappings":"AAcA,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AACzC,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AAC9D,OAAO,EACN,KAAK,0BAA0B,EAC/B,KAAK,iBAAiB,EAEtB,MAAM,gCAAgC,CAAC;AACxC,OAAO,EACN,KAAK,uBAAuB,EAE5B,MAAM,iCAAiC,CAAC;AACzC,OAAO,EACN,KAAK,UAAU,EACf,KAAK,0BAA0B,EAE/B,MAAM,mCAAmC,CAAC;AAC3C,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,gCAAgC,CAAC;AAC7E,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,8BAA8B,CAAC;AAErE,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAE/D,qBAAa,oBAAqB,SAAQ,SAAS;IAG3C,UAAU,CAChB,OAAO,EAAE,sBAAsB,EAAE,EACjC,SAAS,EAAE,MAAM,EACjB,SAAS,EAAE,MAAM,GACf,OAAO,CAAC,mBAAmB,CAAC;IAQxB,YAAY,CAClB,UAAU,EAAE,gBAAgB,EAC5B,SAAS,EAAE,MAAM,EACjB,SAAS,EAAE,MAAM,GACf,OAAO,CAAC,mBAAmB,CAAC;IAQxB,SAAS,CACf,SAAS,EAAE,MAAM,EACjB,SAAS,EAAE,MAAM,GACf,OAAO,CAAC,mBAAmB,CAAC;IAUlB,aAAa,CACzB,UAAU,EAAE,UAAU,EACtB,SAAS,EAAE,MAAM,EACjB,SAAS,EAAE,MAAM,GACf,OAAO,CAAC,0BAA0B,CAAC;IAezB,SAAS,CACrB,YAAY,EAAE,iBAAiB,EAC/B,SAAS,EAAE,MAAM,EACjB,SAAS,EAAE,MAAM,GACf,OAAO,CAAC,0BAA0B,CAAC;IAezB,OAAO,CACnB,OAAO,EAAE,sBAAsB,EAAE,EACjC,SAAS,EAAE,MAAM,EACjB,SAAS,EAAE,MAAM,GACf,OAAO,CAAC,uBAAuB,CAAC;IAiBtB,SAAS,CACrB,SAAS,EAAE,MAAM,EACjB,SAAS,EAAE,MAAM,GACf,OAAO,CAAC,mBAAmB,CAAC;IAQxB,UAAU,CAChB,UAAU,EAAE,gBAAgB,EAAE,EAC9B,SAAS,EAAE,MAAM,EACjB,SAAS,EAAE,MAAM,GACf,OAAO,CAAC,mBAAmB,CAAC;IAQ/B,SAAS,CAAC,cAAc,CAAC,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,WAAW;CAS3E"}

package/dist/api/rulesApiClient.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"rulesApiClient.js","sourceRoot":"","sources":["../../src/api/rulesApiClient.ts"],"names":[],"mappings":"AAcA,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAEzC,OAAO,EAGN,kBAAkB,GAClB,MAAM,gCAAgC,CAAC;AACxC,OAAO,EAEN,eAAe,GACf,MAAM,iCAAiC,CAAC;AACzC,OAAO,EAGN,kBAAkB,GAClB,MAAM,mCAAmC,CAAC;AAG3C,OAAO,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAGxD,MAAM,OAAO,oBAAqB,SAAQ,SAAS;IAG3C,UAAU,CAChB,OAAiC,EACjC,SAAiB,EACjB,SAAiB;QAEjB,OAAO,IAAI,CAAC,IAAI,CACf,kBAAkB,CAAC,WAAW,EAC9B,OAAO,EACP,IAAI,CAAC,cAAc,CAAC,SAAS,EAAE,SAAS,CAAC,CACzC,CAAC;IACH,CAAC;IAEM,YAAY,CAClB,UAA4B,EAC5B,SAAiB,EACjB,SAAiB;QAEjB,OAAO,IAAI,CAAC,IAAI,CACf,kBAAkB,CAAC,aAAa,EAChC,UAAU,EACV,IAAI,CAAC,cAAc,CAAC,SAAS,EAAE,SAAS,CAAC,CACzC,CAAC;IACH,CAAC;IAEM,SAAS,CACf,SAAiB,EACjB,SAAiB;QAEjB,OAAO,IAAI,CAAC,IAAI,CACf,kBAAkB,CAAC,UAAU,EAC7B,EAAE,EACF,IAAI,CAAC,cAAc,CAAC,SAAS,EAAE,SAAS,CAAC,CACzC,CAAC;IACH,CAAC;IAIM,KAAK,CAAC,aAAa,CACzB,UAAsB,EACtB,SAAiB,EACjB,SAAiB;QAEjB,MAAM,gBAAgB,GAAwB,MAAM,IAAI,CAAC,IAAI,CAC5D,kBAAkB,CAAC,eAAe,EAClC,UAAU,EACV,IAAI,CAAC,cAAc,CAAC,SAAS,EAAE,SAAS,CAAC,CACzC,CAAC;QAEF,MAAM,UAAU,GAAG,kBAAkB,CAAC,SAAS,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC;QAEvE,OAAO;YACN,GAAG,gBAAgB;YACnB,IAAI,EAAE,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS;SACtD,CAAC;IACH,CAAC;IAEM,KAAK,CAAC,SAAS,CACrB,YAA+B,EAC/B,SAAiB,EACjB,SAAiB;QAEjB,MAAM,gBAAgB,GAAwB,MAAM,IAAI,CAAC,IAAI,CAC5D,kBAAkB,CAAC,UAAU,EAC7B,YAAY,EACZ,IAAI,CAAC,cAAc,CAAC,SAAS,EAAE,SAAS,CAAC,CACzC,CAAC;QAEF,MAAM,UAAU,GAAG,kBAAkB,CAAC,SAAS,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC;QAEvE,OAAO;YACN,GAAG,gBAAgB;YACnB,IAAI,EAAE,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS;SACtD,CAAC;IACH,CAAC;IAEM,KAAK,CAAC,OAAO,CACnB,OAAiC,EACjC,SAAiB,EACjB,SAAiB;QAEjB,MAAM,gBAAgB,GAAwB,MAAM,IAAI,CAAC,IAAI,CAC5D,kBAAkB,CAAC,QAAQ,EAC3B,OAAO,EACP,IAAI,CAAC,cAAc,CAAC,SAAS,EAAE,SAAS,CAAC,CACzC,CAAC;QAEF,MAAM,UAAU,GAAG,eAAe,CAAC,SAAS,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC;QAEpE,OAAO;YACN,GAAG,gBAAgB;YACnB,IAAI,EAAE,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS;SACtD,CAAC;IACH,CAAC;IAIM,KAAK,CAAC,SAAS,CACrB,SAAiB,EACjB,SAAiB;QAEjB,OAAO,IAAI,CAAC,IAAI,CACf,kBAAkB,CAAC,UAAU,EAC7B,EAAE,EACF,IAAI,CAAC,cAAc,CAAC,SAAS,EAAE,SAAS,CAAC,CACzC,CAAC;IACH,CAAC;IAEM,UAAU,CAChB,UAA8B,EAC9B,SAAiB,EACjB,SAAiB;QAEjB,OAAO,IAAI,CAAC,IAAI,CACf,kBAAkB,CAAC,WAAW,EAC9B,UAAU,EACV,IAAI,CAAC,cAAc,CAAC,SAAS,EAAE,SAAS,CAAC,CACzC,CAAC;IACH,CAAC;IAES,cAAc,CAAC,SAAiB,EAAE,SAAiB;QAC5D,OAAO;YACN,OAAO,EAAE;gBACR,kBAAkB,EAAE,IAAI,CAAC,OAAO;gBAChC,SAAS;gBACT,SAAS;aACT;SACD,CAAC;IACH,CAAC;CACD"}

package/dist/api/write/.export.d.ts

@@ -0,0 +1,2 @@
+export type { InsertRulesGroup } from "./insertRules.js";
+//# sourceMappingURL=.export.d.ts.map

package/dist/api/write/.export.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":".export.d.ts","sourceRoot":"","sources":["../../../src/api/write/.export.ts"],"names":[],"mappings":"AAcA,YAAY,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC"}

package/dist/api/write/.export.js.map

@@ -0,0 +1 @@
+{"version":3,"file":".export.js","sourceRoot":"","sources":["../../../src/api/write/.export.ts"],"names":[],"mappings":""}

package/dist/api/write/insertRules.d.ts

@@ -0,0 +1,29 @@
+import { type ApiEndpoint, type ApiEndpointResponse } from "@prosopo/api-route";
+import { type Logger } from "@prosopo/common";
+import { type ZodType } from "zod";
+import type { AccessPolicy, PolicyScope, UserScope } from "#policy/rule.js";
+import { type UserScopeInput } from "#policy/ruleInput/userScopeInput.js";
+import type { AccessRulesWriter } from "#policy/rulesStorage.js";
+export type InsertRulesGroup = {
+    accessPolicy: AccessPolicy;
+    userScopes: UserScopeInput[];
+    policyScopes?: PolicyScope[];
+    groupId?: string;
+    expiresUnixTimestamp?: number;
+};
+type ParsedInsertRulesGroup = InsertRulesGroup & {
+    userScopes: UserScope[];
+};
+type ParsedInsertRuleGroups = ParsedInsertRulesGroup[];
+type InsertRulesSchema = ZodType<InsertRulesGroup[]>;
+export declare class InsertRulesEndpoint implements ApiEndpoint<InsertRulesSchema> {
+    private readonly accessRulesWriter;
+    private readonly logger;
+    constructor(accessRulesWriter: AccessRulesWriter, logger: Logger);
+    getRequestArgsSchema(): InsertRulesSchema;
+    processRequest(args: ParsedInsertRuleGroups): Promise<ApiEndpointResponse>;
+    protected createRuleGroups(groups: ParsedInsertRuleGroups): Promise<string[]>;
+    protected createRulesGroup(group: ParsedInsertRulesGroup): Promise<string[]>;
+}
+export {};
+//# sourceMappingURL=insertRules.d.ts.map

package/dist/api/write/insertRules.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"insertRules.d.ts","sourceRoot":"","sources":["../../../src/api/write/insertRules.ts"],"names":[],"mappings":"AAcA,OAAO,EACN,KAAK,WAAW,EAChB,KAAK,mBAAmB,EAExB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAA0B,KAAK,MAAM,EAAE,MAAM,iBAAiB,CAAC;AACtE,OAAO,EAAE,KAAK,OAAO,EAAK,MAAM,KAAK,CAAC;AACtC,OAAO,KAAK,EACX,YAAY,EAEZ,WAAW,EACX,SAAS,EACT,MAAM,iBAAiB,CAAC;AAMzB,OAAO,EACN,KAAK,cAAc,EAEnB,MAAM,qCAAqC,CAAC;AAC7C,OAAO,KAAK,EAEX,iBAAiB,EACjB,MAAM,yBAAyB,CAAC;AAEjC,MAAM,MAAM,gBAAgB,GAAG;IAC9B,YAAY,EAAE,YAAY,CAAC;IAC3B,UAAU,EAAE,cAAc,EAAE,CAAC;IAG7B,YAAY,CAAC,EAAE,WAAW,EAAE,CAAC;IAC7B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,oBAAoB,CAAC,EAAE,MAAM,CAAC;CAC9B,CAAC;AAEF,KAAK,sBAAsB,GAAG,gBAAgB,GAAG;IAChD,UAAU,EAAE,SAAS,EAAE,CAAC;CACxB,CAAC;AAEF,KAAK,sBAAsB,GAAG,sBAAsB,EAAE,CAAC;AAEvD,KAAK,iBAAiB,GAAG,OAAO,CAAC,gBAAgB,EAAE,CAAC,CAAC;AAErD,qBAAa,mBAAoB,YAAW,WAAW,CAAC,iBAAiB,CAAC;IAExE,OAAO,CAAC,QAAQ,CAAC,iBAAiB;IAClC,OAAO,CAAC,QAAQ,CAAC,MAAM;gBADN,iBAAiB,EAAE,iBAAiB,EACpC,MAAM,EAAE,MAAM;IAGzB,oBAAoB,IAAI,iBAAiB;IAY1C,cAAc,CACnB,IAAI,EAAE,sBAAsB,GAC1B,OAAO,CAAC,mBAAmB,CAAC;cAsDf,gBAAgB,CAC/B,MAAM,EAAE,sBAAsB,GAC5B,OAAO,CAAC,MAAM,EAAE,CAAC;cAQJ,gBAAgB,CAC/B,KAAK,EAAE,sBAAsB,GAC3B,OAAO,CAAC,MAAM,EAAE,CAAC;CAiCpB"}

package/dist/api/write/insertRules.js

@@ -1,7 +1,7 @@
 import { ApiEndpointResponseStatus } from "@prosopo/api-route";
 import { LogLevel } from "@prosopo/common";
 import { z } from "zod";
-import { policyScopeInput, accessPolicyInput } from "../../ruleInput/policyInput.js";
+import { policyScopeInput, accessPolicyInput, sanitizeAccessPolicy } from "../../ruleInput/policyInput.js";
 import { userScopeInput } from "../../ruleInput/userScopeInput.js";
 class InsertRulesEndpoint {
   constructor(accessRulesWriter, logger) {
@@ -72,9 +72,10 @@ class InsertRulesEndpoint {
   async createRulesGroup(group) {
     const ruleEntries = [];
     const policyScopes = group.policyScopes || [];
+    const sanitizedPolicy = sanitizeAccessPolicy(group.accessPolicy);
     for (const userScope of group.userScopes) {
       const ruleBase = {
-        ...group.accessPolicy,
+        ...sanitizedPolicy,
         ...userScope,
         ...group.groupId ? { groupId: group.groupId } : {}
       };
@@ -84,7 +85,8 @@ class InsertRulesEndpoint {
             rule: {
               ...ruleBase,
               ...policyScope
-            }
+            },
+            expiresUnixTimestamp: group.expiresUnixTimestamp
           });
         }
       } else {

package/dist/api/write/insertRules.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"insertRules.js","sourceRoot":"","sources":["../../../src/api/write/insertRules.ts"],"names":[],"mappings":"AAcA,OAAO,EAGN,yBAAyB,GACzB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAgB,QAAQ,EAAe,MAAM,iBAAiB,CAAC;AACtE,OAAO,EAAgB,CAAC,EAAE,MAAM,KAAK,CAAC;AAOtC,OAAO,EACN,iBAAiB,EACjB,gBAAgB,EAChB,oBAAoB,GACpB,MAAM,kCAAkC,CAAC;AAC1C,OAAO,EAEN,cAAc,GACd,MAAM,qCAAqC,CAAC;AAwB7C,MAAM,OAAO,mBAAmB;IAC/B,YACkB,iBAAoC,EACpC,MAAc;QADd,sBAAiB,GAAjB,iBAAiB,CAAmB;QACpC,WAAM,GAAN,MAAM,CAAQ;IAC7B,CAAC;IAEG,oBAAoB;QAC1B,OAAO,CAAC,CAAC,KAAK,CACb,CAAC,CAAC,MAAM,CAAC;YACR,YAAY,EAAE,iBAAiB;YAC/B,YAAY,EAAE,CAAC,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC,QAAQ,EAAE;YAClD,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;YAC9B,UAAU,EAAE,CAAC,CAAC,KAAK,CAAC,cAAc,CAAC;YACnC,oBAAoB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;SACP,CAAC,CACtC,CAAC;IACH,CAAC;IAED,KAAK,CAAC,cAAc,CACnB,IAA4B;QAE5B,MAAM,cAAc,GAAG,IAAI,OAAO,CAAsB,CAAC,OAAO,EAAE,EAAE;YACnE,UAAU,CAAC,GAAG,EAAE;gBACf,OAAO,CAAC;oBACP,MAAM,EAAE,yBAAyB,CAAC,UAAU;iBAC5C,CAAC,CAAC;YACJ,CAAC,EAAE,IAAI,CAAC,CAAC;QACV,CAAC,CAAC,CAAC;QAEH,MAAM,eAAe,GAAG,IAAI,CAAC,MAAM,CAClC,CAAC,eAAe,EAAE,KAAK,EAAE,EAAE,CAAC,eAAe,GAAG,KAAK,CAAC,UAAU,CAAC,MAAM,EACrE,CAAC,CACD,CAAC;QAEF,MAAM,kBAAkB,GAAG,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC;aACpD,IAAI,CAAC,CAAC,WAAW,EAAE,EAAE;YACrB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;gBACvB,GAAG,EAAE,gCAAgC;gBACrC,IAAI,EAAE;oBACL,eAAe,EAAE,eAAe;oBAChC,aAAa,EAAE,WAAW,CAAC,MAAM;oBACjC,cAAc,EAAE,IAAI,GAAG,CAAC,WAAW,CAAC,CAAC,IAAI;iBACzC;aACD,CAAC,CAAC,CAAC;YAEJ,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC;gBACxB,GAAG,EAAE,+BAA+B;gBACpC,IAAI,EAAE;oBACL,WAAW;oBACX,KAAK,EAAE,IAAI;iBACX;aACD,CAAC,CAAC,CAAC;YAEJ,OAAO;gBACN,MAAM,EAAE,yBAAyB,CAAC,OAAO;aACzC,CAAC;QACH,CAAC,CAAC;aACD,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;YAChB,IAAI,QAAQ,CAAC,IAAI,CAAC,KAAK,KAAK,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,EAAE,CAAC;gBACvD,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC;oBACxB,GAAG,EAAE,KAAK;oBACV,IAAI,EAAE,EAAE,IAAI,EAAE;oBACd,GAAG,EAAE,+BAA+B;iBACpC,CAAC,CAAC,CAAC;YACL,CAAC;YACD,OAAO;gBACN,MAAM,EAAE,yBAAyB,CAAC,IAAI;aACtC,CAAC;QACH,CAAC,CAAC,CAAC;QAGJ,OAAO,OAAO,CAAC,IAAI,CAAC,CAAC,cAAc,EAAE,kBAAkB,CAAC,CAAC,CAAC;IAC3D,CAAC;IAES,KAAK,CAAC,gBAAgB,CAC/B,MAA8B;QAE9B,MAAM,cAAc,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,IAAI,CAAC,gBAAgB,CAAC,KAAK,CAAC,CAAC,CAAC;QAE3E,MAAM,UAAU,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;QAErD,OAAO,UAAU,CAAC,IAAI,EAAE,CAAC;IAC1B,CAAC;IAES,KAAK,CAAC,gBAAgB,CAC/B,KAA6B;QAE7B,MAAM,WAAW,GAAsB,EAAE,CAAC;QAC1C,MAAM,YAAY,GAAG,KAAK,CAAC,YAAY,IAAI,EAAE,CAAC;QAE9C,MAAM,eAAe,GAAG,oBAAoB,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;QAEjE,KAAK,MAAM,SAAS,IAAI,KAAK,CAAC,UAAU,EAAE,CAAC;YAC1C,MAAM,QAAQ,GAAe;gBAC5B,GAAG,eAAe;gBAClB,GAAG,SAAS;gBACZ,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aACpD,CAAC;YAEF,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC7B,KAAK,MAAM,WAAW,IAAI,YAAY,EAAE,CAAC;oBACxC,WAAW,CAAC,IAAI,CAAC;wBAChB,IAAI,EAAE;4BACL,GAAG,QAAQ;4BACX,GAAG,WAAW;yBACd;wBACD,oBAAoB,EAAE,KAAK,CAAC,oBAAoB;qBAChD,CAAC,CAAC;gBACJ,CAAC;YACF,CAAC;iBAAM,CAAC;gBACP,WAAW,CAAC,IAAI,CAAC;oBAChB,IAAI,EAAE,QAAQ;oBACd,oBAAoB,EAAE,KAAK,CAAC,oBAAoB;iBAChD,CAAC,CAAC;YACJ,CAAC;QACF,CAAC;QAED,OAAO,IAAI,CAAC,iBAAiB,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC;IACxD,CAAC;CACD"}

package/dist/api/write/rehashRules.d.ts

@@ -0,0 +1,11 @@
+import { type ApiEndpoint, type ApiEndpointResponse } from "@prosopo/api-route";
+import type { Logger } from "@prosopo/common";
+import type { AccessRulesStorage } from "#policy/rulesStorage.js";
+export declare class RehashRulesEndpoint implements ApiEndpoint<undefined> {
+    private readonly accessRulesStorage;
+    private readonly logger;
+    constructor(accessRulesStorage: AccessRulesStorage, logger: Logger);
+    getRequestArgsSchema(): undefined;
+    processRequest(): Promise<ApiEndpointResponse>;
+}
+//# sourceMappingURL=rehashRules.d.ts.map

package/dist/api/write/rehashRules.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"rehashRules.d.ts","sourceRoot":"","sources":["../../../src/api/write/rehashRules.ts"],"names":[],"mappings":"AAcA,OAAO,EACN,KAAK,WAAW,EAChB,KAAK,mBAAmB,EAExB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAC;AAC9C,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAElE,qBAAa,mBAAoB,YAAW,WAAW,CAAC,SAAS,CAAC;IAEhE,OAAO,CAAC,QAAQ,CAAC,kBAAkB;IACnC,OAAO,CAAC,QAAQ,CAAC,MAAM;gBADN,kBAAkB,EAAE,kBAAkB,EACtC,MAAM,EAAE,MAAM;IAGzB,oBAAoB,IAAI,SAAS;IAElC,cAAc,IAAI,OAAO,CAAC,mBAAmB,CAAC;CAqDpD"}

package/dist/api/write/rehashRules.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"rehashRules.js","sourceRoot":"","sources":["../../../src/api/write/rehashRules.ts"],"names":[],"mappings":"AAcA,OAAO,EAGN,yBAAyB,GACzB,MAAM,oBAAoB,CAAC;AAI5B,MAAM,OAAO,mBAAmB;IAC/B,YACkB,kBAAsC,EACtC,MAAc;QADd,uBAAkB,GAAlB,kBAAkB,CAAoB;QACtC,WAAM,GAAN,MAAM,CAAQ;IAC7B,CAAC;IAEG,oBAAoB,KAAe,CAAC;IAE3C,KAAK,CAAC,cAAc;QACnB,MAAM,IAAI,CAAC,kBAAkB,CAAC,eAAe,CAAC,KAAK,EAAE,OAAiB,EAAE,EAAE;YACzE,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;gBACvB,GAAG,EAAE,wBAAwB;gBAC7B,IAAI,EAAE;oBACL,KAAK,EAAE,OAAO,CAAC,MAAM;oBACrB,OAAO;iBACP;aACD,CAAC,CAAC,CAAC;YAEJ,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;YAEtE,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;gBACvB,GAAG,EAAE,eAAe;gBACpB,IAAI,EAAE;oBACL,KAAK,EAAE,WAAW,CAAC,MAAM;iBACzB;aACD,CAAC,CAAC,CAAC;YAEJ,IAAI,WAAW,CAAC,MAAM,KAAK,OAAO,CAAC,MAAM,EAAE,CAAC;gBAC3C,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;oBACvB,GAAG,EAAE,yDAAyD;oBAC9D,IAAI,EAAE;wBACL,YAAY,EAAE,WAAW,CAAC,MAAM;wBAChC,cAAc,EAAE,OAAO,CAAC,MAAM;qBAC9B;iBACD,CAAC,CAAC,CAAC;YACL,CAAC;YAED,MAAM,IAAI,CAAC,kBAAkB,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;YAEnD,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;gBACvB,GAAG,EAAE,eAAe;gBACpB,IAAI,EAAE;oBACL,KAAK,EAAE,OAAO,CAAC,MAAM;iBACrB;aACD,CAAC,CAAC,CAAC;YAEJ,MAAM,IAAI,CAAC,kBAAkB,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC;YAEvD,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;gBACvB,GAAG,EAAE,gBAAgB;gBACrB,IAAI,EAAE;oBACL,KAAK,EAAE,WAAW,CAAC,MAAM;iBACzB;aACD,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,OAAO;YACN,MAAM,EAAE,yBAAyB,CAAC,OAAO;YACzC,IAAI,EAAE,EAAE;SACR,CAAC;IACH,CAAC;CACD"}

package/dist/cjs/api/write/insertRules.cjs

@@ -74,9 +74,10 @@ class InsertRulesEndpoint {
   async createRulesGroup(group) {
     const ruleEntries = [];
     const policyScopes = group.policyScopes || [];
+    const sanitizedPolicy = policyInput.sanitizeAccessPolicy(group.accessPolicy);
     for (const userScope of group.userScopes) {
       const ruleBase = {
-        ...group.accessPolicy,
+        ...sanitizedPolicy,
         ...userScope,
         ...group.groupId ? { groupId: group.groupId } : {}
       };
@@ -86,7 +87,8 @@ class InsertRulesEndpoint {
             rule: {
               ...ruleBase,
               ...policyScope
-            }
+            },
+            expiresUnixTimestamp: group.expiresUnixTimestamp
           });
         }
       } else {

package/dist/cjs/mongoose/mongooseRuleSchema.cjs

@@ -4,7 +4,9 @@ const userAttributesSchema = {
   userId: { type: String, required: false },
   ja4Hash: { type: String, required: false },
   userAgent: { type: String, required: false },
-  headersHash: { type: String, required: false }
+  headersHash: { type: String, required: false },
+  headHash: { type: String, required: false },
+  coords: { type: String, required: false }
 };
 const userIpSchema = {
   ip: { type: String, required: false },

package/dist/cjs/redis/reader/redisRulesQuery.cjs

@@ -2,6 +2,9 @@
 Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
 const userScopeInput = require("../../ruleInput/userScopeInput.cjs");
 const rulesStorage = require("../../rulesStorage.cjs");
+const escapeTagValue = (value) => {
+  return value.replace(/([,.<>{}\[\]"':;!@#$%^&*()\-+=~|/\\])/g, "\\$1");
+};
 const REDIS_QUERY_DIALECT = 2;
 const userIpQueries = {
   numericIp: (value, scope) => {
@@ -58,12 +61,20 @@ const getUserScopeQuery = (userScope, FilterScopeMatchType, matchingFieldsOnly)
     )
   ).filter(Boolean).join(scopeJoinType);
 };
+const FIELDS_REQUIRING_ESCAPE = /* @__PURE__ */ new Set([
+  "coords"
+]);
 const getUserScopeFieldQuery = (fieldName, fieldValue, scopeMatch, fullScope) => {
   if (fieldName in userIpQueries) {
     const queryBuilder = userIpQueries[fieldName];
     return queryBuilder(fieldValue, fullScope);
   }
-  return void 0 === fieldValue ? `ismissing(@${fieldName})` : `@${fieldName}:{${fieldValue}}`;
+  if (void 0 === fieldValue) {
+    return `ismissing(@${fieldName})`;
+  }
+  const stringValue = String(fieldValue);
+  const queryValue = FIELDS_REQUIRING_ESCAPE.has(fieldName) ? escapeTagValue(stringValue) : stringValue;
+  return `@${fieldName}:{${queryValue}}`;
 };
 const getPolicyScopeQuery = (policyScope, scopeMatch) => {
   const clientId = policyScope?.clientId;

package/dist/cjs/redis/redisRuleIndex.cjs

@@ -11,7 +11,10 @@ const userAttributesRedisSchema = {
   userId: { type: search.SCHEMA_FIELD_TYPE.TAG, INDEXMISSING: true },
   ja4Hash: { type: search.SCHEMA_FIELD_TYPE.TAG, INDEXMISSING: true },
   headersHash: { type: search.SCHEMA_FIELD_TYPE.TAG, INDEXMISSING: true },
-  userAgentHash: { type: search.SCHEMA_FIELD_TYPE.TAG, INDEXMISSING: true }
+  userAgentHash: { type: search.SCHEMA_FIELD_TYPE.TAG, INDEXMISSING: true },
+  headHash: { type: search.SCHEMA_FIELD_TYPE.TAG, INDEXMISSING: true },
+  // Use pipe separator for coords since JSON strings contain commas
+  coords: { type: search.SCHEMA_FIELD_TYPE.TAG, INDEXMISSING: true, SEPARATOR: "|" }
 };
 const userScopeRedisSchema = {
   ...userAttributesRedisSchema,

package/dist/cjs/redis/redisRulesWriter.cjs

@@ -56,6 +56,12 @@ class RedisRulesWriter {
       const ruleValue = getRedisRuleValue(rule);
       queries.hSet(ruleKey, ruleValue);
       if (expiresUnixTimestamp) {
+        const MILLISECOND_THRESHOLD = 1e10;
+        if (expiresUnixTimestamp > MILLISECOND_THRESHOLD) {
+          throw new Error(
+            `Invalid expiry timestamp: ${expiresUnixTimestamp}. Timestamp must be in seconds, not milliseconds.`
+          );
+        }
         queries.expireAt(ruleKey, expiresUnixTimestamp);
       }
       return ruleKey;

package/dist/cjs/ruleInput/policyInput.cjs

@@ -18,8 +18,16 @@ const accessPolicyInput = zod.z.object({
   // used to increase the user's score
   frictionlessScore: zod.z.coerce.number().optional()
 });
+const sanitizeAccessPolicy = (policy) => {
+  if (policy.type === rule.AccessPolicyType.Block) {
+    const { captchaType, solvedImagesCount, ...blockPolicy } = policy;
+    return blockPolicy;
+  }
+  return policy;
+};
 const policyScopeInput = zod.z.object({
   clientId: zod.z.coerce.string().optional()
 });
 exports.accessPolicyInput = accessPolicyInput;
 exports.policyScopeInput = policyScopeInput;
+exports.sanitizeAccessPolicy = sanitizeAccessPolicy;

package/dist/cjs/ruleInput/userScopeInput.cjs

@@ -9,7 +9,9 @@ const userAttributesSchema = zod.z.object({
   userId: zod.z.coerce.string().optional(),
   ja4Hash: zod.z.coerce.string().optional(),
   headersHash: zod.z.coerce.string().optional(),
-  userAgentHash: zod.z.coerce.string().optional()
+  userAgentHash: zod.z.coerce.string().optional(),
+  headHash: zod.z.coerce.string().optional(),
+  coords: zod.z.coerce.string().optional()
 });
 const userAttributesInput = zod.z.object({
   ...userAttributesSchema.shape,

package/dist/cjs/ruleRecord.cjs

@@ -4,7 +4,9 @@ const userAttributesRecordFields = [
   "userId",
   "ja4Hash",
   "headersHash",
-  "userAgent"
+  "userAgent",
+  "headHash",
+  "coords"
 ];
 const userIpRecordFields = [
   "ip",

package/dist/mongoose/.export.d.ts

@@ -0,0 +1,2 @@
+export { accessRuleMongooseSchema } from "./mongooseRuleSchema.js";
+//# sourceMappingURL=.export.d.ts.map

package/dist/mongoose/.export.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":".export.d.ts","sourceRoot":"","sources":["../../src/mongoose/.export.ts"],"names":[],"mappings":"AAcA,OAAO,EAAE,wBAAwB,EAAE,MAAM,yBAAyB,CAAC"}

package/dist/mongoose/.export.js.map

@@ -0,0 +1 @@
+{"version":3,"file":".export.js","sourceRoot":"","sources":["../../src/mongoose/.export.ts"],"names":[],"mappings":"AAcA,OAAO,EAAE,wBAAwB,EAAE,MAAM,yBAAyB,CAAC"}

package/dist/mongoose/mongooseRuleSchema.d.ts

@@ -0,0 +1,4 @@
+import type { SchemaDefinition } from "mongoose";
+import type { AccessRuleRecord } from "#policy/ruleRecord.js";
+export declare const accessRuleMongooseSchema: SchemaDefinition<AccessRuleRecord>;
+//# sourceMappingURL=mongooseRuleSchema.d.ts.map

package/dist/mongoose/mongooseRuleSchema.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"mongooseRuleSchema.d.ts","sourceRoot":"","sources":["../../src/mongoose/mongooseRuleSchema.ts"],"names":[],"mappings":"AAeA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,UAAU,CAAC;AAEjD,OAAO,KAAK,EACX,gBAAgB,EAIhB,MAAM,uBAAuB,CAAC;AAoC/B,eAAO,MAAM,wBAAwB,EAAE,gBAAgB,CAAC,gBAAgB,CAKtC,CAAC"}

package/dist/mongoose/mongooseRuleSchema.js

@@ -2,7 +2,9 @@ const userAttributesSchema = {
   userId: { type: String, required: false },
   ja4Hash: { type: String, required: false },
   userAgent: { type: String, required: false },
-  headersHash: { type: String, required: false }
+  headersHash: { type: String, required: false },
+  headHash: { type: String, required: false },
+  coords: { type: String, required: false }
 };
 const userIpSchema = {
   ip: { type: String, required: false },

package/dist/mongoose/mongooseRuleSchema.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"mongooseRuleSchema.js","sourceRoot":"","sources":["../../src/mongoose/mongooseRuleSchema.ts"],"names":[],"mappings":"AAwBA,MAAM,oBAAoB,GAA2C;IACpE,MAAM,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE;IACzC,OAAO,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE;IAC1C,SAAS,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE;IAC5C,WAAW,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE;IAC9C,QAAQ,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE;IAC3C,MAAM,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE;CACD,CAAC;AAE1C,MAAM,YAAY,GAAmC;IACpD,EAAE,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE;IACrC,MAAM,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE;CACT,CAAC;AAElC,MAAM,eAAe,GAAsC;IAC1D,GAAG,oBAAoB;IACvB,GAAG,YAAY;CACiB,CAAC;AAElC,MAAM,iBAAiB,GAAkC;IACxD,QAAQ,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE;CACZ,CAAC;AAEjC,MAAM,kBAAkB,GAAmC;IAC1D,IAAI,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE;IACtC,WAAW,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE;IAC9C,WAAW,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE;IAC9C,iBAAiB,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE;IACpD,cAAc,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE;IACjD,aAAa,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE;IAChD,mBAAmB,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE;IACtD,iBAAiB,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE;CACpB,CAAC;AAElC,MAAM,CAAC,MAAM,wBAAwB,GAAuC;IAC3E,GAAG,kBAAkB;IACrB,GAAG,iBAAiB;IACpB,GAAG,eAAe;IAClB,WAAW,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE;CACb,CAAC"}

package/dist/redis/.export.d.ts

@@ -0,0 +1,3 @@
+export { createRedisAccessRulesStorage } from "./redisRulesStorage.js";
+export { accessRulesRedisIndex } from "./redisRuleIndex.js";
+//# sourceMappingURL=.export.d.ts.map

package/dist/redis/.export.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":".export.d.ts","sourceRoot":"","sources":["../../src/redis/.export.ts"],"names":[],"mappings":"AAcA,OAAO,EAAE,6BAA6B,EAAE,MAAM,wBAAwB,CAAC;AAEvE,OAAO,EAAE,qBAAqB,EAAE,MAAM,qBAAqB,CAAC"}

package/dist/redis/.export.js.map

@@ -0,0 +1 @@
+{"version":3,"file":".export.js","sourceRoot":"","sources":["../../src/redis/.export.ts"],"names":[],"mappings":"AAcA,OAAO,EAAE,6BAA6B,EAAE,MAAM,wBAAwB,CAAC;AAEvE,OAAO,EAAE,qBAAqB,EAAE,MAAM,qBAAqB,CAAC"}

package/dist/redis/reader/redisAggregate.d.ts

@@ -0,0 +1,4 @@
+import type { Logger } from "@prosopo/common";
+import type { RedisClientType } from "redis";
+export declare const aggregateRedisKeys: (client: RedisClientType, query: string, logger: Logger, batchHandler?: (keys: string[]) => Promise<void>) => Promise<string[]>;
+//# sourceMappingURL=redisAggregate.d.ts.map

package/dist/redis/reader/redisAggregate.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"redisAggregate.d.ts","sourceRoot":"","sources":["../../../src/redis/reader/redisAggregate.ts"],"names":[],"mappings":"AAcA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAC;AAE9C,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,OAAO,CAAC;AAU7C,eAAO,MAAM,kBAAkB,WACtB,eAAe,SAChB,MAAM,UACL,MAAM,iBACC,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,OAAO,CAAC,IAAI,CAAC,KAC9C,OAAO,CAAC,MAAM,EAAE,CA0ClB,CAAC"}

package/dist/redis/reader/redisAggregate.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"redisAggregate.js","sourceRoot":"","sources":["../../../src/redis/reader/redisAggregate.ts"],"names":[],"mappings":"AAiBA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,mBAAmB,EAAE,MAAM,yCAAyC,CAAC;AAC9E,OAAO,EACN,gBAAgB,EAChB,iBAAiB,GACjB,MAAM,8BAA8B,CAAC;AACtC,OAAO,EAAE,6BAA6B,EAAE,MAAM,iCAAiC,CAAC;AAGhF,MAAM,CAAC,MAAM,kBAAkB,GAAG,KAAK,EACtC,MAAuB,EACvB,KAAa,EACb,MAAc,EACd,YAAgD,EAC5B,EAAE;IACtB,MAAM,QAAQ,GAAG,OAAO,CAAC;IAEzB,MAAM,YAAY,GAAG,CAAC,CAAC,MAAM,CAAC;QAE7B,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,MAAM,EAAE;KACtB,CAAC,CAAC;IAEH,MAAM,SAAS,GAAa,EAAE,CAAC;IAE/B,MAAM,aAAa,GAAG,KAAK,EAAE,OAAiB,EAAE,EAAE;QACjD,MAAM,aAAa,GAAG,iBAAiB,CAAC,OAAO,EAAE,YAAY,EAAE,MAAM,CAAC,CAAC;QAEvE,MAAM,UAAU,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;QAEnE,IAAI,YAAY,EAAE,CAAC;YAClB,MAAM,YAAY,CAAC,UAAU,CAAC,CAAC;QAChC,CAAC;aAAM,CAAC;YACP,SAAS,CAAC,IAAI,CAAC,GAAG,UAAU,CAAC,CAAC;YAE9B,MAAM,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC;gBACnB,GAAG,EAAE,6BAA6B;gBAClC,IAAI,EAAE;oBACL,IAAI,EAAE,UAAU,CAAC,MAAM;iBACvB;aACD,CAAC,CAAC,CAAC;QACL,CAAC;IACF,CAAC,CAAC;IAEF,MAAM,kBAAkB,CACvB,MAAM,EACN,KAAK,EACL;QAEC,OAAO,EAAE,mBAAmB;QAC5B,KAAK,EAAE,gBAAgB;QACvB,IAAI,EAAE,IAAI,QAAQ,EAAE;KACpB,EACD,aAAa,CACb,CAAC;IAEF,OAAO,SAAS,CAAC;AAClB,CAAC,CAAC;AAEF,MAAM,kBAAkB,GAAG,KAAK,EAC/B,MAAuB,EACvB,KAAa,EACb,gBAA8C,EAC9C,WAAiD,EACjC,EAAE;IAClB,MAAM,YAAY,GAAG,MAAM,MAAM,CAAC,EAAE,CAAC,mBAAmB,CACvD,6BAA6B,EAC7B,KAAK,EACL,gBAAgB,CAChB,CAAC;IAEF,MAAM,WAAW,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC;IAExC,IAAI,MAAM,GAAG,YAAY,CAAC,MAAM,CAAC;IAEjC,OAAO,CAAC,KAAK,MAAM,EAAE,CAAC;QACrB,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,EAAE,CAAC,UAAU,CAC5C,6BAA6B,EAC7B,MAAM,EACN,EAAE,KAAK,EAAE,gBAAgB,CAAC,KAAK,EAAE,CACjC,CAAC;QAEF,MAAM,WAAW,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;QAEtC,MAAM,GAAG,UAAU,CAAC,MAAM,CAAC;IAC5B,CAAC;AACF,CAAC,CAAC"}

package/dist/redis/reader/redisRulesQuery.d.ts

@@ -0,0 +1,4 @@
+import { type AccessRulesFilter } from "#policy/rulesStorage.js";
+export declare const REDIS_QUERY_DIALECT = 2;
+export declare const getRulesRedisQuery: (filter: AccessRulesFilter, matchingFieldsOnly: boolean) => string;
+//# sourceMappingURL=redisRulesQuery.d.ts.map

package/dist/redis/reader/redisRulesQuery.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"redisRulesQuery.d.ts","sourceRoot":"","sources":["../../../src/redis/reader/redisRulesQuery.ts"],"names":[],"mappings":"AAgBA,OAAO,EACN,KAAK,iBAAiB,EAEtB,MAAM,yBAAyB,CAAC;AAcjC,eAAO,MAAM,mBAAmB,IAAI,CAAC;AAgJrC,eAAO,MAAM,kBAAkB,WACtB,iBAAiB,sBACL,OAAO,KACzB,MA4BF,CAAC"}

package/dist/redis/reader/redisRulesQuery.js

@@ -1,5 +1,8 @@
 import { userScopeSchema } from "../../ruleInput/userScopeInput.js";
 import { FilterScopeMatch } from "../../rulesStorage.js";
+const escapeTagValue = (value) => {
+  return value.replace(/([,.<>{}\[\]"':;!@#$%^&*()\-+=~|/\\])/g, "\\$1");
+};
 const REDIS_QUERY_DIALECT = 2;
 const userIpQueries = {
   numericIp: (value, scope) => {
@@ -56,12 +59,20 @@ const getUserScopeQuery = (userScope, FilterScopeMatchType, matchingFieldsOnly)
     )
   ).filter(Boolean).join(scopeJoinType);
 };
+const FIELDS_REQUIRING_ESCAPE = /* @__PURE__ */ new Set([
+  "coords"
+]);
 const getUserScopeFieldQuery = (fieldName, fieldValue, scopeMatch, fullScope) => {
   if (fieldName in userIpQueries) {
     const queryBuilder = userIpQueries[fieldName];
     return queryBuilder(fieldValue, fullScope);
   }
-  return void 0 === fieldValue ? `ismissing(@${fieldName})` : `@${fieldName}:{${fieldValue}}`;
+  if (void 0 === fieldValue) {
+    return `ismissing(@${fieldName})`;
+  }
+  const stringValue = String(fieldValue);
+  const queryValue = FIELDS_REQUIRING_ESCAPE.has(fieldName) ? escapeTagValue(stringValue) : stringValue;
+  return `@${fieldName}:{${queryValue}}`;
 };
 const getPolicyScopeQuery = (policyScope, scopeMatch) => {
   const clientId = policyScope?.clientId;

package/dist/redis/reader/redisRulesQuery.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"redisRulesQuery.js","sourceRoot":"","sources":["../../../src/redis/reader/redisRulesQuery.ts"],"names":[],"mappings":"AAeA,OAAO,EAAE,eAAe,EAAE,MAAM,qCAAqC,CAAC;AACtE,OAAO,EAEN,gBAAgB,GAChB,MAAM,yBAAyB,CAAC;AAQjC,MAAM,cAAc,GAAG,CAAC,KAAa,EAAU,EAAE;IAEhD,OAAO,KAAK,CAAC,OAAO,CAAC,wCAAwC,EAAE,MAAM,CAAC,CAAC;AACxE,CAAC,CAAC;AAGF,MAAM,CAAC,MAAM,mBAAmB,GAAG,CAAC,CAAC;AAErC,MAAM,aAAa,GAAuC;IACzD,SAAS,EAAE,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE;QAC3B,IAAI,SAAS,KAAK,KAAK,EAAE,CAAC;YACzB,OAAO,iBAAiB,KAAK,IAAI,KAAK,iCAAiC,KAAK,wBAAwB,KAAK,YAAY,CAAC;QACvH,CAAC;QAED,IACC,KAAK,CAAC,gBAAgB,KAAK,SAAS;YACpC,KAAK,CAAC,gBAAgB,KAAK,SAAS,EACnC,CAAC;YACF,OAAO,iFAAiF,CAAC;QAC1F,CAAC;QAED,OAAO,EAAE,CAAC;IACX,CAAC;IACD,gBAAgB,EAAE,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE;QAClC,IAAI,KAAK,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;YACnC,OAAO,EAAE,CAAC;QACX,CAAC;QACD,OAAO,KAAK,KAAK,SAAS;YACzB,CAAC,CAAC,2BAA2B,KAAK,GAAG;YACrC,CAAC,CAAC,8BAA8B,CAAC;IACnC,CAAC;IACD,gBAAgB,EAAE,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE;QAClC,IAAI,KAAK,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;YACnC,OAAO,EAAE,CAAC;QACX,CAAC;QACD,OAAO,KAAK,KAAK,SAAS;YACzB,CAAC,CAAC,sBAAsB,KAAK,QAAQ;YACrC,CAAC,CAAC,8BAA8B,CAAC;IACnC,CAAC;CACD,CAAC;AAEF,MAAM,iBAAiB,GAAG,CACzB,SAAoB,EACpB,oBAAkD,EAClD,kBAA2B,EAClB,EAAE;IACX,IAAI,YAAY,GAAG,MAAM,CAAC,OAAO,CAAC,SAAS,CAE1C,CAAC;IACF,IAAI,aAAa,GAAG,GAAG,CAAC;IAGxB,IAAI,oBAAoB,KAAK,gBAAgB,CAAC,MAAM,EAAE,CAAC;QACtD,YAAY,GAAG,YAAY,CAAC,MAAM,CACjC,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,KAAK,KAAK,SAAS,CACE,CAAC;QACvC,aAAa,GAAG,KAAK,CAAC;IACvB,CAAC;IAED,IAAI,kBAAkB,EAAE,CAAC;QACxB,MAAM,QAAQ,GAAG,IAAI,GAAG,CAA2B,YAAY,CAAC,CAAC;QAGjE,IAAI,QAAQ,CAAC,GAAG,CAAC,WAAW,CAAC,IAAI,QAAQ,CAAC,GAAG,CAAC,WAAW,CAAC,KAAK,SAAS,EAAE,CAAC;YAC1E,QAAQ,CAAC,GAAG,CAAC,kBAAkB,EAAE,SAAS,CAAC,CAAC;YAC5C,QAAQ,CAAC,GAAG,CAAC,kBAAkB,EAAE,SAAS,CAAC,CAAC;QAC7C,CAAC;QAGD,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,KAAK,CAEnD,EAAE,CAAC;YACH,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;gBACzB,QAAQ,CAAC,GAAG,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;YAC/B,CAAC;QACF,CAAC;QAED,YAAY,GAAG,CAAC,GAAG,QAAQ,CAAC,OAAO,EAAE,CAAC,CAAC;IACxC,CAAC;IAED,MAAM,QAAQ,GAAG,MAAM,CAAC,WAAW,CAAC,YAAY,CAAuB,CAAC;IAExE,OAAO,YAAY;SACjB,GAAG,CAAC,CAAC,CAAC,cAAc,EAAE,eAAe,CAAC,EAAE,EAAE,CAC1C,sBAAsB,CACrB,cAAc,EACd,eAAe,EACf,oBAAoB,EACpB,QAAQ,CACR,CACD;SACA,MAAM,CAAC,OAAO,CAAC;SACf,IAAI,CAAC,aAAa,CAAC,CAAC;AACvB,CAAC,CAAC;AAGF,MAAM,uBAAuB,GAAiC,IAAI,GAAG,CAAC;IACrE,QAAQ;CACR,CAAC,CAAC;AAEH,MAAM,sBAAsB,GAAG,CAC9B,SAA0B,EAC1B,UAAmB,EACnB,UAAwC,EACxC,SAA6B,EACpB,EAAE;IACX,IAAI,SAAS,IAAI,aAAa,EAAE,CAAC;QAChC,MAAM,YAAY,GAAG,aAAa,CAAC,SAAyB,CAAC,CAAC;QAE9D,OAAO,YAAY,CAAC,UAAU,EAAE,SAAS,CAAC,CAAC;IAC5C,CAAC;IAED,IAAI,SAAS,KAAK,UAAU,EAAE,CAAC;QAC9B,OAAO,cAAc,SAAS,GAAG,CAAC;IACnC,CAAC;IAED,MAAM,WAAW,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC;IAEvC,MAAM,UAAU,GAAG,uBAAuB,CAAC,GAAG,CAAC,SAAS,CAAC;QACxD,CAAC,CAAC,cAAc,CAAC,WAAW,CAAC;QAC7B,CAAC,CAAC,WAAW,CAAC;IAEf,OAAO,IAAI,SAAS,KAAK,UAAU,GAAG,CAAC;AACxC,CAAC,CAAC;AAEF,MAAM,mBAAmB,GAAG,CAC3B,WAAoC,EACpC,UAAwC,EAC/B,EAAE;IACX,MAAM,QAAQ,GAAG,WAAW,EAAE,QAAQ,CAAC;IAEvC,IAAI,QAAQ,KAAK,OAAO,QAAQ,EAAE,CAAC;QAClC,OAAO,gBAAgB,CAAC,KAAK,KAAK,UAAU;YAC3C,CAAC,CAAC,cAAc,QAAQ,GAAG;YAC3B,CAAC,CAAC,gBAAgB,QAAQ,4BAA4B,CAAC;IACzD,CAAC;IAED,OAAO,gBAAgB,CAAC,KAAK,KAAK,UAAU,CAAC,CAAC,CAAC,sBAAsB,CAAC,CAAC,CAAC,EAAE,CAAC;AAC5E,CAAC,CAAC;AAYF,MAAM,CAAC,MAAM,kBAAkB,GAAG,CACjC,MAAyB,EACzB,kBAA2B,EAClB,EAAE;IACX,MAAM,EAAE,WAAW,EAAE,SAAS,EAAE,GAAG,MAAM,CAAC;IAC1C,MAAM,UAAU,GAAG,EAAE,CAAC;IAEtB,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;QACpB,UAAU,CAAC,IAAI,CAAC,aAAa,MAAM,CAAC,OAAO,GAAG,CAAC,CAAC;IACjD,CAAC;IAED,MAAM,gBAAgB,GAAG,mBAAmB,CAC3C,WAAW,EACX,MAAM,CAAC,gBAAgB,CACvB,CAAC;IAEF,IAAI,gBAAgB,EAAE,CAAC;QACtB,UAAU,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;IACnC,CAAC;IAED,IAAI,SAAS,IAAI,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACpD,MAAM,eAAe,GAAG,iBAAiB,CACxC,SAAS,EACT,MAAM,CAAC,cAAc,EACrB,kBAAkB,CAClB,CAAC;QAEF,UAAU,CAAC,IAAI,CAAC,KAAK,eAAe,IAAI,CAAC,CAAC;IAC3C,CAAC;IAED,OAAO,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;AAC3D,CAAC,CAAC"}

package/dist/redis/reader/redisRulesReader.d.ts

@@ -0,0 +1,26 @@
+import { type Logger } from "@prosopo/common";
+import type { RedisClientType } from "redis";
+import type { AccessRule } from "#policy/rule.js";
+import type { AccessRuleEntry, AccessRulesFilter, AccessRulesReader } from "#policy/rulesStorage.js";
+export declare class RedisRulesReader implements AccessRulesReader {
+    private readonly client;
+    private readonly logger;
+    constructor(client: RedisClientType, logger: Logger);
+    getMissingRuleIds(ruleIds: string[]): Promise<string[]>;
+    fetchRules(ruleIds: string[]): Promise<AccessRuleEntry[]>;
+    findRules(filter: AccessRulesFilter, matchingFieldsOnly?: boolean, skipEmptyUserScopes?: boolean): Promise<AccessRule[]>;
+    findRuleIds(filter: AccessRulesFilter, matchingFieldsOnly?: boolean): Promise<string[]>;
+    fetchAllRuleIds(batchHandler: (ruleIds: string[]) => Promise<void>): Promise<void>;
+    protected fetchRuleEntries(keys: string[]): Promise<AccessRuleEntry[]>;
+    protected getRuleKeys(ruleIds: string[]): string[];
+}
+export declare class DummyRedisRulesReader implements AccessRulesReader {
+    private readonly logger;
+    constructor(logger: Logger);
+    getMissingRuleIds(ruleIds: string[]): Promise<string[]>;
+    fetchRules(ruleIds: string[]): Promise<AccessRuleEntry[]>;
+    findRules(filter: AccessRulesFilter, matchingFieldsOnly?: boolean, skipEmptyUserScopes?: boolean): Promise<AccessRule[]>;
+    findRuleIds(filter: AccessRulesFilter, matchingFieldsOnly?: boolean): Promise<string[]>;
+    fetchAllRuleIds(batchHandler: (ruleIds: string[]) => Promise<void>): Promise<void>;
+}
+//# sourceMappingURL=redisRulesReader.d.ts.map

package/dist/redis/reader/redisRulesReader.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"redisRulesReader.d.ts","sourceRoot":"","sources":["../../../src/redis/reader/redisRulesReader.ts"],"names":[],"mappings":"AAeA,OAAO,EACN,KAAK,MAAM,EAGX,MAAM,iBAAiB,CAAC;AAEzB,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,OAAO,CAAC;AAe7C,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAElD,OAAO,KAAK,EACX,eAAe,EACf,iBAAiB,EACjB,iBAAiB,EACjB,MAAM,yBAAyB,CAAC;AAGjC,qBAAa,gBAAiB,YAAW,iBAAiB;IAExD,OAAO,CAAC,QAAQ,CAAC,MAAM;IACvB,OAAO,CAAC,QAAQ,CAAC,MAAM;gBADN,MAAM,EAAE,eAAe,EACvB,MAAM,EAAE,MAAM;IAG1B,iBAAiB,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IAcvD,UAAU,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC;IAazD,SAAS,CACd,MAAM,EAAE,iBAAiB,EACzB,kBAAkB,UAAQ,EAC1B,mBAAmB,UAAO,GACxB,OAAO,CAAC,UAAU,EAAE,CAAC;IAiElB,WAAW,CAChB,MAAM,EAAE,iBAAiB,EACzB,kBAAkB,UAAQ,GACxB,OAAO,CAAC,MAAM,EAAE,CAAC;IAgDd,eAAe,CACpB,YAAY,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,OAAO,CAAC,IAAI,CAAC,GAChD,OAAO,CAAC,IAAI,CAAC;cAYA,gBAAgB,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC;IA8B5E,SAAS,CAAC,WAAW,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,MAAM,EAAE;CAGlD;AAED,qBAAa,qBAAsB,YAAW,iBAAiB;IAClD,OAAO,CAAC,QAAQ,CAAC,MAAM;gBAAN,MAAM,EAAE,MAAM;IAErC,iBAAiB,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IAWvD,UAAU,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC;IAWzD,SAAS,CACd,MAAM,EAAE,iBAAiB,EACzB,kBAAkB,UAAQ,EAC1B,mBAAmB,UAAO,GACxB,OAAO,CAAC,UAAU,EAAE,CAAC;IAWlB,WAAW,CAChB,MAAM,EAAE,iBAAiB,EACzB,kBAAkB,UAAQ,GACxB,OAAO,CAAC,MAAM,EAAE,CAAC;IAWd,eAAe,CACpB,YAAY,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,OAAO,CAAC,IAAI,CAAC,GAChD,OAAO,CAAC,IAAI,CAAC;CAKhB"}

package/dist/redis/reader/redisRulesReader.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"redisRulesReader.js","sourceRoot":"","sources":["../../../src/redis/reader/redisRulesReader.ts"],"names":[],"mappings":"AAcA,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,EAEN,gBAAgB,EAChB,0BAA0B,GAC1B,MAAM,iBAAiB,CAAC;AAGzB,OAAO,EACN,mBAAmB,EACnB,kBAAkB,GAClB,MAAM,yCAAyC,CAAC;AACjD,OAAO,EACN,gBAAgB,EAChB,qBAAqB,EACrB,mBAAmB,EACnB,iBAAiB,GACjB,MAAM,8BAA8B,CAAC;AACtC,OAAO,EACN,6BAA6B,EAC7B,4BAA4B,GAC5B,MAAM,iCAAiC,CAAC;AAEzC,OAAO,EAAE,eAAe,EAAE,MAAM,gCAAgC,CAAC;AAMjE,OAAO,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AAEzD,MAAM,OAAO,gBAAgB;IAC5B,YACkB,MAAuB,EACvB,MAAc;QADd,WAAM,GAAN,MAAM,CAAiB;QACvB,WAAM,GAAN,MAAM,CAAQ;IAC7B,CAAC;IAEJ,KAAK,CAAC,iBAAiB,CAAC,OAAiB;QACxC,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;QAC3C,MAAM,UAAU,GAAG,gBAAgB,CAAC,QAAQ,EAAE,gBAAgB,CAAC,CAAC;QAEhE,MAAM,iBAAiB,GAAG,MAAM,0BAA0B,CACzD,UAAU,EACV,KAAK,EAAE,SAAS,EAAE,EAAE,CAAC,mBAAmB,CAAC,IAAI,CAAC,MAAM,EAAE,SAAS,CAAC,CAChE,CAAC;QAEF,OAAO,iBAAiB;aACtB,IAAI,EAAE;aACN,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,4BAA4B,CAAC,MAAM,CAAC,CAAC,CAAC;IACxE,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,OAAiB;QACjC,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;QAE3C,MAAM,UAAU,GAAG,gBAAgB,CAAC,QAAQ,EAAE,gBAAgB,CAAC,CAAC;QAEhE,MAAM,YAAY,GAAG,MAAM,0BAA0B,CACpD,UAAU,EACV,CAAC,SAAS,EAAE,EAAE,CAAC,IAAI,CAAC,gBAAgB,CAAC,SAAS,CAAC,CAC/C,CAAC;QAEF,OAAO,YAAY,CAAC,IAAI,EAAE,CAAC;IAC5B,CAAC;IAED,KAAK,CAAC,SAAS,CACd,MAAyB,EACzB,kBAAkB,GAAG,KAAK,EAC1B,mBAAmB,GAAG,IAAI;QAE1B,MAAM,KAAK,GAAG,kBAAkB,CAAC,MAAM,EAAE,kBAAkB,CAAC,CAAC;QAE7D,IAAI,mBAAmB,IAAI,KAAK,KAAK,sBAAsB,EAAE,CAAC;YAE7D,OAAO,EAAE,CAAC;QACX,CAAC;QAED,IAAI,WAAwB,CAAC;QAE7B,IAAI,CAAC;YAEJ,WAAW,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,CACxC,6BAA6B,EAC7B,KAAK,EACL;gBACC,OAAO,EAAE,mBAAmB;gBAE5B,KAAK,EAAE;oBACN,IAAI,EAAE,CAAC;oBACP,IAAI,EAAE,gBAAgB;iBACtB;aACD,CACD,CAAC;YAEF,IAAI,WAAW,CAAC,KAAK,GAAG,CAAC,EAAE,CAAC;gBAC3B,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC;oBACxB,GAAG,EAAE,uBAAuB;oBAC5B,IAAI,EAAE;wBACL,OAAO,EAAE,IAAI,CAAC,OAAO,CACpB;4BACC,MAAM,EAAE,MAAM;4BACd,WAAW,EAAE,WAAW;4BACxB,KAAK,EAAE,KAAK;yBACZ,EACD,EAAE,KAAK,EAAE,IAAI,EAAE,CACf;qBACD;iBACD,CAAC,CAAC,CAAC;YACL,CAAC;QACF,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACZ,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC;gBACxB,GAAG,EAAE,CAAC;gBACN,IAAI,EAAE;oBACL,OAAO,EAAE,IAAI,CAAC,OAAO,CACpB;wBACC,KAAK,EAAE,KAAK;wBACZ,MAAM,EAAE,MAAM;qBACd,EACD;wBACC,KAAK,EAAE,IAAI;qBACX,CACD;iBACD;gBACD,GAAG,EAAE,gCAAgC;aACrC,CAAC,CAAC,CAAC;YAEJ,OAAO,EAAE,CAAC;QACX,CAAC;QAED,MAAM,OAAO,GAAG,WAAW,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC,KAAK,CAAC,CAAC;QAEhE,OAAO,iBAAiB,CAAC,OAAO,EAAE,eAAe,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;IACjE,CAAC;IAED,KAAK,CAAC,WAAW,CAChB,MAAyB,EACzB,kBAAkB,GAAG,KAAK;QAE1B,MAAM,KAAK,GAAG,kBAAkB,CAAC,MAAM,EAAE,kBAAkB,CAAC,CAAC;QAE7D,IAAI,OAAO,GAAa,EAAE,CAAC;QAE3B,IAAI,CAAC;YAEJ,MAAM,QAAQ,GAAG,MAAM,kBAAkB,CACxC,IAAI,CAAC,MAAM,EACX,KAAK,EACL,IAAI,CAAC,MAAM,CACX,CAAC;YAEF,OAAO,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE,CAClC,OAAO,CAAC,KAAK,CAAC,4BAA4B,CAAC,MAAM,CAAC,CAClD,CAAC;QACH,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACZ,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC;gBACxB,GAAG,EAAE,CAAC;gBACN,IAAI,EAAE;oBACL,OAAO,EAAE,IAAI,CAAC,OAAO,CACpB;wBACC,KAAK,EAAE,KAAK;wBACZ,MAAM,EAAE,MAAM;qBACd,EACD;wBACC,KAAK,EAAE,IAAI;qBACX,CACD;iBACD;gBACD,GAAG,EAAE,6CAA6C;aAClD,CAAC,CAAC,CAAC;YAEJ,OAAO,EAAE,CAAC;QACX,CAAC;QAED,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC;YACxB,GAAG,EAAE,oCAAoC;YACzC,IAAI,EAAE;gBACL,KAAK,EAAE,KAAK;gBACZ,UAAU,EAAE,OAAO,CAAC,MAAM;gBAC1B,QAAQ,EAAE,OAAO;aACjB;SACD,CAAC,CAAC,CAAC;QAEJ,OAAO,OAAO,CAAC;IAChB,CAAC;IAED,KAAK,CAAC,eAAe,CACpB,YAAkD;QAElD,MAAM,gBAAgB,GAAG,KAAK,EAAE,IAAc,EAAE,EAAE;YACjD,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE,CAChC,OAAO,CAAC,KAAK,CAAC,4BAA4B,CAAC,MAAM,CAAC,CAClD,CAAC;YAEF,MAAM,YAAY,CAAC,GAAG,CAAC,CAAC;QACzB,CAAC,CAAC;QAEF,MAAM,kBAAkB,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,IAAI,CAAC,MAAM,EAAE,gBAAgB,CAAC,CAAC;IAC3E,CAAC;IAES,KAAK,CAAC,gBAAgB,CAAC,IAAc;QAC9C,MAAM,EAAE,OAAO,EAAE,WAAW,EAAE,GAAG,MAAM,qBAAqB,CAC3D,IAAI,CAAC,MAAM,EACX,IAAI,EACJ,IAAI,CAAC,MAAM,CACX,CAAC;QACF,MAAM,OAAO,GAAsB,EAAE,CAAC;QAEtC,KAAK,MAAM,CAAC,KAAK,EAAE,QAAQ,CAAC,IAAI,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC;YACnD,MAAM,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC;YAEvD,IAAI,aAAa,EAAE,CAAC;gBACnB,MAAM,IAAI,GAAG,iBAAiB,CAC7B,CAAC,QAAQ,CAAC,EACV,eAAe,EACf,IAAI,CAAC,MAAM,CACX,CAAC,CAAC,CAAC,CAAC;gBAEL,IAAI,IAAI,EAAE,CAAC;oBACV,OAAO,CAAC,IAAI,CAAC;wBACZ,IAAI,EAAE,IAAI;wBACV,oBAAoB,EAAE,WAAW,CAAC,KAAK,CAAC;qBACxC,CAAC,CAAC;gBACJ,CAAC;YACF,CAAC;QACF,CAAC;QAED,OAAO,OAAO,CAAC;IAChB,CAAC;IAES,WAAW,CAAC,OAAiB;QACtC,OAAO,OAAO,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,GAAG,4BAA4B,GAAG,EAAE,EAAE,CAAC,CAAC;IACpE,CAAC;CACD;AAED,MAAM,OAAO,qBAAqB;IACjC,YAA6B,MAAc;QAAd,WAAM,GAAN,MAAM,CAAQ;IAAG,CAAC;IAE/C,KAAK,CAAC,iBAAiB,CAAC,OAAiB;QACxC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;YACvB,GAAG,EAAE,8DAA8D;YACnE,IAAI,EAAE;gBACL,OAAO;aACP;SACD,CAAC,CAAC,CAAC;QAEJ,OAAO,EAAE,CAAC;IACX,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,OAAiB;QACjC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;YACvB,GAAG,EAAE,sDAAsD;YAC3D,IAAI,EAAE;gBACL,OAAO;aACP;SACD,CAAC,CAAC,CAAC;QAEJ,OAAO,EAAE,CAAC;IACX,CAAC;IAED,KAAK,CAAC,SAAS,CACd,MAAyB,EACzB,kBAAkB,GAAG,KAAK,EAC1B,mBAAmB,GAAG,IAAI;QAE1B,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;YACvB,GAAG,EAAE,sDAAsD;YAC3D,IAAI,EAAE;gBACL,MAAM;aACN;SACD,CAAC,CAAC,CAAC;QAEJ,OAAO,EAAE,CAAC;IACX,CAAC;IAED,KAAK,CAAC,WAAW,CAChB,MAAyB,EACzB,kBAAkB,GAAG,KAAK;QAE1B,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;YACvB,GAAG,EAAE,wDAAwD;YAC7D,IAAI,EAAE;gBACL,MAAM;aACN;SACD,CAAC,CAAC,CAAC;QAEJ,OAAO,EAAE,CAAC;IACX,CAAC;IAED,KAAK,CAAC,eAAe,CACpB,YAAkD;QAElD,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;YACvB,GAAG,EAAE,4DAA4D;SACjE,CAAC,CAAC,CAAC;IACL,CAAC;CACD"}

package/dist/redis/redisClient.d.ts

@@ -0,0 +1,11 @@
+import type { Logger } from "@prosopo/common";
+import type { RedisClientType } from "redis";
+import { type ZodType } from "zod";
+export declare const REDIS_BATCH_SIZE = 1000;
+export declare const getMissingRedisKeys: (client: RedisClientType, keys: string[]) => Promise<string[]>;
+export declare const fetchRedisHashRecords: (client: RedisClientType, keys: string[], logger: Logger) => Promise<{
+    records: object[];
+    expirations: (number | undefined)[];
+}>;
+export declare const parseRedisRecords: <T>(records: unknown[], recordSchema: ZodType<T>, logger: Logger) => T[];
+//# sourceMappingURL=redisClient.d.ts.map

package/dist/redis/redisClient.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"redisClient.d.ts","sourceRoot":"","sources":["../../src/redis/redisClient.ts"],"names":[],"mappings":"AAcA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAC;AAC9C,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,OAAO,CAAC;AAC7C,OAAO,EAAE,KAAK,OAAO,EAAK,MAAM,KAAK,CAAC;AAEtC,eAAO,MAAM,gBAAgB,OAAQ,CAAC;AAEtC,eAAO,MAAM,mBAAmB,WACvB,eAAe,QACjB,MAAM,EAAE,KACZ,OAAO,CAAC,MAAM,EAAE,CAsBlB,CAAC;AAEF,eAAO,MAAM,qBAAqB,WACzB,eAAe,QACjB,MAAM,EAAE,UACN,MAAM,KACZ,OAAO,CAAC;IAAE,OAAO,EAAE,MAAM,EAAE,CAAC;IAAC,WAAW,EAAE,CAAC,MAAM,GAAG,SAAS,CAAC,EAAE,CAAA;CAAE,CAgBpE,CAAC;AAEF,eAAO,MAAM,iBAAiB,GAAI,CAAC,WACzB,OAAO,EAAE,gBACJ,OAAO,CAAC,CAAC,CAAC,UAChB,MAAM,KACZ,CAAC,EAcD,CAAC"}

package/dist/redis/redisClient.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"redisClient.js","sourceRoot":"","sources":["../../src/redis/redisClient.ts"],"names":[],"mappings":"AAgBA,OAAO,EAAgB,CAAC,EAAE,MAAM,KAAK,CAAC;AAEtC,MAAM,CAAC,MAAM,gBAAgB,GAAG,KAAK,CAAC;AAEtC,MAAM,CAAC,MAAM,mBAAmB,GAAG,KAAK,EACvC,MAAuB,EACvB,IAAc,EACM,EAAE;IACtB,MAAM,OAAO,GAAG,MAAM,CAAC,KAAK,EAAE,CAAC;IAE/B,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE;QAChB,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IACrB,CAAC,CAAC,CAAC;IAEH,MAAM,OAAO,GAAc,MAAM,OAAO,CAAC,IAAI,EAAE,CAAC;IAEhD,MAAM,WAAW,GAAa,EAAE,CAAC;IAEjC,OAAO,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,WAAW,EAAE,EAAE;QACnC,IAAI,GAAG,KAAK,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC;YAC5B,MAAM,GAAG,GAAG,IAAI,CAAC,WAAW,CAAC,CAAC;YAE9B,IAAI,GAAG,EAAE,CAAC;gBACT,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YACvB,CAAC;QACF,CAAC;IACF,CAAC,CAAC,CAAC;IAEH,OAAO,WAAW,CAAC;AACpB,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,qBAAqB,GAAG,KAAK,EACzC,MAAuB,EACvB,IAAc,EACd,MAAc,EACwD,EAAE;IACxE,MAAM,SAAS,GAAG,MAAM,CAAC,KAAK,EAAE,CAAC;IACjC,MAAM,cAAc,GAAG,MAAM,CAAC,KAAK,EAAE,CAAC;IAEtC,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QACxB,SAAS,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACvB,cAAc,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;IAChC,CAAC;IAED,MAAM,OAAO,GAAG,CAAC,MAAM,SAAS,CAAC,IAAI,EAAE,CAAa,CAAC;IACrD,MAAM,iBAAiB,GAAG,CAAC,MAAM,cAAc,CAAC,IAAI,EAAE,CAAc,CAAC;IAErE,OAAO;QACN,OAAO,EAAE,OAAO;QAChB,WAAW,EAAE,sBAAsB,CAAC,iBAAiB,EAAE,MAAM,CAAC;KAC9D,CAAC;AACH,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAChC,OAAkB,EAClB,YAAwB,EACxB,MAAc,EACR,EAAE,CACR,OAAO,CAAC,OAAO,CAAC,CAAC,MAAM,EAAE,EAAE;IAC1B,MAAM,WAAW,GAAG,YAAY,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;IAEnD,IAAI,WAAW,CAAC,OAAO,EAAE,CAAC;QACzB,OAAO,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;IAC3B,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC;QACnB,GAAG,EAAE,8BAA8B;QACnC,IAAI,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,WAAW,CAAC,KAAK,EAAE;KAC1C,CAAC,CAAC,CAAC;IAEJ,OAAO,EAAE,CAAC;AACX,CAAC,CAAC,CAAC;AAEJ,MAAM,sBAAsB,GAAG,CAAC,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;AAEjD,MAAM,sBAAsB,GAAG,CAAC,CAAC,CAAC;AAElC,MAAM,sBAAsB,GAAG,CAC9B,OAAkB,EAClB,MAAc,EACW,EAAE,CAC3B,OAAO,CAAC,OAAO,CAAC,CAAC,MAAM,EAAE,EAAE;IAC1B,MAAM,WAAW,GAAG,sBAAsB,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;IAE7D,IAAI,WAAW,CAAC,OAAO,EAAE,CAAC;QACzB,MAAM,UAAU,GACf,sBAAsB,KAAK,WAAW,CAAC,IAAI;YAC1C,CAAC,CAAC,SAAS;YACX,CAAC,CAAC,WAAW,CAAC,IAAI,CAAC;QAErB,OAAO,CAAC,UAAU,CAAC,CAAC;IACrB,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC;QACnB,GAAG,EAAE,yCAAyC;QAC9C,IAAI,EAAE;YACL,MAAM;YACN,KAAK,EAAE,WAAW,CAAC,KAAK;SACxB;KACD,CAAC,CAAC,CAAC;IAGJ,OAAO,CAAC,SAAS,CAAC,CAAC;AACpB,CAAC,CAAC,CAAC"}

package/dist/redis/redisRuleIndex.d.ts

@@ -0,0 +1,13 @@
+import type { RedisIndex } from "@prosopo/redis-client";
+import { type RediSearchSchema } from "@redis/search";
+import type { AccessRule } from "#policy/rule.js";
+export declare const userIpRedisSchema: RediSearchSchema;
+export declare const userAttributesRedisSchema: RediSearchSchema;
+export declare const userScopeRedisSchema: RediSearchSchema;
+export declare const policyScopeRedisSchema: RediSearchSchema;
+export declare const accessRuleRedisSchema: RediSearchSchema;
+export declare const ACCESS_RULES_REDIS_INDEX_NAME = "index:user-access-rules";
+export declare const ACCESS_RULE_REDIS_KEY_PREFIX = "uar:";
+export declare const accessRulesRedisIndex: RedisIndex;
+export declare const getAccessRuleRedisKey: (rule: AccessRule) => string;
+//# sourceMappingURL=redisRuleIndex.d.ts.map

package/dist/redis/redisRuleIndex.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"redisRuleIndex.d.ts","sourceRoot":"","sources":["../../src/redis/redisRuleIndex.ts"],"names":[],"mappings":"AAeA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,KAAK,gBAAgB,EAAqB,MAAM,eAAe,CAAC;AACzE,OAAO,KAAK,EACX,UAAU,EAKV,MAAM,iBAAiB,CAAC;AAGzB,eAAO,MAAM,iBAAiB,EAAE,gBAIL,CAAC;AAE5B,eAAO,MAAM,yBAAyB,EAAE,gBAQL,CAAC;AAEpC,eAAO,MAAM,oBAAoB,EAAE,gBAGR,CAAC;AAE5B,eAAO,MAAM,sBAAsB,EAAE,gBAKL,CAAC;AAUjC,eAAO,MAAM,qBAAqB,EAAE,gBAIR,CAAC;AAE7B,eAAO,MAAM,6BAA6B,4BAA4B,CAAC;AAGvE,eAAO,MAAM,4BAA4B,SAAS,CAAC;AAEnD,eAAO,MAAM,qBAAqB,EAAE,UAOnC,CAAC;AAEF,eAAO,MAAM,qBAAqB,SAAU,UAAU,KAAG,MACD,CAAC"}

package/dist/redis/redisRuleIndex.js

@@ -9,7 +9,10 @@ const userAttributesRedisSchema = {
   userId: { type: SCHEMA_FIELD_TYPE.TAG, INDEXMISSING: true },
   ja4Hash: { type: SCHEMA_FIELD_TYPE.TAG, INDEXMISSING: true },
   headersHash: { type: SCHEMA_FIELD_TYPE.TAG, INDEXMISSING: true },
-  userAgentHash: { type: SCHEMA_FIELD_TYPE.TAG, INDEXMISSING: true }
+  userAgentHash: { type: SCHEMA_FIELD_TYPE.TAG, INDEXMISSING: true },
+  headHash: { type: SCHEMA_FIELD_TYPE.TAG, INDEXMISSING: true },
+  // Use pipe separator for coords since JSON strings contain commas
+  coords: { type: SCHEMA_FIELD_TYPE.TAG, INDEXMISSING: true, SEPARATOR: "|" }
 };
 const userScopeRedisSchema = {
   ...userAttributesRedisSchema,

package/dist/redis/redisRuleIndex.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"redisRuleIndex.js","sourceRoot":"","sources":["../../src/redis/redisRuleIndex.ts"],"names":[],"mappings":"AAgBA,OAAO,EAAyB,iBAAiB,EAAE,MAAM,eAAe,CAAC;AAQzE,OAAO,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AAE9D,MAAM,CAAC,MAAM,iBAAiB,GAAqB;IAClD,gBAAgB,EAAE,EAAE,IAAI,EAAE,iBAAiB,CAAC,OAAO,EAAE,YAAY,EAAE,IAAI,EAAE;IACzE,gBAAgB,EAAE,EAAE,IAAI,EAAE,iBAAiB,CAAC,OAAO,EAAE,YAAY,EAAE,IAAI,EAAE;IACzE,SAAS,EAAE,EAAE,IAAI,EAAE,iBAAiB,CAAC,OAAO,EAAE,YAAY,EAAE,IAAI,EAAE;CACxC,CAAC;AAE5B,MAAM,CAAC,MAAM,yBAAyB,GAAqB;IAC1D,MAAM,EAAE,EAAE,IAAI,EAAE,iBAAiB,CAAC,GAAG,EAAE,YAAY,EAAE,IAAI,EAAE;IAC3D,OAAO,EAAE,EAAE,IAAI,EAAE,iBAAiB,CAAC,GAAG,EAAE,YAAY,EAAE,IAAI,EAAE;IAC5D,WAAW,EAAE,EAAE,IAAI,EAAE,iBAAiB,CAAC,GAAG,EAAE,YAAY,EAAE,IAAI,EAAE;IAChE,aAAa,EAAE,EAAE,IAAI,EAAE,iBAAiB,CAAC,GAAG,EAAE,YAAY,EAAE,IAAI,EAAE;IAClE,QAAQ,EAAE,EAAE,IAAI,EAAE,iBAAiB,CAAC,GAAG,EAAE,YAAY,EAAE,IAAI,EAAE;IAE7D,MAAM,EAAE,EAAE,IAAI,EAAE,iBAAiB,CAAC,GAAG,EAAE,YAAY,EAAE,IAAI,EAAE,SAAS,EAAE,GAAG,EAAE;CACzC,CAAC;AAEpC,MAAM,CAAC,MAAM,oBAAoB,GAAqB;IACrD,GAAG,yBAAyB;IAC5B,GAAG,iBAAiB;CACM,CAAC;AAE5B,MAAM,CAAC,MAAM,sBAAsB,GAAqB;IACvD,QAAQ,EAAE;QACT,IAAI,EAAE,iBAAiB,CAAC,GAAG;QAC3B,YAAY,EAAE,IAAI;KAClB;CAC8B,CAAC;AAUjC,MAAM,CAAC,MAAM,qBAAqB,GAAqB;IACtD,GAAG,sBAAsB;IACzB,GAAG,oBAAoB;IACvB,OAAO,EAAE,EAAE,IAAI,EAAE,iBAAiB,CAAC,GAAG,EAAE,YAAY,EAAE,IAAI,EAAE;CACjC,CAAC;AAE7B,MAAM,CAAC,MAAM,6BAA6B,GAAG,yBAAyB,CAAC;AAGvE,MAAM,CAAC,MAAM,4BAA4B,GAAG,MAAM,CAAC;AAEnD,MAAM,CAAC,MAAM,qBAAqB,GAAe;IAChD,IAAI,EAAE,6BAA6B;IACnC,MAAM,EAAE,qBAAqB;IAC7B,OAAO,EAAE;QACR,EAAE,EAAE,MAAe;QACnB,MAAM,EAAE,CAAC,4BAA4B,CAAC;KACtC;CACD,CAAC;AAEF,MAAM,CAAC,MAAM,qBAAqB,GAAG,CAAC,IAAgB,EAAU,EAAE,CACjE,4BAA4B,GAAG,kBAAkB,CAAC,IAAI,CAAC,CAAC"}

package/dist/redis/redisRulesStorage.d.ts

@@ -0,0 +1,5 @@
+import type { Logger } from "@prosopo/common";
+import type { RedisConnection } from "@prosopo/redis-client";
+import type { AccessRulesStorage } from "#policy/rulesStorage.js";
+export declare const createRedisAccessRulesStorage: (connection: RedisConnection, logger: Logger) => AccessRulesStorage;
+//# sourceMappingURL=redisRulesStorage.d.ts.map

package/dist/redis/redisRulesStorage.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"redisRulesStorage.d.ts","sourceRoot":"","sources":["../../src/redis/redisRulesStorage.ts"],"names":[],"mappings":"AAcA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAC;AAC9C,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AAC7D,OAAO,KAAK,EAEX,kBAAkB,EAElB,MAAM,yBAAyB,CAAC;AAOjC,eAAO,MAAM,6BAA6B,eAC7B,eAAe,UACnB,MAAM,KACZ,kBAqBF,CAAC"}

package/dist/redis/redisRulesStorage.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"redisRulesStorage.js","sourceRoot":"","sources":["../../src/redis/redisRulesStorage.ts"],"names":[],"mappings":"AAqBA,OAAO,EACN,qBAAqB,EACrB,gBAAgB,GAChB,MAAM,8BAA8B,CAAC;AACtC,OAAO,EAAE,qBAAqB,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AAEhF,MAAM,CAAC,MAAM,6BAA6B,GAAG,CAC5C,UAA2B,EAC3B,MAAc,EACO,EAAE;IACvB,MAAM,OAAO,GAAuB,cAAc,CACjD,IAAI,qBAAqB,CAAC,MAAM,CAAC,EACjC,IAAI,qBAAqB,CAAC,MAAM,CAAC,CACjC,CAAC;IAEF,UAAU,CAAC,SAAS,EAAE,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE;QACtC,MAAM,WAAW,GAAG,cAAc,CACjC,IAAI,gBAAgB,CAAC,MAAM,EAAE,MAAM,CAAC,EACpC,IAAI,gBAAgB,CAAC,MAAM,EAAE,MAAM,CAAC,CACpC,CAAC;QAGF,MAAM,CAAC,MAAM,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;QAEpC,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;YAClB,GAAG,EAAE,mDAAmD;SACxD,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,OAAO,OAAO,CAAC;AAChB,CAAC,CAAC;AAEF,MAAM,cAAc,GAAG,CACtB,MAAyB,EACzB,MAAyB,EACJ,EAAE,CAAC,CAAC;IAEzB,UAAU,EAAE,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC;IAC1C,iBAAiB,EAAE,MAAM,CAAC,iBAAiB,CAAC,IAAI,CAAC,MAAM,CAAC;IACxD,SAAS,EAAE,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,MAAM,CAAC;IACxC,WAAW,EAAE,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC;IAC5C,eAAe,EAAE,MAAM,CAAC,eAAe,CAAC,IAAI,CAAC,MAAM,CAAC;IAEpD,WAAW,EAAE,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC;IAC5C,WAAW,EAAE,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC;IAC5C,cAAc,EAAE,MAAM,CAAC,cAAc,CAAC,IAAI,CAAC,MAAM,CAAC;CAClD,CAAC,CAAC"}

package/dist/redis/redisRulesWriter.d.ts

@@ -0,0 +1,22 @@
+import { type Logger } from "@prosopo/common";
+import type { RedisClientType } from "redis";
+import type { AccessRule } from "#policy/rule.js";
+import type { AccessRuleEntry, AccessRulesWriter } from "#policy/rulesStorage.js";
+export declare class RedisRulesWriter implements AccessRulesWriter {
+    private readonly client;
+    private readonly logger;
+    constructor(client: RedisClientType, logger: Logger);
+    insertRules(ruleEntries: AccessRuleEntry[]): Promise<string[]>;
+    deleteRules(ruleIds: string[]): Promise<void>;
+    deleteAllRules(): Promise<number>;
+    protected insertRuleEntries(ruleEntries: AccessRuleEntry[]): Promise<string[]>;
+}
+export declare const getRedisRuleValue: (rule: AccessRule) => Record<string, string>;
+export declare class DummyRedisRulesWriter implements AccessRulesWriter {
+    private readonly logger;
+    constructor(logger: Logger);
+    insertRules(ruleEntries: AccessRuleEntry[]): Promise<string[]>;
+    deleteRules(ruleIds: string[]): Promise<void>;
+    deleteAllRules(): Promise<number>;
+}
+//# sourceMappingURL=redisRulesWriter.d.ts.map

package/dist/redis/redisRulesWriter.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"redisRulesWriter.d.ts","sourceRoot":"","sources":["../../src/redis/redisRulesWriter.ts"],"names":[],"mappings":"AAcA,OAAO,EACN,KAAK,MAAM,EAGX,MAAM,iBAAiB,CAAC;AACzB,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,OAAO,CAAC;AAE7C,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAClD,OAAO,KAAK,EACX,eAAe,EACf,iBAAiB,EACjB,MAAM,yBAAyB,CAAC;AAMjC,qBAAa,gBAAiB,YAAW,iBAAiB;IAExD,OAAO,CAAC,QAAQ,CAAC,MAAM;IACvB,OAAO,CAAC,QAAQ,CAAC,MAAM;gBADN,MAAM,EAAE,eAAe,EACvB,MAAM,EAAE,MAAM;IAG1B,WAAW,CAAC,WAAW,EAAE,eAAe,EAAE,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IAa9D,WAAW,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC;IAkB7C,cAAc,IAAI,OAAO,CAAC,MAAM,CAAC;cAsBvB,iBAAiB,CAChC,WAAW,EAAE,eAAe,EAAE,GAC5B,OAAO,CAAC,MAAM,EAAE,CAAC;CA+BpB;AAED,eAAO,MAAM,iBAAiB,SAAU,UAAU,KAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAGxE,CAAC;AAEH,qBAAa,qBAAsB,YAAW,iBAAiB;IAClD,OAAO,CAAC,QAAQ,CAAC,MAAM;gBAAN,MAAM,EAAE,MAAM;IAErC,WAAW,CAAC,WAAW,EAAE,eAAe,EAAE,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IAW9D,WAAW,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC;IAS7C,cAAc,IAAI,OAAO,CAAC,MAAM,CAAC;CAOvC"}

package/dist/redis/redisRulesWriter.js

@@ -54,6 +54,12 @@ class RedisRulesWriter {
       const ruleValue = getRedisRuleValue(rule);
       queries.hSet(ruleKey, ruleValue);
       if (expiresUnixTimestamp) {
+        const MILLISECOND_THRESHOLD = 1e10;
+        if (expiresUnixTimestamp > MILLISECOND_THRESHOLD) {
+          throw new Error(
+            `Invalid expiry timestamp: ${expiresUnixTimestamp}. Timestamp must be in seconds, not milliseconds.`
+          );
+        }
         queries.expireAt(ruleKey, expiresUnixTimestamp);
       }
       return ruleKey;

package/dist/redis/redisRulesWriter.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"redisRulesWriter.js","sourceRoot":"","sources":["../../src/redis/redisRulesWriter.ts"],"names":[],"mappings":"AAcA,OAAO,EAEN,gBAAgB,EAChB,0BAA0B,GAC1B,MAAM,iBAAiB,CAAC;AAEzB,OAAO,EAAE,gBAAgB,EAAE,MAAM,8BAA8B,CAAC;AAMhE,OAAO,EACN,4BAA4B,EAC5B,qBAAqB,GACrB,MAAM,qBAAqB,CAAC;AAE7B,MAAM,OAAO,gBAAgB;IAC5B,YACkB,MAAuB,EACvB,MAAc;QADd,WAAM,GAAN,MAAM,CAAiB;QACvB,WAAM,GAAN,MAAM,CAAQ;IAC7B,CAAC;IAEJ,KAAK,CAAC,WAAW,CAAC,WAA8B;QAC/C,MAAM,YAAY,GAAG,gBAAgB,CAAC,WAAW,EAAE,gBAAgB,CAAC,CAAC;QAErE,MAAM,UAAU,GAAG,MAAM,0BAA0B,CAClD,YAAY,EACZ,KAAK,EAAE,YAAY,EAAE,EAAE,CAAC,IAAI,CAAC,iBAAiB,CAAC,YAAY,CAAC,CAC5D,CAAC;QAEF,OAAO,UAAU,CAAC,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CACrC,OAAO,CAAC,KAAK,CAAC,4BAA4B,CAAC,MAAM,CAAC,CAClD,CAAC;IACH,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,OAAiB;QAClC,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAC3B,CAAC,MAAM,EAAE,EAAE,CAAC,4BAA4B,GAAG,MAAM,CACjD,CAAC;QAEF,MAAM,UAAU,GAAG,gBAAgB,CAAC,QAAQ,EAAE,gBAAgB,CAAC,CAAC;QAEhE,MAAM,0BAA0B,CAAC,UAAU,EAAE,KAAK,EAAE,SAAS,EAAE,EAAE;YAChE,MAAM,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;YAEpC,KAAK,MAAM,OAAO,IAAI,SAAS,EAAE,CAAC;gBACjC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YACtB,CAAC;YAED,MAAM,OAAO,CAAC,IAAI,EAAE,CAAC;QACtB,CAAC,CAAC,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,cAAc;QACnB,IAAI,MAAM,GAAG,GAAG,CAAC;QACjB,IAAI,KAAK,GAAG,CAAC,CAAC;QAEd,GAAG,CAAC;YACH,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE;gBAC5C,KAAK,EAAE,GAAG,4BAA4B,GAAG;gBACzC,KAAK,EAAE,gBAAgB;aACvB,CAAC,CAAC;YAEH,MAAM,GAAG,GAAG,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAClC,GAAG,CAAC,KAAK,CAAC,4BAA4B,CAAC,MAAM,CAAC,CAC9C,CAAC;YACF,MAAM,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;YAE5B,KAAK,IAAI,GAAG,CAAC,MAAM,CAAC;YACpB,MAAM,GAAG,KAAK,CAAC,MAAM,CAAC;QACvB,CAAC,QAAQ,GAAG,KAAK,MAAM,EAAE;QAEzB,OAAO,KAAK,CAAC;IACd,CAAC;IAES,KAAK,CAAC,iBAAiB,CAChC,WAA8B;QAE9B,MAAM,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;QAEpC,MAAM,QAAQ,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC,SAAS,EAAE,EAAE;YAC9C,MAAM,EAAE,IAAI,EAAE,oBAAoB,EAAE,GAAG,SAAS,CAAC;YAEjD,MAAM,OAAO,GAAG,qBAAqB,CAAC,IAAI,CAAC,CAAC;YAC5C,MAAM,SAAS,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;YAE1C,OAAO,CAAC,IAAI,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;YAEjC,IAAI,oBAAoB,EAAE,CAAC;gBAI1B,MAAM,qBAAqB,GAAG,cAAc,CAAC;gBAC7C,IAAI,oBAAoB,GAAG,qBAAqB,EAAE,CAAC;oBAClD,MAAM,IAAI,KAAK,CACd,6BAA6B,oBAAoB,mDAAmD,CACpG,CAAC;gBACH,CAAC;gBACD,OAAO,CAAC,QAAQ,CAAC,OAAO,EAAE,oBAAoB,CAAC,CAAC;YACjD,CAAC;YAED,OAAO,OAAO,CAAC;QAChB,CAAC,CAAC,CAAC;QAEH,MAAM,OAAO,CAAC,IAAI,EAAE,CAAC;QAErB,OAAO,QAAQ,CAAC;IACjB,CAAC;CACD;AAED,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC,IAAgB,EAA0B,EAAE,CAC7E,MAAM,CAAC,WAAW,CACjB,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAChE,CAAC;AAEH,MAAM,OAAO,qBAAqB;IACjC,YAA6B,MAAc;QAAd,WAAM,GAAN,MAAM,CAAQ;IAAG,CAAC;IAE/C,KAAK,CAAC,WAAW,CAAC,WAA8B;QAC/C,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;YACvB,GAAG,EAAE,wDAAwD;YAC7D,IAAI,EAAE;gBACL,WAAW;aACX;SACD,CAAC,CAAC,CAAC;QAEJ,OAAO,EAAE,CAAC;IACX,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,OAAiB;QAClC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;YACvB,GAAG,EAAE,wDAAwD;YAC7D,IAAI,EAAE;gBACL,OAAO;aACP;SACD,CAAC,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,cAAc;QACnB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;YACvB,GAAG,EAAE,2DAA2D;SAChE,CAAC,CAAC,CAAC;QAEJ,OAAO,CAAC,CAAC;IACV,CAAC;CACD"}