@prosopo/user-access-policy 3.5.32 → 3.7.11

package/dist/api/write/insertRules.js

@@ -1,7 +1,7 @@
 import { ApiEndpointResponseStatus } from "@prosopo/api-route";
-import { LogLevel } from "@prosopo/common";
+import { LogLevel } from "@prosopo/logger";
 import { z } from "zod";
-import { policyScopeInput, accessPolicyInput } from "../../ruleInput/policyInput.js";
+import { policyScopeInput, accessPolicyInput, sanitizeAccessPolicy } from "../../ruleInput/policyInput.js";
 import { userScopeInput } from "../../ruleInput/userScopeInput.js";
 class InsertRulesEndpoint {
   constructor(accessRulesWriter, logger) {
@@ -19,7 +19,8 @@ class InsertRulesEndpoint {
       })
     );
   }
-  async processRequest(args) {
+  async processRequest(args, logger) {
+    const log = logger ?? this.logger;
     const timeoutPromise = new Promise((resolve) => {
       setTimeout(() => {
         resolve({
@@ -32,7 +33,7 @@ class InsertRulesEndpoint {
       0
     );
     const createRulesPromise = this.createRuleGroups(args).then((insertedIds) => {
-      this.logger.info(() => ({
+      log.info(() => ({
         msg: "Endpoint inserted access rules",
         data: {
           userScopesCount,
@@ -40,7 +41,7 @@ class InsertRulesEndpoint {
           uniqueIdsCount: new Set(insertedIds).size
         }
       }));
-      this.logger.debug(() => ({
+      log.debug(() => ({
         msg: "Inserted access rules details",
         data: {
           insertedIds,
@@ -51,8 +52,8 @@ class InsertRulesEndpoint {
         status: ApiEndpointResponseStatus.SUCCESS
       };
     }).catch((error) => {
-      if (LogLevel.enum.debug === this.logger.getLogLevel()) {
-        this.logger.error(() => ({
+      if (LogLevel.enum.debug === log.getLogLevel()) {
+        log.error(() => ({
           err: error,
           data: { args },
           msg: "Failed to insert access rules"
@@ -72,9 +73,10 @@ class InsertRulesEndpoint {
   async createRulesGroup(group) {
     const ruleEntries = [];
     const policyScopes = group.policyScopes || [];
+    const sanitizedPolicy = sanitizeAccessPolicy(group.accessPolicy);
     for (const userScope of group.userScopes) {
       const ruleBase = {
-        ...group.accessPolicy,
+        ...sanitizedPolicy,
         ...userScope,
         ...group.groupId ? { groupId: group.groupId } : {}
       };
@@ -84,7 +86,8 @@ class InsertRulesEndpoint {
             rule: {
               ...ruleBase,
               ...policyScope
-            }
+            },
+            expiresUnixTimestamp: group.expiresUnixTimestamp
           });
         }
       } else {

package/dist/api/write/insertRules.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"insertRules.js","sourceRoot":"","sources":["../../../src/api/write/insertRules.ts"],"names":[],"mappings":"AAcA,OAAO,EAGN,yBAAyB,GACzB,MAAM,oBAAoB,CAAC;AAE5B,OAAO,EAAE,QAAQ,EAAe,MAAM,iBAAiB,CAAC;AACxD,OAAO,EAAgB,CAAC,EAAE,MAAM,KAAK,CAAC;AAOtC,OAAO,EACN,iBAAiB,EACjB,gBAAgB,EAChB,oBAAoB,GACpB,MAAM,kCAAkC,CAAC;AAC1C,OAAO,EAEN,cAAc,GACd,MAAM,qCAAqC,CAAC;AAwB7C,MAAM,OAAO,mBAAmB;IAC/B,YACkB,iBAAoC,EACpC,MAAc;QADd,sBAAiB,GAAjB,iBAAiB,CAAmB;QACpC,WAAM,GAAN,MAAM,CAAQ;IAC7B,CAAC;IAEG,oBAAoB;QAC1B,OAAO,CAAC,CAAC,KAAK,CACb,CAAC,CAAC,MAAM,CAAC;YACR,YAAY,EAAE,iBAAiB;YAC/B,YAAY,EAAE,CAAC,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC,QAAQ,EAAE;YAClD,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;YAC9B,UAAU,EAAE,CAAC,CAAC,KAAK,CAAC,cAAc,CAAC;YACnC,oBAAoB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;SACP,CAAC,CACtC,CAAC;IACH,CAAC;IAED,KAAK,CAAC,cAAc,CACnB,IAA4B,EAC5B,MAAe;QAEf,MAAM,GAAG,GAAG,MAAM,IAAI,IAAI,CAAC,MAAM,CAAC;QAElC,MAAM,cAAc,GAAG,IAAI,OAAO,CAAsB,CAAC,OAAO,EAAE,EAAE;YACnE,UAAU,CAAC,GAAG,EAAE;gBACf,OAAO,CAAC;oBACP,MAAM,EAAE,yBAAyB,CAAC,UAAU;iBAC5C,CAAC,CAAC;YACJ,CAAC,EAAE,IAAI,CAAC,CAAC;QACV,CAAC,CAAC,CAAC;QAEH,MAAM,eAAe,GAAG,IAAI,CAAC,MAAM,CAClC,CAAC,eAAe,EAAE,KAAK,EAAE,EAAE,CAAC,eAAe,GAAG,KAAK,CAAC,UAAU,CAAC,MAAM,EACrE,CAAC,CACD,CAAC;QAEF,MAAM,kBAAkB,GAAG,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC;aACpD,IAAI,CAAC,CAAC,WAAW,EAAE,EAAE;YACrB,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;gBACf,GAAG,EAAE,gCAAgC;gBACrC,IAAI,EAAE;oBACL,eAAe,EAAE,eAAe;oBAChC,aAAa,EAAE,WAAW,CAAC,MAAM;oBACjC,cAAc,EAAE,IAAI,GAAG,CAAC,WAAW,CAAC,CAAC,IAAI;iBACzC;aACD,CAAC,CAAC,CAAC;YAEJ,GAAG,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC;gBAChB,GAAG,EAAE,+BAA+B;gBACpC,IAAI,EAAE;oBACL,WAAW;oBACX,KAAK,EAAE,IAAI;iBACX;aACD,CAAC,CAAC,CAAC;YAEJ,OAAO;gBACN,MAAM,EAAE,yBAAyB,CAAC,OAAO;aACzC,CAAC;QACH,CAAC,CAAC;aACD,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;YAChB,IAAI,QAAQ,CAAC,IAAI,CAAC,KAAK,KAAK,GAAG,CAAC,WAAW,EAAE,EAAE,CAAC;gBAC/C,GAAG,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC;oBAChB,GAAG,EAAE,KAAK;oBACV,IAAI,EAAE,EAAE,IAAI,EAAE;oBACd,GAAG,EAAE,+BAA+B;iBACpC,CAAC,CAAC,CAAC;YACL,CAAC;YACD,OAAO;gBACN,MAAM,EAAE,yBAAyB,CAAC,IAAI;aACtC,CAAC;QACH,CAAC,CAAC,CAAC;QAGJ,OAAO,OAAO,CAAC,IAAI,CAAC,CAAC,cAAc,EAAE,kBAAkB,CAAC,CAAC,CAAC;IAC3D,CAAC;IAES,KAAK,CAAC,gBAAgB,CAC/B,MAA8B;QAE9B,MAAM,cAAc,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,IAAI,CAAC,gBAAgB,CAAC,KAAK,CAAC,CAAC,CAAC;QAE3E,MAAM,UAAU,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;QAErD,OAAO,UAAU,CAAC,IAAI,EAAE,CAAC;IAC1B,CAAC;IAES,KAAK,CAAC,gBAAgB,CAC/B,KAA6B;QAE7B,MAAM,WAAW,GAAsB,EAAE,CAAC;QAC1C,MAAM,YAAY,GAAG,KAAK,CAAC,YAAY,IAAI,EAAE,CAAC;QAE9C,MAAM,eAAe,GAAG,oBAAoB,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;QAEjE,KAAK,MAAM,SAAS,IAAI,KAAK,CAAC,UAAU,EAAE,CAAC;YAC1C,MAAM,QAAQ,GAAe;gBAC5B,GAAG,eAAe;gBAClB,GAAG,SAAS;gBACZ,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aACpD,CAAC;YAEF,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC7B,KAAK,MAAM,WAAW,IAAI,YAAY,EAAE,CAAC;oBACxC,WAAW,CAAC,IAAI,CAAC;wBAChB,IAAI,EAAE;4BACL,GAAG,QAAQ;4BACX,GAAG,WAAW;yBACd;wBACD,oBAAoB,EAAE,KAAK,CAAC,oBAAoB;qBAChD,CAAC,CAAC;gBACJ,CAAC;YACF,CAAC;iBAAM,CAAC;gBACP,WAAW,CAAC,IAAI,CAAC;oBAChB,IAAI,EAAE,QAAQ;oBACd,oBAAoB,EAAE,KAAK,CAAC,oBAAoB;iBAChD,CAAC,CAAC;YACJ,CAAC;QACF,CAAC;QAED,OAAO,IAAI,CAAC,iBAAiB,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC;IACxD,CAAC;CACD"}

package/dist/api/write/rehashRules.d.ts

@@ -0,0 +1,11 @@
+import { type ApiEndpoint, type ApiEndpointResponse } from "@prosopo/api-route";
+import type { Logger } from "@prosopo/logger";
+import type { AccessRulesStorage } from "#policy/rulesStorage.js";
+export declare class RehashRulesEndpoint implements ApiEndpoint<undefined> {
+    private readonly accessRulesStorage;
+    private readonly logger;
+    constructor(accessRulesStorage: AccessRulesStorage, logger: Logger);
+    getRequestArgsSchema(): undefined;
+    processRequest(logger?: Logger): Promise<ApiEndpointResponse>;
+}
+//# sourceMappingURL=rehashRules.d.ts.map

package/dist/api/write/rehashRules.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"rehashRules.d.ts","sourceRoot":"","sources":["../../../src/api/write/rehashRules.ts"],"names":[],"mappings":"AAcA,OAAO,EACN,KAAK,WAAW,EAChB,KAAK,mBAAmB,EAExB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAC;AAC9C,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAElE,qBAAa,mBAAoB,YAAW,WAAW,CAAC,SAAS,CAAC;IAEhE,OAAO,CAAC,QAAQ,CAAC,kBAAkB;IACnC,OAAO,CAAC,QAAQ,CAAC,MAAM;gBADN,kBAAkB,EAAE,kBAAkB,EACtC,MAAM,EAAE,MAAM;IAGzB,oBAAoB,IAAI,SAAS;IAElC,cAAc,CAAC,MAAM,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,mBAAmB,CAAC;CAsDnE"}

package/dist/api/write/rehashRules.js

@@ -6,9 +6,10 @@ class RehashRulesEndpoint {
   }
   getRequestArgsSchema() {
   }
-  async processRequest() {
+  async processRequest(logger) {
+    const log = logger ?? this.logger;
     await this.accessRulesStorage.fetchAllRuleIds(async (ruleIds) => {
-      this.logger.info(() => ({
+      log.info(() => ({
         msg: "Fetched rule ids batch",
         data: {
           count: ruleIds.length,
@@ -16,14 +17,14 @@ class RehashRulesEndpoint {
         }
       }));
       const ruleEntries = await this.accessRulesStorage.fetchRules(ruleIds);
-      this.logger.info(() => ({
+      log.info(() => ({
         msg: "Fetched rules",
         data: {
           count: ruleEntries.length
         }
       }));
       if (ruleEntries.length !== ruleIds.length) {
-        this.logger.warn(() => ({
+        log.warn(() => ({
           msg: "Fetched rules count is not equal to the requested count",
           data: {
             fetchedCount: ruleEntries.length,
@@ -32,14 +33,14 @@ class RehashRulesEndpoint {
         }));
       }
       await this.accessRulesStorage.deleteRules(ruleIds);
-      this.logger.info(() => ({
+      log.info(() => ({
         msg: "Deleted rules",
         data: {
           count: ruleIds.length
         }
       }));
       await this.accessRulesStorage.insertRules(ruleEntries);
-      this.logger.info(() => ({
+      log.info(() => ({
         msg: "Inserted rules",
         data: {
           count: ruleEntries.length

package/dist/api/write/rehashRules.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"rehashRules.js","sourceRoot":"","sources":["../../../src/api/write/rehashRules.ts"],"names":[],"mappings":"AAcA,OAAO,EAGN,yBAAyB,GACzB,MAAM,oBAAoB,CAAC;AAI5B,MAAM,OAAO,mBAAmB;IAC/B,YACkB,kBAAsC,EACtC,MAAc;QADd,uBAAkB,GAAlB,kBAAkB,CAAoB;QACtC,WAAM,GAAN,MAAM,CAAQ;IAC7B,CAAC;IAEG,oBAAoB,KAAe,CAAC;IAE3C,KAAK,CAAC,cAAc,CAAC,MAAe;QACnC,MAAM,GAAG,GAAG,MAAM,IAAI,IAAI,CAAC,MAAM,CAAC;QAClC,MAAM,IAAI,CAAC,kBAAkB,CAAC,eAAe,CAAC,KAAK,EAAE,OAAiB,EAAE,EAAE;YACzE,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;gBACf,GAAG,EAAE,wBAAwB;gBAC7B,IAAI,EAAE;oBACL,KAAK,EAAE,OAAO,CAAC,MAAM;oBACrB,OAAO;iBACP;aACD,CAAC,CAAC,CAAC;YAEJ,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;YAEtE,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;gBACf,GAAG,EAAE,eAAe;gBACpB,IAAI,EAAE;oBACL,KAAK,EAAE,WAAW,CAAC,MAAM;iBACzB;aACD,CAAC,CAAC,CAAC;YAEJ,IAAI,WAAW,CAAC,MAAM,KAAK,OAAO,CAAC,MAAM,EAAE,CAAC;gBAC3C,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;oBACf,GAAG,EAAE,yDAAyD;oBAC9D,IAAI,EAAE;wBACL,YAAY,EAAE,WAAW,CAAC,MAAM;wBAChC,cAAc,EAAE,OAAO,CAAC,MAAM;qBAC9B;iBACD,CAAC,CAAC,CAAC;YACL,CAAC;YAED,MAAM,IAAI,CAAC,kBAAkB,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;YAEnD,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;gBACf,GAAG,EAAE,eAAe;gBACpB,IAAI,EAAE;oBACL,KAAK,EAAE,OAAO,CAAC,MAAM;iBACrB;aACD,CAAC,CAAC,CAAC;YAEJ,MAAM,IAAI,CAAC,kBAAkB,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC;YAEvD,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;gBACf,GAAG,EAAE,gBAAgB;gBACrB,IAAI,EAAE;oBACL,KAAK,EAAE,WAAW,CAAC,MAAM;iBACzB;aACD,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,OAAO;YACN,MAAM,EAAE,yBAAyB,CAAC,OAAO;YACzC,IAAI,EAAE,EAAE;SACR,CAAC;IACH,CAAC;CACD"}

package/dist/cjs/api/delete/deleteAllRules.cjs

@@ -8,9 +8,10 @@ class DeleteAllRulesEndpoint {
   }
   getRequestArgsSchema() {
   }
-  async processRequest() {
+  async processRequest(logger) {
+    const log = logger ?? this.logger;
     const deletedCount = await this.accessRulesStorage.deleteAllRules();
-    this.logger.info(() => ({
+    log.info(() => ({
       msg: "Endpoint deleted all access rules",
       data: { deletedCount }
     }));

package/dist/cjs/api/delete/deleteRuleGroups.cjs

@@ -16,7 +16,8 @@ class DeleteRuleGroupsEndpoint {
       })
     );
   }
-  async processRequest(args) {
+  async processRequest(args, logger) {
+    const log = logger ?? this.logger;
     const foundRuleIdPromises = args.flatMap(
       (ruleToDelete) => ruleToDelete.clientIds.map(
         (clientId) => this.accessRulesStorage.findRuleIds({
@@ -34,7 +35,7 @@ class DeleteRuleGroupsEndpoint {
     if (uniqueRuleIds.length > 0) {
       await this.accessRulesStorage.deleteRules(uniqueRuleIds);
     }
-    this.logger.info(() => ({
+    log.info(() => ({
       msg: "Endpoint deleted rule groups",
       data: {
         args,

package/dist/cjs/api/delete/deleteRules.cjs

@@ -12,7 +12,8 @@ class DeleteRulesEndpoint {
   getRequestArgsSchema() {
     return zod.z.array(ruleInput.accessRulesFilterInput);
   }
-  async processRequest(args) {
+  async processRequest(args, logger) {
+    const log = logger ?? this.logger;
     let deletedCount = 0;
     for (const rulesFilterInput of args) {
       const ruleFilters = ruleInput.getAccessRuleFiltersFromInput(rulesFilterInput);
@@ -22,7 +23,7 @@ class DeleteRulesEndpoint {
         if (uniqueRuleIds.length > 0) {
           await this.accessRulesStorage.deleteRules(uniqueRuleIds);
           deletedCount += uniqueRuleIds.length;
-          this.logger.info(() => ({
+          log.info(() => ({
             msg: "Endpoint deleted rules",
             data: {
               rulesFilterInput,

package/dist/cjs/api/read/fetchRules.cjs

@@ -16,16 +16,17 @@ class FetchRulesEndpoint {
       ids: zod.z.string().array()
     });
   }
-  async processRequest(args) {
+  async processRequest(args, logger) {
+    const log = logger ?? this.logger;
     const ruleEntries = await this.accessRulesStorage.fetchRules(args.ids);
-    this.logger.info(() => ({
+    log.info(() => ({
       msg: "Endpoint fetched rules",
       data: {
         requestedCount: args.ids.length,
         foundCount: ruleEntries.length
       }
     }));
-    this.logger.debug(() => ({
+    log.debug(() => ({
       msg: "Fetched rule details",
       data: {
         ruleEntries

package/dist/cjs/api/read/findRuleIds.cjs

@@ -15,7 +15,8 @@ class FindRuleIdsEndpoint {
   getRequestArgsSchema() {
     return zod.z.array(ruleInput.accessRulesFilterInput);
   }
-  async processRequest(args) {
+  async processRequest(args, logger) {
+    const log = logger ?? this.logger;
     const ruleIdBatches = await common.executeBatchesSequentially(
       args,
       async (rulesFilterInput) => {
@@ -29,7 +30,7 @@ class FindRuleIdsEndpoint {
     );
     const ruleIds = ruleIdBatches.flat();
     const uniqueRuleIds = [...new Set(ruleIds)];
-    this.logger.info(() => ({
+    log.info(() => ({
       msg: "Endpoint found rules",
       data: {
         totalFoundCount: ruleIds.length,

package/dist/cjs/api/read/getMissingIds.cjs

@@ -13,16 +13,17 @@ class GetMissingIdsEndpoint {
   getRequestArgsSchema() {
     return zod.z.string().array();
   }
-  async processRequest(args) {
+  async processRequest(args, logger) {
+    const log = logger ?? this.logger;
     const missingIds = await this.accessRulesStorage.getMissingRuleIds(args);
-    this.logger.info(() => ({
+    log.info(() => ({
       msg: "Endpoint checked missing ids",
       data: {
         idsToCheck: args.length,
         missingIds: missingIds.length
       }
     }));
-    this.logger.debug(() => ({
+    log.debug(() => ({
       msg: "Missing id details",
       data: {
         idsToCheck: args,

package/dist/cjs/api/rulesApiClient.cjs

@@ -7,33 +7,33 @@ const getMissingIds = require("./read/getMissingIds.cjs");
 const ruleApiRoutes = require("./ruleApiRoutes.cjs");
 class AccessRulesApiClient extends api.ApiClient {
   //// delete
-  deleteMany(filters, timestamp, signature) {
+  deleteMany(filters, jwt) {
     return this.post(
       ruleApiRoutes.accessRuleApiPaths.DELETE_MANY,
       filters,
-      this.getAuthHeaders(timestamp, signature)
+      this.getAuthHeaders(jwt)
     );
   }
-  deleteGroups(siteGroups, timestamp, signature) {
+  deleteGroups(siteGroups, jwt) {
     return this.post(
       ruleApiRoutes.accessRuleApiPaths.DELETE_GROUPS,
       siteGroups,
-      this.getAuthHeaders(timestamp, signature)
+      this.getAuthHeaders(jwt)
     );
   }
-  deleteAll(timestamp, signature) {
+  deleteAll(jwt) {
     return this.post(
       ruleApiRoutes.accessRuleApiPaths.DELETE_ALL,
       {},
-      this.getAuthHeaders(timestamp, signature)
+      this.getAuthHeaders(jwt)
     );
   }
   //// read
-  async getMissingIds(idsToCheck, timestamp, signature) {
+  async getMissingIds(idsToCheck, jwt) {
     const endpointResponse = await this.post(
       ruleApiRoutes.accessRuleApiPaths.GET_MISSING_IDS,
       idsToCheck,
-      this.getAuthHeaders(timestamp, signature)
+      this.getAuthHeaders(jwt)
     );
     const parsedData = getMissingIds.missingIdsResponse.safeParse(endpointResponse.data);
     return {
@@ -41,11 +41,11 @@ class AccessRulesApiClient extends api.ApiClient {
       data: parsedData.success ? parsedData.data : void 0
     };
   }
-  async fetchMany(fetchOptions, timestamp, signature) {
+  async fetchMany(fetchOptions, jwt) {
     const endpointResponse = await this.post(
       ruleApiRoutes.accessRuleApiPaths.FETCH_MANY,
       fetchOptions,
-      this.getAuthHeaders(timestamp, signature)
+      this.getAuthHeaders(jwt)
     );
     const parsedData = fetchRules.fetchRulesResponse.safeParse(endpointResponse.data);
     return {
@@ -53,11 +53,11 @@ class AccessRulesApiClient extends api.ApiClient {
       data: parsedData.success ? parsedData.data : void 0
     };
   }
-  async findIds(filters, timestamp, signature) {
+  async findIds(filters, jwt) {
     const endpointResponse = await this.post(
       ruleApiRoutes.accessRuleApiPaths.FIND_IDS,
       filters,
-      this.getAuthHeaders(timestamp, signature)
+      this.getAuthHeaders(jwt)
     );
     const parsedData = findRuleIds.ruleIdsResponse.safeParse(endpointResponse.data);
     return {
@@ -66,26 +66,25 @@ class AccessRulesApiClient extends api.ApiClient {
     };
   }
   //// write
-  async rehashAll(timestamp, signature) {
+  async rehashAll(jwt) {
     return this.post(
       ruleApiRoutes.accessRuleApiPaths.REHASH_ALL,
       {},
-      this.getAuthHeaders(timestamp, signature)
+      this.getAuthHeaders(jwt)
     );
   }
-  insertMany(ruleGroups, timestamp, signature) {
+  insertMany(ruleGroups, jwt) {
     return this.post(
       ruleApiRoutes.accessRuleApiPaths.INSERT_MANY,
       ruleGroups,
-      this.getAuthHeaders(timestamp, signature)
+      this.getAuthHeaders(jwt)
     );
   }
-  getAuthHeaders(timestamp, signature) {
+  getAuthHeaders(jwt) {
     return {
       headers: {
         "Prosopo-Site-Key": this.account,
-        timestamp,
-        signature
+        Authorization: `Bearer ${jwt}`
       }
     };
   }

package/dist/cjs/api/write/insertRules.cjs

@@ -1,14 +1,14 @@
 "use strict";
 Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
 const apiRoute = require("@prosopo/api-route");
-const common = require("@prosopo/common");
+const logger = require("@prosopo/logger");
 const zod = require("zod");
 const policyInput = require("../../ruleInput/policyInput.cjs");
 const userScopeInput = require("../../ruleInput/userScopeInput.cjs");
 class InsertRulesEndpoint {
-  constructor(accessRulesWriter, logger) {
+  constructor(accessRulesWriter, logger2) {
     this.accessRulesWriter = accessRulesWriter;
-    this.logger = logger;
+    this.logger = logger2;
   }
   getRequestArgsSchema() {
     return zod.z.array(
@@ -21,7 +21,8 @@ class InsertRulesEndpoint {
       })
     );
   }
-  async processRequest(args) {
+  async processRequest(args, logger$1) {
+    const log = logger$1 ?? this.logger;
     const timeoutPromise = new Promise((resolve) => {
       setTimeout(() => {
         resolve({
@@ -34,7 +35,7 @@ class InsertRulesEndpoint {
       0
     );
     const createRulesPromise = this.createRuleGroups(args).then((insertedIds) => {
-      this.logger.info(() => ({
+      log.info(() => ({
         msg: "Endpoint inserted access rules",
         data: {
           userScopesCount,
@@ -42,7 +43,7 @@ class InsertRulesEndpoint {
           uniqueIdsCount: new Set(insertedIds).size
         }
       }));
-      this.logger.debug(() => ({
+      log.debug(() => ({
         msg: "Inserted access rules details",
         data: {
           insertedIds,
@@ -53,8 +54,8 @@ class InsertRulesEndpoint {
         status: apiRoute.ApiEndpointResponseStatus.SUCCESS
       };
     }).catch((error) => {
-      if (common.LogLevel.enum.debug === this.logger.getLogLevel()) {
-        this.logger.error(() => ({
+      if (logger.LogLevel.enum.debug === log.getLogLevel()) {
+        log.error(() => ({
           err: error,
           data: { args },
           msg: "Failed to insert access rules"
@@ -74,9 +75,10 @@ class InsertRulesEndpoint {
   async createRulesGroup(group) {
     const ruleEntries = [];
     const policyScopes = group.policyScopes || [];
+    const sanitizedPolicy = policyInput.sanitizeAccessPolicy(group.accessPolicy);
     for (const userScope of group.userScopes) {
       const ruleBase = {
-        ...group.accessPolicy,
+        ...sanitizedPolicy,
         ...userScope,
         ...group.groupId ? { groupId: group.groupId } : {}
       };
@@ -86,7 +88,8 @@ class InsertRulesEndpoint {
             rule: {
               ...ruleBase,
               ...policyScope
-            }
+            },
+            expiresUnixTimestamp: group.expiresUnixTimestamp
           });
         }
       } else {

package/dist/cjs/api/write/rehashRules.cjs

@@ -8,9 +8,10 @@ class RehashRulesEndpoint {
   }
   getRequestArgsSchema() {
   }
-  async processRequest() {
+  async processRequest(logger) {
+    const log = logger ?? this.logger;
     await this.accessRulesStorage.fetchAllRuleIds(async (ruleIds) => {
-      this.logger.info(() => ({
+      log.info(() => ({
         msg: "Fetched rule ids batch",
         data: {
           count: ruleIds.length,
@@ -18,14 +19,14 @@ class RehashRulesEndpoint {
         }
       }));
       const ruleEntries = await this.accessRulesStorage.fetchRules(ruleIds);
-      this.logger.info(() => ({
+      log.info(() => ({
         msg: "Fetched rules",
         data: {
           count: ruleEntries.length
         }
       }));
       if (ruleEntries.length !== ruleIds.length) {
-        this.logger.warn(() => ({
+        log.warn(() => ({
           msg: "Fetched rules count is not equal to the requested count",
           data: {
             fetchedCount: ruleEntries.length,
@@ -34,14 +35,14 @@ class RehashRulesEndpoint {
         }));
       }
       await this.accessRulesStorage.deleteRules(ruleIds);
-      this.logger.info(() => ({
+      log.info(() => ({
         msg: "Deleted rules",
         data: {
           count: ruleIds.length
         }
       }));
       await this.accessRulesStorage.insertRules(ruleEntries);
-      this.logger.info(() => ({
+      log.info(() => ({
         msg: "Inserted rules",
         data: {
           count: ruleEntries.length

package/dist/cjs/mongoose/mongooseRuleSchema.cjs

@@ -4,7 +4,10 @@ const userAttributesSchema = {
   userId: { type: String, required: false },
   ja4Hash: { type: String, required: false },
   userAgent: { type: String, required: false },
-  headersHash: { type: String, required: false }
+  headersHash: { type: String, required: false },
+  headHash: { type: String, required: false },
+  coords: { type: String, required: false },
+  countryCode: { type: String, required: false }
 };
 const userIpSchema = {
   ip: { type: String, required: false },

package/dist/cjs/redis/reader/redisRulesQuery.cjs

@@ -2,6 +2,9 @@
 Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
 const userScopeInput = require("../../ruleInput/userScopeInput.cjs");
 const rulesStorage = require("../../rulesStorage.cjs");
+const escapeTagValue = (value) => {
+  return value.replace(/([,.<>{}\[\]"':;!@#$%^&*()\-+=~|/\\])/g, "\\$1");
+};
 const REDIS_QUERY_DIALECT = 2;
 const userIpQueries = {
   numericIp: (value, scope) => {
@@ -17,12 +20,18 @@ const userIpQueries = {
     if (scope.numericIp !== void 0) {
       return "";
     }
+    if (value === void 0 && scope.numericIpMaskMax === void 0) {
+      return "";
+    }
     return value !== void 0 ? `@numericIpMaskMin:[-inf ${value}]` : "ismissing(@numericIpMaskMin)";
   },
   numericIpMaskMax: (value, scope) => {
     if (scope.numericIp !== void 0) {
       return "";
     }
+    if (value === void 0 && scope.numericIpMaskMin === void 0) {
+      return "";
+    }
     return value !== void 0 ? `@numericIpMaskMax:[${value} +inf]` : "ismissing(@numericIpMaskMax)";
   }
 };
@@ -58,12 +67,20 @@ const getUserScopeQuery = (userScope, FilterScopeMatchType, matchingFieldsOnly)
     )
   ).filter(Boolean).join(scopeJoinType);
 };
+const FIELDS_REQUIRING_ESCAPE = /* @__PURE__ */ new Set([
+  "coords"
+]);
 const getUserScopeFieldQuery = (fieldName, fieldValue, scopeMatch, fullScope) => {
   if (fieldName in userIpQueries) {
     const queryBuilder = userIpQueries[fieldName];
     return queryBuilder(fieldValue, fullScope);
   }
-  return void 0 === fieldValue ? `ismissing(@${fieldName})` : `@${fieldName}:{${fieldValue}}`;
+  if (void 0 === fieldValue) {
+    return `ismissing(@${fieldName})`;
+  }
+  const stringValue = String(fieldValue);
+  const queryValue = FIELDS_REQUIRING_ESCAPE.has(fieldName) ? escapeTagValue(stringValue) : stringValue;
+  return `@${fieldName}:{${queryValue}}`;
 };
 const getPolicyScopeQuery = (policyScope, scopeMatch) => {
   const clientId = policyScope?.clientId;

package/dist/cjs/redis/reader/redisRulesReader.cjs

@@ -52,9 +52,8 @@ class RedisRulesReader {
     if (skipEmptyUserScopes && query === "ismissing(@clientId)") {
       return [];
     }
-    let searchReply;
     try {
-      searchReply = await this.client.ft.search(
+      const searchReply = await this.client.ft.searchNoContent(
         redisRuleIndex.ACCESS_RULES_REDIS_INDEX_NAME,
         query,
         {
@@ -81,6 +80,18 @@ class RedisRulesReader {
           }
         }));
       }
+      if (searchReply.documents.length === 0) {
+        return [];
+      }
+      const { records } = await redisClient.fetchRedisHashRecords(
+        this.client,
+        searchReply.documents,
+        this.logger
+      );
+      const nonEmptyRecords = records.filter(
+        (record) => Object.keys(record).length > 0
+      );
+      return redisClient.parseRedisRecords(nonEmptyRecords, ruleInput.accessRuleInput, this.logger);
     } catch (e) {
       this.logger.error(() => ({
         err: e,
@@ -99,8 +110,6 @@ class RedisRulesReader {
       }));
       return [];
     }
-    const records = searchReply.documents.map(({ value }) => value);
-    return redisClient.parseRedisRecords(records, ruleInput.accessRuleInput, this.logger);
   }
   async findRuleIds(filter, matchingFieldsOnly = false) {
     const query = redisRulesQuery.getRulesRedisQuery(filter, matchingFieldsOnly);

package/dist/cjs/redis/redisRuleIndex.cjs

@@ -11,7 +11,11 @@ const userAttributesRedisSchema = {
   userId: { type: search.SCHEMA_FIELD_TYPE.TAG, INDEXMISSING: true },
   ja4Hash: { type: search.SCHEMA_FIELD_TYPE.TAG, INDEXMISSING: true },
   headersHash: { type: search.SCHEMA_FIELD_TYPE.TAG, INDEXMISSING: true },
-  userAgentHash: { type: search.SCHEMA_FIELD_TYPE.TAG, INDEXMISSING: true }
+  userAgentHash: { type: search.SCHEMA_FIELD_TYPE.TAG, INDEXMISSING: true },
+  headHash: { type: search.SCHEMA_FIELD_TYPE.TAG, INDEXMISSING: true },
+  // Use pipe separator for coords since JSON strings contain commas
+  coords: { type: search.SCHEMA_FIELD_TYPE.TAG, INDEXMISSING: true, SEPARATOR: "|" },
+  countryCode: { type: search.SCHEMA_FIELD_TYPE.TAG, INDEXMISSING: true }
 };
 const userScopeRedisSchema = {
   ...userAttributesRedisSchema,

package/dist/cjs/redis/redisRulesWriter.cjs

@@ -56,6 +56,12 @@ class RedisRulesWriter {
       const ruleValue = getRedisRuleValue(rule);
       queries.hSet(ruleKey, ruleValue);
       if (expiresUnixTimestamp) {
+        const MILLISECOND_THRESHOLD = 1e10;
+        if (expiresUnixTimestamp > MILLISECOND_THRESHOLD) {
+          throw new Error(
+            `Invalid expiry timestamp: ${expiresUnixTimestamp}. Timestamp must be in seconds, not milliseconds.`
+          );
+        }
         queries.expireAt(ruleKey, expiresUnixTimestamp);
       }
       return ruleKey;

package/dist/cjs/ruleInput/policyInput.cjs

@@ -18,8 +18,16 @@ const accessPolicyInput = zod.z.object({
   // used to increase the user's score
   frictionlessScore: zod.z.coerce.number().optional()
 });
+const sanitizeAccessPolicy = (policy) => {
+  if (policy.type === rule.AccessPolicyType.Block) {
+    const { captchaType, solvedImagesCount, ...blockPolicy } = policy;
+    return blockPolicy;
+  }
+  return policy;
+};
 const policyScopeInput = zod.z.object({
   clientId: zod.z.coerce.string().optional()
 });
 exports.accessPolicyInput = accessPolicyInput;
 exports.policyScopeInput = policyScopeInput;
+exports.sanitizeAccessPolicy = sanitizeAccessPolicy;

package/dist/cjs/ruleInput/userScopeInput.cjs

@@ -9,7 +9,10 @@ const userAttributesSchema = zod.z.object({
   userId: zod.z.coerce.string().optional(),
   ja4Hash: zod.z.coerce.string().optional(),
   headersHash: zod.z.coerce.string().optional(),
-  userAgentHash: zod.z.coerce.string().optional()
+  userAgentHash: zod.z.coerce.string().optional(),
+  headHash: zod.z.coerce.string().optional(),
+  coords: zod.z.coerce.string().optional(),
+  countryCode: zod.z.coerce.string().optional()
 });
 const userAttributesInput = zod.z.object({
   ...userAttributesSchema.shape,

package/dist/cjs/ruleRecord.cjs

@@ -4,7 +4,10 @@ const userAttributesRecordFields = [
   "userId",
   "ja4Hash",
   "headersHash",
-  "userAgent"
+  "userAgent",
+  "headHash",
+  "coords",
+  "countryCode"
 ];
 const userIpRecordFields = [
   "ip",