@prosopo/user-access-policy 3.5.32 → 3.7.11

package/dist/mongoose/.export.d.ts

@@ -0,0 +1,2 @@
+export { accessRuleMongooseSchema } from "./mongooseRuleSchema.js";
+//# sourceMappingURL=.export.d.ts.map

package/dist/mongoose/.export.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":".export.d.ts","sourceRoot":"","sources":["../../src/mongoose/.export.ts"],"names":[],"mappings":"AAcA,OAAO,EAAE,wBAAwB,EAAE,MAAM,yBAAyB,CAAC"}

package/dist/mongoose/.export.js.map

@@ -0,0 +1 @@
+{"version":3,"file":".export.js","sourceRoot":"","sources":["../../src/mongoose/.export.ts"],"names":[],"mappings":"AAcA,OAAO,EAAE,wBAAwB,EAAE,MAAM,yBAAyB,CAAC"}

package/dist/mongoose/mongooseRuleSchema.d.ts

@@ -0,0 +1,4 @@
+import type { SchemaDefinition } from "mongoose";
+import type { AccessRuleRecord } from "#policy/ruleRecord.js";
+export declare const accessRuleMongooseSchema: SchemaDefinition<AccessRuleRecord>;
+//# sourceMappingURL=mongooseRuleSchema.d.ts.map

package/dist/mongoose/mongooseRuleSchema.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"mongooseRuleSchema.d.ts","sourceRoot":"","sources":["../../src/mongoose/mongooseRuleSchema.ts"],"names":[],"mappings":"AAeA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,UAAU,CAAC;AAEjD,OAAO,KAAK,EACX,gBAAgB,EAIhB,MAAM,uBAAuB,CAAC;AAqC/B,eAAO,MAAM,wBAAwB,EAAE,gBAAgB,CAAC,gBAAgB,CAKtC,CAAC"}

package/dist/mongoose/mongooseRuleSchema.js

@@ -2,7 +2,10 @@ const userAttributesSchema = {
   userId: { type: String, required: false },
   ja4Hash: { type: String, required: false },
   userAgent: { type: String, required: false },
-  headersHash: { type: String, required: false }
+  headersHash: { type: String, required: false },
+  headHash: { type: String, required: false },
+  coords: { type: String, required: false },
+  countryCode: { type: String, required: false }
 };
 const userIpSchema = {
   ip: { type: String, required: false },

package/dist/mongoose/mongooseRuleSchema.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"mongooseRuleSchema.js","sourceRoot":"","sources":["../../src/mongoose/mongooseRuleSchema.ts"],"names":[],"mappings":"AAwBA,MAAM,oBAAoB,GAA2C;IACpE,MAAM,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE;IACzC,OAAO,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE;IAC1C,SAAS,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE;IAC5C,WAAW,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE;IAC9C,QAAQ,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE;IAC3C,MAAM,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE;IACzC,WAAW,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE;CACN,CAAC;AAE1C,MAAM,YAAY,GAAmC;IACpD,EAAE,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE;IACrC,MAAM,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE;CACT,CAAC;AAElC,MAAM,eAAe,GAAsC;IAC1D,GAAG,oBAAoB;IACvB,GAAG,YAAY;CACiB,CAAC;AAElC,MAAM,iBAAiB,GAAkC;IACxD,QAAQ,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE;CACZ,CAAC;AAEjC,MAAM,kBAAkB,GAAmC;IAC1D,IAAI,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE;IACtC,WAAW,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE;IAC9C,WAAW,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE;IAC9C,iBAAiB,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE;IACpD,cAAc,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE;IACjD,aAAa,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE;IAChD,mBAAmB,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE;IACtD,iBAAiB,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE;CACpB,CAAC;AAElC,MAAM,CAAC,MAAM,wBAAwB,GAAuC;IAC3E,GAAG,kBAAkB;IACrB,GAAG,iBAAiB;IACpB,GAAG,eAAe;IAClB,WAAW,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE;CACb,CAAC"}

package/dist/redis/.export.d.ts

@@ -0,0 +1,3 @@
+export { createRedisAccessRulesStorage } from "./redisRulesStorage.js";
+export { accessRulesRedisIndex } from "./redisRuleIndex.js";
+//# sourceMappingURL=.export.d.ts.map

package/dist/redis/.export.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":".export.d.ts","sourceRoot":"","sources":["../../src/redis/.export.ts"],"names":[],"mappings":"AAcA,OAAO,EAAE,6BAA6B,EAAE,MAAM,wBAAwB,CAAC;AAEvE,OAAO,EAAE,qBAAqB,EAAE,MAAM,qBAAqB,CAAC"}

package/dist/redis/.export.js.map

@@ -0,0 +1 @@
+{"version":3,"file":".export.js","sourceRoot":"","sources":["../../src/redis/.export.ts"],"names":[],"mappings":"AAcA,OAAO,EAAE,6BAA6B,EAAE,MAAM,wBAAwB,CAAC;AAEvE,OAAO,EAAE,qBAAqB,EAAE,MAAM,qBAAqB,CAAC"}

package/dist/redis/reader/redisAggregate.d.ts

@@ -0,0 +1,4 @@
+import type { Logger } from "@prosopo/logger";
+import type { RedisClientType } from "redis";
+export declare const aggregateRedisKeys: (client: RedisClientType, query: string, logger: Logger, batchHandler?: (keys: string[]) => Promise<void>) => Promise<string[]>;
+//# sourceMappingURL=redisAggregate.d.ts.map

package/dist/redis/reader/redisAggregate.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"redisAggregate.d.ts","sourceRoot":"","sources":["../../../src/redis/reader/redisAggregate.ts"],"names":[],"mappings":"AAcA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAC;AAE9C,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,OAAO,CAAC;AAU7C,eAAO,MAAM,kBAAkB,WACtB,eAAe,SAChB,MAAM,UACL,MAAM,iBACC,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,OAAO,CAAC,IAAI,CAAC,KAC9C,OAAO,CAAC,MAAM,EAAE,CA0ClB,CAAC"}

package/dist/redis/reader/redisAggregate.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"redisAggregate.js","sourceRoot":"","sources":["../../../src/redis/reader/redisAggregate.ts"],"names":[],"mappings":"AAiBA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,mBAAmB,EAAE,MAAM,yCAAyC,CAAC;AAC9E,OAAO,EACN,gBAAgB,EAChB,iBAAiB,GACjB,MAAM,8BAA8B,CAAC;AACtC,OAAO,EAAE,6BAA6B,EAAE,MAAM,iCAAiC,CAAC;AAGhF,MAAM,CAAC,MAAM,kBAAkB,GAAG,KAAK,EACtC,MAAuB,EACvB,KAAa,EACb,MAAc,EACd,YAAgD,EAC5B,EAAE;IACtB,MAAM,QAAQ,GAAG,OAAO,CAAC;IAEzB,MAAM,YAAY,GAAG,CAAC,CAAC,MAAM,CAAC;QAE7B,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,MAAM,EAAE;KACtB,CAAC,CAAC;IAEH,MAAM,SAAS,GAAa,EAAE,CAAC;IAE/B,MAAM,aAAa,GAAG,KAAK,EAAE,OAAiB,EAAE,EAAE;QACjD,MAAM,aAAa,GAAG,iBAAiB,CAAC,OAAO,EAAE,YAAY,EAAE,MAAM,CAAC,CAAC;QAEvE,MAAM,UAAU,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;QAEnE,IAAI,YAAY,EAAE,CAAC;YAClB,MAAM,YAAY,CAAC,UAAU,CAAC,CAAC;QAChC,CAAC;aAAM,CAAC;YACP,SAAS,CAAC,IAAI,CAAC,GAAG,UAAU,CAAC,CAAC;YAE9B,MAAM,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC;gBACnB,GAAG,EAAE,6BAA6B;gBAClC,IAAI,EAAE;oBACL,IAAI,EAAE,UAAU,CAAC,MAAM;iBACvB;aACD,CAAC,CAAC,CAAC;QACL,CAAC;IACF,CAAC,CAAC;IAEF,MAAM,kBAAkB,CACvB,MAAM,EACN,KAAK,EACL;QAEC,OAAO,EAAE,mBAAmB;QAC5B,KAAK,EAAE,gBAAgB;QACvB,IAAI,EAAE,IAAI,QAAQ,EAAE;KACpB,EACD,aAAa,CACb,CAAC;IAEF,OAAO,SAAS,CAAC;AAClB,CAAC,CAAC;AAEF,MAAM,kBAAkB,GAAG,KAAK,EAC/B,MAAuB,EACvB,KAAa,EACb,gBAA8C,EAC9C,WAAiD,EACjC,EAAE;IAClB,MAAM,YAAY,GAAG,MAAM,MAAM,CAAC,EAAE,CAAC,mBAAmB,CACvD,6BAA6B,EAC7B,KAAK,EACL,gBAAgB,CAChB,CAAC;IAEF,MAAM,WAAW,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC;IAExC,IAAI,MAAM,GAAG,YAAY,CAAC,MAAM,CAAC;IAEjC,OAAO,CAAC,KAAK,MAAM,EAAE,CAAC;QACrB,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,EAAE,CAAC,UAAU,CAC5C,6BAA6B,EAC7B,MAAM,EACN,EAAE,KAAK,EAAE,gBAAgB,CAAC,KAAK,EAAE,CACjC,CAAC;QAEF,MAAM,WAAW,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;QAEtC,MAAM,GAAG,UAAU,CAAC,MAAM,CAAC;IAC5B,CAAC;AACF,CAAC,CAAC"}

package/dist/redis/reader/redisRulesQuery.d.ts

@@ -0,0 +1,4 @@
+import { type AccessRulesFilter } from "#policy/rulesStorage.js";
+export declare const REDIS_QUERY_DIALECT = 2;
+export declare const getRulesRedisQuery: (filter: AccessRulesFilter, matchingFieldsOnly: boolean) => string;
+//# sourceMappingURL=redisRulesQuery.d.ts.map

package/dist/redis/reader/redisRulesQuery.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"redisRulesQuery.d.ts","sourceRoot":"","sources":["../../../src/redis/reader/redisRulesQuery.ts"],"names":[],"mappings":"AAgBA,OAAO,EACN,KAAK,iBAAiB,EAEtB,MAAM,yBAAyB,CAAC;AAcjC,eAAO,MAAM,mBAAmB,IAAI,CAAC;AAwJrC,eAAO,MAAM,kBAAkB,WACtB,iBAAiB,sBACL,OAAO,KACzB,MA4BF,CAAC"}

package/dist/redis/reader/redisRulesQuery.js

@@ -1,5 +1,8 @@
 import { userScopeSchema } from "../../ruleInput/userScopeInput.js";
 import { FilterScopeMatch } from "../../rulesStorage.js";
+const escapeTagValue = (value) => {
+  return value.replace(/([,.<>{}\[\]"':;!@#$%^&*()\-+=~|/\\])/g, "\\$1");
+};
 const REDIS_QUERY_DIALECT = 2;
 const userIpQueries = {
   numericIp: (value, scope) => {
@@ -15,12 +18,18 @@ const userIpQueries = {
     if (scope.numericIp !== void 0) {
       return "";
     }
+    if (value === void 0 && scope.numericIpMaskMax === void 0) {
+      return "";
+    }
     return value !== void 0 ? `@numericIpMaskMin:[-inf ${value}]` : "ismissing(@numericIpMaskMin)";
   },
   numericIpMaskMax: (value, scope) => {
     if (scope.numericIp !== void 0) {
       return "";
     }
+    if (value === void 0 && scope.numericIpMaskMin === void 0) {
+      return "";
+    }
     return value !== void 0 ? `@numericIpMaskMax:[${value} +inf]` : "ismissing(@numericIpMaskMax)";
   }
 };
@@ -56,12 +65,20 @@ const getUserScopeQuery = (userScope, FilterScopeMatchType, matchingFieldsOnly)
     )
   ).filter(Boolean).join(scopeJoinType);
 };
+const FIELDS_REQUIRING_ESCAPE = /* @__PURE__ */ new Set([
+  "coords"
+]);
 const getUserScopeFieldQuery = (fieldName, fieldValue, scopeMatch, fullScope) => {
   if (fieldName in userIpQueries) {
     const queryBuilder = userIpQueries[fieldName];
     return queryBuilder(fieldValue, fullScope);
   }
-  return void 0 === fieldValue ? `ismissing(@${fieldName})` : `@${fieldName}:{${fieldValue}}`;
+  if (void 0 === fieldValue) {
+    return `ismissing(@${fieldName})`;
+  }
+  const stringValue = String(fieldValue);
+  const queryValue = FIELDS_REQUIRING_ESCAPE.has(fieldName) ? escapeTagValue(stringValue) : stringValue;
+  return `@${fieldName}:{${queryValue}}`;
 };
 const getPolicyScopeQuery = (policyScope, scopeMatch) => {
   const clientId = policyScope?.clientId;

package/dist/redis/reader/redisRulesQuery.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"redisRulesQuery.js","sourceRoot":"","sources":["../../../src/redis/reader/redisRulesQuery.ts"],"names":[],"mappings":"AAeA,OAAO,EAAE,eAAe,EAAE,MAAM,qCAAqC,CAAC;AACtE,OAAO,EAEN,gBAAgB,GAChB,MAAM,yBAAyB,CAAC;AAQjC,MAAM,cAAc,GAAG,CAAC,KAAa,EAAU,EAAE;IAEhD,OAAO,KAAK,CAAC,OAAO,CAAC,wCAAwC,EAAE,MAAM,CAAC,CAAC;AACxE,CAAC,CAAC;AAGF,MAAM,CAAC,MAAM,mBAAmB,GAAG,CAAC,CAAC;AAErC,MAAM,aAAa,GAAuC;IACzD,SAAS,EAAE,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE;QAC3B,IAAI,SAAS,KAAK,KAAK,EAAE,CAAC;YACzB,OAAO,iBAAiB,KAAK,IAAI,KAAK,iCAAiC,KAAK,wBAAwB,KAAK,YAAY,CAAC;QACvH,CAAC;QAED,IACC,KAAK,CAAC,gBAAgB,KAAK,SAAS;YACpC,KAAK,CAAC,gBAAgB,KAAK,SAAS,EACnC,CAAC;YACF,OAAO,iFAAiF,CAAC;QAC1F,CAAC;QAED,OAAO,EAAE,CAAC;IACX,CAAC;IACD,gBAAgB,EAAE,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE;QAClC,IAAI,KAAK,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;YACnC,OAAO,EAAE,CAAC;QACX,CAAC;QAED,IAAI,KAAK,KAAK,SAAS,IAAI,KAAK,CAAC,gBAAgB,KAAK,SAAS,EAAE,CAAC;YACjE,OAAO,EAAE,CAAC;QACX,CAAC;QACD,OAAO,KAAK,KAAK,SAAS;YACzB,CAAC,CAAC,2BAA2B,KAAK,GAAG;YACrC,CAAC,CAAC,8BAA8B,CAAC;IACnC,CAAC;IACD,gBAAgB,EAAE,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE;QAClC,IAAI,KAAK,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;YACnC,OAAO,EAAE,CAAC;QACX,CAAC;QAED,IAAI,KAAK,KAAK,SAAS,IAAI,KAAK,CAAC,gBAAgB,KAAK,SAAS,EAAE,CAAC;YACjE,OAAO,EAAE,CAAC;QACX,CAAC;QACD,OAAO,KAAK,KAAK,SAAS;YACzB,CAAC,CAAC,sBAAsB,KAAK,QAAQ;YACrC,CAAC,CAAC,8BAA8B,CAAC;IACnC,CAAC;CACD,CAAC;AAEF,MAAM,iBAAiB,GAAG,CACzB,SAAoB,EACpB,oBAAkD,EAClD,kBAA2B,EAClB,EAAE;IACX,IAAI,YAAY,GAAG,MAAM,CAAC,OAAO,CAAC,SAAS,CAE1C,CAAC;IACF,IAAI,aAAa,GAAG,GAAG,CAAC;IAGxB,IAAI,oBAAoB,KAAK,gBAAgB,CAAC,MAAM,EAAE,CAAC;QACtD,YAAY,GAAG,YAAY,CAAC,MAAM,CACjC,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,KAAK,KAAK,SAAS,CACE,CAAC;QACvC,aAAa,GAAG,KAAK,CAAC;IACvB,CAAC;IAED,IAAI,kBAAkB,EAAE,CAAC;QACxB,MAAM,QAAQ,GAAG,IAAI,GAAG,CAA2B,YAAY,CAAC,CAAC;QAGjE,IAAI,QAAQ,CAAC,GAAG,CAAC,WAAW,CAAC,IAAI,QAAQ,CAAC,GAAG,CAAC,WAAW,CAAC,KAAK,SAAS,EAAE,CAAC;YAC1E,QAAQ,CAAC,GAAG,CAAC,kBAAkB,EAAE,SAAS,CAAC,CAAC;YAC5C,QAAQ,CAAC,GAAG,CAAC,kBAAkB,EAAE,SAAS,CAAC,CAAC;QAC7C,CAAC;QAGD,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,KAAK,CAEnD,EAAE,CAAC;YACH,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;gBACzB,QAAQ,CAAC,GAAG,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;YAC/B,CAAC;QACF,CAAC;QAED,YAAY,GAAG,CAAC,GAAG,QAAQ,CAAC,OAAO,EAAE,CAAC,CAAC;IACxC,CAAC;IAED,MAAM,QAAQ,GAAG,MAAM,CAAC,WAAW,CAAC,YAAY,CAAuB,CAAC;IAExE,OAAO,YAAY;SACjB,GAAG,CAAC,CAAC,CAAC,cAAc,EAAE,eAAe,CAAC,EAAE,EAAE,CAC1C,sBAAsB,CACrB,cAAc,EACd,eAAe,EACf,oBAAoB,EACpB,QAAQ,CACR,CACD;SACA,MAAM,CAAC,OAAO,CAAC;SACf,IAAI,CAAC,aAAa,CAAC,CAAC;AACvB,CAAC,CAAC;AAGF,MAAM,uBAAuB,GAAiC,IAAI,GAAG,CAAC;IACrE,QAAQ;CACR,CAAC,CAAC;AAEH,MAAM,sBAAsB,GAAG,CAC9B,SAA0B,EAC1B,UAAmB,EACnB,UAAwC,EACxC,SAA6B,EACpB,EAAE;IACX,IAAI,SAAS,IAAI,aAAa,EAAE,CAAC;QAChC,MAAM,YAAY,GAAG,aAAa,CAAC,SAAyB,CAAC,CAAC;QAE9D,OAAO,YAAY,CAAC,UAAU,EAAE,SAAS,CAAC,CAAC;IAC5C,CAAC;IAED,IAAI,SAAS,KAAK,UAAU,EAAE,CAAC;QAC9B,OAAO,cAAc,SAAS,GAAG,CAAC;IACnC,CAAC;IAED,MAAM,WAAW,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC;IAEvC,MAAM,UAAU,GAAG,uBAAuB,CAAC,GAAG,CAAC,SAAS,CAAC;QACxD,CAAC,CAAC,cAAc,CAAC,WAAW,CAAC;QAC7B,CAAC,CAAC,WAAW,CAAC;IAEf,OAAO,IAAI,SAAS,KAAK,UAAU,GAAG,CAAC;AACxC,CAAC,CAAC;AAEF,MAAM,mBAAmB,GAAG,CAC3B,WAAoC,EACpC,UAAwC,EAC/B,EAAE;IACX,MAAM,QAAQ,GAAG,WAAW,EAAE,QAAQ,CAAC;IAEvC,IAAI,QAAQ,KAAK,OAAO,QAAQ,EAAE,CAAC;QAClC,OAAO,gBAAgB,CAAC,KAAK,KAAK,UAAU;YAC3C,CAAC,CAAC,cAAc,QAAQ,GAAG;YAC3B,CAAC,CAAC,gBAAgB,QAAQ,4BAA4B,CAAC;IACzD,CAAC;IAED,OAAO,gBAAgB,CAAC,KAAK,KAAK,UAAU,CAAC,CAAC,CAAC,sBAAsB,CAAC,CAAC,CAAC,EAAE,CAAC;AAC5E,CAAC,CAAC;AAYF,MAAM,CAAC,MAAM,kBAAkB,GAAG,CACjC,MAAyB,EACzB,kBAA2B,EAClB,EAAE;IACX,MAAM,EAAE,WAAW,EAAE,SAAS,EAAE,GAAG,MAAM,CAAC;IAC1C,MAAM,UAAU,GAAG,EAAE,CAAC;IAEtB,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;QACpB,UAAU,CAAC,IAAI,CAAC,aAAa,MAAM,CAAC,OAAO,GAAG,CAAC,CAAC;IACjD,CAAC;IAED,MAAM,gBAAgB,GAAG,mBAAmB,CAC3C,WAAW,EACX,MAAM,CAAC,gBAAgB,CACvB,CAAC;IAEF,IAAI,gBAAgB,EAAE,CAAC;QACtB,UAAU,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;IACnC,CAAC;IAED,IAAI,SAAS,IAAI,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACpD,MAAM,eAAe,GAAG,iBAAiB,CACxC,SAAS,EACT,MAAM,CAAC,cAAc,EACrB,kBAAkB,CAClB,CAAC;QAEF,UAAU,CAAC,IAAI,CAAC,KAAK,eAAe,IAAI,CAAC,CAAC;IAC3C,CAAC;IAED,OAAO,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;AAC3D,CAAC,CAAC"}

package/dist/redis/reader/redisRulesReader.d.ts

@@ -0,0 +1,26 @@
+import type { Logger } from "@prosopo/logger";
+import type { RedisClientType } from "redis";
+import type { AccessRule } from "#policy/rule.js";
+import type { AccessRuleEntry, AccessRulesFilter, AccessRulesReader } from "#policy/rulesStorage.js";
+export declare class RedisRulesReader implements AccessRulesReader {
+    private readonly client;
+    private readonly logger;
+    constructor(client: RedisClientType, logger: Logger);
+    getMissingRuleIds(ruleIds: string[]): Promise<string[]>;
+    fetchRules(ruleIds: string[]): Promise<AccessRuleEntry[]>;
+    findRules(filter: AccessRulesFilter, matchingFieldsOnly?: boolean, skipEmptyUserScopes?: boolean): Promise<AccessRule[]>;
+    findRuleIds(filter: AccessRulesFilter, matchingFieldsOnly?: boolean): Promise<string[]>;
+    fetchAllRuleIds(batchHandler: (ruleIds: string[]) => Promise<void>): Promise<void>;
+    protected fetchRuleEntries(keys: string[]): Promise<AccessRuleEntry[]>;
+    protected getRuleKeys(ruleIds: string[]): string[];
+}
+export declare class DummyRedisRulesReader implements AccessRulesReader {
+    private readonly logger;
+    constructor(logger: Logger);
+    getMissingRuleIds(ruleIds: string[]): Promise<string[]>;
+    fetchRules(ruleIds: string[]): Promise<AccessRuleEntry[]>;
+    findRules(filter: AccessRulesFilter, matchingFieldsOnly?: boolean, skipEmptyUserScopes?: boolean): Promise<AccessRule[]>;
+    findRuleIds(filter: AccessRulesFilter, matchingFieldsOnly?: boolean): Promise<string[]>;
+    fetchAllRuleIds(batchHandler: (ruleIds: string[]) => Promise<void>): Promise<void>;
+}
+//# sourceMappingURL=redisRulesReader.d.ts.map

package/dist/redis/reader/redisRulesReader.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"redisRulesReader.d.ts","sourceRoot":"","sources":["../../../src/redis/reader/redisRulesReader.ts"],"names":[],"mappings":"AAgBA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAC;AAC9C,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,OAAO,CAAC;AAe7C,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAElD,OAAO,KAAK,EACX,eAAe,EACf,iBAAiB,EACjB,iBAAiB,EACjB,MAAM,yBAAyB,CAAC;AAGjC,qBAAa,gBAAiB,YAAW,iBAAiB;IAExD,OAAO,CAAC,QAAQ,CAAC,MAAM;IACvB,OAAO,CAAC,QAAQ,CAAC,MAAM;gBADN,MAAM,EAAE,eAAe,EACvB,MAAM,EAAE,MAAM;IAG1B,iBAAiB,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IAcvD,UAAU,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC;IAazD,SAAS,CACd,MAAM,EAAE,iBAAiB,EACzB,kBAAkB,UAAQ,EAC1B,mBAAmB,UAAO,GACxB,OAAO,CAAC,UAAU,EAAE,CAAC;IA8ElB,WAAW,CAChB,MAAM,EAAE,iBAAiB,EACzB,kBAAkB,UAAQ,GACxB,OAAO,CAAC,MAAM,EAAE,CAAC;IAgDd,eAAe,CACpB,YAAY,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,OAAO,CAAC,IAAI,CAAC,GAChD,OAAO,CAAC,IAAI,CAAC;cAYA,gBAAgB,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC;IA8B5E,SAAS,CAAC,WAAW,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,MAAM,EAAE;CAGlD;AAED,qBAAa,qBAAsB,YAAW,iBAAiB;IAClD,OAAO,CAAC,QAAQ,CAAC,MAAM;gBAAN,MAAM,EAAE,MAAM;IAErC,iBAAiB,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IAWvD,UAAU,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC;IAWzD,SAAS,CACd,MAAM,EAAE,iBAAiB,EACzB,kBAAkB,UAAQ,EAC1B,mBAAmB,UAAO,GACxB,OAAO,CAAC,UAAU,EAAE,CAAC;IAWlB,WAAW,CAChB,MAAM,EAAE,iBAAiB,EACzB,kBAAkB,UAAQ,GACxB,OAAO,CAAC,MAAM,EAAE,CAAC;IAWd,eAAe,CACpB,YAAY,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,OAAO,CAAC,IAAI,CAAC,GAChD,OAAO,CAAC,IAAI,CAAC;CAKhB"}

package/dist/redis/reader/redisRulesReader.js

@@ -1,7 +1,7 @@
 import * as util from "node:util";
 import { chunkIntoBatches, executeBatchesSequentially } from "@prosopo/common";
 import { getRulesRedisQuery, REDIS_QUERY_DIALECT } from "./redisRulesQuery.js";
-import { REDIS_BATCH_SIZE, getMissingRedisKeys, parseRedisRecords, fetchRedisHashRecords } from "../redisClient.js";
+import { REDIS_BATCH_SIZE, getMissingRedisKeys, fetchRedisHashRecords, parseRedisRecords } from "../redisClient.js";
 import { ACCESS_RULE_REDIS_KEY_PREFIX, ACCESS_RULES_REDIS_INDEX_NAME } from "../redisRuleIndex.js";
 import { accessRuleInput } from "../../ruleInput/ruleInput.js";
 import { aggregateRedisKeys } from "./redisAggregate.js";
@@ -33,9 +33,8 @@ class RedisRulesReader {
     if (skipEmptyUserScopes && query === "ismissing(@clientId)") {
       return [];
     }
-    let searchReply;
     try {
-      searchReply = await this.client.ft.search(
+      const searchReply = await this.client.ft.searchNoContent(
         ACCESS_RULES_REDIS_INDEX_NAME,
         query,
         {
@@ -62,6 +61,18 @@ class RedisRulesReader {
           }
         }));
       }
+      if (searchReply.documents.length === 0) {
+        return [];
+      }
+      const { records } = await fetchRedisHashRecords(
+        this.client,
+        searchReply.documents,
+        this.logger
+      );
+      const nonEmptyRecords = records.filter(
+        (record) => Object.keys(record).length > 0
+      );
+      return parseRedisRecords(nonEmptyRecords, accessRuleInput, this.logger);
     } catch (e) {
       this.logger.error(() => ({
         err: e,
@@ -80,8 +91,6 @@ class RedisRulesReader {
       }));
       return [];
     }
-    const records = searchReply.documents.map(({ value }) => value);
-    return parseRedisRecords(records, accessRuleInput, this.logger);
   }
   async findRuleIds(filter, matchingFieldsOnly = false) {
     const query = getRulesRedisQuery(filter, matchingFieldsOnly);

package/dist/redis/reader/redisRulesReader.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"redisRulesReader.js","sourceRoot":"","sources":["../../../src/redis/reader/redisRulesReader.ts"],"names":[],"mappings":"AAcA,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,EAAE,gBAAgB,EAAE,0BAA0B,EAAE,MAAM,iBAAiB,CAAC;AAG/E,OAAO,EACN,mBAAmB,EACnB,kBAAkB,GAClB,MAAM,yCAAyC,CAAC;AACjD,OAAO,EACN,gBAAgB,EAChB,qBAAqB,EACrB,mBAAmB,EACnB,iBAAiB,GACjB,MAAM,8BAA8B,CAAC;AACtC,OAAO,EACN,6BAA6B,EAC7B,4BAA4B,GAC5B,MAAM,iCAAiC,CAAC;AAEzC,OAAO,EAAE,eAAe,EAAE,MAAM,gCAAgC,CAAC;AAMjE,OAAO,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AAEzD,MAAM,OAAO,gBAAgB;IAC5B,YACkB,MAAuB,EACvB,MAAc;QADd,WAAM,GAAN,MAAM,CAAiB;QACvB,WAAM,GAAN,MAAM,CAAQ;IAC7B,CAAC;IAEJ,KAAK,CAAC,iBAAiB,CAAC,OAAiB;QACxC,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;QAC3C,MAAM,UAAU,GAAG,gBAAgB,CAAC,QAAQ,EAAE,gBAAgB,CAAC,CAAC;QAEhE,MAAM,iBAAiB,GAAG,MAAM,0BAA0B,CACzD,UAAU,EACV,KAAK,EAAE,SAAS,EAAE,EAAE,CAAC,mBAAmB,CAAC,IAAI,CAAC,MAAM,EAAE,SAAS,CAAC,CAChE,CAAC;QAEF,OAAO,iBAAiB;aACtB,IAAI,EAAE;aACN,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,4BAA4B,CAAC,MAAM,CAAC,CAAC,CAAC;IACxE,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,OAAiB;QACjC,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;QAE3C,MAAM,UAAU,GAAG,gBAAgB,CAAC,QAAQ,EAAE,gBAAgB,CAAC,CAAC;QAEhE,MAAM,YAAY,GAAG,MAAM,0BAA0B,CACpD,UAAU,EACV,CAAC,SAAS,EAAE,EAAE,CAAC,IAAI,CAAC,gBAAgB,CAAC,SAAS,CAAC,CAC/C,CAAC;QAEF,OAAO,YAAY,CAAC,IAAI,EAAE,CAAC;IAC5B,CAAC;IAED,KAAK,CAAC,SAAS,CACd,MAAyB,EACzB,kBAAkB,GAAG,KAAK,EAC1B,mBAAmB,GAAG,IAAI;QAE1B,MAAM,KAAK,GAAG,kBAAkB,CAAC,MAAM,EAAE,kBAAkB,CAAC,CAAC;QAE7D,IAAI,mBAAmB,IAAI,KAAK,KAAK,sBAAsB,EAAE,CAAC;YAE7D,OAAO,EAAE,CAAC;QACX,CAAC;QAED,IAAI,CAAC;YAKJ,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,eAAe,CACvD,6BAA6B,EAC7B,KAAK,EACL;gBACC,OAAO,EAAE,mBAAmB;gBAE5B,KAAK,EAAE;oBACN,IAAI,EAAE,CAAC;oBACP,IAAI,EAAE,gBAAgB;iBACtB;aACD,CACD,CAAC;YAEF,IAAI,WAAW,CAAC,KAAK,GAAG,CAAC,EAAE,CAAC;gBAC3B,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC;oBACxB,GAAG,EAAE,uBAAuB;oBAC5B,IAAI,EAAE;wBACL,OAAO,EAAE,IAAI,CAAC,OAAO,CACpB;4BACC,MAAM,EAAE,MAAM;4BACd,WAAW,EAAE,WAAW;4BACxB,KAAK,EAAE,KAAK;yBACZ,EACD,EAAE,KAAK,EAAE,IAAI,EAAE,CACf;qBACD;iBACD,CAAC,CAAC,CAAC;YACL,CAAC;YAED,IAAI,WAAW,CAAC,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACxC,OAAO,EAAE,CAAC;YACX,CAAC;YAED,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,qBAAqB,CAC9C,IAAI,CAAC,MAAM,EACX,WAAW,CAAC,SAAS,EACrB,IAAI,CAAC,MAAM,CACX,CAAC;YAEF,MAAM,eAAe,GAAG,OAAO,CAAC,MAAM,CACrC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,MAAM,GAAG,CAAC,CAC1C,CAAC;YAEF,OAAO,iBAAiB,CAAC,eAAe,EAAE,eAAe,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;QACzE,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACZ,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC;gBACxB,GAAG,EAAE,CAAC;gBACN,IAAI,EAAE;oBACL,OAAO,EAAE,IAAI,CAAC,OAAO,CACpB;wBACC,KAAK,EAAE,KAAK;wBACZ,MAAM,EAAE,MAAM;qBACd,EACD;wBACC,KAAK,EAAE,IAAI;qBACX,CACD;iBACD;gBACD,GAAG,EAAE,gCAAgC;aACrC,CAAC,CAAC,CAAC;YAEJ,OAAO,EAAE,CAAC;QACX,CAAC;IACF,CAAC;IAED,KAAK,CAAC,WAAW,CAChB,MAAyB,EACzB,kBAAkB,GAAG,KAAK;QAE1B,MAAM,KAAK,GAAG,kBAAkB,CAAC,MAAM,EAAE,kBAAkB,CAAC,CAAC;QAE7D,IAAI,OAAO,GAAa,EAAE,CAAC;QAE3B,IAAI,CAAC;YAEJ,MAAM,QAAQ,GAAG,MAAM,kBAAkB,CACxC,IAAI,CAAC,MAAM,EACX,KAAK,EACL,IAAI,CAAC,MAAM,CACX,CAAC;YAEF,OAAO,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE,CAClC,OAAO,CAAC,KAAK,CAAC,4BAA4B,CAAC,MAAM,CAAC,CAClD,CAAC;QACH,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACZ,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC;gBACxB,GAAG,EAAE,CAAC;gBACN,IAAI,EAAE;oBACL,OAAO,EAAE,IAAI,CAAC,OAAO,CACpB;wBACC,KAAK,EAAE,KAAK;wBACZ,MAAM,EAAE,MAAM;qBACd,EACD;wBACC,KAAK,EAAE,IAAI;qBACX,CACD;iBACD;gBACD,GAAG,EAAE,6CAA6C;aAClD,CAAC,CAAC,CAAC;YAEJ,OAAO,EAAE,CAAC;QACX,CAAC;QAED,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC;YACxB,GAAG,EAAE,oCAAoC;YACzC,IAAI,EAAE;gBACL,KAAK,EAAE,KAAK;gBACZ,UAAU,EAAE,OAAO,CAAC,MAAM;gBAC1B,QAAQ,EAAE,OAAO;aACjB;SACD,CAAC,CAAC,CAAC;QAEJ,OAAO,OAAO,CAAC;IAChB,CAAC;IAED,KAAK,CAAC,eAAe,CACpB,YAAkD;QAElD,MAAM,gBAAgB,GAAG,KAAK,EAAE,IAAc,EAAE,EAAE;YACjD,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE,CAChC,OAAO,CAAC,KAAK,CAAC,4BAA4B,CAAC,MAAM,CAAC,CAClD,CAAC;YAEF,MAAM,YAAY,CAAC,GAAG,CAAC,CAAC;QACzB,CAAC,CAAC;QAEF,MAAM,kBAAkB,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,IAAI,CAAC,MAAM,EAAE,gBAAgB,CAAC,CAAC;IAC3E,CAAC;IAES,KAAK,CAAC,gBAAgB,CAAC,IAAc;QAC9C,MAAM,EAAE,OAAO,EAAE,WAAW,EAAE,GAAG,MAAM,qBAAqB,CAC3D,IAAI,CAAC,MAAM,EACX,IAAI,EACJ,IAAI,CAAC,MAAM,CACX,CAAC;QACF,MAAM,OAAO,GAAsB,EAAE,CAAC;QAEtC,KAAK,MAAM,CAAC,KAAK,EAAE,QAAQ,CAAC,IAAI,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC;YACnD,MAAM,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC;YAEvD,IAAI,aAAa,EAAE,CAAC;gBACnB,MAAM,IAAI,GAAG,iBAAiB,CAC7B,CAAC,QAAQ,CAAC,EACV,eAAe,EACf,IAAI,CAAC,MAAM,CACX,CAAC,CAAC,CAAC,CAAC;gBAEL,IAAI,IAAI,EAAE,CAAC;oBACV,OAAO,CAAC,IAAI,CAAC;wBACZ,IAAI,EAAE,IAAI;wBACV,oBAAoB,EAAE,WAAW,CAAC,KAAK,CAAC;qBACxC,CAAC,CAAC;gBACJ,CAAC;YACF,CAAC;QACF,CAAC;QAED,OAAO,OAAO,CAAC;IAChB,CAAC;IAES,WAAW,CAAC,OAAiB;QACtC,OAAO,OAAO,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,GAAG,4BAA4B,GAAG,EAAE,EAAE,CAAC,CAAC;IACpE,CAAC;CACD;AAED,MAAM,OAAO,qBAAqB;IACjC,YAA6B,MAAc;QAAd,WAAM,GAAN,MAAM,CAAQ;IAAG,CAAC;IAE/C,KAAK,CAAC,iBAAiB,CAAC,OAAiB;QACxC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;YACvB,GAAG,EAAE,8DAA8D;YACnE,IAAI,EAAE;gBACL,OAAO;aACP;SACD,CAAC,CAAC,CAAC;QAEJ,OAAO,EAAE,CAAC;IACX,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,OAAiB;QACjC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;YACvB,GAAG,EAAE,sDAAsD;YAC3D,IAAI,EAAE;gBACL,OAAO;aACP;SACD,CAAC,CAAC,CAAC;QAEJ,OAAO,EAAE,CAAC;IACX,CAAC;IAED,KAAK,CAAC,SAAS,CACd,MAAyB,EACzB,kBAAkB,GAAG,KAAK,EAC1B,mBAAmB,GAAG,IAAI;QAE1B,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;YACvB,GAAG,EAAE,sDAAsD;YAC3D,IAAI,EAAE;gBACL,MAAM;aACN;SACD,CAAC,CAAC,CAAC;QAEJ,OAAO,EAAE,CAAC;IACX,CAAC;IAED,KAAK,CAAC,WAAW,CAChB,MAAyB,EACzB,kBAAkB,GAAG,KAAK;QAE1B,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;YACvB,GAAG,EAAE,wDAAwD;YAC7D,IAAI,EAAE;gBACL,MAAM;aACN;SACD,CAAC,CAAC,CAAC;QAEJ,OAAO,EAAE,CAAC;IACX,CAAC;IAED,KAAK,CAAC,eAAe,CACpB,YAAkD;QAElD,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;YACvB,GAAG,EAAE,4DAA4D;SACjE,CAAC,CAAC,CAAC;IACL,CAAC;CACD"}

package/dist/redis/redisClient.d.ts

@@ -0,0 +1,11 @@
+import type { Logger } from "@prosopo/logger";
+import type { RedisClientType } from "redis";
+import { type ZodType } from "zod";
+export declare const REDIS_BATCH_SIZE = 1000;
+export declare const getMissingRedisKeys: (client: RedisClientType, keys: string[]) => Promise<string[]>;
+export declare const fetchRedisHashRecords: (client: RedisClientType, keys: string[], logger: Logger) => Promise<{
+    records: object[];
+    expirations: (number | undefined)[];
+}>;
+export declare const parseRedisRecords: <T>(records: unknown[], recordSchema: ZodType<T>, logger: Logger) => T[];
+//# sourceMappingURL=redisClient.d.ts.map

package/dist/redis/redisClient.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"redisClient.d.ts","sourceRoot":"","sources":["../../src/redis/redisClient.ts"],"names":[],"mappings":"AAcA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAC;AAC9C,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,OAAO,CAAC;AAC7C,OAAO,EAAE,KAAK,OAAO,EAAK,MAAM,KAAK,CAAC;AAEtC,eAAO,MAAM,gBAAgB,OAAQ,CAAC;AAEtC,eAAO,MAAM,mBAAmB,WACvB,eAAe,QACjB,MAAM,EAAE,KACZ,OAAO,CAAC,MAAM,EAAE,CAsBlB,CAAC;AAEF,eAAO,MAAM,qBAAqB,WACzB,eAAe,QACjB,MAAM,EAAE,UACN,MAAM,KACZ,OAAO,CAAC;IAAE,OAAO,EAAE,MAAM,EAAE,CAAC;IAAC,WAAW,EAAE,CAAC,MAAM,GAAG,SAAS,CAAC,EAAE,CAAA;CAAE,CAgBpE,CAAC;AAEF,eAAO,MAAM,iBAAiB,GAAI,CAAC,WACzB,OAAO,EAAE,gBACJ,OAAO,CAAC,CAAC,CAAC,UAChB,MAAM,KACZ,CAAC,EAcD,CAAC"}

package/dist/redis/redisClient.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"redisClient.js","sourceRoot":"","sources":["../../src/redis/redisClient.ts"],"names":[],"mappings":"AAgBA,OAAO,EAAgB,CAAC,EAAE,MAAM,KAAK,CAAC;AAEtC,MAAM,CAAC,MAAM,gBAAgB,GAAG,KAAK,CAAC;AAEtC,MAAM,CAAC,MAAM,mBAAmB,GAAG,KAAK,EACvC,MAAuB,EACvB,IAAc,EACM,EAAE;IACtB,MAAM,OAAO,GAAG,MAAM,CAAC,KAAK,EAAE,CAAC;IAE/B,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE;QAChB,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IACrB,CAAC,CAAC,CAAC;IAEH,MAAM,OAAO,GAAc,MAAM,OAAO,CAAC,IAAI,EAAE,CAAC;IAEhD,MAAM,WAAW,GAAa,EAAE,CAAC;IAEjC,OAAO,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,WAAW,EAAE,EAAE;QACnC,IAAI,GAAG,KAAK,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC;YAC5B,MAAM,GAAG,GAAG,IAAI,CAAC,WAAW,CAAC,CAAC;YAE9B,IAAI,GAAG,EAAE,CAAC;gBACT,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YACvB,CAAC;QACF,CAAC;IACF,CAAC,CAAC,CAAC;IAEH,OAAO,WAAW,CAAC;AACpB,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,qBAAqB,GAAG,KAAK,EACzC,MAAuB,EACvB,IAAc,EACd,MAAc,EACwD,EAAE;IACxE,MAAM,SAAS,GAAG,MAAM,CAAC,KAAK,EAAE,CAAC;IACjC,MAAM,cAAc,GAAG,MAAM,CAAC,KAAK,EAAE,CAAC;IAEtC,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QACxB,SAAS,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACvB,cAAc,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;IAChC,CAAC;IAED,MAAM,OAAO,GAAG,CAAC,MAAM,SAAS,CAAC,IAAI,EAAE,CAAa,CAAC;IACrD,MAAM,iBAAiB,GAAG,CAAC,MAAM,cAAc,CAAC,IAAI,EAAE,CAAc,CAAC;IAErE,OAAO;QACN,OAAO,EAAE,OAAO;QAChB,WAAW,EAAE,sBAAsB,CAAC,iBAAiB,EAAE,MAAM,CAAC;KAC9D,CAAC;AACH,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAChC,OAAkB,EAClB,YAAwB,EACxB,MAAc,EACR,EAAE,CACR,OAAO,CAAC,OAAO,CAAC,CAAC,MAAM,EAAE,EAAE;IAC1B,MAAM,WAAW,GAAG,YAAY,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;IAEnD,IAAI,WAAW,CAAC,OAAO,EAAE,CAAC;QACzB,OAAO,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;IAC3B,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC;QACnB,GAAG,EAAE,8BAA8B;QACnC,IAAI,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,WAAW,CAAC,KAAK,EAAE;KAC1C,CAAC,CAAC,CAAC;IAEJ,OAAO,EAAE,CAAC;AACX,CAAC,CAAC,CAAC;AAEJ,MAAM,sBAAsB,GAAG,CAAC,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;AAEjD,MAAM,sBAAsB,GAAG,CAAC,CAAC,CAAC;AAElC,MAAM,sBAAsB,GAAG,CAC9B,OAAkB,EAClB,MAAc,EACW,EAAE,CAC3B,OAAO,CAAC,OAAO,CAAC,CAAC,MAAM,EAAE,EAAE;IAC1B,MAAM,WAAW,GAAG,sBAAsB,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;IAE7D,IAAI,WAAW,CAAC,OAAO,EAAE,CAAC;QACzB,MAAM,UAAU,GACf,sBAAsB,KAAK,WAAW,CAAC,IAAI;YAC1C,CAAC,CAAC,SAAS;YACX,CAAC,CAAC,WAAW,CAAC,IAAI,CAAC;QAErB,OAAO,CAAC,UAAU,CAAC,CAAC;IACrB,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC;QACnB,GAAG,EAAE,yCAAyC;QAC9C,IAAI,EAAE;YACL,MAAM;YACN,KAAK,EAAE,WAAW,CAAC,KAAK;SACxB;KACD,CAAC,CAAC,CAAC;IAGJ,OAAO,CAAC,SAAS,CAAC,CAAC;AACpB,CAAC,CAAC,CAAC"}

package/dist/redis/redisRuleIndex.d.ts

@@ -0,0 +1,13 @@
+import type { RedisIndex } from "@prosopo/redis-client";
+import { type RediSearchSchema } from "@redis/search";
+import type { AccessRule } from "#policy/rule.js";
+export declare const userIpRedisSchema: RediSearchSchema;
+export declare const userAttributesRedisSchema: RediSearchSchema;
+export declare const userScopeRedisSchema: RediSearchSchema;
+export declare const policyScopeRedisSchema: RediSearchSchema;
+export declare const accessRuleRedisSchema: RediSearchSchema;
+export declare const ACCESS_RULES_REDIS_INDEX_NAME = "index:user-access-rules";
+export declare const ACCESS_RULE_REDIS_KEY_PREFIX = "uar:";
+export declare const accessRulesRedisIndex: RedisIndex;
+export declare const getAccessRuleRedisKey: (rule: AccessRule) => string;
+//# sourceMappingURL=redisRuleIndex.d.ts.map

package/dist/redis/redisRuleIndex.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"redisRuleIndex.d.ts","sourceRoot":"","sources":["../../src/redis/redisRuleIndex.ts"],"names":[],"mappings":"AAeA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,KAAK,gBAAgB,EAAqB,MAAM,eAAe,CAAC;AACzE,OAAO,KAAK,EACX,UAAU,EAKV,MAAM,iBAAiB,CAAC;AAGzB,eAAO,MAAM,iBAAiB,EAAE,gBAIL,CAAC;AAE5B,eAAO,MAAM,yBAAyB,EAAE,gBASL,CAAC;AAEpC,eAAO,MAAM,oBAAoB,EAAE,gBAGR,CAAC;AAE5B,eAAO,MAAM,sBAAsB,EAAE,gBAKL,CAAC;AAUjC,eAAO,MAAM,qBAAqB,EAAE,gBAIR,CAAC;AAE7B,eAAO,MAAM,6BAA6B,4BAA4B,CAAC;AAGvE,eAAO,MAAM,4BAA4B,SAAS,CAAC;AAEnD,eAAO,MAAM,qBAAqB,EAAE,UAOnC,CAAC;AAEF,eAAO,MAAM,qBAAqB,SAAU,UAAU,KAAG,MACD,CAAC"}

package/dist/redis/redisRuleIndex.js

@@ -9,7 +9,11 @@ const userAttributesRedisSchema = {
   userId: { type: SCHEMA_FIELD_TYPE.TAG, INDEXMISSING: true },
   ja4Hash: { type: SCHEMA_FIELD_TYPE.TAG, INDEXMISSING: true },
   headersHash: { type: SCHEMA_FIELD_TYPE.TAG, INDEXMISSING: true },
-  userAgentHash: { type: SCHEMA_FIELD_TYPE.TAG, INDEXMISSING: true }
+  userAgentHash: { type: SCHEMA_FIELD_TYPE.TAG, INDEXMISSING: true },
+  headHash: { type: SCHEMA_FIELD_TYPE.TAG, INDEXMISSING: true },
+  // Use pipe separator for coords since JSON strings contain commas
+  coords: { type: SCHEMA_FIELD_TYPE.TAG, INDEXMISSING: true, SEPARATOR: "|" },
+  countryCode: { type: SCHEMA_FIELD_TYPE.TAG, INDEXMISSING: true }
 };
 const userScopeRedisSchema = {
   ...userAttributesRedisSchema,

package/dist/redis/redisRuleIndex.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"redisRuleIndex.js","sourceRoot":"","sources":["../../src/redis/redisRuleIndex.ts"],"names":[],"mappings":"AAgBA,OAAO,EAAyB,iBAAiB,EAAE,MAAM,eAAe,CAAC;AAQzE,OAAO,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AAE9D,MAAM,CAAC,MAAM,iBAAiB,GAAqB;IAClD,gBAAgB,EAAE,EAAE,IAAI,EAAE,iBAAiB,CAAC,OAAO,EAAE,YAAY,EAAE,IAAI,EAAE;IACzE,gBAAgB,EAAE,EAAE,IAAI,EAAE,iBAAiB,CAAC,OAAO,EAAE,YAAY,EAAE,IAAI,EAAE;IACzE,SAAS,EAAE,EAAE,IAAI,EAAE,iBAAiB,CAAC,OAAO,EAAE,YAAY,EAAE,IAAI,EAAE;CACxC,CAAC;AAE5B,MAAM,CAAC,MAAM,yBAAyB,GAAqB;IAC1D,MAAM,EAAE,EAAE,IAAI,EAAE,iBAAiB,CAAC,GAAG,EAAE,YAAY,EAAE,IAAI,EAAE;IAC3D,OAAO,EAAE,EAAE,IAAI,EAAE,iBAAiB,CAAC,GAAG,EAAE,YAAY,EAAE,IAAI,EAAE;IAC5D,WAAW,EAAE,EAAE,IAAI,EAAE,iBAAiB,CAAC,GAAG,EAAE,YAAY,EAAE,IAAI,EAAE;IAChE,aAAa,EAAE,EAAE,IAAI,EAAE,iBAAiB,CAAC,GAAG,EAAE,YAAY,EAAE,IAAI,EAAE;IAClE,QAAQ,EAAE,EAAE,IAAI,EAAE,iBAAiB,CAAC,GAAG,EAAE,YAAY,EAAE,IAAI,EAAE;IAE7D,MAAM,EAAE,EAAE,IAAI,EAAE,iBAAiB,CAAC,GAAG,EAAE,YAAY,EAAE,IAAI,EAAE,SAAS,EAAE,GAAG,EAAE;IAC3E,WAAW,EAAE,EAAE,IAAI,EAAE,iBAAiB,CAAC,GAAG,EAAE,YAAY,EAAE,IAAI,EAAE;CAC9B,CAAC;AAEpC,MAAM,CAAC,MAAM,oBAAoB,GAAqB;IACrD,GAAG,yBAAyB;IAC5B,GAAG,iBAAiB;CACM,CAAC;AAE5B,MAAM,CAAC,MAAM,sBAAsB,GAAqB;IACvD,QAAQ,EAAE;QACT,IAAI,EAAE,iBAAiB,CAAC,GAAG;QAC3B,YAAY,EAAE,IAAI;KAClB;CAC8B,CAAC;AAUjC,MAAM,CAAC,MAAM,qBAAqB,GAAqB;IACtD,GAAG,sBAAsB;IACzB,GAAG,oBAAoB;IACvB,OAAO,EAAE,EAAE,IAAI,EAAE,iBAAiB,CAAC,GAAG,EAAE,YAAY,EAAE,IAAI,EAAE;CACjC,CAAC;AAE7B,MAAM,CAAC,MAAM,6BAA6B,GAAG,yBAAyB,CAAC;AAGvE,MAAM,CAAC,MAAM,4BAA4B,GAAG,MAAM,CAAC;AAEnD,MAAM,CAAC,MAAM,qBAAqB,GAAe;IAChD,IAAI,EAAE,6BAA6B;IACnC,MAAM,EAAE,qBAAqB;IAC7B,OAAO,EAAE;QACR,EAAE,EAAE,MAAe;QACnB,MAAM,EAAE,CAAC,4BAA4B,CAAC;KACtC;CACD,CAAC;AAEF,MAAM,CAAC,MAAM,qBAAqB,GAAG,CAAC,IAAgB,EAAU,EAAE,CACjE,4BAA4B,GAAG,kBAAkB,CAAC,IAAI,CAAC,CAAC"}

package/dist/redis/redisRulesStorage.d.ts

@@ -0,0 +1,5 @@
+import type { Logger } from "@prosopo/logger";
+import type { RedisConnection } from "@prosopo/redis-client";
+import type { AccessRulesStorage } from "#policy/rulesStorage.js";
+export declare const createRedisAccessRulesStorage: (connection: RedisConnection, logger: Logger) => AccessRulesStorage;
+//# sourceMappingURL=redisRulesStorage.d.ts.map

package/dist/redis/redisRulesStorage.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"redisRulesStorage.d.ts","sourceRoot":"","sources":["../../src/redis/redisRulesStorage.ts"],"names":[],"mappings":"AAcA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAC;AAC9C,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AAC7D,OAAO,KAAK,EAEX,kBAAkB,EAElB,MAAM,yBAAyB,CAAC;AAOjC,eAAO,MAAM,6BAA6B,eAC7B,eAAe,UACnB,MAAM,KACZ,kBAqBF,CAAC"}

package/dist/redis/redisRulesStorage.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"redisRulesStorage.js","sourceRoot":"","sources":["../../src/redis/redisRulesStorage.ts"],"names":[],"mappings":"AAqBA,OAAO,EACN,qBAAqB,EACrB,gBAAgB,GAChB,MAAM,8BAA8B,CAAC;AACtC,OAAO,EAAE,qBAAqB,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AAEhF,MAAM,CAAC,MAAM,6BAA6B,GAAG,CAC5C,UAA2B,EAC3B,MAAc,EACO,EAAE;IACvB,MAAM,OAAO,GAAuB,cAAc,CACjD,IAAI,qBAAqB,CAAC,MAAM,CAAC,EACjC,IAAI,qBAAqB,CAAC,MAAM,CAAC,CACjC,CAAC;IAEF,UAAU,CAAC,SAAS,EAAE,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE;QACtC,MAAM,WAAW,GAAG,cAAc,CACjC,IAAI,gBAAgB,CAAC,MAAM,EAAE,MAAM,CAAC,EACpC,IAAI,gBAAgB,CAAC,MAAM,EAAE,MAAM,CAAC,CACpC,CAAC;QAGF,MAAM,CAAC,MAAM,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;QAEpC,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;YAClB,GAAG,EAAE,mDAAmD;SACxD,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,OAAO,OAAO,CAAC;AAChB,CAAC,CAAC;AAEF,MAAM,cAAc,GAAG,CACtB,MAAyB,EACzB,MAAyB,EACJ,EAAE,CAAC,CAAC;IAEzB,UAAU,EAAE,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC;IAC1C,iBAAiB,EAAE,MAAM,CAAC,iBAAiB,CAAC,IAAI,CAAC,MAAM,CAAC;IACxD,SAAS,EAAE,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,MAAM,CAAC;IACxC,WAAW,EAAE,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC;IAC5C,eAAe,EAAE,MAAM,CAAC,eAAe,CAAC,IAAI,CAAC,MAAM,CAAC;IAEpD,WAAW,EAAE,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC;IAC5C,WAAW,EAAE,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC;IAC5C,cAAc,EAAE,MAAM,CAAC,cAAc,CAAC,IAAI,CAAC,MAAM,CAAC;CAClD,CAAC,CAAC"}

package/dist/redis/redisRulesWriter.d.ts

@@ -0,0 +1,22 @@
+import type { Logger } from "@prosopo/logger";
+import type { RedisClientType } from "redis";
+import type { AccessRule } from "#policy/rule.js";
+import type { AccessRuleEntry, AccessRulesWriter } from "#policy/rulesStorage.js";
+export declare class RedisRulesWriter implements AccessRulesWriter {
+    private readonly client;
+    private readonly logger;
+    constructor(client: RedisClientType, logger: Logger);
+    insertRules(ruleEntries: AccessRuleEntry[]): Promise<string[]>;
+    deleteRules(ruleIds: string[]): Promise<void>;
+    deleteAllRules(): Promise<number>;
+    protected insertRuleEntries(ruleEntries: AccessRuleEntry[]): Promise<string[]>;
+}
+export declare const getRedisRuleValue: (rule: AccessRule) => Record<string, string>;
+export declare class DummyRedisRulesWriter implements AccessRulesWriter {
+    private readonly logger;
+    constructor(logger: Logger);
+    insertRules(ruleEntries: AccessRuleEntry[]): Promise<string[]>;
+    deleteRules(ruleIds: string[]): Promise<void>;
+    deleteAllRules(): Promise<number>;
+}
+//# sourceMappingURL=redisRulesWriter.d.ts.map

package/dist/redis/redisRulesWriter.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"redisRulesWriter.d.ts","sourceRoot":"","sources":["../../src/redis/redisRulesWriter.ts"],"names":[],"mappings":"AAeA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAC;AAC9C,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,OAAO,CAAC;AAE7C,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAClD,OAAO,KAAK,EACX,eAAe,EACf,iBAAiB,EACjB,MAAM,yBAAyB,CAAC;AAMjC,qBAAa,gBAAiB,YAAW,iBAAiB;IAExD,OAAO,CAAC,QAAQ,CAAC,MAAM;IACvB,OAAO,CAAC,QAAQ,CAAC,MAAM;gBADN,MAAM,EAAE,eAAe,EACvB,MAAM,EAAE,MAAM;IAG1B,WAAW,CAAC,WAAW,EAAE,eAAe,EAAE,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IAa9D,WAAW,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC;IAkB7C,cAAc,IAAI,OAAO,CAAC,MAAM,CAAC;cAsBvB,iBAAiB,CAChC,WAAW,EAAE,eAAe,EAAE,GAC5B,OAAO,CAAC,MAAM,EAAE,CAAC;CA+BpB;AAED,eAAO,MAAM,iBAAiB,SAAU,UAAU,KAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAGxE,CAAC;AAEH,qBAAa,qBAAsB,YAAW,iBAAiB;IAClD,OAAO,CAAC,QAAQ,CAAC,MAAM;gBAAN,MAAM,EAAE,MAAM;IAErC,WAAW,CAAC,WAAW,EAAE,eAAe,EAAE,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IAW9D,WAAW,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC;IAS7C,cAAc,IAAI,OAAO,CAAC,MAAM,CAAC;CAOvC"}

package/dist/redis/redisRulesWriter.js

@@ -54,6 +54,12 @@ class RedisRulesWriter {
       const ruleValue = getRedisRuleValue(rule);
       queries.hSet(ruleKey, ruleValue);
       if (expiresUnixTimestamp) {
+        const MILLISECOND_THRESHOLD = 1e10;
+        if (expiresUnixTimestamp > MILLISECOND_THRESHOLD) {
+          throw new Error(
+            `Invalid expiry timestamp: ${expiresUnixTimestamp}. Timestamp must be in seconds, not milliseconds.`
+          );
+        }
         queries.expireAt(ruleKey, expiresUnixTimestamp);
       }
       return ruleKey;

package/dist/redis/redisRulesWriter.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"redisRulesWriter.js","sourceRoot":"","sources":["../../src/redis/redisRulesWriter.ts"],"names":[],"mappings":"AAcA,OAAO,EAAE,gBAAgB,EAAE,0BAA0B,EAAE,MAAM,iBAAiB,CAAC;AAG/E,OAAO,EAAE,gBAAgB,EAAE,MAAM,8BAA8B,CAAC;AAMhE,OAAO,EACN,4BAA4B,EAC5B,qBAAqB,GACrB,MAAM,qBAAqB,CAAC;AAE7B,MAAM,OAAO,gBAAgB;IAC5B,YACkB,MAAuB,EACvB,MAAc;QADd,WAAM,GAAN,MAAM,CAAiB;QACvB,WAAM,GAAN,MAAM,CAAQ;IAC7B,CAAC;IAEJ,KAAK,CAAC,WAAW,CAAC,WAA8B;QAC/C,MAAM,YAAY,GAAG,gBAAgB,CAAC,WAAW,EAAE,gBAAgB,CAAC,CAAC;QAErE,MAAM,UAAU,GAAG,MAAM,0BAA0B,CAClD,YAAY,EACZ,KAAK,EAAE,YAAY,EAAE,EAAE,CAAC,IAAI,CAAC,iBAAiB,CAAC,YAAY,CAAC,CAC5D,CAAC;QAEF,OAAO,UAAU,CAAC,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CACrC,OAAO,CAAC,KAAK,CAAC,4BAA4B,CAAC,MAAM,CAAC,CAClD,CAAC;IACH,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,OAAiB;QAClC,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAC3B,CAAC,MAAM,EAAE,EAAE,CAAC,4BAA4B,GAAG,MAAM,CACjD,CAAC;QAEF,MAAM,UAAU,GAAG,gBAAgB,CAAC,QAAQ,EAAE,gBAAgB,CAAC,CAAC;QAEhE,MAAM,0BAA0B,CAAC,UAAU,EAAE,KAAK,EAAE,SAAS,EAAE,EAAE;YAChE,MAAM,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;YAEpC,KAAK,MAAM,OAAO,IAAI,SAAS,EAAE,CAAC;gBACjC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YACtB,CAAC;YAED,MAAM,OAAO,CAAC,IAAI,EAAE,CAAC;QACtB,CAAC,CAAC,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,cAAc;QACnB,IAAI,MAAM,GAAG,GAAG,CAAC;QACjB,IAAI,KAAK,GAAG,CAAC,CAAC;QAEd,GAAG,CAAC;YACH,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE;gBAC5C,KAAK,EAAE,GAAG,4BAA4B,GAAG;gBACzC,KAAK,EAAE,gBAAgB;aACvB,CAAC,CAAC;YAEH,MAAM,GAAG,GAAG,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAClC,GAAG,CAAC,KAAK,CAAC,4BAA4B,CAAC,MAAM,CAAC,CAC9C,CAAC;YACF,MAAM,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;YAE5B,KAAK,IAAI,GAAG,CAAC,MAAM,CAAC;YACpB,MAAM,GAAG,KAAK,CAAC,MAAM,CAAC;QACvB,CAAC,QAAQ,GAAG,KAAK,MAAM,EAAE;QAEzB,OAAO,KAAK,CAAC;IACd,CAAC;IAES,KAAK,CAAC,iBAAiB,CAChC,WAA8B;QAE9B,MAAM,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;QAEpC,MAAM,QAAQ,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC,SAAS,EAAE,EAAE;YAC9C,MAAM,EAAE,IAAI,EAAE,oBAAoB,EAAE,GAAG,SAAS,CAAC;YAEjD,MAAM,OAAO,GAAG,qBAAqB,CAAC,IAAI,CAAC,CAAC;YAC5C,MAAM,SAAS,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;YAE1C,OAAO,CAAC,IAAI,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;YAEjC,IAAI,oBAAoB,EAAE,CAAC;gBAI1B,MAAM,qBAAqB,GAAG,cAAc,CAAC;gBAC7C,IAAI,oBAAoB,GAAG,qBAAqB,EAAE,CAAC;oBAClD,MAAM,IAAI,KAAK,CACd,6BAA6B,oBAAoB,mDAAmD,CACpG,CAAC;gBACH,CAAC;gBACD,OAAO,CAAC,QAAQ,CAAC,OAAO,EAAE,oBAAoB,CAAC,CAAC;YACjD,CAAC;YAED,OAAO,OAAO,CAAC;QAChB,CAAC,CAAC,CAAC;QAEH,MAAM,OAAO,CAAC,IAAI,EAAE,CAAC;QAErB,OAAO,QAAQ,CAAC;IACjB,CAAC;CACD;AAED,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC,IAAgB,EAA0B,EAAE,CAC7E,MAAM,CAAC,WAAW,CACjB,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAChE,CAAC;AAEH,MAAM,OAAO,qBAAqB;IACjC,YAA6B,MAAc;QAAd,WAAM,GAAN,MAAM,CAAQ;IAAG,CAAC;IAE/C,KAAK,CAAC,WAAW,CAAC,WAA8B;QAC/C,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;YACvB,GAAG,EAAE,wDAAwD;YAC7D,IAAI,EAAE;gBACL,WAAW;aACX;SACD,CAAC,CAAC,CAAC;QAEJ,OAAO,EAAE,CAAC;IACX,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,OAAiB;QAClC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;YACvB,GAAG,EAAE,wDAAwD;YAC7D,IAAI,EAAE;gBACL,OAAO;aACP;SACD,CAAC,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,cAAc;QACnB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;YACvB,GAAG,EAAE,2DAA2D;SAChE,CAAC,CAAC,CAAC;QAEJ,OAAO,CAAC,CAAC;IACV,CAAC;CACD"}

package/dist/rule.d.ts

@@ -0,0 +1,37 @@
+import type { CaptchaType } from "@prosopo/types";
+export declare enum AccessPolicyType {
+    Block = "block",
+    Restrict = "restrict"
+}
+export type AccessPolicy = {
+    type: AccessPolicyType;
+    captchaType?: CaptchaType;
+    description?: string;
+    solvedImagesCount?: number;
+    imageThreshold?: number;
+    powDifficulty?: number;
+    unsolvedImagesCount?: number;
+    frictionlessScore?: number;
+};
+export type PolicyScope = {
+    clientId?: string;
+};
+export type UserIp = {
+    numericIp?: bigint;
+    numericIpMaskMin?: bigint;
+    numericIpMaskMax?: bigint;
+};
+export type UserAttributes = {
+    userId?: string;
+    ja4Hash?: string;
+    headersHash?: string;
+    userAgentHash?: string;
+    headHash?: string;
+    coords?: string;
+    countryCode?: string;
+};
+export type UserScope = UserAttributes & UserIp;
+export type AccessRule = AccessPolicy & PolicyScope & UserScope & {
+    groupId?: string;
+};
+//# sourceMappingURL=rule.d.ts.map

package/dist/rule.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"rule.d.ts","sourceRoot":"","sources":["../src/rule.ts"],"names":[],"mappings":"AAaA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAElD,oBAAY,gBAAgB;IAC3B,KAAK,UAAU;IACf,QAAQ,aAAa;CACrB;AAED,MAAM,MAAM,YAAY,GAAG;IAC1B,IAAI,EAAE,gBAAgB,CAAC;IACvB,WAAW,CAAC,EAAE,WAAW,CAAC;IAC1B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,iBAAiB,CAAC,EAAE,MAAM,CAAC;CAC3B,CAAC;AAEF,MAAM,MAAM,WAAW,GAAG;IACzB,QAAQ,CAAC,EAAE,MAAM,CAAC;CAClB,CAAC;AAEF,MAAM,MAAM,MAAM,GAAG;IACpB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,gBAAgB,CAAC,EAAE,MAAM,CAAC;CAC1B,CAAC;AAEF,MAAM,MAAM,cAAc,GAAG;IAC5B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAC;CACrB,CAAC;AAEF,MAAM,MAAM,SAAS,GAAG,cAAc,GAAG,MAAM,CAAC;AAGhD,MAAM,MAAM,UAAU,GAAG,YAAY,GACpC,WAAW,GACX,SAAS,GAAG;IACX,OAAO,CAAC,EAAE,MAAM,CAAC;CACjB,CAAC"}

package/dist/rule.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"rule.js","sourceRoot":"","sources":["../src/rule.ts"],"names":[],"mappings":"AAeA,MAAM,CAAN,IAAY,gBAGX;AAHD,WAAY,gBAAgB;IAC3B,mCAAe,CAAA;IACf,yCAAqB,CAAA;AACtB,CAAC,EAHW,gBAAgB,KAAhB,gBAAgB,QAG3B"}

package/dist/ruleInput/.export.d.ts

@@ -0,0 +1,4 @@
+export { accessRuleInput, type AccessRulesFilterInput } from "./ruleInput.js";
+export { accessPolicyInput, policyScopeInput } from "./policyInput.js";
+export { userScopeInput } from "./userScopeInput.js";
+//# sourceMappingURL=.export.d.ts.map

package/dist/ruleInput/.export.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":".export.d.ts","sourceRoot":"","sources":["../../src/ruleInput/.export.ts"],"names":[],"mappings":"AAcA,OAAO,EAAE,eAAe,EAAE,KAAK,sBAAsB,EAAE,MAAM,gBAAgB,CAAC;AAE9E,OAAO,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AAEvE,OAAO,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC"}

package/dist/ruleInput/.export.js.map

@@ -0,0 +1 @@
+{"version":3,"file":".export.js","sourceRoot":"","sources":["../../src/ruleInput/.export.ts"],"names":[],"mappings":"AAcA,OAAO,EAAE,eAAe,EAA+B,MAAM,gBAAgB,CAAC;AAE9E,OAAO,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AAEvE,OAAO,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC"}

package/dist/ruleInput/policyInput.d.ts

@@ -0,0 +1,39 @@
+import { z } from "zod";
+import { type AccessPolicy, AccessPolicyType } from "#policy/rule.js";
+export declare const accessPolicyInput: z.ZodObject<{
+    type: z.ZodNativeEnum<typeof AccessPolicyType>;
+    captchaType: z.ZodOptional<z.ZodNativeEnum<typeof import("@prosopo/types").CaptchaType>>;
+    description: z.ZodOptional<z.ZodString>;
+    solvedImagesCount: z.ZodOptional<z.ZodNumber>;
+    imageThreshold: z.ZodOptional<z.ZodNumber>;
+    powDifficulty: z.ZodOptional<z.ZodNumber>;
+    unsolvedImagesCount: z.ZodOptional<z.ZodNumber>;
+    frictionlessScore: z.ZodOptional<z.ZodNumber>;
+}, "strip", z.ZodTypeAny, {
+    type: AccessPolicyType;
+    captchaType?: import("@prosopo/types").CaptchaType | undefined;
+    description?: string | undefined;
+    solvedImagesCount?: number | undefined;
+    imageThreshold?: number | undefined;
+    powDifficulty?: number | undefined;
+    unsolvedImagesCount?: number | undefined;
+    frictionlessScore?: number | undefined;
+}, {
+    type: AccessPolicyType;
+    captchaType?: import("@prosopo/types").CaptchaType | undefined;
+    description?: string | undefined;
+    solvedImagesCount?: number | undefined;
+    imageThreshold?: number | undefined;
+    powDifficulty?: number | undefined;
+    unsolvedImagesCount?: number | undefined;
+    frictionlessScore?: number | undefined;
+}>;
+export declare const sanitizeAccessPolicy: (policy: AccessPolicy) => AccessPolicy;
+export declare const policyScopeInput: z.ZodObject<{
+    clientId: z.ZodOptional<z.ZodString>;
+}, "strip", z.ZodTypeAny, {
+    clientId?: string | undefined;
+}, {
+    clientId?: string | undefined;
+}>;
+//# sourceMappingURL=policyInput.d.ts.map

package/dist/ruleInput/policyInput.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"policyInput.d.ts","sourceRoot":"","sources":["../../src/ruleInput/policyInput.ts"],"names":[],"mappings":"AAgBA,OAAO,EAAgB,CAAC,EAAE,MAAM,KAAK,CAAC;AACtC,OAAO,EACN,KAAK,YAAY,EACjB,gBAAgB,EAEhB,MAAM,iBAAiB,CAAC;AAEzB,eAAO,MAAM,iBAAiB;;;;;;;;;;;;;;;;;;;;;;;;;;;EAcoC,CAAC;AAGnE,eAAO,MAAM,oBAAoB,WAAY,YAAY,KAAG,YAM3D,CAAC;AAEF,eAAO,MAAM,gBAAgB;;;;;;EAEmC,CAAC"}

package/dist/ruleInput/policyInput.js

@@ -16,10 +16,18 @@ const accessPolicyInput = z.object({
   // used to increase the user's score
   frictionlessScore: z.coerce.number().optional()
 });
+const sanitizeAccessPolicy = (policy) => {
+  if (policy.type === AccessPolicyType.Block) {
+    const { captchaType, solvedImagesCount, ...blockPolicy } = policy;
+    return blockPolicy;
+  }
+  return policy;
+};
 const policyScopeInput = z.object({
   clientId: z.coerce.string().optional()
 });
 export {
   accessPolicyInput,
-  policyScopeInput
+  policyScopeInput,
+  sanitizeAccessPolicy
 };

package/dist/ruleInput/policyInput.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"policyInput.js","sourceRoot":"","sources":["../../src/ruleInput/policyInput.ts"],"names":[],"mappings":"AAeA,OAAO,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAC;AACnD,OAAO,EAAgB,CAAC,EAAE,MAAM,KAAK,CAAC;AACtC,OAAO,EAEN,gBAAgB,GAEhB,MAAM,iBAAiB,CAAC;AAEzB,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC,CAAC,MAAM,CAAC;IACzC,IAAI,EAAE,CAAC,CAAC,UAAU,CAAC,gBAAgB,CAAC;IACpC,WAAW,EAAE,iBAAiB,CAAC,QAAQ,EAAE;IACzC,WAAW,EAAE,CAAC,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAEzC,iBAAiB,EAAE,CAAC,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAE/C,cAAc,EAAE,CAAC,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAE5C,aAAa,EAAE,CAAC,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAE3C,mBAAmB,EAAE,CAAC,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAEjD,iBAAiB,EAAE,CAAC,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CACf,CAAiC,CAAC;AAGnE,MAAM,CAAC,MAAM,oBAAoB,GAAG,CAAC,MAAoB,EAAgB,EAAE;IAC1E,IAAI,MAAM,CAAC,IAAI,KAAK,gBAAgB,CAAC,KAAK,EAAE,CAAC;QAC5C,MAAM,EAAE,WAAW,EAAE,iBAAiB,EAAE,GAAG,WAAW,EAAE,GAAG,MAAM,CAAC;QAClE,OAAO,WAAW,CAAC;IACpB,CAAC;IACD,OAAO,MAAM,CAAC;AACf,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,CAAC,MAAM,CAAC;IACxC,QAAQ,EAAE,CAAC,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CACP,CAAgC,CAAC"}