npm - @prosopo/user-access-policy - Versions diffs - 3.5.32 → 3.7.11 - Mend

@prosopo/user-access-policy 3.5.32 → 3.7.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (214) hide show

package/.turbo/turbo-build$colon$cjs.log +23 -21
package/.turbo/turbo-build$colon$tsc.log +41 -0
package/.turbo/turbo-build.log +28 -22
package/CHANGELOG.md +393 -0
package/dist/.export.d.ts +6 -0
package/dist/.export.d.ts.map +1 -0
package/dist/.export.js.map +1 -0
package/dist/api/.export.d.ts +7 -0
package/dist/api/.export.d.ts.map +1 -0
package/dist/api/.export.js.map +1 -0
package/dist/api/accessRulesApiClient.d.ts +2 -0
package/dist/api/accessRulesApiClient.d.ts.map +1 -0
package/dist/api/accessRulesApiClient.js +2 -0
package/dist/api/accessRulesApiClient.js.map +1 -0
package/dist/api/delete/.export.d.ts +2 -0
package/dist/api/delete/.export.d.ts.map +1 -0
package/dist/api/delete/.export.js.map +1 -0
package/dist/api/delete/deleteAllRules.d.ts +11 -0
package/dist/api/delete/deleteAllRules.d.ts.map +1 -0
package/dist/api/delete/deleteAllRules.js +3 -2
package/dist/api/delete/deleteAllRules.js.map +1 -0
package/dist/api/delete/deleteRuleGroups.d.ts +19 -0
package/dist/api/delete/deleteRuleGroups.d.ts.map +1 -0
package/dist/api/delete/deleteRuleGroups.js +3 -2
package/dist/api/delete/deleteRuleGroups.js.map +1 -0
package/dist/api/delete/deleteRules.d.ts +15 -0
package/dist/api/delete/deleteRules.d.ts.map +1 -0
package/dist/api/delete/deleteRules.js +3 -2
package/dist/api/delete/deleteRules.js.map +1 -0
package/dist/api/read/.export.d.ts +4 -0
package/dist/api/read/.export.d.ts.map +1 -0
package/dist/api/read/.export.js.map +1 -0
package/dist/api/read/fetchRules.d.ts +53 -0
package/dist/api/read/fetchRules.d.ts.map +1 -0
package/dist/api/read/fetchRules.js +4 -3
package/dist/api/read/fetchRules.js.map +1 -0
package/dist/api/read/findRuleIds.d.ts +28 -0
package/dist/api/read/findRuleIds.d.ts.map +1 -0
package/dist/api/read/findRuleIds.js +3 -2
package/dist/api/read/findRuleIds.js.map +1 -0
package/dist/api/read/getMissingIds.d.ts +28 -0
package/dist/api/read/getMissingIds.d.ts.map +1 -0
package/dist/api/read/getMissingIds.js +4 -3
package/dist/api/read/getMissingIds.js.map +1 -0
package/dist/api/ruleApiRoutes.d.ts +43 -0
package/dist/api/ruleApiRoutes.d.ts.map +1 -0
package/dist/api/ruleApiRoutes.js.map +1 -0
package/dist/api/rulesApiClient.d.ts +20 -0
package/dist/api/rulesApiClient.d.ts.map +1 -0
package/dist/api/rulesApiClient.js +18 -19
package/dist/api/rulesApiClient.js.map +1 -0
package/dist/api/write/.export.d.ts +2 -0
package/dist/api/write/.export.d.ts.map +1 -0
package/dist/api/write/.export.js.map +1 -0
package/dist/api/write/insertRules.d.ts +29 -0
package/dist/api/write/insertRules.d.ts.map +1 -0
package/dist/api/write/insertRules.js +12 -9
package/dist/api/write/insertRules.js.map +1 -0
package/dist/api/write/rehashRules.d.ts +11 -0
package/dist/api/write/rehashRules.d.ts.map +1 -0
package/dist/api/write/rehashRules.js +7 -6
package/dist/api/write/rehashRules.js.map +1 -0
package/dist/cjs/api/delete/deleteAllRules.cjs +3 -2
package/dist/cjs/api/delete/deleteRuleGroups.cjs +3 -2
package/dist/cjs/api/delete/deleteRules.cjs +3 -2
package/dist/cjs/api/read/fetchRules.cjs +4 -3
package/dist/cjs/api/read/findRuleIds.cjs +3 -2
package/dist/cjs/api/read/getMissingIds.cjs +4 -3
package/dist/cjs/api/rulesApiClient.cjs +18 -19
package/dist/cjs/api/write/insertRules.cjs +13 -10
package/dist/cjs/api/write/rehashRules.cjs +7 -6
package/dist/cjs/mongoose/mongooseRuleSchema.cjs +4 -1
package/dist/cjs/redis/reader/redisRulesQuery.cjs +18 -1
package/dist/cjs/redis/reader/redisRulesReader.cjs +13 -4
package/dist/cjs/redis/redisRuleIndex.cjs +5 -1
package/dist/cjs/redis/redisRulesWriter.cjs +6 -0
package/dist/cjs/ruleInput/policyInput.cjs +8 -0
package/dist/cjs/ruleInput/userScopeInput.cjs +4 -1
package/dist/cjs/ruleRecord.cjs +4 -1
package/dist/mongoose/.export.d.ts +2 -0
package/dist/mongoose/.export.d.ts.map +1 -0
package/dist/mongoose/.export.js.map +1 -0
package/dist/mongoose/mongooseRuleSchema.d.ts +4 -0
package/dist/mongoose/mongooseRuleSchema.d.ts.map +1 -0
package/dist/mongoose/mongooseRuleSchema.js +4 -1
package/dist/mongoose/mongooseRuleSchema.js.map +1 -0
package/dist/redis/.export.d.ts +3 -0
package/dist/redis/.export.d.ts.map +1 -0
package/dist/redis/.export.js.map +1 -0
package/dist/redis/reader/redisAggregate.d.ts +4 -0
package/dist/redis/reader/redisAggregate.d.ts.map +1 -0
package/dist/redis/reader/redisAggregate.js.map +1 -0
package/dist/redis/reader/redisRulesQuery.d.ts +4 -0
package/dist/redis/reader/redisRulesQuery.d.ts.map +1 -0
package/dist/redis/reader/redisRulesQuery.js +18 -1
package/dist/redis/reader/redisRulesQuery.js.map +1 -0
package/dist/redis/reader/redisRulesReader.d.ts +26 -0
package/dist/redis/reader/redisRulesReader.d.ts.map +1 -0
package/dist/redis/reader/redisRulesReader.js +14 -5
package/dist/redis/reader/redisRulesReader.js.map +1 -0
package/dist/redis/redisClient.d.ts +11 -0
package/dist/redis/redisClient.d.ts.map +1 -0
package/dist/redis/redisClient.js.map +1 -0
package/dist/redis/redisRuleIndex.d.ts +13 -0
package/dist/redis/redisRuleIndex.d.ts.map +1 -0
package/dist/redis/redisRuleIndex.js +5 -1
package/dist/redis/redisRuleIndex.js.map +1 -0
package/dist/redis/redisRulesStorage.d.ts +5 -0
package/dist/redis/redisRulesStorage.d.ts.map +1 -0
package/dist/redis/redisRulesStorage.js.map +1 -0
package/dist/redis/redisRulesWriter.d.ts +22 -0
package/dist/redis/redisRulesWriter.d.ts.map +1 -0
package/dist/redis/redisRulesWriter.js +6 -0
package/dist/redis/redisRulesWriter.js.map +1 -0
package/dist/rule.d.ts +37 -0
package/dist/rule.d.ts.map +1 -0
package/dist/rule.js.map +1 -0
package/dist/ruleInput/.export.d.ts +4 -0
package/dist/ruleInput/.export.d.ts.map +1 -0
package/dist/ruleInput/.export.js.map +1 -0
package/dist/ruleInput/policyInput.d.ts +39 -0
package/dist/ruleInput/policyInput.d.ts.map +1 -0
package/dist/ruleInput/policyInput.js +9 -1
package/dist/ruleInput/policyInput.js.map +1 -0
package/dist/ruleInput/ruleInput.d.ts +163 -0
package/dist/ruleInput/ruleInput.d.ts.map +1 -0
package/dist/ruleInput/ruleInput.js.map +1 -0
package/dist/ruleInput/userScopeInput.d.ts +117 -0
package/dist/ruleInput/userScopeInput.d.ts.map +1 -0
package/dist/ruleInput/userScopeInput.js +4 -1
package/dist/ruleInput/userScopeInput.js.map +1 -0
package/dist/ruleRecord.d.ts +18 -0
package/dist/ruleRecord.d.ts.map +1 -0
package/dist/ruleRecord.js +4 -1
package/dist/ruleRecord.js.map +1 -0
package/dist/rulesStorage.d.ts +30 -0
package/dist/rulesStorage.d.ts.map +1 -0
package/dist/rulesStorage.js.map +1 -0
package/dist/tests/insertRulesEndpoint.unit.test.d.ts +2 -0
package/dist/tests/insertRulesEndpoint.unit.test.d.ts.map +1 -0
package/dist/tests/insertRulesEndpoint.unit.test.js +57 -0
package/dist/tests/insertRulesEndpoint.unit.test.js.map +1 -0
package/dist/tests/policyInput.unit.test.d.ts +2 -0
package/dist/tests/policyInput.unit.test.d.ts.map +1 -0
package/dist/tests/policyInput.unit.test.js +116 -0
package/dist/tests/policyInput.unit.test.js.map +1 -0
package/dist/tests/redis/reader/redisRulesQuery.unit.test.d.ts +2 -0
package/dist/tests/redis/reader/redisRulesQuery.unit.test.d.ts.map +1 -0
package/dist/tests/redis/reader/redisRulesQuery.unit.test.js +199 -0
package/dist/tests/redis/reader/redisRulesQuery.unit.test.js.map +1 -0
package/dist/tests/redis/redisRulesStorage.integration.test.d.ts +2 -0
package/dist/tests/redis/redisRulesStorage.integration.test.d.ts.map +1 -0
package/dist/tests/redis/redisRulesStorage.integration.test.js +831 -0
package/dist/tests/redis/redisRulesStorage.integration.test.js.map +1 -0
package/dist/tests/testLogger.d.ts +4 -0
package/dist/tests/testLogger.d.ts.map +1 -0
package/dist/tests/testLogger.js +22 -0
package/dist/tests/testLogger.js.map +1 -0
package/dist/tests/transformRule.unit.test.d.ts +2 -0
package/dist/tests/transformRule.unit.test.d.ts.map +1 -0
package/dist/tests/transformRule.unit.test.js +191 -0
package/dist/tests/transformRule.unit.test.js.map +1 -0
package/dist/transformRule.d.ts +7 -0
package/dist/transformRule.d.ts.map +1 -0
package/dist/transformRule.js.map +1 -0
package/entries.ts +1 -1
package/package.json +18 -12
package/src/.export.ts +44 -0
package/src/api/.export.ts +25 -0
package/src/api/accessRulesApiClient.ts +13 -0
package/src/api/delete/.export.ts +18 -0
package/src/api/delete/deleteAllRules.ts +47 -0
package/src/api/delete/deleteRuleGroups.ts +96 -0
package/src/api/delete/deleteRules.ts +81 -0
package/src/api/read/.export.ts +25 -0
package/src/api/read/fetchRules.ts +88 -0
package/src/api/read/findRuleIds.ts +95 -0
package/src/api/read/getMissingIds.ts +81 -0
package/src/api/ruleApiRoutes.ts +146 -0
package/src/api/rulesApiClient.ts +154 -0
package/src/api/write/.export.ts +15 -0
package/src/api/write/insertRules.ts +183 -0
package/src/api/write/rehashRules.ts +85 -0
package/src/mongoose/.export.ts +15 -0
package/src/mongoose/mongooseRuleSchema.ts +65 -0
package/src/redis/.export.ts +17 -0
package/src/redis/reader/redisAggregate.ts +103 -0
package/src/redis/reader/redisRulesQuery.ts +217 -0
package/src/redis/reader/redisRulesReader.ts +318 -0
package/src/redis/redisClient.ts +120 -0
package/src/redis/redisRuleIndex.ts +85 -0
package/src/redis/redisRulesStorage.ts +68 -0
package/src/redis/redisRulesWriter.ts +158 -0
package/src/rule.ts +59 -0
package/src/ruleInput/.export.ts +19 -0
package/src/ruleInput/policyInput.ts +51 -0
package/src/ruleInput/ruleInput.ts +103 -0
package/src/ruleInput/userScopeInput.ts +108 -0
package/src/ruleRecord.ts +69 -0
package/src/rulesStorage.ts +72 -0
package/src/tests/insertRulesEndpoint.unit.test.ts +89 -0
package/src/tests/policyInput.unit.test.ts +150 -0
package/src/tests/redis/reader/redisRulesQuery.unit.test.ts +284 -0
package/src/tests/redis/redisRulesStorage.integration.test.ts +1156 -0
package/src/tests/testLogger.ts +38 -0
package/src/tests/transformRule.unit.test.ts +255 -0
package/src/transformRule.ts +128 -0
package/tsconfig.cjs.json +41 -0
package/tsconfig.json +47 -0
package/tsconfig.tsbuildinfo +1 -0
package/tsconfig.types.json +9 -0
package/vite.cjs.config.ts +1 -1
package/vite.esm.config.ts +1 -1
package/vite.test.config.ts +1 -1

package/src/api/delete/deleteRules.ts ADDED Viewed

@@ -0,0 +1,81 @@
+// Copyright 2021-2026 Prosopo (UK) Ltd.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+import {
+	type ApiEndpoint,
+	type ApiEndpointResponse,
+	ApiEndpointResponseStatus,
+} from "@prosopo/api-route";
+import { executeBatchesSequentially } from "@prosopo/common";
+import type { Logger } from "@prosopo/logger";
+import { type ZodType, z } from "zod";
+import {
+	type AccessRulesFilterInput,
+	accessRulesFilterInput,
+	getAccessRuleFiltersFromInput,
+} from "#policy/ruleInput/ruleInput.js";
+import type { AccessRulesStorage } from "#policy/rulesStorage.js";
+type DeleteRulesSchema = ZodType<AccessRulesFilterInput[]>;
+export class DeleteRulesEndpoint implements ApiEndpoint<DeleteRulesSchema> {
+	public constructor(
+		private readonly accessRulesStorage: AccessRulesStorage,
+		private readonly logger: Logger,
+	) {}
+	public getRequestArgsSchema(): DeleteRulesSchema {
+		return z.array(accessRulesFilterInput);
+	}
+	async processRequest(
+		args: AccessRulesFilterInput[],
+		logger?: Logger,
+	): Promise<ApiEndpointResponse> {
+		const log = logger ?? this.logger;
+		let deletedCount = 0;
+		for (const rulesFilterInput of args) {
+			const ruleFilters = getAccessRuleFiltersFromInput(rulesFilterInput);
+			await executeBatchesSequentially(ruleFilters, async (ruleFilter) => {
+				const ruleIds = await this.accessRulesStorage.findRuleIds(ruleFilter);
+				// Set() automatically removes duplicates
+				const uniqueRuleIds = [...new Set(ruleIds)];
+				if (uniqueRuleIds.length > 0) {
+					await this.accessRulesStorage.deleteRules(uniqueRuleIds);
+					deletedCount += uniqueRuleIds.length;
+					log.info(() => ({
+						msg: "Endpoint deleted rules",
+						data: {
+							rulesFilterInput,
+							uniqueRuleIds,
+						},
+					}));
+				}
+			});
+		}
+		return {
+			status: ApiEndpointResponseStatus.SUCCESS,
+			data: {
+				deleted_count: deletedCount,
+			},
+		};
+	}
+}

package/src/api/read/.export.ts ADDED Viewed

@@ -0,0 +1,25 @@
+// Copyright 2021-2026 Prosopo (UK) Ltd.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+export type {
+	RuleIdsResponse,
+	RuleIdsEndpointResponse,
+} from "./findRuleIds.js";
+export type {
+	FetchRulesOptions,
+	FetchRulesResponse,
+} from "./fetchRules.js";
+export type { MissingIds } from "./getMissingIds.js";

package/src/api/read/fetchRules.ts ADDED Viewed

@@ -0,0 +1,88 @@
+// Copyright 2021-2026 Prosopo (UK) Ltd.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+import {
+	type ApiEndpoint,
+	type ApiEndpointResponse,
+	ApiEndpointResponseStatus,
+} from "@prosopo/api-route";
+import type { AllKeys } from "@prosopo/common";
+import type { Logger } from "@prosopo/logger";
+import { type ZodType, z } from "zod";
+import { ruleEntryInput } from "#policy/ruleInput/ruleInput.js";
+import type {
+	AccessRuleEntry,
+	AccessRulesStorage,
+} from "#policy/rulesStorage.js";
+export type FetchRulesOptions = {
+	ids: string[];
+};
+type FetchRulesSchema = ZodType<FetchRulesOptions>;
+export type FetchRulesResponse = {
+	ruleEntries: AccessRuleEntry[];
+};
+export const fetchRulesResponse = z.object({
+	ruleEntries: ruleEntryInput.array(),
+} satisfies AllKeys<FetchRulesResponse>) satisfies ZodType<FetchRulesResponse>;
+export type FetchRulesEndpointResponse = ApiEndpointResponse & {
+	data?: FetchRulesResponse;
+};
+export class FetchRulesEndpoint implements ApiEndpoint<FetchRulesSchema> {
+	public constructor(
+		private readonly accessRulesStorage: AccessRulesStorage,
+		private readonly logger: Logger,
+	) {}
+	public getRequestArgsSchema(): FetchRulesSchema {
+		return z.object({
+			ids: z.string().array(),
+		} satisfies AllKeys<FetchRulesOptions>);
+	}
+	async processRequest(
+		args: FetchRulesOptions,
+		logger?: Logger,
+	): Promise<FetchRulesEndpointResponse> {
+		const log = logger ?? this.logger;
+		const ruleEntries = await this.accessRulesStorage.fetchRules(args.ids);
+		log.info(() => ({
+			msg: "Endpoint fetched rules",
+			data: {
+				requestedCount: args.ids.length,
+				foundCount: ruleEntries.length,
+			},
+		}));
+		log.debug(() => ({
+			msg: "Fetched rule details",
+			data: {
+				ruleEntries: ruleEntries,
+			},
+		}));
+		return {
+			status: ApiEndpointResponseStatus.SUCCESS,
+			data: {
+				ruleEntries: ruleEntries,
+			},
+		};
+	}
+}

package/src/api/read/findRuleIds.ts ADDED Viewed

@@ -0,0 +1,95 @@
+// Copyright 2021-2026 Prosopo (UK) Ltd.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+import {
+	type ApiEndpoint,
+	type ApiEndpointResponse,
+	ApiEndpointResponseStatus,
+} from "@prosopo/api-route";
+import { type AllKeys, executeBatchesSequentially } from "@prosopo/common";
+import type { Logger } from "@prosopo/logger";
+import { type ZodType, z } from "zod";
+import {
+	type AccessRulesFilterInput,
+	accessRulesFilterInput,
+	getAccessRuleFiltersFromInput,
+} from "#policy/ruleInput/ruleInput.js";
+import type { AccessRulesStorage } from "#policy/rulesStorage.js";
+type FindRulesSchema = ZodType<AccessRulesFilterInput[]>;
+export type RuleIdsResponse = {
+	ruleIds: string[];
+};
+export const ruleIdsResponse = z.object({
+	ruleIds: z.string().array(),
+} satisfies AllKeys<RuleIdsResponse>) satisfies ZodType<RuleIdsResponse>;
+export type RuleIdsEndpointResponse = ApiEndpointResponse & {
+	data?: RuleIdsResponse;
+};
+export class FindRuleIdsEndpoint implements ApiEndpoint<FindRulesSchema> {
+	public constructor(
+		private readonly accessRulesStorage: AccessRulesStorage,
+		private readonly logger: Logger,
+	) {}
+	public getRequestArgsSchema(): FindRulesSchema {
+		return z.array(accessRulesFilterInput);
+	}
+	async processRequest(
+		args: AccessRulesFilterInput[],
+		logger?: Logger,
+	): Promise<RuleIdsEndpointResponse> {
+		const log = logger ?? this.logger;
+		const ruleIdBatches = await executeBatchesSequentially(
+			args,
+			async (rulesFilterInput) => {
+				const ruleFilters = getAccessRuleFiltersFromInput(rulesFilterInput);
+				const ruleIds = await executeBatchesSequentially(
+					ruleFilters,
+					(ruleFilter) => this.accessRulesStorage.findRuleIds(ruleFilter),
+				);
+				return ruleIds.flat();
+			},
+		);
+		const ruleIds = ruleIdBatches.flat();
+		// Set() automatically removes duplicates
+		const uniqueRuleIds = [...new Set(ruleIds)];
+		log.info(() => ({
+			msg: "Endpoint found rules",
+			data: {
+				totalFoundCount: ruleIds.length,
+				uniqueFoundCount: uniqueRuleIds.length,
+				searchFilters: args,
+				foundIds: uniqueRuleIds,
+			},
+		}));
+		return {
+			status: ApiEndpointResponseStatus.SUCCESS,
+			data: {
+				ruleIds: uniqueRuleIds,
+			},
+		};
+	}
+}

package/src/api/read/getMissingIds.ts ADDED Viewed

@@ -0,0 +1,81 @@
+// Copyright 2021-2026 Prosopo (UK) Ltd.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+import {
+	type ApiEndpoint,
+	type ApiEndpointResponse,
+	ApiEndpointResponseStatus,
+} from "@prosopo/api-route";
+import type { AllKeys } from "@prosopo/common";
+import type { Logger } from "@prosopo/logger";
+import { type ZodType, z } from "zod";
+import type { AccessRulesStorage } from "#policy/rulesStorage.js";
+export type MissingIds = string[];
+type MissingIdsSchema = ZodType<MissingIds>;
+export type MissingIdsResponse = {
+	ids: string[];
+};
+export const missingIdsResponse = z.object({
+	ids: z.string().array(),
+} satisfies AllKeys<MissingIdsResponse>) satisfies ZodType<MissingIdsResponse>;
+export type MissingIdsEndpointResponse = ApiEndpointResponse & {
+	data?: MissingIdsResponse;
+};
+export class GetMissingIdsEndpoint implements ApiEndpoint<MissingIdsSchema> {
+	public constructor(
+		private readonly accessRulesStorage: AccessRulesStorage,
+		private readonly logger: Logger,
+	) {}
+	public getRequestArgsSchema(): MissingIdsSchema {
+		return z.string().array();
+	}
+	async processRequest(
+		args: MissingIds,
+		logger?: Logger,
+	): Promise<MissingIdsEndpointResponse> {
+		const log = logger ?? this.logger;
+		const missingIds = await this.accessRulesStorage.getMissingRuleIds(args);
+		log.info(() => ({
+			msg: "Endpoint checked missing ids",
+			data: {
+				idsToCheck: args.length,
+				missingIds: missingIds.length,
+			},
+		}));
+		log.debug(() => ({
+			msg: "Missing id details",
+			data: {
+				idsToCheck: args,
+				missingIds: missingIds,
+			},
+		}));
+		return {
+			status: ApiEndpointResponseStatus.SUCCESS,
+			data: {
+				ids: missingIds,
+			},
+		};
+	}
+}

package/src/api/ruleApiRoutes.ts ADDED Viewed

@@ -0,0 +1,146 @@
+// Copyright 2021-2026 Prosopo (UK) Ltd.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+import type {
+	ApiRouteLimits,
+	ApiRoutes,
+	ApiRoutesProvider,
+} from "@prosopo/api-route";
+import type { AllEnumValues } from "@prosopo/common";
+import type { Logger } from "@prosopo/logger";
+import { FetchRulesEndpoint } from "#policy/api/read/fetchRules.js";
+import { FindRuleIdsEndpoint } from "#policy/api/read/findRuleIds.js";
+import { GetMissingIdsEndpoint } from "#policy/api/read/getMissingIds.js";
+import { RehashRulesEndpoint } from "#policy/api/write/rehashRules.js";
+import type { AccessRulesStorage } from "#policy/rulesStorage.js";
+import { DeleteAllRulesEndpoint } from "./delete/deleteAllRules.js";
+import { DeleteRuleGroupsEndpoint } from "./delete/deleteRuleGroups.js";
+import { DeleteRulesEndpoint } from "./delete/deleteRules.js";
+import { InsertRulesEndpoint } from "./write/insertRules.js";
+export enum accessRuleApiPaths {
+	// delete
+	DELETE_ALL = "/v1/prosopo/user-access-policy/rules/delete-all",
+	DELETE_GROUPS = "/v1/prosopo/user-access-policy/rules/delete-groups",
+	DELETE_MANY = "/v1/prosopo/user-access-policy/rules/delete-many",
+	// read
+	FETCH_MANY = "/v1/prosopo/user-access-policy/rules/fetch-many",
+	FIND_IDS = "/v1/prosopo/user-access-policy/rules/find-ids",
+	GET_MISSING_IDS = "/v1/prosopo/user-access-policy/rules/get-missing-ids",
+	// write
+	INSERT_MANY = "/v1/prosopo/user-access-policy/rules/insert-many",
+	REHASH_ALL = "/v1/prosopo/user-access-policy/rules/rehash-all",
+}
+export class AccessRuleApiRoutes implements ApiRoutesProvider {
+	public constructor(
+		private readonly accessRulesStorage: AccessRulesStorage,
+		private readonly logger: Logger,
+	) {}
+	public getRoutes(): ApiRoutes {
+		return {
+			...this.makeDeleteEndpoints(),
+			...this.makeReadEndpoints(),
+			...this.makeWriteEndpoints(),
+		} satisfies AllEnumValues<accessRuleApiPaths>;
+	}
+	protected makeDeleteEndpoints() {
+		return {
+			[accessRuleApiPaths.DELETE_ALL]: new DeleteAllRulesEndpoint(
+				this.accessRulesStorage,
+				this.logger,
+			),
+			[accessRuleApiPaths.DELETE_GROUPS]: new DeleteRuleGroupsEndpoint(
+				this.accessRulesStorage,
+				this.logger,
+			),
+			[accessRuleApiPaths.DELETE_MANY]: new DeleteRulesEndpoint(
+				this.accessRulesStorage,
+				this.logger,
+			),
+		};
+	}
+	protected makeReadEndpoints() {
+		return {
+			[accessRuleApiPaths.FETCH_MANY]: new FetchRulesEndpoint(
+				this.accessRulesStorage,
+				this.logger,
+			),
+			[accessRuleApiPaths.FIND_IDS]: new FindRuleIdsEndpoint(
+				this.accessRulesStorage,
+				this.logger,
+			),
+			[accessRuleApiPaths.GET_MISSING_IDS]: new GetMissingIdsEndpoint(
+				this.accessRulesStorage,
+				this.logger,
+			),
+		};
+	}
+	protected makeWriteEndpoints() {
+		return {
+			[accessRuleApiPaths.INSERT_MANY]: new InsertRulesEndpoint(
+				this.accessRulesStorage,
+				this.logger,
+			),
+			[accessRuleApiPaths.REHASH_ALL]: new RehashRulesEndpoint(
+				this.accessRulesStorage,
+				this.logger,
+			),
+		};
+	}
+}
+export const getExpressApiRuleRateLimits =
+	(): ApiRouteLimits<accessRuleApiPaths> => {
+		const defaults = {
+			limit: 5,
+			windowSeconds: 10,
+		};
+		const defaultWindowMs = defaults.windowSeconds * 1_000;
+		const rateLimitEntries = Object.entries(accessRuleApiPaths).map(
+			([endpointName, endpointPath]) => [
+				endpointPath,
+				{
+					windowMs:
+						getIntEnvironmentVariable(
+							`PROSOPO_USER_ACCESS_POLICY_RULE_${endpointName}_WINDOW`,
+						) || defaultWindowMs,
+					limit:
+						getIntEnvironmentVariable(
+							`PROSOPO_USER_ACCESS_POLICY_RULE_${endpointName}_LIMIT`,
+						) || defaults.limit,
+				},
+			],
+		);
+		return Object.fromEntries(rateLimitEntries);
+	};
+const getIntEnvironmentVariable = (
+	variableName: string,
+): number | undefined => {
+	const variableValue = process.env[variableName];
+	const numericValue = variableValue
+		? Number.parseInt(variableValue)
+		: Number.NaN;
+	return Number.isInteger(numericValue) ? numericValue : undefined;
+};

package/src/api/rulesApiClient.ts ADDED Viewed

@@ -0,0 +1,154 @@
+// Copyright 2021-2026 Prosopo (UK) Ltd.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+import { ApiClient } from "@prosopo/api";
+import type { ApiEndpointResponse } from "@prosopo/api-route";
+import {
+	type FetchRulesEndpointResponse,
+	type FetchRulesOptions,
+	fetchRulesResponse,
+} from "#policy/api/read/fetchRules.js";
+import {
+	type RuleIdsEndpointResponse,
+	ruleIdsResponse,
+} from "#policy/api/read/findRuleIds.js";
+import {
+	type MissingIds,
+	type MissingIdsEndpointResponse,
+	missingIdsResponse,
+} from "#policy/api/read/getMissingIds.js";
+import type { AccessRulesFilterInput } from "#policy/ruleInput/ruleInput.js";
+import type { DeleteSiteGroups } from "./delete/deleteRuleGroups.js";
+import { accessRuleApiPaths } from "./ruleApiRoutes.js";
+import type { InsertRulesGroup } from "./write/insertRules.js";
+export class AccessRulesApiClient extends ApiClient {
+	//// delete
+	public deleteMany(
+		filters: AccessRulesFilterInput[],
+		jwt: string,
+	): Promise<ApiEndpointResponse> {
+		return this.post(
+			accessRuleApiPaths.DELETE_MANY,
+			filters,
+			this.getAuthHeaders(jwt),
+		);
+	}
+	public deleteGroups(
+		siteGroups: DeleteSiteGroups,
+		jwt: string,
+	): Promise<ApiEndpointResponse> {
+		return this.post(
+			accessRuleApiPaths.DELETE_GROUPS,
+			siteGroups,
+			this.getAuthHeaders(jwt),
+		);
+	}
+	public deleteAll(jwt: string): Promise<ApiEndpointResponse> {
+		return this.post(
+			accessRuleApiPaths.DELETE_ALL,
+			{},
+			this.getAuthHeaders(jwt),
+		);
+	}
+	//// read
+	public async getMissingIds(
+		idsToCheck: MissingIds,
+		jwt: string,
+	): Promise<MissingIdsEndpointResponse> {
+		const endpointResponse: ApiEndpointResponse = await this.post(
+			accessRuleApiPaths.GET_MISSING_IDS,
+			idsToCheck,
+			this.getAuthHeaders(jwt),
+		);
+		const parsedData = missingIdsResponse.safeParse(endpointResponse.data);
+		return {
+			...endpointResponse,
+			data: parsedData.success ? parsedData.data : undefined,
+		};
+	}
+	public async fetchMany(
+		fetchOptions: FetchRulesOptions,
+		jwt: string,
+	): Promise<FetchRulesEndpointResponse> {
+		const endpointResponse: ApiEndpointResponse = await this.post(
+			accessRuleApiPaths.FETCH_MANY,
+			fetchOptions,
+			this.getAuthHeaders(jwt),
+		);
+		const parsedData = fetchRulesResponse.safeParse(endpointResponse.data);
+		return {
+			...endpointResponse,
+			data: parsedData.success ? parsedData.data : undefined,
+		};
+	}
+	public async findIds(
+		filters: AccessRulesFilterInput[],
+		jwt: string,
+	): Promise<RuleIdsEndpointResponse> {
+		const endpointResponse: ApiEndpointResponse = await this.post(
+			accessRuleApiPaths.FIND_IDS,
+			filters,
+			this.getAuthHeaders(jwt),
+		);
+		const parsedData = ruleIdsResponse.safeParse(endpointResponse.data);
+		return {
+			...endpointResponse,
+			data: parsedData.success ? parsedData.data : undefined,
+		};
+	}
+	//// write
+	public async rehashAll(jwt: string): Promise<ApiEndpointResponse> {
+		return this.post(
+			accessRuleApiPaths.REHASH_ALL,
+			{},
+			this.getAuthHeaders(jwt),
+		);
+	}
+	public insertMany(
+		ruleGroups: InsertRulesGroup[],
+		jwt: string,
+	): Promise<ApiEndpointResponse> {
+		return this.post(
+			accessRuleApiPaths.INSERT_MANY,
+			ruleGroups,
+			this.getAuthHeaders(jwt),
+		);
+	}
+	protected getAuthHeaders(jwt: string): RequestInit {
+		return {
+			headers: {
+				"Prosopo-Site-Key": this.account,
+				Authorization: `Bearer ${jwt}`,
+			},
+		};
+	}
+}

package/src/api/write/.export.ts ADDED Viewed

@@ -0,0 +1,15 @@
+// Copyright 2021-2026 Prosopo (UK) Ltd.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+export type { InsertRulesGroup } from "./insertRules.js";