@prosopo/user-access-policy 3.7.12 → 3.8.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.turbo/turbo-build$colon$cjs.log +7 -7
- package/.turbo/turbo-build$colon$tsc.log +14 -14
- package/.turbo/turbo-build.log +7 -7
- package/CHANGELOG.md +13 -0
- package/dist/cjs/mongoose/mongooseRuleSchema.cjs +2 -1
- package/dist/cjs/redis/reader/redisRulesQuery.cjs +4 -0
- package/dist/cjs/redis/redisRuleIndex.cjs +2 -1
- package/dist/cjs/ruleInput/userScopeInput.cjs +2 -1
- package/dist/cjs/ruleRecord.cjs +2 -1
- package/dist/mongoose/mongooseRuleSchema.d.ts.map +1 -1
- package/dist/mongoose/mongooseRuleSchema.js +2 -1
- package/dist/mongoose/mongooseRuleSchema.js.map +1 -1
- package/dist/redis/reader/redisRulesQuery.d.ts.map +1 -1
- package/dist/redis/reader/redisRulesQuery.js +4 -0
- package/dist/redis/reader/redisRulesQuery.js.map +1 -1
- package/dist/redis/redisRuleIndex.d.ts.map +1 -1
- package/dist/redis/redisRuleIndex.js +2 -1
- package/dist/redis/redisRuleIndex.js.map +1 -1
- package/dist/rule.d.ts +1 -0
- package/dist/rule.d.ts.map +1 -1
- package/dist/ruleInput/ruleInput.d.ts +6 -0
- package/dist/ruleInput/ruleInput.d.ts.map +1 -1
- package/dist/ruleInput/userScopeInput.d.ts +8 -0
- package/dist/ruleInput/userScopeInput.d.ts.map +1 -1
- package/dist/ruleInput/userScopeInput.js +2 -1
- package/dist/ruleInput/userScopeInput.js.map +1 -1
- package/dist/ruleRecord.d.ts +2 -2
- package/dist/ruleRecord.d.ts.map +1 -1
- package/dist/ruleRecord.js +2 -1
- package/dist/ruleRecord.js.map +1 -1
- package/dist/tests/redis/reader/redisRulesQuery.unit.test.js +14 -3
- package/dist/tests/redis/reader/redisRulesQuery.unit.test.js.map +1 -1
- package/dist/tests/transformRule.unit.test.js +11 -0
- package/dist/tests/transformRule.unit.test.js.map +1 -1
- package/package.json +3 -3
- package/src/mongoose/mongooseRuleSchema.ts +1 -0
- package/src/redis/reader/redisRulesQuery.ts +9 -0
- package/src/redis/redisRuleIndex.ts +1 -0
- package/src/rule.ts +1 -0
- package/src/ruleInput/userScopeInput.ts +1 -0
- package/src/ruleRecord.ts +1 -0
- package/src/tests/redis/reader/redisRulesQuery.unit.test.ts +19 -3
- package/src/tests/transformRule.unit.test.ts +15 -0
- package/tsconfig.tsbuildinfo +1 -1
|
@@ -33,6 +33,16 @@ describe("makeAccessRuleHash", () => {
|
|
|
33
33
|
expect(hash1).toEqual("5ed2f7de7ba1c6acc617f9246f19d35b");
|
|
34
34
|
expect(hash1).toEqual(hash2);
|
|
35
35
|
});
|
|
36
|
+
it("should include asn in the rule hash", () => {
|
|
37
|
+
const ruleWithoutAsn = {
|
|
38
|
+
type: AccessPolicyType.Block,
|
|
39
|
+
};
|
|
40
|
+
const ruleWithAsn = {
|
|
41
|
+
type: AccessPolicyType.Block,
|
|
42
|
+
asn: 205016,
|
|
43
|
+
};
|
|
44
|
+
expect(makeAccessRuleHash(ruleWithoutAsn)).not.toEqual(makeAccessRuleHash(ruleWithAsn));
|
|
45
|
+
});
|
|
36
46
|
it("should make same hash for 'undefined' and missing properties", () => {
|
|
37
47
|
const rule1 = {
|
|
38
48
|
type: AccessPolicyType.Restrict,
|
|
@@ -64,6 +74,7 @@ describe("transformRule", () => {
|
|
|
64
74
|
headHash: "headHash",
|
|
65
75
|
coords: "[[1,2]]",
|
|
66
76
|
countryCode: "US",
|
|
77
|
+
asn: 205016,
|
|
67
78
|
};
|
|
68
79
|
it("should transform access rule record into rule", () => {
|
|
69
80
|
const ruleRecord = {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"transformRule.unit.test.js","sourceRoot":"","sources":["../../src/tests/transformRule.unit.test.ts"],"names":[],"mappings":"AAcA,OAAO,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAC7C,OAAO,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAC;AACtC,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,QAAQ,CAAC;AAC9C,OAAO,EAAE,gBAAgB,EAAmB,MAAM,iBAAiB,CAAC;AAEpE,OAAO,EACN,yBAAyB,EACzB,kBAAkB,EAClB,6BAA6B,EAC7B,iCAAiC,GACjC,MAAM,0BAA0B,CAAC;AAElC,QAAQ,CAAC,oBAAoB,EAAE,GAAG,EAAE;IACnC,EAAE,CAAC,2BAA2B,EAAE,GAAG,EAAE;QACpC,MAAM,IAAI,GAAe;YACxB,IAAI,EAAE,gBAAgB,CAAC,QAAQ;SAC/B,CAAC;QAEF,MAAM,IAAI,GAAG,kBAAkB,CAAC,IAAI,CAAC,CAAC;QAEtC,MAAM,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,kCAAkC,CAAC,CAAC;IAC1D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,sCAAsC,EAAE,GAAG,EAAE;QAC/C,MAAM,IAAI,GAAe;YACxB,IAAI,EAAE,gBAAgB,CAAC,QAAQ;YAC/B,SAAS,EAAE,IAAI;SACf,CAAC;QAEF,MAAM,IAAI,GAAG,kBAAkB,CAAC,IAAI,CAAC,CAAC;QAEtC,MAAM,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,kCAAkC,CAAC,CAAC;IAC1D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,sEAAsE,EAAE,GAAG,EAAE;QAC/E,MAAM,KAAK,GAAe;YACzB,IAAI,EAAE,gBAAgB,CAAC,QAAQ;YAC/B,WAAW,EAAE,aAAa;SAC1B,CAAC;QACF,MAAM,KAAK,GAAe;YACzB,WAAW,EAAE,aAAa;YAC1B,IAAI,EAAE,gBAAgB,CAAC,QAAQ;SAC/B,CAAC;QAEF,MAAM,KAAK,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAC;QACxC,MAAM,KAAK,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAC;QAExC,MAAM,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,kCAAkC,CAAC,CAAC;QAE1D,MAAM,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;IAC9B,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,8DAA8D,EAAE,GAAG,EAAE;QACvE,MAAM,KAAK,GAAe;YACzB,IAAI,EAAE,gBAAgB,CAAC,QAAQ;YAC/B,WAAW,EAAE,SAAS;SACtB,CAAC;QACF,MAAM,KAAK,GAAe;YACzB,IAAI,EAAE,gBAAgB,CAAC,QAAQ;SAC/B,CAAC;QAEF,MAAM,KAAK,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAC;QACxC,MAAM,KAAK,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAC;QAExC,MAAM,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,kCAAkC,CAAC,CAAC;QAE1D,MAAM,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;IAC9B,CAAC,CAAC,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,eAAe,EAAE,GAAG,EAAE;IAC9B,MAAM,gBAAgB,GAAG;QACxB,IAAI,EAAE,gBAAgB,CAAC,QAAQ;QAC/B,WAAW,EAAE,WAAW,CAAC,YAAY;QACrC,WAAW,EAAE,MAAM;QACnB,iBAAiB,EAAE,CAAC;QACpB,cAAc,EAAE,CAAC;QACjB,aAAa,EAAE,CAAC;QAChB,mBAAmB,EAAE,CAAC;QACtB,iBAAiB,EAAE,CAAC;QACpB,WAAW,EAAE,aAAa;QAC1B,OAAO,EAAE,SAAS;QAClB,QAAQ,EAAE,QAAQ;QAClB,MAAM,EAAE,MAAM;QACd,QAAQ,EAAE,UAAU;QACpB,MAAM,EAAE,SAAS;QACjB,WAAW,EAAE,IAAI;
|
|
1
|
+
{"version":3,"file":"transformRule.unit.test.js","sourceRoot":"","sources":["../../src/tests/transformRule.unit.test.ts"],"names":[],"mappings":"AAcA,OAAO,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAC7C,OAAO,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAC;AACtC,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,QAAQ,CAAC;AAC9C,OAAO,EAAE,gBAAgB,EAAmB,MAAM,iBAAiB,CAAC;AAEpE,OAAO,EACN,yBAAyB,EACzB,kBAAkB,EAClB,6BAA6B,EAC7B,iCAAiC,GACjC,MAAM,0BAA0B,CAAC;AAElC,QAAQ,CAAC,oBAAoB,EAAE,GAAG,EAAE;IACnC,EAAE,CAAC,2BAA2B,EAAE,GAAG,EAAE;QACpC,MAAM,IAAI,GAAe;YACxB,IAAI,EAAE,gBAAgB,CAAC,QAAQ;SAC/B,CAAC;QAEF,MAAM,IAAI,GAAG,kBAAkB,CAAC,IAAI,CAAC,CAAC;QAEtC,MAAM,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,kCAAkC,CAAC,CAAC;IAC1D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,sCAAsC,EAAE,GAAG,EAAE;QAC/C,MAAM,IAAI,GAAe;YACxB,IAAI,EAAE,gBAAgB,CAAC,QAAQ;YAC/B,SAAS,EAAE,IAAI;SACf,CAAC;QAEF,MAAM,IAAI,GAAG,kBAAkB,CAAC,IAAI,CAAC,CAAC;QAEtC,MAAM,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,kCAAkC,CAAC,CAAC;IAC1D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,sEAAsE,EAAE,GAAG,EAAE;QAC/E,MAAM,KAAK,GAAe;YACzB,IAAI,EAAE,gBAAgB,CAAC,QAAQ;YAC/B,WAAW,EAAE,aAAa;SAC1B,CAAC;QACF,MAAM,KAAK,GAAe;YACzB,WAAW,EAAE,aAAa;YAC1B,IAAI,EAAE,gBAAgB,CAAC,QAAQ;SAC/B,CAAC;QAEF,MAAM,KAAK,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAC;QACxC,MAAM,KAAK,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAC;QAExC,MAAM,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,kCAAkC,CAAC,CAAC;QAE1D,MAAM,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;IAC9B,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,qCAAqC,EAAE,GAAG,EAAE;QAC9C,MAAM,cAAc,GAAe;YAClC,IAAI,EAAE,gBAAgB,CAAC,KAAK;SAC5B,CAAC;QACF,MAAM,WAAW,GAAe;YAC/B,IAAI,EAAE,gBAAgB,CAAC,KAAK;YAC5B,GAAG,EAAE,MAAM;SACX,CAAC;QAEF,MAAM,CAAC,kBAAkB,CAAC,cAAc,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CACrD,kBAAkB,CAAC,WAAW,CAAC,CAC/B,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,8DAA8D,EAAE,GAAG,EAAE;QACvE,MAAM,KAAK,GAAe;YACzB,IAAI,EAAE,gBAAgB,CAAC,QAAQ;YAC/B,WAAW,EAAE,SAAS;SACtB,CAAC;QACF,MAAM,KAAK,GAAe;YACzB,IAAI,EAAE,gBAAgB,CAAC,QAAQ;SAC/B,CAAC;QAEF,MAAM,KAAK,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAC;QACxC,MAAM,KAAK,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAC;QAExC,MAAM,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,kCAAkC,CAAC,CAAC;QAE1D,MAAM,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;IAC9B,CAAC,CAAC,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,eAAe,EAAE,GAAG,EAAE;IAC9B,MAAM,gBAAgB,GAAG;QACxB,IAAI,EAAE,gBAAgB,CAAC,QAAQ;QAC/B,WAAW,EAAE,WAAW,CAAC,YAAY;QACrC,WAAW,EAAE,MAAM;QACnB,iBAAiB,EAAE,CAAC;QACpB,cAAc,EAAE,CAAC;QACjB,aAAa,EAAE,CAAC;QAChB,mBAAmB,EAAE,CAAC;QACtB,iBAAiB,EAAE,CAAC;QACpB,WAAW,EAAE,aAAa;QAC1B,OAAO,EAAE,SAAS;QAClB,QAAQ,EAAE,QAAQ;QAClB,MAAM,EAAE,MAAM;QACd,QAAQ,EAAE,UAAU;QACpB,MAAM,EAAE,SAAS;QACjB,WAAW,EAAE,IAAI;QACjB,GAAG,EAAE,MAAM;KACU,CAAC;IAEvB,EAAE,CAAC,+CAA+C,EAAE,GAAG,EAAE;QACxD,MAAM,UAAU,GAA+B;YAC9C,GAAG,gBAAgB;YACnB,WAAW,EAAE,aAAa;YAC1B,MAAM,EAAE,cAAc;YACtB,EAAE,EAAE,WAAW;YACf,SAAS,EAAE,MAAM;SACjB,CAAC;QAEF,MAAM,UAAU,GAAG,iCAAiC,CAAC;YACpD,GAAG,UAAU;YACb,gBAAgB,EAAE,WAAW;SACE,CAAC,CAAC;QAElC,MAAM,CAAC,UAAU,CAAC,CAAC,OAAO,CAAC;YAC1B,GAAG,gBAAgB;YACnB,OAAO,EAAE,aAAa;YACtB,SAAS,EAAE,WAAW;YACtB,gBAAgB,EAAE,WAAW;YAC7B,gBAAgB,EAAE,WAAW;YAC7B,aAAa,EACZ,kEAAkE;SACnE,CAAC,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,0CAA0C,EAAE,GAAG,EAAE;QACnD,MAAM,UAAU,GAAyB;YACxC,GAAG,gBAAgB;YACnB,OAAO,EAAE,aAAa;YACtB,SAAS,EAAE,WAAW;YACtB,gBAAgB,EAAE,WAAW;YAC7B,gBAAgB,EAAE,WAAW;YAC7B,aAAa,EACZ,kEAAkE;SACnE,CAAC;QAEF,MAAM,gBAAgB,GAAG,6BAA6B,CAAC;YACtD,GAAG,UAAU;YACb,gBAAgB,EAAE,WAAW;SACJ,CAAC,CAAC;QAE5B,MAAM,CAAC,gBAAgB,CAAC,CAAC,OAAO,CAAC;YAChC,GAAG,gBAAgB;YACnB,WAAW,EAAE,aAAa;YAC1B,MAAM,EAAE,cAAc;YACtB,EAAE,EAAE,WAAW;YACf,SAAS,EACR,kEAAkE;SACnE,CAAC,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,qEAAqE,EAAE,GAAG,EAAE;QAC9E,MAAM,CAAC,GAAG,EAAE,CAEX,iCAAiC,CAAC;YACjC,EAAE,EAAE,WAAW;YACf,SAAS,EAAE,MAAM;SACc,CAAC,CACjC,CAAC,OAAO,EAAE,CAAC;IACb,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,gEAAgE,EAAE,GAAG,EAAE;QACzE,MAAM,CAAC,GAAG,EAAE,CAEX,6BAA6B,CAAC;YAC7B,EAAE,EAAE,WAAW;YACf,SAAS,EAAE,MAAM;SACQ,CAAC,CAC3B,CAAC,OAAO,EAAE,CAAC;IACb,CAAC,CAAC,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,2BAA2B,EAAE,GAAG,EAAE;IAQ1C,MAAM,QAAQ,GAAkB;QAC/B;YACC,IAAI,EAAE,cAAc;YACpB,OAAO,EAAE,WAAW;YACpB,KAAK,EAAE,cAAc;YACrB,WAAW,EAAE,8BAA8B;SAC3C;QACD;YACC,IAAI,EAAE,gBAAgB;YACtB,OAAO,EAAE,aAAa;YACtB,KAAK,EAAE,eAAe;YACtB,WAAW,EAAE,uCAAuC;SACpD;QACD;YACC,IAAI,EAAE,YAAY;YAClB,OAAO,EAAE,UAAU;YACnB,KAAK,EAAE,gBAAgB;YACvB,WAAW,EAAE,sCAAsC;SACnD;QACD;YACC,IAAI,EAAE,eAAe;YACrB,OAAO,EAAE,YAAY;YACrB,KAAK,EAAE,gBAAgB;YACvB,WAAW,EAAE,4BAA4B;SACzC;QACD;YACC,IAAI,EAAE,gBAAgB;YACtB,OAAO,EAAE,aAAa;YACtB,KAAK,EAAE,iBAAiB;YACxB,WAAW,EAAE,yCAAyC;SACtD;QACD;YACC,IAAI,EAAE,kBAAkB;YACxB,OAAO,EAAE,eAAe;YACxB,KAAK,EAAE,eAAe;YACtB,WAAW,EAAE,sCAAsC;SACnD;QACD;YACC,IAAI,EAAE,eAAe;YACrB,OAAO,EAAE,YAAY;YACrB,KAAK,EAAE,aAAa;YACpB,WAAW,EAAE,2CAA2C;SACxD;QACD;YACC,IAAI,EAAE,YAAY;YAClB,OAAO,EAAE,SAAS;YAClB,KAAK,EAAE,SAAS;YAChB,WAAW,EAAE,iCAAiC;SAC9C;QACD;YACC,IAAI,EAAE,gBAAgB;YACtB,OAAO,EAAE,aAAa;YACtB,KAAK,EAAE,aAAa;YACpB,WAAW,EAAE,4CAA4C;SACzD;QACD;YACC,IAAI,EAAE,kBAAkB;YACxB,OAAO,EAAE,eAAe;YACxB,KAAK,EAAE,gBAAgB;YACvB,WAAW,EAAE,4BAA4B;SACzC;KACD,CAAC;IAEF,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,sCAAsC,EAAE,CAAC,WAAW,EAAE,EAAE;QACzE,MAAM,IAAI,GAAG,yBAAyB,CACrC,IAAI,QAAQ,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC,MAAM,EAAE,EAC1C,IAAI,QAAQ,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,MAAM,EAAE,CACxC,CAAC;QAEF,MAAM,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;IACxC,CAAC,CAAC,CAAC;AACJ,CAAC,CAAC,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@prosopo/user-access-policy",
|
|
3
|
-
"version": "3.
|
|
3
|
+
"version": "3.8.1",
|
|
4
4
|
"type": "module",
|
|
5
5
|
"engines": {
|
|
6
6
|
"node": "^24",
|
|
@@ -43,12 +43,12 @@
|
|
|
43
43
|
"test": "npm run test:unit && npm run test:integration"
|
|
44
44
|
},
|
|
45
45
|
"dependencies": {
|
|
46
|
-
"@prosopo/api": "3.4.
|
|
46
|
+
"@prosopo/api": "3.4.10",
|
|
47
47
|
"@prosopo/api-route": "2.6.46",
|
|
48
48
|
"@prosopo/common": "3.1.38",
|
|
49
49
|
"@prosopo/logger": "1.0.2",
|
|
50
50
|
"@prosopo/redis-client": "1.0.23",
|
|
51
|
-
"@prosopo/types": "4.
|
|
51
|
+
"@prosopo/types": "4.4.0",
|
|
52
52
|
"@prosopo/util": "3.2.15",
|
|
53
53
|
"@redis/search": "5.0.0",
|
|
54
54
|
"cidr-calc": "1.0.4",
|
|
@@ -30,6 +30,7 @@ const userAttributesSchema: SchemaDefinition<UserAttributesRecord> = {
|
|
|
30
30
|
headHash: { type: String, required: false },
|
|
31
31
|
coords: { type: String, required: false },
|
|
32
32
|
countryCode: { type: String, required: false },
|
|
33
|
+
asn: { type: Number, required: false },
|
|
33
34
|
} satisfies AllKeys<UserAttributesRecord>;
|
|
34
35
|
|
|
35
36
|
const userIpSchema: SchemaDefinition<UserIpRecord> = {
|
|
@@ -133,6 +133,10 @@ const FIELDS_REQUIRING_ESCAPE: ReadonlySet<keyof UserScope> = new Set([
|
|
|
133
133
|
"coords",
|
|
134
134
|
]);
|
|
135
135
|
|
|
136
|
+
// Fields indexed as NUMERIC in RediSearch — must use range syntax `@x:[N N]`,
|
|
137
|
+
// not the TAG syntax `@x:{N}`, or lookups silently return no results.
|
|
138
|
+
const NUMERIC_FIELDS: ReadonlySet<keyof UserScope> = new Set(["asn"]);
|
|
139
|
+
|
|
136
140
|
const getUserScopeFieldQuery = (
|
|
137
141
|
fieldName: keyof UserScope,
|
|
138
142
|
fieldValue: unknown,
|
|
@@ -150,6 +154,11 @@ const getUserScopeFieldQuery = (
|
|
|
150
154
|
}
|
|
151
155
|
|
|
152
156
|
const stringValue = String(fieldValue);
|
|
157
|
+
|
|
158
|
+
if (NUMERIC_FIELDS.has(fieldName)) {
|
|
159
|
+
return `@${fieldName}:[${stringValue} ${stringValue}]`;
|
|
160
|
+
}
|
|
161
|
+
|
|
153
162
|
// Only escape fields that may contain special characters (like coords with JSON)
|
|
154
163
|
const queryValue = FIELDS_REQUIRING_ESCAPE.has(fieldName)
|
|
155
164
|
? escapeTagValue(stringValue)
|
|
@@ -39,6 +39,7 @@ export const userAttributesRedisSchema: RediSearchSchema = {
|
|
|
39
39
|
// Use pipe separator for coords since JSON strings contain commas
|
|
40
40
|
coords: { type: SCHEMA_FIELD_TYPE.TAG, INDEXMISSING: true, SEPARATOR: "|" },
|
|
41
41
|
countryCode: { type: SCHEMA_FIELD_TYPE.TAG, INDEXMISSING: true },
|
|
42
|
+
asn: { type: SCHEMA_FIELD_TYPE.NUMERIC, INDEXMISSING: true },
|
|
42
43
|
} satisfies AllKeys<UserAttributes>;
|
|
43
44
|
|
|
44
45
|
export const userScopeRedisSchema: RediSearchSchema = {
|
package/src/rule.ts
CHANGED
|
@@ -31,6 +31,7 @@ const userAttributesSchema = z.object({
|
|
|
31
31
|
headHash: z.coerce.string().optional(),
|
|
32
32
|
coords: z.coerce.string().optional(),
|
|
33
33
|
countryCode: z.coerce.string().optional(),
|
|
34
|
+
asn: z.coerce.number().int().nonnegative().optional(),
|
|
34
35
|
} satisfies AllKeys<UserAttributes>) satisfies ZodType<UserAttributes>;
|
|
35
36
|
|
|
36
37
|
const userAttributesInput = z
|
package/src/ruleRecord.ts
CHANGED
|
@@ -50,7 +50,7 @@ describe("getRulesRedisQuery", () => {
|
|
|
50
50
|
const query = getRulesRedisQuery(filter, true);
|
|
51
51
|
|
|
52
52
|
expect(query).toBe(
|
|
53
|
-
"( ( @numericIp:[100 100] | ( @numericIpMaskMin:[-inf 100] @numericIpMaskMax:[100 +inf] ) ) @ja4Hash:{ja4Hash} ismissing(@userAgentHash) ismissing(@userId) ismissing(@headersHash) ismissing(@headHash) ismissing(@coords) ismissing(@countryCode) )",
|
|
53
|
+
"( ( @numericIp:[100 100] | ( @numericIpMaskMin:[-inf 100] @numericIpMaskMax:[100 +inf] ) ) @ja4Hash:{ja4Hash} ismissing(@userAgentHash) ismissing(@userId) ismissing(@headersHash) ismissing(@headHash) ismissing(@coords) ismissing(@countryCode) ismissing(@asn) )",
|
|
54
54
|
);
|
|
55
55
|
});
|
|
56
56
|
|
|
@@ -126,7 +126,7 @@ describe("getRulesRedisQuery", () => {
|
|
|
126
126
|
const query = getRulesRedisQuery(filter, true);
|
|
127
127
|
|
|
128
128
|
expect(query).toBe(
|
|
129
|
-
"( ( @numericIp:[100 100] | ( @numericIpMaskMin:[-inf 100] @numericIpMaskMax:[100 +inf] ) ) @ja4Hash:{ja4Hash} ismissing(@userAgentHash) ismissing(@headersHash) ismissing(@userId) ismissing(@headHash) ismissing(@coords) ismissing(@countryCode) )",
|
|
129
|
+
"( ( @numericIp:[100 100] | ( @numericIpMaskMin:[-inf 100] @numericIpMaskMax:[100 +inf] ) ) @ja4Hash:{ja4Hash} ismissing(@userAgentHash) ismissing(@headersHash) ismissing(@userId) ismissing(@headHash) ismissing(@coords) ismissing(@countryCode) ismissing(@asn) )",
|
|
130
130
|
);
|
|
131
131
|
});
|
|
132
132
|
|
|
@@ -146,10 +146,26 @@ describe("getRulesRedisQuery", () => {
|
|
|
146
146
|
const query = getRulesRedisQuery(filter, true);
|
|
147
147
|
|
|
148
148
|
expect(query).toBe(
|
|
149
|
-
"( @numericIpMaskMin:[-inf 100] @numericIpMaskMax:[200 +inf] @ja4Hash:{ja4Hash} ismissing(@userAgentHash) ismissing(@headersHash) ismissing(@userId) ismissing(@headHash) ismissing(@coords) ismissing(@countryCode) )",
|
|
149
|
+
"( @numericIpMaskMin:[-inf 100] @numericIpMaskMax:[200 +inf] @ja4Hash:{ja4Hash} ismissing(@userAgentHash) ismissing(@headersHash) ismissing(@userId) ismissing(@headHash) ismissing(@coords) ismissing(@countryCode) ismissing(@asn) )",
|
|
150
150
|
);
|
|
151
151
|
});
|
|
152
152
|
|
|
153
|
+
it("emits NUMERIC range syntax for asn, not TAG syntax", () => {
|
|
154
|
+
const filter = {
|
|
155
|
+
userScope: {
|
|
156
|
+
asn: 205016,
|
|
157
|
+
},
|
|
158
|
+
userScopeMatch: FilterScopeMatch.Greedy,
|
|
159
|
+
} as AccessRulesFilter;
|
|
160
|
+
|
|
161
|
+
const query = getRulesRedisQuery(filter, false);
|
|
162
|
+
|
|
163
|
+
// asn is indexed as NUMERIC; TAG syntax (@asn:{205016}) would silently
|
|
164
|
+
// fail to match. Must use range syntax.
|
|
165
|
+
expect(query).toContain("@asn:[205016 205016]");
|
|
166
|
+
expect(query).not.toContain("@asn:{");
|
|
167
|
+
});
|
|
168
|
+
|
|
153
169
|
it("does not duplicate ismissing for numericIpMaskMin and numericIpMaskMax when matchingFieldsOnly is true and all IP fields are undefined", () => {
|
|
154
170
|
const filter = {
|
|
155
171
|
userScope: {
|
|
@@ -64,6 +64,20 @@ describe("makeAccessRuleHash", () => {
|
|
|
64
64
|
expect(hash1).toEqual(hash2);
|
|
65
65
|
});
|
|
66
66
|
|
|
67
|
+
it("should include asn in the rule hash", () => {
|
|
68
|
+
const ruleWithoutAsn: AccessRule = {
|
|
69
|
+
type: AccessPolicyType.Block,
|
|
70
|
+
};
|
|
71
|
+
const ruleWithAsn: AccessRule = {
|
|
72
|
+
type: AccessPolicyType.Block,
|
|
73
|
+
asn: 205016,
|
|
74
|
+
};
|
|
75
|
+
|
|
76
|
+
expect(makeAccessRuleHash(ruleWithoutAsn)).not.toEqual(
|
|
77
|
+
makeAccessRuleHash(ruleWithAsn),
|
|
78
|
+
);
|
|
79
|
+
});
|
|
80
|
+
|
|
67
81
|
it("should make same hash for 'undefined' and missing properties", () => {
|
|
68
82
|
const rule1: AccessRule = {
|
|
69
83
|
type: AccessPolicyType.Restrict,
|
|
@@ -99,6 +113,7 @@ describe("transformRule", () => {
|
|
|
99
113
|
headHash: "headHash",
|
|
100
114
|
coords: "[[1,2]]",
|
|
101
115
|
countryCode: "US",
|
|
116
|
+
asn: 205016,
|
|
102
117
|
} satisfies AccessRule;
|
|
103
118
|
|
|
104
119
|
it("should transform access rule record into rule", () => {
|