npm - @prosopo/user-access-policy - Versions diffs - 3.8.0 → 3.9.0 - Mend

@prosopo/user-access-policy 3.8.0 → 3.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (48) hide show

package/.turbo/turbo-build$colon$cjs.log +6 -6
package/.turbo/turbo-build$colon$tsc.log +14 -14
package/.turbo/turbo-build.log +7 -7
package/CHANGELOG.md +36 -0
package/dist/api/read/fetchRules.d.ts +1 -30
package/dist/api/read/fetchRules.d.ts.map +1 -1
package/dist/api/read/fetchRules.js.map +1 -1
package/dist/api/write/insertRules.d.ts +2 -2
package/dist/api/write/insertRules.d.ts.map +1 -1
package/dist/api/write/insertRules.js.map +1 -1
package/dist/cjs/mongoose/mongooseRuleSchema.cjs +2 -1
package/dist/cjs/ruleInput/policyInput.cjs +5 -1
package/dist/cjs/ruleInput/userScopeInput.cjs +1 -1
package/dist/cjs/transformRule.cjs +2 -1
package/dist/mongoose/mongooseRuleSchema.d.ts.map +1 -1
package/dist/mongoose/mongooseRuleSchema.js +2 -1
package/dist/mongoose/mongooseRuleSchema.js.map +1 -1
package/dist/redis/redisClient.d.ts +2 -2
package/dist/redis/redisClient.d.ts.map +1 -1
package/dist/redis/redisClient.js.map +1 -1
package/dist/rule.d.ts +1 -0
package/dist/rule.d.ts.map +1 -1
package/dist/ruleInput/policyInput.d.ts +3 -0
package/dist/ruleInput/policyInput.d.ts.map +1 -1
package/dist/ruleInput/policyInput.js +5 -1
package/dist/ruleInput/policyInput.js.map +1 -1
package/dist/ruleInput/ruleInput.d.ts +3 -16
package/dist/ruleInput/ruleInput.d.ts.map +1 -1
package/dist/ruleInput/ruleInput.js.map +1 -1
package/dist/ruleInput/userScopeInput.js +2 -2
package/dist/ruleInput/userScopeInput.js.map +1 -1
package/dist/tests/transformRule.unit.test.js +45 -1
package/dist/tests/transformRule.unit.test.js.map +1 -1
package/dist/transformRule.d.ts.map +1 -1
package/dist/transformRule.js +3 -2
package/dist/transformRule.js.map +1 -1
package/package.json +3 -3
package/src/api/read/fetchRules.ts +10 -2
package/src/api/write/insertRules.ts +4 -2
package/src/mongoose/mongooseRuleSchema.ts +1 -0
package/src/redis/redisClient.ts +7 -2
package/src/rule.ts +12 -0
package/src/ruleInput/policyInput.ts +12 -1
package/src/ruleInput/ruleInput.ts +11 -6
package/src/ruleInput/userScopeInput.ts +7 -7
package/src/tests/transformRule.unit.test.ts +68 -1
package/src/transformRule.ts +7 -2
package/tsconfig.tsbuildinfo +1 -1

package/dist/tests/transformRule.unit.test.js CHANGED Viewed

@@ -1,5 +1,5 @@
 import { CaptchaType } from "@prosopo/types";
-import { Address4 } from "ip-address";
+import { Address4, Address6 } from "ip-address";
 import { describe, expect, it } from "vitest";
 import { AccessPolicyType } from "#policy/rule.js";
 import { getCidrFromNumericIpRange, makeAccessRuleHash, transformAccessRuleIntoRecord, transformAccessRuleRecordIntoRule, } from "#policy/transformRule.js";
@@ -67,6 +67,7 @@ describe("transformRule", () => {
         powDifficulty: 1,
         unsolvedImagesCount: 1,
         frictionlessScore: 1,
+        deferToVerify: false,
         headersHash: "headersHash",
         ja4Hash: "js4Hash",
         clientId: "client",
@@ -130,6 +131,25 @@ describe("transformRule", () => {
             userAgent: "test",
         })).toThrow();
     });
+    it("should round-trip an IPv6 address and CIDR mask", () => {
+        const ipv6 = "2001:db8::1";
+        const ipv6Cidr = "2001:db8::/32";
+        const expectedNumericIp = new Address6(ipv6).bigInt();
+        const expectedMaskMin = new Address6(ipv6Cidr).startAddress().bigInt();
+        const expectedMaskMax = new Address6(ipv6Cidr).endAddress().bigInt();
+        const ruleRecord = {
+            type: AccessPolicyType.Restrict,
+            ip: ipv6,
+            ipMask: ipv6Cidr,
+        };
+        const accessRule = transformAccessRuleRecordIntoRule(ruleRecord);
+        expect(accessRule.numericIp).toEqual(expectedNumericIp);
+        expect(accessRule.numericIpMaskMin).toEqual(expectedMaskMin);
+        expect(accessRule.numericIpMaskMax).toEqual(expectedMaskMax);
+        const reconstructed = transformAccessRuleIntoRecord(accessRule);
+        expect(reconstructed.ip).toEqual(new Address6(ipv6).correctForm());
+        expect(reconstructed.ipMask).toEqual(ipv6Cidr);
+    });
 });
 describe("getCidrFromNumericIpRange", () => {
     const cirdsSet = [
@@ -198,5 +218,29 @@ describe("getCidrFromNumericIpRange", () => {
         const cird = getCidrFromNumericIpRange(new Address4(cirdExample.startIp).bigInt(), new Address4(cirdExample.endIp).bigInt());
         expect(cird).toEqual(cirdExample.cidr);
     });
+    const ipv6CirdsSet = [
+        {
+            cidr: "2001:db8::/32",
+            startIp: "2001:db8::",
+            endIp: "2001:db8:ffff:ffff:ffff:ffff:ffff:ffff",
+            description: "/32 IPv6 network",
+        },
+        {
+            cidr: "2001:db8::/64",
+            startIp: "2001:db8::",
+            endIp: "2001:db8::ffff:ffff:ffff:ffff",
+            description: "/64 IPv6 subnet",
+        },
+        {
+            cidr: "fe80::/10",
+            startIp: "fe80::",
+            endIp: "febf:ffff:ffff:ffff:ffff:ffff:ffff:ffff",
+            description: "/10 IPv6 link-local",
+        },
+    ];
+    it.each(ipv6CirdsSet)("should convert $description to $cidr", (cirdExample) => {
+        const cidr = getCidrFromNumericIpRange(new Address6(cirdExample.startIp).bigInt(), new Address6(cirdExample.endIp).bigInt());
+        expect(cidr).toEqual(cirdExample.cidr);
+    });
 });
 //# sourceMappingURL=transformRule.unit.test.js.map

package/dist/tests/transformRule.unit.test.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"transformRule.unit.test.js","sourceRoot":"","sources":["../../src/tests/transformRule.unit.test.ts"],"names":[],"mappings":"AAcA,OAAO,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAC7C,OAAO,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAC;~~AACtC~~,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,QAAQ,CAAC;AAC9C,OAAO,EAAE,gBAAgB,EAAmB,MAAM,iBAAiB,CAAC;AAEpE,OAAO,EACN,yBAAyB,EACzB,kBAAkB,EAClB,6BAA6B,EAC7B,iCAAiC,GACjC,MAAM,0BAA0B,CAAC;AAElC,QAAQ,CAAC,oBAAoB,EAAE,GAAG,EAAE;IACnC,EAAE,CAAC,2BAA2B,EAAE,GAAG,EAAE;QACpC,MAAM,IAAI,GAAe;YACxB,IAAI,EAAE,gBAAgB,CAAC,QAAQ;SAC/B,CAAC;QAEF,MAAM,IAAI,GAAG,kBAAkB,CAAC,IAAI,CAAC,CAAC;QAEtC,MAAM,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,kCAAkC,CAAC,CAAC;IAC1D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,sCAAsC,EAAE,GAAG,EAAE;QAC/C,MAAM,IAAI,GAAe;YACxB,IAAI,EAAE,gBAAgB,CAAC,QAAQ;YAC/B,SAAS,EAAE,IAAI;SACf,CAAC;QAEF,MAAM,IAAI,GAAG,kBAAkB,CAAC,IAAI,CAAC,CAAC;QAEtC,MAAM,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,kCAAkC,CAAC,CAAC;IAC1D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,sEAAsE,EAAE,GAAG,EAAE;QAC/E,MAAM,KAAK,GAAe;YACzB,IAAI,EAAE,gBAAgB,CAAC,QAAQ;YAC/B,WAAW,EAAE,aAAa;SAC1B,CAAC;QACF,MAAM,KAAK,GAAe;YACzB,WAAW,EAAE,aAAa;YAC1B,IAAI,EAAE,gBAAgB,CAAC,QAAQ;SAC/B,CAAC;QAEF,MAAM,KAAK,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAC;QACxC,MAAM,KAAK,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAC;QAExC,MAAM,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,kCAAkC,CAAC,CAAC;QAE1D,MAAM,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;IAC9B,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,qCAAqC,EAAE,GAAG,EAAE;QAC9C,MAAM,cAAc,GAAe;YAClC,IAAI,EAAE,gBAAgB,CAAC,KAAK;SAC5B,CAAC;QACF,MAAM,WAAW,GAAe;YAC/B,IAAI,EAAE,gBAAgB,CAAC,KAAK;YAC5B,GAAG,EAAE,MAAM;SACX,CAAC;QAEF,MAAM,CAAC,kBAAkB,CAAC,cAAc,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CACrD,kBAAkB,CAAC,WAAW,CAAC,CAC/B,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,8DAA8D,EAAE,GAAG,EAAE;QACvE,MAAM,KAAK,GAAe;YACzB,IAAI,EAAE,gBAAgB,CAAC,QAAQ;YAC/B,WAAW,EAAE,SAAS;SACtB,CAAC;QACF,MAAM,KAAK,GAAe;YACzB,IAAI,EAAE,gBAAgB,CAAC,QAAQ;SAC/B,CAAC;QAEF,MAAM,KAAK,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAC;QACxC,MAAM,KAAK,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAC;QAExC,MAAM,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,kCAAkC,CAAC,CAAC;QAE1D,MAAM,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;IAC9B,CAAC,CAAC,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,eAAe,EAAE,GAAG,EAAE;IAC9B,MAAM,gBAAgB,GAAG;QACxB,IAAI,EAAE,gBAAgB,CAAC,QAAQ;QAC/B,WAAW,EAAE,WAAW,CAAC,YAAY;QACrC,WAAW,EAAE,MAAM;QACnB,iBAAiB,EAAE,CAAC;QACpB,cAAc,EAAE,CAAC;QACjB,aAAa,EAAE,CAAC;QAChB,mBAAmB,EAAE,CAAC;QACtB,iBAAiB,EAAE,CAAC;QACpB,WAAW,EAAE,aAAa;QAC1B,OAAO,EAAE,SAAS;QAClB,QAAQ,EAAE,QAAQ;QAClB,MAAM,EAAE,MAAM;QACd,QAAQ,EAAE,UAAU;QACpB,MAAM,EAAE,SAAS;QACjB,WAAW,EAAE,IAAI;QACjB,GAAG,EAAE,MAAM;KACU,CAAC;IAEvB,EAAE,CAAC,+CAA+C,EAAE,GAAG,EAAE;QACxD,MAAM,UAAU,GAA+B;YAC9C,GAAG,gBAAgB;YACnB,WAAW,EAAE,aAAa;YAC1B,MAAM,EAAE,cAAc;YACtB,EAAE,EAAE,WAAW;YACf,SAAS,EAAE,MAAM;SACjB,CAAC;QAEF,MAAM,UAAU,GAAG,iCAAiC,CAAC;YACpD,GAAG,UAAU;YACb,gBAAgB,EAAE,WAAW;SACE,CAAC,CAAC;QAElC,MAAM,CAAC,UAAU,CAAC,CAAC,OAAO,CAAC;YAC1B,GAAG,gBAAgB;YACnB,OAAO,EAAE,aAAa;YACtB,SAAS,EAAE,WAAW;YACtB,gBAAgB,EAAE,WAAW;YAC7B,gBAAgB,EAAE,WAAW;YAC7B,aAAa,EACZ,kEAAkE;SACnE,CAAC,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,0CAA0C,EAAE,GAAG,EAAE;QACnD,MAAM,UAAU,GAAyB;YACxC,GAAG,gBAAgB;YACnB,OAAO,EAAE,aAAa;YACtB,SAAS,EAAE,WAAW;YACtB,gBAAgB,EAAE,WAAW;YAC7B,gBAAgB,EAAE,WAAW;YAC7B,aAAa,EACZ,kEAAkE;SACnE,CAAC;QAEF,MAAM,gBAAgB,GAAG,6BAA6B,CAAC;YACtD,GAAG,UAAU;YACb,gBAAgB,EAAE,WAAW;SACJ,CAAC,CAAC;QAE5B,MAAM,CAAC,gBAAgB,CAAC,CAAC,OAAO,CAAC;YAChC,GAAG,gBAAgB;YACnB,WAAW,EAAE,aAAa;YAC1B,MAAM,EAAE,cAAc;YACtB,EAAE,EAAE,WAAW;YACf,SAAS,EACR,kEAAkE;SACnE,CAAC,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,qEAAqE,EAAE,GAAG,EAAE;QAC9E,MAAM,CAAC,GAAG,EAAE,CAEX,iCAAiC,CAAC;YACjC,EAAE,EAAE,WAAW;YACf,SAAS,EAAE,MAAM;SACc,CAAC,CACjC,CAAC,OAAO,EAAE,CAAC;IACb,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,gEAAgE,EAAE,GAAG,EAAE;QACzE,MAAM,CAAC,GAAG,EAAE,CAEX,6BAA6B,CAAC;YAC7B,EAAE,EAAE,WAAW;YACf,SAAS,EAAE,MAAM;SACQ,CAAC,CAC3B,CAAC,OAAO,EAAE,CAAC;IACb,CAAC,CAAC,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,2BAA2B,EAAE,GAAG,EAAE;IAQ1C,MAAM,QAAQ,GAAkB;QAC/B;YACC,IAAI,EAAE,cAAc;YACpB,OAAO,EAAE,WAAW;YACpB,KAAK,EAAE,cAAc;YACrB,WAAW,EAAE,8BAA8B;SAC3C;QACD;YACC,IAAI,EAAE,gBAAgB;YACtB,OAAO,EAAE,aAAa;YACtB,KAAK,EAAE,eAAe;YACtB,WAAW,EAAE,uCAAuC;SACpD;QACD;YACC,IAAI,EAAE,YAAY;YAClB,OAAO,EAAE,UAAU;YACnB,KAAK,EAAE,gBAAgB;YACvB,WAAW,EAAE,sCAAsC;SACnD;QACD;YACC,IAAI,EAAE,eAAe;YACrB,OAAO,EAAE,YAAY;YACrB,KAAK,EAAE,gBAAgB;YACvB,WAAW,EAAE,4BAA4B;SACzC;QACD;YACC,IAAI,EAAE,gBAAgB;YACtB,OAAO,EAAE,aAAa;YACtB,KAAK,EAAE,iBAAiB;YACxB,WAAW,EAAE,yCAAyC;SACtD;QACD;YACC,IAAI,EAAE,kBAAkB;YACxB,OAAO,EAAE,eAAe;YACxB,KAAK,EAAE,eAAe;YACtB,WAAW,EAAE,sCAAsC;SACnD;QACD;YACC,IAAI,EAAE,eAAe;YACrB,OAAO,EAAE,YAAY;YACrB,KAAK,EAAE,aAAa;YACpB,WAAW,EAAE,2CAA2C;SACxD;QACD;YACC,IAAI,EAAE,YAAY;YAClB,OAAO,EAAE,SAAS;YAClB,KAAK,EAAE,SAAS;YAChB,WAAW,EAAE,iCAAiC;SAC9C;QACD;YACC,IAAI,EAAE,gBAAgB;YACtB,OAAO,EAAE,aAAa;YACtB,KAAK,EAAE,aAAa;YACpB,WAAW,EAAE,4CAA4C;SACzD;QACD;YACC,IAAI,EAAE,kBAAkB;YACxB,OAAO,EAAE,eAAe;YACxB,KAAK,EAAE,gBAAgB;YACvB,WAAW,EAAE,4BAA4B;SACzC;KACD,CAAC;IAEF,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,sCAAsC,EAAE,CAAC,WAAW,EAAE,EAAE;QACzE,MAAM,IAAI,GAAG,yBAAyB,CACrC,IAAI,QAAQ,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC,MAAM,EAAE,EAC1C,IAAI,QAAQ,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,MAAM,EAAE,CACxC,CAAC;QAEF,MAAM,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;IACxC,CAAC,CAAC,CAAC;~~AACJ~~,CAAC,CAAC,CAAC"}
1	+ {"version":3,"file":"transformRule.unit.test.js","sourceRoot":"","sources":["../../src/tests/transformRule.unit.test.ts"],"names":[],"mappings":"AAcA,OAAO,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAC7C,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAC;AAChD,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,QAAQ,CAAC;AAC9C,OAAO,EAAE,gBAAgB,EAAmB,MAAM,iBAAiB,CAAC;AAEpE,OAAO,EACN,yBAAyB,EACzB,kBAAkB,EAClB,6BAA6B,EAC7B,iCAAiC,GACjC,MAAM,0BAA0B,CAAC;AAElC,QAAQ,CAAC,oBAAoB,EAAE,GAAG,EAAE;IACnC,EAAE,CAAC,2BAA2B,EAAE,GAAG,EAAE;QACpC,MAAM,IAAI,GAAe;YACxB,IAAI,EAAE,gBAAgB,CAAC,QAAQ;SAC/B,CAAC;QAEF,MAAM,IAAI,GAAG,kBAAkB,CAAC,IAAI,CAAC,CAAC;QAEtC,MAAM,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,kCAAkC,CAAC,CAAC;IAC1D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,sCAAsC,EAAE,GAAG,EAAE;QAC/C,MAAM,IAAI,GAAe;YACxB,IAAI,EAAE,gBAAgB,CAAC,QAAQ;YAC/B,SAAS,EAAE,IAAI;SACf,CAAC;QAEF,MAAM,IAAI,GAAG,kBAAkB,CAAC,IAAI,CAAC,CAAC;QAEtC,MAAM,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,kCAAkC,CAAC,CAAC;IAC1D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,sEAAsE,EAAE,GAAG,EAAE;QAC/E,MAAM,KAAK,GAAe;YACzB,IAAI,EAAE,gBAAgB,CAAC,QAAQ;YAC/B,WAAW,EAAE,aAAa;SAC1B,CAAC;QACF,MAAM,KAAK,GAAe;YACzB,WAAW,EAAE,aAAa;YAC1B,IAAI,EAAE,gBAAgB,CAAC,QAAQ;SAC/B,CAAC;QAEF,MAAM,KAAK,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAC;QACxC,MAAM,KAAK,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAC;QAExC,MAAM,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,kCAAkC,CAAC,CAAC;QAE1D,MAAM,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;IAC9B,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,qCAAqC,EAAE,GAAG,EAAE;QAC9C,MAAM,cAAc,GAAe;YAClC,IAAI,EAAE,gBAAgB,CAAC,KAAK;SAC5B,CAAC;QACF,MAAM,WAAW,GAAe;YAC/B,IAAI,EAAE,gBAAgB,CAAC,KAAK;YAC5B,GAAG,EAAE,MAAM;SACX,CAAC;QAEF,MAAM,CAAC,kBAAkB,CAAC,cAAc,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CACrD,kBAAkB,CAAC,WAAW,CAAC,CAC/B,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,8DAA8D,EAAE,GAAG,EAAE;QACvE,MAAM,KAAK,GAAe;YACzB,IAAI,EAAE,gBAAgB,CAAC,QAAQ;YAC/B,WAAW,EAAE,SAAS;SACtB,CAAC;QACF,MAAM,KAAK,GAAe;YACzB,IAAI,EAAE,gBAAgB,CAAC,QAAQ;SAC/B,CAAC;QAEF,MAAM,KAAK,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAC;QACxC,MAAM,KAAK,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAC;QAExC,MAAM,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,kCAAkC,CAAC,CAAC;QAE1D,MAAM,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;IAC9B,CAAC,CAAC,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,eAAe,EAAE,GAAG,EAAE;IAC9B,MAAM,gBAAgB,GAAG;QACxB,IAAI,EAAE,gBAAgB,CAAC,QAAQ;QAC/B,WAAW,EAAE,WAAW,CAAC,YAAY;QACrC,WAAW,EAAE,MAAM;QACnB,iBAAiB,EAAE,CAAC;QACpB,cAAc,EAAE,CAAC;QACjB,aAAa,EAAE,CAAC;QAChB,mBAAmB,EAAE,CAAC;QACtB,iBAAiB,EAAE,CAAC;QACpB,aAAa,EAAE,KAAK;QACpB,WAAW,EAAE,aAAa;QAC1B,OAAO,EAAE,SAAS;QAClB,QAAQ,EAAE,QAAQ;QAClB,MAAM,EAAE,MAAM;QACd,QAAQ,EAAE,UAAU;QACpB,MAAM,EAAE,SAAS;QACjB,WAAW,EAAE,IAAI;QACjB,GAAG,EAAE,MAAM;KACU,CAAC;IAEvB,EAAE,CAAC,+CAA+C,EAAE,GAAG,EAAE;QACxD,MAAM,UAAU,GAA+B;YAC9C,GAAG,gBAAgB;YACnB,WAAW,EAAE,aAAa;YAC1B,MAAM,EAAE,cAAc;YACtB,EAAE,EAAE,WAAW;YACf,SAAS,EAAE,MAAM;SACjB,CAAC;QAEF,MAAM,UAAU,GAAG,iCAAiC,CAAC;YACpD,GAAG,UAAU;YACb,gBAAgB,EAAE,WAAW;SACE,CAAC,CAAC;QAElC,MAAM,CAAC,UAAU,CAAC,CAAC,OAAO,CAAC;YAC1B,GAAG,gBAAgB;YACnB,OAAO,EAAE,aAAa;YACtB,SAAS,EAAE,WAAW;YACtB,gBAAgB,EAAE,WAAW;YAC7B,gBAAgB,EAAE,WAAW;YAC7B,aAAa,EACZ,kEAAkE;SACnE,CAAC,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,0CAA0C,EAAE,GAAG,EAAE;QACnD,MAAM,UAAU,GAAyB;YACxC,GAAG,gBAAgB;YACnB,OAAO,EAAE,aAAa;YACtB,SAAS,EAAE,WAAW;YACtB,gBAAgB,EAAE,WAAW;YAC7B,gBAAgB,EAAE,WAAW;YAC7B,aAAa,EACZ,kEAAkE;SACnE,CAAC;QAEF,MAAM,gBAAgB,GAAG,6BAA6B,CAAC;YACtD,GAAG,UAAU;YACb,gBAAgB,EAAE,WAAW;SACJ,CAAC,CAAC;QAE5B,MAAM,CAAC,gBAAgB,CAAC,CAAC,OAAO,CAAC;YAChC,GAAG,gBAAgB;YACnB,WAAW,EAAE,aAAa;YAC1B,MAAM,EAAE,cAAc;YACtB,EAAE,EAAE,WAAW;YACf,SAAS,EACR,kEAAkE;SACnE,CAAC,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,qEAAqE,EAAE,GAAG,EAAE;QAC9E,MAAM,CAAC,GAAG,EAAE,CAEX,iCAAiC,CAAC;YACjC,EAAE,EAAE,WAAW;YACf,SAAS,EAAE,MAAM;SACc,CAAC,CACjC,CAAC,OAAO,EAAE,CAAC;IACb,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,gEAAgE,EAAE,GAAG,EAAE;QACzE,MAAM,CAAC,GAAG,EAAE,CAEX,6BAA6B,CAAC;YAC7B,EAAE,EAAE,WAAW;YACf,SAAS,EAAE,MAAM;SACQ,CAAC,CAC3B,CAAC,OAAO,EAAE,CAAC;IACb,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,iDAAiD,EAAE,GAAG,EAAE;QAC1D,MAAM,IAAI,GAAG,aAAa,CAAC;QAC3B,MAAM,QAAQ,GAAG,eAAe,CAAC;QAEjC,MAAM,iBAAiB,GAAG,IAAI,QAAQ,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,CAAC;QACtD,MAAM,eAAe,GAAG,IAAI,QAAQ,CAAC,QAAQ,CAAC,CAAC,YAAY,EAAE,CAAC,MAAM,EAAE,CAAC;QACvE,MAAM,eAAe,GAAG,IAAI,QAAQ,CAAC,QAAQ,CAAC,CAAC,UAAU,EAAE,CAAC,MAAM,EAAE,CAAC;QAErE,MAAM,UAAU,GAAqB;YACpC,IAAI,EAAE,gBAAgB,CAAC,QAAQ;YAC/B,EAAE,EAAE,IAAI;YACR,MAAM,EAAE,QAAQ;SAChB,CAAC;QAEF,MAAM,UAAU,GAAG,iCAAiC,CAAC,UAAU,CAAC,CAAC;QAEjE,MAAM,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC,OAAO,CAAC,iBAAiB,CAAC,CAAC;QACxD,MAAM,CAAC,UAAU,CAAC,gBAAgB,CAAC,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;QAC7D,MAAM,CAAC,UAAU,CAAC,gBAAgB,CAAC,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;QAE7D,MAAM,aAAa,GAAG,6BAA6B,CAAC,UAAU,CAAC,CAAC;QAEhE,MAAM,CAAC,aAAa,CAAC,EAAE,CAAC,CAAC,OAAO,CAAC,IAAI,QAAQ,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;QACnE,MAAM,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;IAChD,CAAC,CAAC,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,2BAA2B,EAAE,GAAG,EAAE;IAQ1C,MAAM,QAAQ,GAAkB;QAC/B;YACC,IAAI,EAAE,cAAc;YACpB,OAAO,EAAE,WAAW;YACpB,KAAK,EAAE,cAAc;YACrB,WAAW,EAAE,8BAA8B;SAC3C;QACD;YACC,IAAI,EAAE,gBAAgB;YACtB,OAAO,EAAE,aAAa;YACtB,KAAK,EAAE,eAAe;YACtB,WAAW,EAAE,uCAAuC;SACpD;QACD;YACC,IAAI,EAAE,YAAY;YAClB,OAAO,EAAE,UAAU;YACnB,KAAK,EAAE,gBAAgB;YACvB,WAAW,EAAE,sCAAsC;SACnD;QACD;YACC,IAAI,EAAE,eAAe;YACrB,OAAO,EAAE,YAAY;YACrB,KAAK,EAAE,gBAAgB;YACvB,WAAW,EAAE,4BAA4B;SACzC;QACD;YACC,IAAI,EAAE,gBAAgB;YACtB,OAAO,EAAE,aAAa;YACtB,KAAK,EAAE,iBAAiB;YACxB,WAAW,EAAE,yCAAyC;SACtD;QACD;YACC,IAAI,EAAE,kBAAkB;YACxB,OAAO,EAAE,eAAe;YACxB,KAAK,EAAE,eAAe;YACtB,WAAW,EAAE,sCAAsC;SACnD;QACD;YACC,IAAI,EAAE,eAAe;YACrB,OAAO,EAAE,YAAY;YACrB,KAAK,EAAE,aAAa;YACpB,WAAW,EAAE,2CAA2C;SACxD;QACD;YACC,IAAI,EAAE,YAAY;YAClB,OAAO,EAAE,SAAS;YAClB,KAAK,EAAE,SAAS;YAChB,WAAW,EAAE,iCAAiC;SAC9C;QACD;YACC,IAAI,EAAE,gBAAgB;YACtB,OAAO,EAAE,aAAa;YACtB,KAAK,EAAE,aAAa;YACpB,WAAW,EAAE,4CAA4C;SACzD;QACD;YACC,IAAI,EAAE,kBAAkB;YACxB,OAAO,EAAE,eAAe;YACxB,KAAK,EAAE,gBAAgB;YACvB,WAAW,EAAE,4BAA4B;SACzC;KACD,CAAC;IAEF,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,sCAAsC,EAAE,CAAC,WAAW,EAAE,EAAE;QACzE,MAAM,IAAI,GAAG,yBAAyB,CACrC,IAAI,QAAQ,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC,MAAM,EAAE,EAC1C,IAAI,QAAQ,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,MAAM,EAAE,CACxC,CAAC;QAEF,MAAM,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;IACxC,CAAC,CAAC,CAAC;IASH,MAAM,YAAY,GAAsB;QACvC;YACC,IAAI,EAAE,eAAe;YACrB,OAAO,EAAE,YAAY;YACrB,KAAK,EAAE,wCAAwC;YAC/C,WAAW,EAAE,kBAAkB;SAC/B;QACD;YACC,IAAI,EAAE,eAAe;YACrB,OAAO,EAAE,YAAY;YACrB,KAAK,EAAE,+BAA+B;YACtC,WAAW,EAAE,iBAAiB;SAC9B;QACD;YACC,IAAI,EAAE,WAAW;YACjB,OAAO,EAAE,QAAQ;YACjB,KAAK,EAAE,yCAAyC;YAChD,WAAW,EAAE,qBAAqB;SAClC;KACD,CAAC;IAEF,EAAE,CAAC,IAAI,CAAC,YAAY,CAAC,CACpB,sCAAsC,EACtC,CAAC,WAAW,EAAE,EAAE;QACf,MAAM,IAAI,GAAG,yBAAyB,CACrC,IAAI,QAAQ,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC,MAAM,EAAE,EAC1C,IAAI,QAAQ,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,MAAM,EAAE,CACxC,CAAC;QAEF,MAAM,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;IACxC,CAAC,CACD,CAAC;AACH,CAAC,CAAC,CAAC"}

package/dist/transformRule.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"transformRule.d.ts","sourceRoot":"","sources":["../src/transformRule.ts"],"names":[],"mappings":"AAkBA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AAO5C,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;~~AAIxD~~,eAAO,MAAM,kBAAkB,SAAU,UAAU,KAAG,MAYrD,CAAC;AAEF,eAAO,MAAM,iCAAiC,eACjC,gBAAgB,KAC1B,UAE+B,CAAC;AAEnC,eAAO,MAAM,6BAA6B,SACnC,UAAU,KACd,gBAAwD,CAAC;~~AAgE5D~~,eAAO,MAAM,yBAAyB,YAC5B,MAAM,SACR,MAAM,KACX,MAAM,GAAG,SASX,CAAC"}
1	+ {"version":3,"file":"transformRule.d.ts","sourceRoot":"","sources":["../src/transformRule.ts"],"names":[],"mappings":"AAkBA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AAO5C,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AAOxD,eAAO,MAAM,kBAAkB,SAAU,UAAU,KAAG,MAYrD,CAAC;AAEF,eAAO,MAAM,iCAAiC,eACjC,gBAAgB,KAC1B,UAE+B,CAAC;AAEnC,eAAO,MAAM,6BAA6B,SACnC,UAAU,KACd,gBAAwD,CAAC;AAkE5D,eAAO,MAAM,yBAAyB,YAC5B,MAAM,SACR,MAAM,KACX,MAAM,GAAG,SASX,CAAC"}

package/dist/transformRule.js CHANGED Viewed

@@ -1,11 +1,12 @@
 import crypto from "node:crypto";
 import { IpRange, IpAddress } from "cidr-calc";
-import { Address4 } from "ip-address";
+import { Address6, Address4 } from "ip-address";
 import { z } from "zod";
 import { policyScopeInput, accessPolicyInput } from "./ruleInput/policyInput.js";
 import { accessRuleInput } from "./ruleInput/ruleInput.js";
 import { userScopeSchema } from "./ruleInput/userScopeInput.js";
 const RULE_HASH_ALGORITHM = "md5";
+const MAX_IPV4_NUMERIC = (1n << 32n) - 1n;
 const makeAccessRuleHash = (rule) => {
   const valueProperties = Object.entries(rule).filter(
     ([key, value]) => "undefined" !== typeof value
@@ -60,7 +61,7 @@ const hashObject = (object, algorithm) => crypto.createHash(algorithm).update(
     )
   )
 ).digest("hex");
-const getStringIpFromNumeric = (numericIp) => Address4.fromInteger(Number(numericIp)).address;
+const getStringIpFromNumeric = (numericIp) => numericIp > MAX_IPV4_NUMERIC ? Address6.fromBigInt(numericIp).correctForm() : Address4.fromInteger(Number(numericIp)).address;
 const getCidrFromNumericIpRange = (startIp, endIp) => {
   const ipRange = new IpRange(
     IpAddress.of(getStringIpFromNumeric(startIp)),

package/dist/transformRule.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"transformRule.js","sourceRoot":"","sources":["../src/transformRule.ts"],"names":[],"mappings":"AAcA,OAAO,MAAM,MAAM,aAAa,CAAC;AACjC,OAAO,EAAE,SAAS,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAC/C,OAAO,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAC;~~AACtC~~,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,OAAO,EACN,iBAAiB,EACjB,gBAAgB,GAChB,MAAM,4BAA4B,CAAC;AACpC,OAAO,EAAE,eAAe,EAAE,MAAM,0BAA0B,CAAC;AAC3D,OAAO,EAAE,eAAe,EAAE,MAAM,+BAA+B,CAAC;AAGhE,MAAM,mBAAmB,GAAG,KAAK,CAAC;~~AAElC~~,MAAM,CAAC,MAAM,kBAAkB,GAAG,CAAC,IAAgB,EAAU,EAAE;IAE9D,MAAM,eAAe,GAAG,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,MAAM,CAClD,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,WAAW,KAAK,OAAO,KAAK,CAC9C,CAAC;IAGF,MAAM,iBAAiB,GAAG,eAAe,CAAC,IAAI,EAAE,CAAC;IAEjD,MAAM,YAAY,GAAG,MAAM,CAAC,WAAW,CAAC,iBAAiB,CAAC,CAAC;IAE3D,OAAO,UAAU,CAAC,YAAY,EAAE,mBAAmB,CAAC,CAAC;AACtD,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,iCAAiC,GAAG,CAChD,UAA4B,EACf,EAAE,CAEf,eAAe,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;AAEnC,MAAM,CAAC,MAAM,6BAA6B,GAAG,CAC5C,IAAgB,EACG,EAAE,CAAC,wBAAwB,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;AAE5D,MAAM,wBAAwB,GAAG,CAAC;KAChC,MAAM,CAAC;IACP,GAAG,iBAAiB,CAAC,KAAK;IAC1B,GAAG,gBAAgB,CAAC,KAAK;IACzB,GAAG,eAAe,CAAC,KAAK;IACxB,OAAO,EAAE,CAAC,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CACrC,CAAC;KACD,SAAS,CAAC,CAAC,SAAqB,EAAoB,EAAE;IAEtD,MAAM,EACL,OAAO,EACP,SAAS,EACT,gBAAgB,EAChB,gBAAgB,EAChB,aAAa,EACb,GAAG,IAAI,EACP,GAAG,SAAS,CAAC;IAEd,MAAM,MAAM,GAAqB,IAAI,CAAC;IAEtC,IAAI,QAAQ,KAAK,OAAO,OAAO,EAAE,CAAC;QACjC,MAAM,CAAC,WAAW,GAAG,OAAO,CAAC;IAC9B,CAAC;IAED,IAAI,QAAQ,KAAK,OAAO,aAAa,EAAE,CAAC;QACvC,MAAM,CAAC,SAAS,GAAG,aAAa,CAAC;IAClC,CAAC;IAED,IAAI,QAAQ,KAAK,OAAO,SAAS,EAAE,CAAC;QACnC,MAAM,CAAC,EAAE,GAAG,sBAAsB,CAAC,SAAS,CAAC,CAAC;IAC/C,CAAC;IAED,IACC,QAAQ,KAAK,OAAO,gBAAgB;QACpC,QAAQ,KAAK,OAAO,gBAAgB,EACnC,CAAC;QACF,MAAM,CAAC,MAAM,GAAG,yBAAyB,CACxC,gBAAgB,EAChB,gBAAgB,CAChB,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AACf,CAAC,CAAC,CAAC;AAEJ,MAAM,UAAU,GAAG,CAClB,MAA+B,EAC/B,SAAiB,EACR,EAAE,CACX,MAAM;KACJ,UAAU,CAAC,SAAS,CAAC;KACrB,MAAM,CACN,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,KAAK,EAAE,EAAE,CAErC,QAAQ,KAAK,OAAO,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,KAAK,CACpD,CACD;KACA,MAAM,CAAC,KAAK,CAAC,CAAC;AAEjB,MAAM,sBAAsB,GAAG,CAAC,SAAiB,EAAU,EAAE,CAC5D,QAAQ,CAAC,WAAW,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,OAAO,CAAC;~~AAEjD~~,MAAM,CAAC,MAAM,yBAAyB,GAAG,CACxC,OAAe,EACf,KAAa,EACQ,EAAE;IACvB,MAAM,OAAO,GAAG,IAAI,OAAO,CAC1B,SAAS,CAAC,EAAE,CAAC,sBAAsB,CAAC,OAAO,CAAC,CAAC,EAC7C,SAAS,CAAC,EAAE,CAAC,sBAAsB,CAAC,KAAK,CAAC,CAAC,CAC3C,CAAC;IAEF,MAAM,IAAI,GAAG,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,CAAC;IAElC,OAAO,IAAI,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;AACzE,CAAC,CAAC"}
1	+ {"version":3,"file":"transformRule.js","sourceRoot":"","sources":["../src/transformRule.ts"],"names":[],"mappings":"AAcA,OAAO,MAAM,MAAM,aAAa,CAAC;AACjC,OAAO,EAAE,SAAS,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAC/C,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAC;AAChD,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,OAAO,EACN,iBAAiB,EACjB,gBAAgB,GAChB,MAAM,4BAA4B,CAAC;AACpC,OAAO,EAAE,eAAe,EAAE,MAAM,0BAA0B,CAAC;AAC3D,OAAO,EAAE,eAAe,EAAE,MAAM,+BAA+B,CAAC;AAGhE,MAAM,mBAAmB,GAAG,KAAK,CAAC;AAGlC,MAAM,gBAAgB,GAAG,CAAC,EAAE,IAAI,GAAG,CAAC,GAAG,EAAE,CAAC;AAE1C,MAAM,CAAC,MAAM,kBAAkB,GAAG,CAAC,IAAgB,EAAU,EAAE;IAE9D,MAAM,eAAe,GAAG,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,MAAM,CAClD,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,WAAW,KAAK,OAAO,KAAK,CAC9C,CAAC;IAGF,MAAM,iBAAiB,GAAG,eAAe,CAAC,IAAI,EAAE,CAAC;IAEjD,MAAM,YAAY,GAAG,MAAM,CAAC,WAAW,CAAC,iBAAiB,CAAC,CAAC;IAE3D,OAAO,UAAU,CAAC,YAAY,EAAE,mBAAmB,CAAC,CAAC;AACtD,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,iCAAiC,GAAG,CAChD,UAA4B,EACf,EAAE,CAEf,eAAe,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;AAEnC,MAAM,CAAC,MAAM,6BAA6B,GAAG,CAC5C,IAAgB,EACG,EAAE,CAAC,wBAAwB,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;AAE5D,MAAM,wBAAwB,GAAG,CAAC;KAChC,MAAM,CAAC;IACP,GAAG,iBAAiB,CAAC,KAAK;IAC1B,GAAG,gBAAgB,CAAC,KAAK;IACzB,GAAG,eAAe,CAAC,KAAK;IACxB,OAAO,EAAE,CAAC,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CACrC,CAAC;KACD,SAAS,CAAC,CAAC,SAAqB,EAAoB,EAAE;IAEtD,MAAM,EACL,OAAO,EACP,SAAS,EACT,gBAAgB,EAChB,gBAAgB,EAChB,aAAa,EACb,GAAG,IAAI,EACP,GAAG,SAAS,CAAC;IAEd,MAAM,MAAM,GAAqB,IAAI,CAAC;IAEtC,IAAI,QAAQ,KAAK,OAAO,OAAO,EAAE,CAAC;QACjC,MAAM,CAAC,WAAW,GAAG,OAAO,CAAC;IAC9B,CAAC;IAED,IAAI,QAAQ,KAAK,OAAO,aAAa,EAAE,CAAC;QACvC,MAAM,CAAC,SAAS,GAAG,aAAa,CAAC;IAClC,CAAC;IAED,IAAI,QAAQ,KAAK,OAAO,SAAS,EAAE,CAAC;QACnC,MAAM,CAAC,EAAE,GAAG,sBAAsB,CAAC,SAAS,CAAC,CAAC;IAC/C,CAAC;IAED,IACC,QAAQ,KAAK,OAAO,gBAAgB;QACpC,QAAQ,KAAK,OAAO,gBAAgB,EACnC,CAAC;QACF,MAAM,CAAC,MAAM,GAAG,yBAAyB,CACxC,gBAAgB,EAChB,gBAAgB,CAChB,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AACf,CAAC,CAAC,CAAC;AAEJ,MAAM,UAAU,GAAG,CAClB,MAA+B,EAC/B,SAAiB,EACR,EAAE,CACX,MAAM;KACJ,UAAU,CAAC,SAAS,CAAC;KACrB,MAAM,CACN,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,KAAK,EAAE,EAAE,CAErC,QAAQ,KAAK,OAAO,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,KAAK,CACpD,CACD;KACA,MAAM,CAAC,KAAK,CAAC,CAAC;AAEjB,MAAM,sBAAsB,GAAG,CAAC,SAAiB,EAAU,EAAE,CAC5D,SAAS,GAAG,gBAAgB;IAC3B,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC,WAAW,EAAE;IAC9C,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,OAAO,CAAC;AAEpD,MAAM,CAAC,MAAM,yBAAyB,GAAG,CACxC,OAAe,EACf,KAAa,EACQ,EAAE;IACvB,MAAM,OAAO,GAAG,IAAI,OAAO,CAC1B,SAAS,CAAC,EAAE,CAAC,sBAAsB,CAAC,OAAO,CAAC,CAAC,EAC7C,SAAS,CAAC,EAAE,CAAC,sBAAsB,CAAC,KAAK,CAAC,CAAC,CAC3C,CAAC;IAEF,MAAM,IAAI,GAAG,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,CAAC;IAElC,OAAO,IAAI,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;AACzE,CAAC,CAAC"}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
 	"name": "@prosopo/user-access-policy",
-	"version": "3.8.0",
+	"version": "3.9.0",
 	"type": "module",
 	"engines": {
 		"node": "^24",
@@ -43,12 +43,12 @@
 		"test": "npm run test:unit && npm run test:integration"
 	},
 	"dependencies": {
-		"@prosopo/api": "3.4.9",
+		"@prosopo/api": "3.4.11",
 		"@prosopo/api-route": "2.6.46",
 		"@prosopo/common": "3.1.38",
 		"@prosopo/logger": "1.0.2",
 		"@prosopo/redis-client": "1.0.23",
-		"@prosopo/types": "4.3.1",
+		"@prosopo/types": "4.4.1",
 		"@prosopo/util": "3.2.15",
 		"@redis/search": "5.0.0",
 		"cidr-calc": "1.0.4",

package/src/api/read/fetchRules.ts CHANGED Viewed

@@ -36,9 +36,17 @@ export type FetchRulesResponse = {
 	ruleEntries: AccessRuleEntry[];
 };
-export const fetchRulesResponse = z.object({
+// Explicit annotation with `unknown` input position rather than the
+// strict identity form because `ruleEntryInput.rule` transitively uses
+// `z.preprocess` on `deferToVerify`. Required for portable declaration
+// emit; the `AllKeys<...>` constraint still catches missing fields.
+export const fetchRulesResponse: ZodType<
+	FetchRulesResponse,
+	z.ZodTypeDef,
+	unknown
+> = z.object({
 	ruleEntries: ruleEntryInput.array(),
-} satisfies AllKeys<FetchRulesResponse>) satisfies ZodType<FetchRulesResponse>;
+} satisfies AllKeys<FetchRulesResponse>);
 export type FetchRulesEndpointResponse = ApiEndpointResponse & {
 	data?: FetchRulesResponse;

package/src/api/write/insertRules.ts CHANGED Viewed

@@ -19,7 +19,7 @@ import {
 } from "@prosopo/api-route";
 import type { AllKeys } from "@prosopo/common";
 import { LogLevel, type Logger } from "@prosopo/logger";
-import { type ZodType, z } from "zod";
+import { type ZodType, type ZodTypeDef, z } from "zod";
 import type {
 	AccessPolicy,
 	AccessRule,
@@ -56,7 +56,9 @@ type ParsedInsertRulesGroup = InsertRulesGroup & {
 type ParsedInsertRuleGroups = ParsedInsertRulesGroup[];
-type InsertRulesSchema = ZodType<InsertRulesGroup[]>;
+// Input position widened to `unknown` because `accessPolicyInput` uses
+// `z.preprocess` on `deferToVerify` for Redis string round-tripping.
+type InsertRulesSchema = ZodType<InsertRulesGroup[], ZodTypeDef, unknown>;
 export class InsertRulesEndpoint implements ApiEndpoint<InsertRulesSchema> {
 	public constructor(

package/src/mongoose/mongooseRuleSchema.ts CHANGED Viewed

@@ -56,6 +56,7 @@ const accessPolicySchema: SchemaDefinition<AccessPolicy> = {
 	powDifficulty: { type: Number, required: false },
 	unsolvedImagesCount: { type: Number, required: false },
 	frictionlessScore: { type: Number, required: false },
+	deferToVerify: { type: Boolean, required: false },
 } satisfies AllKeys<AccessPolicy>;
 export const accessRuleMongooseSchema: SchemaDefinition<AccessRuleRecord> = {

package/src/redis/redisClient.ts CHANGED Viewed

@@ -14,7 +14,7 @@
 import type { Logger } from "@prosopo/logger";
 import type { RedisClientType } from "redis";
-import { type ZodType, z } from "zod";
+import { type ZodType, type ZodTypeDef, z } from "zod";
 export const REDIS_BATCH_SIZE = 1_000;
@@ -67,9 +67,14 @@ export const fetchRedisHashRecords = async (
 	};
 };
+// `recordSchema` is intentionally typed with `unknown` as the input
+// position. Some schemas use `z.preprocess` (e.g. accessPolicyInput's
+// deferToVerify boolean coercion from Redis strings), which widens the
+// zod input type. The strict `ZodType<T, ZodTypeDef, T>` form rejects
+// those at the call site even though they parse correctly at runtime.
 export const parseRedisRecords = <T>(
 	records: unknown[],
-	recordSchema: ZodType<T>,
+	recordSchema: ZodType<T, ZodTypeDef, unknown>,
 	logger: Logger,
 ): T[] =>
 	records.flatMap((record) => {

package/src/rule.ts CHANGED Viewed

@@ -27,6 +27,18 @@ export type AccessPolicy = {
 	powDifficulty?: number;
 	unsolvedImagesCount?: number;
 	frictionlessScore?: number;
+	// When true, a Block policy does NOT fire at the request-time
+	// blockMiddleware (so the user does not see a 401 on the captcha
+	// challenge endpoint) — it fires at the verify step instead, marking
+	// the commitment ACCESS_POLICY_BLOCK / disapproved. The verify
+	// response returns `{verified:false}` to the dApp's server while the
+	// user-facing widget completes normally. Mirrors the existing
+	// coords-rule deferral pattern: the middleware blanks coords out of
+	// the userScope, so coords rules can only ever be matched in the
+	// verify path; `deferToVerify` is the explicit form for non-coords
+	// signals (ja4, headersHash, etc.) when the operator wants the
+	// attacker to pay the captcha-solving cost before being rejected.
+	deferToVerify?: boolean;
 };
 export type PolicyScope = {

package/src/ruleInput/policyInput.ts CHANGED Viewed

@@ -21,6 +21,11 @@ import {
 	type PolicyScope,
 } from "#policy/rule.js";
+// `satisfies ZodType<AccessPolicy>` is intentionally omitted: the
+// `deferToVerify` preprocess widens the schema's input type to `unknown`
+// (preprocess accepts anything), which fails the
+// `ZodType<T, ZodTypeDef, T>` identity check. The `AllKeys<AccessPolicy>`
+// constraint still catches missing-field regressions.
 export const accessPolicyInput = z.object({
 	type: z.nativeEnum(AccessPolicyType),
 	captchaType: CaptchaTypeSchema.optional(),
@@ -35,7 +40,13 @@ export const accessPolicyInput = z.object({
 	unsolvedImagesCount: z.coerce.number().optional(),
 	// used to increase the user's score
 	frictionlessScore: z.coerce.number().optional(),
-} satisfies AllKeys<AccessPolicy>) satisfies ZodType<AccessPolicy>;
+	// Skip the request-time block middleware and only fire at verify.
+	// Redis stores booleans as strings — preprocess so "true"/"false"
+	// round-trip to the JS boolean the matcher expects.
+	deferToVerify: z
+		.preprocess((v) => (typeof v === "string" ? v === "true" : v), z.boolean())
+		.optional(),
+} satisfies AllKeys<AccessPolicy>);
 // Sanitize block policies by removing captchaType and solvedImagesCount
 export const sanitizeAccessPolicy = (policy: AccessPolicy): AccessPolicy => {

package/src/ruleInput/ruleInput.ts CHANGED Viewed

@@ -48,20 +48,25 @@ const ruleGroupInput = z
 		return ruleGroup;
 	});
-export const accessRuleInput: ZodType<AccessRule> = z
+// Explicit `ZodType<…, ZodTypeDef, unknown>` annotation rather than the
+// strict-identity form because `accessPolicyInput.shape.deferToVerify`
+// uses `z.preprocess` which widens the input position to `unknown`. The
+// relaxed annotation is portable for declaration emit; the `transform`
+// pins the OUTPUT to AccessRule.
+export const accessRuleInput: ZodType<AccessRule, z.ZodTypeDef, unknown> = z
 	.object({
 		...accessPolicyInput.shape,
 		...policyScopeInput.shape,
 	})
 	.and(userScopeInput)
 	.and(ruleGroupInput)
-	// transform is used for type safety only - plain "satisfies ZodType<x>" doesn't work after ".and()"
 	.transform((ruleInput: AccessRuleInput): AccessRule => ruleInput);
-export const ruleEntryInput = z.object({
-	rule: accessRuleInput,
-	expiresUnixTimestamp: z.coerce.number().optional(),
-} satisfies AllKeys<AccessRuleEntry>) satisfies ZodType<AccessRuleEntry>;
+export const ruleEntryInput: ZodType<AccessRuleEntry, z.ZodTypeDef, unknown> =
+	z.object({
+		rule: accessRuleInput,
+		expiresUnixTimestamp: z.coerce.number().optional(),
+	} satisfies AllKeys<AccessRuleEntry>);
 export type AccessRulesFilterInput = AccessRulesFilter & {
 	userScope?: UserScopeInput;

package/src/ruleInput/userScopeInput.ts CHANGED Viewed

@@ -15,7 +15,7 @@
 import crypto from "node:crypto";
 import type { AllKeys } from "@prosopo/common";
 import { getIPAddress } from "@prosopo/util";
-import { Address4 } from "ip-address";
+import { Address4, Address6 } from "ip-address";
 import { type ZodType, z } from "zod";
 import type { UserAttributes, UserIp, UserScope } from "#policy/rule.js";
 import type { UserAttributesRecord, UserIpRecord } from "#policy/ruleRecord.js";
@@ -77,14 +77,14 @@ const userIpInput = z
 		// Assuming ipMask is already validated to be a string in CIDR format
 		if ("string" === typeof ipMask) {
-			// Create an Address4 object from the CIDR string.
-			// Address4 automatically understands CIDR notation and represents the entire network range.
-			const ipObject = new Address4(ipMask);
+			// Try IPv4 CIDR first (e.g., 192.168.1.0/24); fall back to IPv6
+			// CIDR (e.g., 2001:db8::/32). Both Address4 and Address6 understand
+			// CIDR notation and expose start/end addresses for the network.
+			const ipObject = Address4.isValid(ipMask)
+				? new Address4(ipMask)
+				: new Address6(ipMask);
-			// The minimum IP in the CIDR range is the start address of the network.
 			numericUserIp.numericIpMaskMin = ipObject.startAddress().bigInt();
-			// The maximum IP in the CIDR range is the end address of the network.
 			numericUserIp.numericIpMaskMax = ipObject.endAddress().bigInt();
 		}

package/src/tests/transformRule.unit.test.ts CHANGED Viewed

@@ -13,7 +13,7 @@
 // limitations under the License.
 import { CaptchaType } from "@prosopo/types";
-import { Address4 } from "ip-address";
+import { Address4, Address6 } from "ip-address";
 import { describe, expect, it } from "vitest";
 import { AccessPolicyType, type AccessRule } from "#policy/rule.js";
 import type { AccessRuleRecord } from "#policy/ruleRecord.js";
@@ -106,6 +106,7 @@ describe("transformRule", () => {
 		powDifficulty: 1,
 		unsolvedImagesCount: 1,
 		frictionlessScore: 1,
+		deferToVerify: false,
 		headersHash: "headersHash",
 		ja4Hash: "js4Hash",
 		clientId: "client",
@@ -186,6 +187,32 @@ describe("transformRule", () => {
 			} as unknown as AccessRule),
 		).toThrow();
 	});
+	it("should round-trip an IPv6 address and CIDR mask", () => {
+		const ipv6 = "2001:db8::1";
+		const ipv6Cidr = "2001:db8::/32";
+		const expectedNumericIp = new Address6(ipv6).bigInt();
+		const expectedMaskMin = new Address6(ipv6Cidr).startAddress().bigInt();
+		const expectedMaskMax = new Address6(ipv6Cidr).endAddress().bigInt();
+		const ruleRecord: AccessRuleRecord = {
+			type: AccessPolicyType.Restrict,
+			ip: ipv6,
+			ipMask: ipv6Cidr,
+		};
+		const accessRule = transformAccessRuleRecordIntoRule(ruleRecord);
+		expect(accessRule.numericIp).toEqual(expectedNumericIp);
+		expect(accessRule.numericIpMaskMin).toEqual(expectedMaskMin);
+		expect(accessRule.numericIpMaskMax).toEqual(expectedMaskMax);
+		const reconstructed = transformAccessRuleIntoRecord(accessRule);
+		expect(reconstructed.ip).toEqual(new Address6(ipv6).correctForm());
+		expect(reconstructed.ipMask).toEqual(ipv6Cidr);
+	});
 });
 describe("getCidrFromNumericIpRange", () => {
@@ -267,4 +294,44 @@ describe("getCidrFromNumericIpRange", () => {
 		expect(cird).toEqual(cirdExample.cidr);
 	});
+	type Ipv6CidrExample = {
+		cidr: string;
+		startIp: string;
+		endIp: string;
+		description: string;
+	};
+	const ipv6CirdsSet: Ipv6CidrExample[] = [
+		{
+			cidr: "2001:db8::/32",
+			startIp: "2001:db8::",
+			endIp: "2001:db8:ffff:ffff:ffff:ffff:ffff:ffff",
+			description: "/32 IPv6 network",
+		},
+		{
+			cidr: "2001:db8::/64",
+			startIp: "2001:db8::",
+			endIp: "2001:db8::ffff:ffff:ffff:ffff",
+			description: "/64 IPv6 subnet",
+		},
+		{
+			cidr: "fe80::/10",
+			startIp: "fe80::",
+			endIp: "febf:ffff:ffff:ffff:ffff:ffff:ffff:ffff",
+			description: "/10 IPv6 link-local",
+		},
+	];
+	it.each(ipv6CirdsSet)(
+		"should convert $description to $cidr",
+		(cirdExample) => {
+			const cidr = getCidrFromNumericIpRange(
+				new Address6(cirdExample.startIp).bigInt(),
+				new Address6(cirdExample.endIp).bigInt(),
+			);
+			expect(cidr).toEqual(cirdExample.cidr);
+		},
+	);
 });

package/src/transformRule.ts CHANGED Viewed

@@ -14,7 +14,7 @@
 import crypto from "node:crypto";
 import { IpAddress, IpRange } from "cidr-calc";
-import { Address4 } from "ip-address";
+import { Address4, Address6 } from "ip-address";
 import { z } from "zod";
 import type { AccessRule } from "./rule.js";
 import {
@@ -27,6 +27,9 @@ import type { AccessRuleRecord } from "./ruleRecord.js";
 const RULE_HASH_ALGORITHM = "md5";
+// IPv4 numeric values occupy 0..2^32-1. Anything above is treated as IPv6.
+const MAX_IPV4_NUMERIC = (1n << 32n) - 1n;
 export const makeAccessRuleHash = (rule: AccessRule): string => {
 	// 1. exclude "undefined" values to ensure hash consistency
 	const valueProperties = Object.entries(rule).filter(
@@ -111,7 +114,9 @@ const hashObject = (
 		.digest("hex");
 const getStringIpFromNumeric = (numericIp: bigint): string =>
-	Address4.fromInteger(Number(numericIp)).address;
+	numericIp > MAX_IPV4_NUMERIC
+		? Address6.fromBigInt(numericIp).correctForm()
+		: Address4.fromInteger(Number(numericIp)).address;
 export const getCidrFromNumericIpRange = (
 	startIp: bigint,