@rayselfs/cf-rule-engine 1.8.2 → 1.9.1

package/dist/helpers/whitelist.d.ts

@@ -3,7 +3,7 @@ import { Rule } from '../core/types.js';
 /**
  * Configuration options for the IP/User-Agent access whitelist.
  */
-interface WhitelistOptions {
+type WhitelistOptions = {
     /**
      * CIDR ranges to allow (e.g. office IPs, VPN, stage VPCs).
      * At least one of `cidrs` or `userAgents` must be non-empty, otherwise
@@ -32,7 +32,7 @@ interface WhitelistOptions {
      * @example `['/api/health', '/public/*']`
      */
     bypassPaths?: string[];
-}
+};
 /**
  * Creates a `Rule` that restricts access by IP CIDR range and/or User-Agent
  * pattern. Any request that does not match an allowed CIDR or User-Agent

package/dist/helpers/whitelist.js

@@ -1,11 +1,11 @@
 import {
   whitelist
-} from "../chunk-RL7ZETZR.js";
-import "../chunk-S2AAATFN.js";
-import "../chunk-KW5YBTSD.js";
-import "../chunk-LNQPYKGG.js";
-import "../chunk-LO2BO3RU.js";
-import "../chunk-2DE6WPPL.js";
+} from "../chunk-IHDSTTO2.js";
+import "../chunk-Y7TIDVVC.js";
+import "../chunk-VQGBRWJK.js";
+import "../chunk-YHTUV2SA.js";
+import "../chunk-NWRGD3AH.js";
+import "../chunk-EEZ7NUJG.js";
 import "../chunk-DSSFFJWL.js";
 import "../chunk-Q4NP4C3B.js";
 import "../chunk-MLKGABMK.js";

package/dist/index.cjs

@@ -4,7 +4,7 @@
 var _chunk5ZIB3AJ7cjs = require('./chunk-5ZIB3AJ7.cjs');
 
 
-var _chunk3BBLG4IXcjs = require('./chunk-3BBLG4IX.cjs');
+var _chunkG4JEAL6Lcjs = require('./chunk-G4JEAL6L.cjs');
 require('./chunk-SGN2N3WI.cjs');
 
 
@@ -26,4 +26,4 @@ require('./chunk-75ZPJI57.cjs');
 
 
 
-exports.all = _chunkWKYMSRCDcjs.all; exports.any = _chunkWKYMSRCDcjs.any; exports.cfFunction = _chunk5ZIB3AJ7cjs.cf_function_exports; exports.chain = _chunkWKYMSRCDcjs.chain; exports.lambdaEdge = _chunk3BBLG4IXcjs.lambda_edge_exports; exports.not = _chunkWKYMSRCDcjs.not; exports.rule = _chunkWKYMSRCDcjs.rule; exports.runRules = _chunkWKYMSRCDcjs.runRules;
+exports.all = _chunkWKYMSRCDcjs.all; exports.any = _chunkWKYMSRCDcjs.any; exports.cfFunction = _chunk5ZIB3AJ7cjs.cf_function_exports; exports.chain = _chunkWKYMSRCDcjs.chain; exports.lambdaEdge = _chunkG4JEAL6Lcjs.lambda_edge_exports; exports.not = _chunkWKYMSRCDcjs.not; exports.rule = _chunkWKYMSRCDcjs.rule; exports.runRules = _chunkWKYMSRCDcjs.runRules;

package/dist/index.js

@@ -4,7 +4,7 @@ import {
 } from "./chunk-PR5UQJCC.js";
 import {
   lambda_edge_exports
-} from "./chunk-WEBU4R5C.js";
+} from "./chunk-ULR7EP5D.js";
 import "./chunk-BJZPAQHW.js";
 import {
   all,

package/dist/shared/cidr.cjs

@@ -2,10 +2,10 @@
 
 
 
-var _chunkYVUR35RNcjs = require('../chunk-YVUR35RN.cjs');
+var _chunkWZKRNMF2cjs = require('../chunk-WZKRNMF2.cjs');
 require('../chunk-75ZPJI57.cjs');
 
 
 
 
-exports.inCidr = _chunkYVUR35RNcjs.inCidr; exports.ipToInt = _chunkYVUR35RNcjs.ipToInt; exports.matchesAnyCidr = _chunkYVUR35RNcjs.matchesAnyCidr;
+exports.inCidr = _chunkWZKRNMF2cjs.inCidr; exports.ipToInt = _chunkWZKRNMF2cjs.ipToInt; exports.matchesAnyCidr = _chunkWZKRNMF2cjs.matchesAnyCidr;

package/dist/shared/cidr.d.cts

@@ -1,8 +1,8 @@
 /** Convert IPv4 string to unsigned 32-bit integer */
 declare function ipToInt(ip: string): number;
-/** Returns true if `ip` falls within the `cidr` range (e.g. "10.0.0.0/8") */
+/** Returns true if `ip` falls within the `cidr` range. Supports IPv4 and IPv6. */
 declare function inCidr(ip: string, cidr: string): boolean;
-/** Returns true if `ip` matches ANY of the given CIDR ranges */
+/** Returns true if `ip` matches ANY of the given CIDR ranges. Supports IPv4 and IPv6. */
 declare function matchesAnyCidr(ip: string, cidrs: string[]): boolean;
 
 export { inCidr, ipToInt, matchesAnyCidr };

package/dist/shared/cidr.d.ts

@@ -1,8 +1,8 @@
 /** Convert IPv4 string to unsigned 32-bit integer */
 declare function ipToInt(ip: string): number;
-/** Returns true if `ip` falls within the `cidr` range (e.g. "10.0.0.0/8") */
+/** Returns true if `ip` falls within the `cidr` range. Supports IPv4 and IPv6. */
 declare function inCidr(ip: string, cidr: string): boolean;
-/** Returns true if `ip` matches ANY of the given CIDR ranges */
+/** Returns true if `ip` matches ANY of the given CIDR ranges. Supports IPv4 and IPv6. */
 declare function matchesAnyCidr(ip: string, cidrs: string[]): boolean;
 
 export { inCidr, ipToInt, matchesAnyCidr };

package/dist/shared/cidr.js

@@ -2,7 +2,7 @@ import {
   inCidr,
   ipToInt,
   matchesAnyCidr
-} from "../chunk-LNQPYKGG.js";
+} from "../chunk-NWRGD3AH.js";
 import "../chunk-MLKGABMK.js";
 export {
   inCidr,

package/dist/shared/kvs.cjs

@@ -0,0 +1 @@
+"use strict";

package/dist/shared/kvs.d.cts

@@ -0,0 +1,10 @@
+/**
+ * Minimal interface for a CloudFront KeyValueStore handle.
+ * Compatible with the handle returned by `CloudFront.createKeyValueStore(event)`
+ * in the CF Function runtime.
+ */
+type KvsHandle = {
+    get(key: string): Promise<string | undefined>;
+};
+
+export type { KvsHandle };

package/dist/shared/kvs.d.ts

@@ -0,0 +1,10 @@
+/**
+ * Minimal interface for a CloudFront KeyValueStore handle.
+ * Compatible with the handle returned by `CloudFront.createKeyValueStore(event)`
+ * in the CF Function runtime.
+ */
+type KvsHandle = {
+    get(key: string): Promise<string | undefined>;
+};
+
+export type { KvsHandle };

package/dist/shared/wildcard.cjs

@@ -2,10 +2,12 @@
 
 
 
-var _chunkIBXAK2A4cjs = require('../chunk-IBXAK2A4.cjs');
+
+var _chunkULICUDDHcjs = require('../chunk-ULICUDDH.cjs');
 require('../chunk-75ZPJI57.cjs');
 
 
 
 
-exports.matchesAnyWildcard = _chunkIBXAK2A4cjs.matchesAnyWildcard; exports.matchesWildcard = _chunkIBXAK2A4cjs.matchesWildcard; exports.wildcardToRegex = _chunkIBXAK2A4cjs.wildcardToRegex;
+
+exports.matchesAnyWildcard = _chunkULICUDDHcjs.matchesAnyWildcard; exports.matchesOriginPattern = _chunkULICUDDHcjs.matchesOriginPattern; exports.matchesWildcard = _chunkULICUDDHcjs.matchesWildcard; exports.wildcardToRegex = _chunkULICUDDHcjs.wildcardToRegex;

package/dist/shared/wildcard.d.cts

@@ -4,5 +4,14 @@ declare function wildcardToRegex(pattern: string): RegExp;
 declare function matchesWildcard(str: string, pattern: string): boolean;
 /** Returns true if `str` matches ANY of the given wildcard patterns */
 declare function matchesAnyWildcard(str: string, patterns: string[]): boolean;
+/**
+ * Returns true if `origin` matches the given origin pattern.
+ * - `'*'` matches any origin.
+ * - Patterns without `*` are exact-matched (case-sensitive).
+ * - Patterns with `*` are converted to a cached RegExp (case-sensitive, `*` maps to `.*`).
+ *
+ * Unlike `matchesWildcard`, this function is case-sensitive and does not support `?`.
+ */
+declare function matchesOriginPattern(origin: string, pattern: string): boolean;
 
-export { matchesAnyWildcard, matchesWildcard, wildcardToRegex };
+export { matchesAnyWildcard, matchesOriginPattern, matchesWildcard, wildcardToRegex };

package/dist/shared/wildcard.d.ts

@@ -4,5 +4,14 @@ declare function wildcardToRegex(pattern: string): RegExp;
 declare function matchesWildcard(str: string, pattern: string): boolean;
 /** Returns true if `str` matches ANY of the given wildcard patterns */
 declare function matchesAnyWildcard(str: string, patterns: string[]): boolean;
+/**
+ * Returns true if `origin` matches the given origin pattern.
+ * - `'*'` matches any origin.
+ * - Patterns without `*` are exact-matched (case-sensitive).
+ * - Patterns with `*` are converted to a cached RegExp (case-sensitive, `*` maps to `.*`).
+ *
+ * Unlike `matchesWildcard`, this function is case-sensitive and does not support `?`.
+ */
+declare function matchesOriginPattern(origin: string, pattern: string): boolean;
 
-export { matchesAnyWildcard, matchesWildcard, wildcardToRegex };
+export { matchesAnyWildcard, matchesOriginPattern, matchesWildcard, wildcardToRegex };

package/dist/shared/wildcard.js

@@ -1,11 +1,13 @@
 import {
   matchesAnyWildcard,
+  matchesOriginPattern,
   matchesWildcard,
   wildcardToRegex
-} from "../chunk-2DE6WPPL.js";
+} from "../chunk-EEZ7NUJG.js";
 import "../chunk-MLKGABMK.js";
 export {
   matchesAnyWildcard,
+  matchesOriginPattern,
   matchesWildcard,
   wildcardToRegex
 };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@rayselfs/cf-rule-engine",
-  "version": "1.8.2",
+  "version": "1.9.1",
   "description": "Composable, tree-shakeable CloudFront Function rules",
   "license": "MIT",
   "sideEffects": false,

package/dist/chunk-LNQPYKGG.js

@@ -1,20 +0,0 @@
-// src/shared/cidr.ts
-function ipToInt(ip) {
-  return ip.split(".").reduce((acc, octet) => (acc << 8) + parseInt(octet, 10) >>> 0, 0);
-}
-function inCidr(ip, cidr) {
-  const parts = cidr.split("/");
-  const range = parts[0];
-  const bits = parts[1] || "32";
-  const mask = bits === "0" ? 0 : ~0 << 32 - parseInt(bits, 10) >>> 0;
-  return (ipToInt(ip) & mask) === (ipToInt(range) & mask);
-}
-function matchesAnyCidr(ip, cidrs) {
-  return cidrs.some((cidr) => inCidr(ip, cidr));
-}
-
-export {
-  ipToInt,
-  inCidr,
-  matchesAnyCidr
-};

package/dist/chunk-YVUR35RN.cjs

@@ -1,20 +0,0 @@
-"use strict";Object.defineProperty(exports, "__esModule", {value: true});// src/shared/cidr.ts
-function ipToInt(ip) {
-  return ip.split(".").reduce((acc, octet) => (acc << 8) + parseInt(octet, 10) >>> 0, 0);
-}
-function inCidr(ip, cidr) {
-  const parts = cidr.split("/");
-  const range = parts[0];
-  const bits = parts[1] || "32";
-  const mask = bits === "0" ? 0 : ~0 << 32 - parseInt(bits, 10) >>> 0;
-  return (ipToInt(ip) & mask) === (ipToInt(range) & mask);
-}
-function matchesAnyCidr(ip, cidrs) {
-  return cidrs.some((cidr) => inCidr(ip, cidr));
-}
-
-
-
-
-
-exports.ipToInt = ipToInt; exports.inCidr = inCidr; exports.matchesAnyCidr = matchesAnyCidr;