npm - @rbacbee-lib/nest - Versions diffs - 0.1.0 - Mend

@rbacbee-lib/nest 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/README.md ADDED Viewed

@@ -0,0 +1,15 @@
+# @rbacbee-lib/nest
+NestJS integration for `@rbacbee-lib/core`.
+```ts
+@RequirePermission('posts:create')
+@Post()
+createPost() {}
+```
+Register a global guard:
+```ts
+providers: [{ provide: APP_GUARD, useClass: RbacGuard }];
+```

package/dist/index.cjs ADDED Viewed

@@ -0,0 +1,352 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var __decorateClass = (decorators, target, key, kind) => {
+  var result = kind > 1 ? void 0 : kind ? __getOwnPropDesc(target, key) : target;
+  for (var i = decorators.length - 1, decorator; i >= 0; i--)
+    if (decorator = decorators[i])
+      result = (kind ? decorator(target, key, result) : decorator(result)) || result;
+  if (kind && result) __defProp(target, key, result);
+  return result;
+};
+var __decorateParam = (index, decorator) => (target, key) => decorator(target, key, index);
+// src/index.ts
+var index_exports = {};
+__export(index_exports, {
+  RBAC_ENGINE: () => RBAC_ENGINE,
+  RBAC_IDENTITY_RESOLVER: () => RBAC_IDENTITY_RESOLVER,
+  RBAC_OPTIONS: () => RBAC_OPTIONS,
+  RBAC_PERMISSIONS_METADATA: () => RBAC_PERMISSIONS_METADATA,
+  RBAC_POLICIES_METADATA: () => RBAC_POLICIES_METADATA,
+  RBAC_ROLES_METADATA: () => RBAC_ROLES_METADATA,
+  RbacGuard: () => RbacGuard,
+  RbacModule: () => RbacModule,
+  RequireAnyPermission: () => RequireAnyPermission,
+  RequireAnyPolicy: () => RequireAnyPolicy,
+  RequireAnyRole: () => RequireAnyRole,
+  RequirePermission: () => RequirePermission,
+  RequirePolicy: () => RequirePolicy,
+  RequireRole: () => RequireRole,
+  createDefaultRbacContext: () => createDefaultRbacContext,
+  createIdentityResolver: () => createIdentityResolver,
+  getByPath: () => getByPath
+});
+module.exports = __toCommonJS(index_exports);
+// src/rbac.constants.ts
+var RBAC_ENGINE = /* @__PURE__ */ Symbol("RBAC_ENGINE");
+var RBAC_OPTIONS = /* @__PURE__ */ Symbol("RBAC_OPTIONS");
+var RBAC_IDENTITY_RESOLVER = /* @__PURE__ */ Symbol("RBAC_IDENTITY_RESOLVER");
+var RBAC_PERMISSIONS_METADATA = "rbac:permissions";
+var RBAC_ROLES_METADATA = "rbac:roles";
+var RBAC_POLICIES_METADATA = "rbac:policies";
+// src/rbac-context.ts
+function createIdentityResolver(identity) {
+  if (identity?.resolveUser !== void 0) {
+    return identity.resolveUser;
+  }
+  return ({ request }) => {
+    const userIdPath = identity?.userIdPath ?? defaultUserIdPath(identity?.strategy);
+    const tenantIdPath = identity?.tenantIdPath ?? defaultTenantIdPath(identity?.strategy);
+    const userId = firstString(getByPath(request, userIdPath), getByPath(request, "user.id"));
+    if (userId === void 0) {
+      return null;
+    }
+    const tenantId = firstString(
+      getByPath(request, tenantIdPath),
+      getByPath(request, "user.tenantId")
+    );
+    const principal = { userId };
+    if (tenantId !== void 0) {
+      return { ...principal, tenantId };
+    }
+    return principal;
+  };
+}
+function createDefaultRbacContext(request, principal) {
+  const resourceId = firstString(request.params?.id, request.params?.resourceId);
+  const resourceType = firstString(request.headers?.["x-resource-type"]);
+  const context = {};
+  if (principal.tenantId !== void 0) {
+    Object.assign(context, { tenantId: principal.tenantId });
+  }
+  if (resourceId !== void 0) {
+    Object.assign(context, { resourceId });
+  }
+  if (resourceType !== void 0) {
+    Object.assign(context, { resourceType });
+  }
+  return context;
+}
+function getByPath(source, path) {
+  const segments = path.split(".").filter(Boolean);
+  let current = source;
+  for (const segment of segments) {
+    if (!isRecord(current)) {
+      return void 0;
+    }
+    current = current[segment];
+  }
+  return current;
+}
+function defaultUserIdPath(strategy) {
+  if (strategy === "cookie") {
+    return "cookies.userId";
+  }
+  return "user.sub";
+}
+function defaultTenantIdPath(strategy) {
+  if (strategy === "cookie") {
+    return "cookies.tenantId";
+  }
+  return "user.tenantId";
+}
+function firstString(...values) {
+  for (const value of values) {
+    if (typeof value === "string" && value.trim().length > 0) {
+      return value.trim();
+    }
+    if (typeof value === "number") {
+      return String(value);
+    }
+  }
+  return void 0;
+}
+function isRecord(value) {
+  return typeof value === "object" && value !== null;
+}
+// src/rbac.guard.ts
+var import_common = require("@nestjs/common");
+var RbacGuard = class {
+  constructor(reflector, engine, resolveIdentity, options) {
+    this.reflector = reflector;
+    this.engine = engine;
+    this.resolveIdentity = resolveIdentity;
+    this.options = options;
+  }
+  reflector;
+  engine;
+  resolveIdentity;
+  options;
+  async canActivate(context) {
+    const permissionRequirements = this.getRequirements(RBAC_PERMISSIONS_METADATA, context);
+    const roleRequirements = this.getRequirements(RBAC_ROLES_METADATA, context);
+    const policyRequirements = this.getRequirements(RBAC_POLICIES_METADATA, context);
+    if (permissionRequirements.length === 0 && roleRequirements.length === 0 && policyRequirements.length === 0) {
+      return true;
+    }
+    const request = context.switchToHttp().getRequest();
+    const principal = await this.resolveIdentity({ context, request });
+    if (principal === null) {
+      throw new import_common.UnauthorizedException("RBAC principal could not be resolved");
+    }
+    const rbacContext = this.options.context === void 0 ? createDefaultRbacContext(request, principal) : await this.options.context({ context, request, principal });
+    await this.assertRequirements(
+      permissionRequirements,
+      (permission) => this.engine.can(principal, permission, rbacContext)
+    );
+    await this.assertRequirements(
+      roleRequirements,
+      (role) => this.engine.hasRole(principal, role, rbacContext)
+    );
+    await this.assertRequirements(
+      policyRequirements,
+      (policy) => this.engine.evaluatePolicy(policy, principal, rbacContext)
+    );
+    return true;
+  }
+  getRequirements(metadataKey, context) {
+    const controllerRequirement = this.reflector.get(
+      metadataKey,
+      context.getClass()
+    );
+    const handlerRequirement = this.reflector.get(
+      metadataKey,
+      context.getHandler()
+    );
+    return [controllerRequirement, handlerRequirement].filter(isRequirement);
+  }
+  async assertRequirements(requirements, check) {
+    for (const requirement of requirements) {
+      const results = await Promise.all(requirement.values.map((value) => check(value)));
+      const allowed = requirement.mode === "all" ? results.every((result) => result.decision === "allow") : results.some((result) => result.decision === "allow");
+      if (!allowed) {
+        throw new import_common.ForbiddenException("RBAC access denied");
+      }
+    }
+  }
+};
+RbacGuard = __decorateClass([
+  (0, import_common.Injectable)(),
+  __decorateParam(1, (0, import_common.Inject)(RBAC_ENGINE)),
+  __decorateParam(2, (0, import_common.Inject)(RBAC_IDENTITY_RESOLVER)),
+  __decorateParam(3, (0, import_common.Inject)(RBAC_OPTIONS))
+], RbacGuard);
+function isRequirement(value) {
+  return value !== void 0 && value.values.length > 0;
+}
+// src/rbac.module.ts
+var import_common2 = require("@nestjs/common");
+var import_core = require("@rbacbee-lib/core");
+// src/deny-all-access-repository.ts
+var DenyAllAccessRepository = class {
+  async getAccessProfile() {
+    return null;
+  }
+};
+// src/rbac.module.ts
+var RbacModule = class {
+  static forRoot(options) {
+    return {
+      module: RbacModule,
+      providers: [
+        { provide: RBAC_OPTIONS, useValue: options },
+        createIdentityResolverProvider(),
+        createEngineProvider(),
+        RbacGuard
+      ],
+      exports: [RBAC_ENGINE, RBAC_IDENTITY_RESOLVER, RbacGuard]
+    };
+  }
+  static forRootAsync(options) {
+    return {
+      module: RbacModule,
+      imports: options.imports,
+      providers: [
+        {
+          provide: RBAC_OPTIONS,
+          useFactory: options.useFactory,
+          inject: options.inject ?? []
+        },
+        createIdentityResolverProvider(),
+        createEngineProvider(),
+        RbacGuard
+      ],
+      exports: [RBAC_ENGINE, RBAC_IDENTITY_RESOLVER, RbacGuard]
+    };
+  }
+};
+RbacModule = __decorateClass([
+  (0, import_common2.Module)({})
+], RbacModule);
+function createIdentityResolverProvider() {
+  return {
+    provide: RBAC_IDENTITY_RESOLVER,
+    inject: [RBAC_OPTIONS],
+    useFactory: (options) => createIdentityResolver(options.identity)
+  };
+}
+function createEngineProvider() {
+  return {
+    provide: RBAC_ENGINE,
+    inject: [RBAC_OPTIONS],
+    useFactory: (options) => {
+      if (options.engine !== void 0) {
+        return options.engine;
+      }
+      return (0, import_core.createRbacEngine)({
+        accessRepository: options.accessRepository ?? new DenyAllAccessRepository(),
+        audit: options.audit,
+        cache: options.cache,
+        policies: options.policies,
+        cacheTtlMs: options.cacheTtlMs
+      });
+    }
+  };
+}
+// src/decorators/require-any-permission.decorator.ts
+var import_common3 = require("@nestjs/common");
+function RequireAnyPermission(...permissions) {
+  return (0, import_common3.SetMetadata)(RBAC_PERMISSIONS_METADATA, {
+    values: permissions,
+    mode: "any"
+  });
+}
+// src/decorators/require-any-policy.decorator.ts
+var import_common4 = require("@nestjs/common");
+function RequireAnyPolicy(...policies) {
+  return (0, import_common4.SetMetadata)(RBAC_POLICIES_METADATA, {
+    values: policies,
+    mode: "any"
+  });
+}
+// src/decorators/require-any-role.decorator.ts
+var import_common5 = require("@nestjs/common");
+function RequireAnyRole(...roles) {
+  return (0, import_common5.SetMetadata)(RBAC_ROLES_METADATA, {
+    values: roles,
+    mode: "any"
+  });
+}
+// src/decorators/require-permission.decorator.ts
+var import_common6 = require("@nestjs/common");
+function RequirePermission(...permissions) {
+  return (0, import_common6.SetMetadata)(RBAC_PERMISSIONS_METADATA, {
+    values: permissions,
+    mode: "all"
+  });
+}
+// src/decorators/require-policy.decorator.ts
+var import_common7 = require("@nestjs/common");
+function RequirePolicy(...policies) {
+  return (0, import_common7.SetMetadata)(RBAC_POLICIES_METADATA, {
+    values: policies,
+    mode: "all"
+  });
+}
+// src/decorators/require-role.decorator.ts
+var import_common8 = require("@nestjs/common");
+function RequireRole(...roles) {
+  return (0, import_common8.SetMetadata)(RBAC_ROLES_METADATA, {
+    values: roles,
+    mode: "all"
+  });
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  RBAC_ENGINE,
+  RBAC_IDENTITY_RESOLVER,
+  RBAC_OPTIONS,
+  RBAC_PERMISSIONS_METADATA,
+  RBAC_POLICIES_METADATA,
+  RBAC_ROLES_METADATA,
+  RbacGuard,
+  RbacModule,
+  RequireAnyPermission,
+  RequireAnyPolicy,
+  RequireAnyRole,
+  RequirePermission,
+  RequirePolicy,
+  RequireRole,
+  createDefaultRbacContext,
+  createIdentityResolver,
+  getByPath
+});
+//# sourceMappingURL=index.cjs.map

package/dist/index.cjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/index.ts","../src/rbac.constants.ts","../src/rbac-context.ts","../src/rbac.guard.ts","../src/rbac.module.ts","../src/deny-all-access-repository.ts","../src/decorators/require-any-permission.decorator.ts","../src/decorators/require-any-policy.decorator.ts","../src/decorators/require-any-role.decorator.ts","../src/decorators/require-permission.decorator.ts","../src/decorators/require-policy.decorator.ts","../src/decorators/require-role.decorator.ts"],"sourcesContent":["export * from './rbac.constants';\nexport * from './rbac-context';\nexport * from './rbac.guard';\nexport * from './rbac.module';\nexport * from './rbac.types';\nexport * from './decorators/require-any-permission.decorator';\nexport * from './decorators/require-any-policy.decorator';\nexport * from './decorators/require-any-role.decorator';\nexport * from './decorators/require-permission.decorator';\nexport * from './decorators/require-policy.decorator';\nexport * from './decorators/require-role.decorator';\n","export const RBAC_ENGINE = Symbol('RBAC_ENGINE');\nexport const RBAC_OPTIONS = Symbol('RBAC_OPTIONS');\nexport const RBAC_IDENTITY_RESOLVER = Symbol('RBAC_IDENTITY_RESOLVER');\n\nexport const RBAC_PERMISSIONS_METADATA = 'rbac:permissions';\nexport const RBAC_ROLES_METADATA = 'rbac:roles';\nexport const RBAC_POLICIES_METADATA = 'rbac:policies';\n","import type { RbacAuthorizationContext, RbacPrincipal } from '@rbacbee-lib/core';\nimport type { RbacHttpRequest, RbacIdentityOptions, RbacIdentityResolver } from './rbac.types';\n\nexport function createIdentityResolver(identity?: RbacIdentityOptions): RbacIdentityResolver {\n if (identity?.resolveUser !== undefined) {\n return identity.resolveUser;\n }\n\n return ({ request }) => {\n const userIdPath = identity?.userIdPath ?? defaultUserIdPath(identity?.strategy);\n const tenantIdPath = identity?.tenantIdPath ?? defaultTenantIdPath(identity?.strategy);\n const userId = firstString(getByPath(request, userIdPath), getByPath(request, 'user.id'));\n\n if (userId === undefined) {\n return null;\n }\n\n const tenantId = firstString(\n getByPath(request, tenantIdPath),\n getByPath(request, 'user.tenantId')\n );\n const principal: RbacPrincipal = { userId };\n\n if (tenantId !== undefined) {\n return { ...principal, tenantId };\n }\n\n return principal;\n };\n}\n\nexport function createDefaultRbacContext(\n request: RbacHttpRequest,\n principal: RbacPrincipal\n): RbacAuthorizationContext {\n const resourceId = firstString(request.params?.id, request.params?.resourceId);\n const resourceType = firstString(request.headers?.['x-resource-type']);\n const context: RbacAuthorizationContext = {};\n\n if (principal.tenantId !== undefined) {\n Object.assign(context, { tenantId: principal.tenantId });\n }\n\n if (resourceId !== undefined) {\n Object.assign(context, { resourceId });\n }\n\n if (resourceType !== undefined) {\n Object.assign(context, { resourceType });\n }\n\n return context;\n}\n\nexport function getByPath(source: unknown, path: string): unknown {\n const segments = path.split('.').filter(Boolean);\n let current: unknown = source;\n\n for (const segment of segments) {\n if (!isRecord(current)) {\n return undefined;\n }\n\n current = current[segment];\n }\n\n return current;\n}\n\nfunction defaultUserIdPath(strategy?: RbacIdentityOptions['strategy']): string {\n if (strategy === 'cookie') {\n return 'cookies.userId';\n }\n\n return 'user.sub';\n}\n\nfunction defaultTenantIdPath(strategy?: RbacIdentityOptions['strategy']): string {\n if (strategy === 'cookie') {\n return 'cookies.tenantId';\n }\n\n return 'user.tenantId';\n}\n\nfunction firstString(...values: unknown[]): string | undefined {\n for (const value of values) {\n if (typeof value === 'string' && value.trim().length > 0) {\n return value.trim();\n }\n\n if (typeof value === 'number') {\n return String(value);\n }\n }\n\n return undefined;\n}\n\nfunction isRecord(value: unknown): value is Record<string, unknown> {\n return typeof value === 'object' && value !== null;\n}\n","import {\n CanActivate,\n ExecutionContext,\n ForbiddenException,\n Inject,\n Injectable,\n UnauthorizedException\n} from '@nestjs/common';\nimport { Reflector } from '@nestjs/core';\nimport type { AuthorizationResult, RbacEngine } from '@rbacbee-lib/core';\nimport {\n RBAC_ENGINE,\n RBAC_IDENTITY_RESOLVER,\n RBAC_OPTIONS,\n RBAC_PERMISSIONS_METADATA,\n RBAC_POLICIES_METADATA,\n RBAC_ROLES_METADATA\n} from './rbac.constants';\nimport { createDefaultRbacContext } from './rbac-context';\nimport type {\n RbacHttpRequest,\n RbacIdentityResolver,\n RbacNestModuleOptions,\n RbacRequirementMetadata\n} from './rbac.types';\n\n@Injectable()\nexport class RbacGuard implements CanActivate {\n public constructor(\n private readonly reflector: Reflector,\n @Inject(RBAC_ENGINE) private readonly engine: RbacEngine,\n @Inject(RBAC_IDENTITY_RESOLVER) private readonly resolveIdentity: RbacIdentityResolver,\n @Inject(RBAC_OPTIONS) private readonly options: RbacNestModuleOptions\n ) {}\n\n public async canActivate(context: ExecutionContext): Promise<boolean> {\n const permissionRequirements = this.getRequirements(RBAC_PERMISSIONS_METADATA, context);\n const roleRequirements = this.getRequirements(RBAC_ROLES_METADATA, context);\n const policyRequirements = this.getRequirements(RBAC_POLICIES_METADATA, context);\n\n if (\n permissionRequirements.length === 0 &&\n roleRequirements.length === 0 &&\n policyRequirements.length === 0\n ) {\n return true;\n }\n\n const request = context.switchToHttp().getRequest<RbacHttpRequest>();\n const principal = await this.resolveIdentity({ context, request });\n\n if (principal === null) {\n throw new UnauthorizedException('RBAC principal could not be resolved');\n }\n\n const rbacContext =\n this.options.context === undefined\n ? createDefaultRbacContext(request, principal)\n : await this.options.context({ context, request, principal });\n\n await this.assertRequirements(permissionRequirements, (permission) =>\n this.engine.can(principal, permission, rbacContext)\n );\n await this.assertRequirements(roleRequirements, (role) =>\n this.engine.hasRole(principal, role, rbacContext)\n );\n await this.assertRequirements(policyRequirements, (policy) =>\n this.engine.evaluatePolicy(policy, principal, rbacContext)\n );\n\n return true;\n }\n\n private getRequirements(\n metadataKey: string,\n context: ExecutionContext\n ): RbacRequirementMetadata[] {\n const controllerRequirement = this.reflector.get<RbacRequirementMetadata>(\n metadataKey,\n context.getClass()\n );\n const handlerRequirement = this.reflector.get<RbacRequirementMetadata>(\n metadataKey,\n context.getHandler()\n );\n\n return [controllerRequirement, handlerRequirement].filter(isRequirement);\n }\n\n private async assertRequirements(\n requirements: readonly RbacRequirementMetadata[],\n check: (value: string) => Promise<AuthorizationResult>\n ): Promise<void> {\n for (const requirement of requirements) {\n const results = await Promise.all(requirement.values.map((value) => check(value)));\n const allowed =\n requirement.mode === 'all'\n ? results.every((result) => result.decision === 'allow')\n : results.some((result) => result.decision === 'allow');\n\n if (!allowed) {\n throw new ForbiddenException('RBAC access denied');\n }\n }\n }\n}\n\nfunction isRequirement(\n value: RbacRequirementMetadata | undefined\n): value is RbacRequirementMetadata {\n return value !== undefined && value.values.length > 0;\n}\n","import { DynamicModule, Module, Provider } from '@nestjs/common';\nimport { createRbacEngine } from '@rbacbee-lib/core';\nimport { RBAC_ENGINE, RBAC_IDENTITY_RESOLVER, RBAC_OPTIONS } from './rbac.constants';\nimport { createIdentityResolver } from './rbac-context';\nimport { RbacGuard } from './rbac.guard';\nimport type { RbacNestModuleAsyncOptions, RbacNestModuleOptions } from './rbac.types';\nimport { DenyAllAccessRepository } from './deny-all-access-repository';\n\n@Module({})\nexport class RbacModule {\n public static forRoot(options: RbacNestModuleOptions): DynamicModule {\n return {\n module: RbacModule,\n providers: [\n { provide: RBAC_OPTIONS, useValue: options },\n createIdentityResolverProvider(),\n createEngineProvider(),\n RbacGuard\n ],\n exports: [RBAC_ENGINE, RBAC_IDENTITY_RESOLVER, RbacGuard]\n };\n }\n\n public static forRootAsync(options: RbacNestModuleAsyncOptions): DynamicModule {\n return {\n module: RbacModule,\n imports: options.imports,\n providers: [\n {\n provide: RBAC_OPTIONS,\n useFactory: options.useFactory,\n inject: options.inject ?? []\n },\n createIdentityResolverProvider(),\n createEngineProvider(),\n RbacGuard\n ],\n exports: [RBAC_ENGINE, RBAC_IDENTITY_RESOLVER, RbacGuard]\n };\n }\n}\n\nfunction createIdentityResolverProvider(): Provider {\n return {\n provide: RBAC_IDENTITY_RESOLVER,\n inject: [RBAC_OPTIONS],\n useFactory: (options: RbacNestModuleOptions) => createIdentityResolver(options.identity)\n };\n}\n\nfunction createEngineProvider(): Provider {\n return {\n provide: RBAC_ENGINE,\n inject: [RBAC_OPTIONS],\n useFactory: (options: RbacNestModuleOptions) => {\n if (options.engine !== undefined) {\n return options.engine;\n }\n\n return createRbacEngine({\n accessRepository: options.accessRepository ?? new DenyAllAccessRepository(),\n audit: options.audit,\n cache: options.cache,\n policies: options.policies,\n cacheTtlMs: options.cacheTtlMs\n });\n }\n };\n}\n","import type { AccessProfile, AccessRepository } from '@rbacbee-lib/core';\n\nexport class DenyAllAccessRepository implements AccessRepository {\n public async getAccessProfile(): Promise<AccessProfile | null> {\n return null;\n }\n}\n","import { SetMetadata } from '@nestjs/common';\nimport { RBAC_PERMISSIONS_METADATA } from '../rbac.constants';\nimport type { RbacRequirementMetadata } from '../rbac.types';\n\nexport function RequireAnyPermission(...permissions: string[]): MethodDecorator & ClassDecorator {\n return SetMetadata(RBAC_PERMISSIONS_METADATA, {\n values: permissions,\n mode: 'any'\n } satisfies RbacRequirementMetadata);\n}\n","import { SetMetadata } from '@nestjs/common';\nimport { RBAC_POLICIES_METADATA } from '../rbac.constants';\nimport type { RbacRequirementMetadata } from '../rbac.types';\n\nexport function RequireAnyPolicy(...policies: string[]): MethodDecorator & ClassDecorator {\n return SetMetadata(RBAC_POLICIES_METADATA, {\n values: policies,\n mode: 'any'\n } satisfies RbacRequirementMetadata);\n}\n","import { SetMetadata } from '@nestjs/common';\nimport { RBAC_ROLES_METADATA } from '../rbac.constants';\nimport type { RbacRequirementMetadata } from '../rbac.types';\n\nexport function RequireAnyRole(...roles: string[]): MethodDecorator & ClassDecorator {\n return SetMetadata(RBAC_ROLES_METADATA, {\n values: roles,\n mode: 'any'\n } satisfies RbacRequirementMetadata);\n}\n","import { SetMetadata } from '@nestjs/common';\nimport { RBAC_PERMISSIONS_METADATA } from '../rbac.constants';\nimport type { RbacRequirementMetadata } from '../rbac.types';\n\nexport function RequirePermission(...permissions: string[]): MethodDecorator & ClassDecorator {\n return SetMetadata(RBAC_PERMISSIONS_METADATA, {\n values: permissions,\n mode: 'all'\n } satisfies RbacRequirementMetadata);\n}\n","import { SetMetadata } from '@nestjs/common';\nimport { RBAC_POLICIES_METADATA } from '../rbac.constants';\nimport type { RbacRequirementMetadata } from '../rbac.types';\n\nexport function RequirePolicy(...policies: string[]): MethodDecorator & ClassDecorator {\n return SetMetadata(RBAC_POLICIES_METADATA, {\n values: policies,\n mode: 'all'\n } satisfies RbacRequirementMetadata);\n}\n","import { SetMetadata } from '@nestjs/common';\nimport { RBAC_ROLES_METADATA } from '../rbac.constants';\nimport type { RbacRequirementMetadata } from '../rbac.types';\n\nexport function RequireRole(...roles: string[]): MethodDecorator & ClassDecorator {\n return SetMetadata(RBAC_ROLES_METADATA, {\n values: roles,\n mode: 'all'\n } satisfies RbacRequirementMetadata);\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACAO,IAAM,cAAc,uBAAO,aAAa;AACxC,IAAM,eAAe,uBAAO,cAAc;AAC1C,IAAM,yBAAyB,uBAAO,wBAAwB;AAE9D,IAAM,4BAA4B;AAClC,IAAM,sBAAsB;AAC5B,IAAM,yBAAyB;;;ACH/B,SAAS,uBAAuB,UAAsD;AAC3F,MAAI,UAAU,gBAAgB,QAAW;AACvC,WAAO,SAAS;AAAA,EAClB;AAEA,SAAO,CAAC,EAAE,QAAQ,MAAM;AACtB,UAAM,aAAa,UAAU,cAAc,kBAAkB,UAAU,QAAQ;AAC/E,UAAM,eAAe,UAAU,gBAAgB,oBAAoB,UAAU,QAAQ;AACrF,UAAM,SAAS,YAAY,UAAU,SAAS,UAAU,GAAG,UAAU,SAAS,SAAS,CAAC;AAExF,QAAI,WAAW,QAAW;AACxB,aAAO;AAAA,IACT;AAEA,UAAM,WAAW;AAAA,MACf,UAAU,SAAS,YAAY;AAAA,MAC/B,UAAU,SAAS,eAAe;AAAA,IACpC;AACA,UAAM,YAA2B,EAAE,OAAO;AAE1C,QAAI,aAAa,QAAW;AAC1B,aAAO,EAAE,GAAG,WAAW,SAAS;AAAA,IAClC;AAEA,WAAO;AAAA,EACT;AACF;AAEO,SAAS,yBACd,SACA,WAC0B;AAC1B,QAAM,aAAa,YAAY,QAAQ,QAAQ,IAAI,QAAQ,QAAQ,UAAU;AAC7E,QAAM,eAAe,YAAY,QAAQ,UAAU,iBAAiB,CAAC;AACrE,QAAM,UAAoC,CAAC;AAE3C,MAAI,UAAU,aAAa,QAAW;AACpC,WAAO,OAAO,SAAS,EAAE,UAAU,UAAU,SAAS,CAAC;AAAA,EACzD;AAEA,MAAI,eAAe,QAAW;AAC5B,WAAO,OAAO,SAAS,EAAE,WAAW,CAAC;AAAA,EACvC;AAEA,MAAI,iBAAiB,QAAW;AAC9B,WAAO,OAAO,SAAS,EAAE,aAAa,CAAC;AAAA,EACzC;AAEA,SAAO;AACT;AAEO,SAAS,UAAU,QAAiB,MAAuB;AAChE,QAAM,WAAW,KAAK,MAAM,GAAG,EAAE,OAAO,OAAO;AAC/C,MAAI,UAAmB;AAEvB,aAAW,WAAW,UAAU;AAC9B,QAAI,CAAC,SAAS,OAAO,GAAG;AACtB,aAAO;AAAA,IACT;AAEA,cAAU,QAAQ,OAAO;AAAA,EAC3B;AAEA,SAAO;AACT;AAEA,SAAS,kBAAkB,UAAoD;AAC7E,MAAI,aAAa,UAAU;AACzB,WAAO;AAAA,EACT;AAEA,SAAO;AACT;AAEA,SAAS,oBAAoB,UAAoD;AAC/E,MAAI,aAAa,UAAU;AACzB,WAAO;AAAA,EACT;AAEA,SAAO;AACT;AAEA,SAAS,eAAe,QAAuC;AAC7D,aAAW,SAAS,QAAQ;AAC1B,QAAI,OAAO,UAAU,YAAY,MAAM,KAAK,EAAE,SAAS,GAAG;AACxD,aAAO,MAAM,KAAK;AAAA,IACpB;AAEA,QAAI,OAAO,UAAU,UAAU;AAC7B,aAAO,OAAO,KAAK;AAAA,IACrB;AAAA,EACF;AAEA,SAAO;AACT;AAEA,SAAS,SAAS,OAAkD;AAClE,SAAO,OAAO,UAAU,YAAY,UAAU;AAChD;;;ACrGA,oBAOO;AAoBA,IAAM,YAAN,MAAuC;AAAA,EACrC,YACY,WACqB,QACW,iBACV,SACvC;AAJiB;AACqB;AACW;AACV;AAAA,EACtC;AAAA,EAJgB;AAAA,EACqB;AAAA,EACW;AAAA,EACV;AAAA,EAGzC,MAAa,YAAY,SAA6C;AACpE,UAAM,yBAAyB,KAAK,gBAAgB,2BAA2B,OAAO;AACtF,UAAM,mBAAmB,KAAK,gBAAgB,qBAAqB,OAAO;AAC1E,UAAM,qBAAqB,KAAK,gBAAgB,wBAAwB,OAAO;AAE/E,QACE,uBAAuB,WAAW,KAClC,iBAAiB,WAAW,KAC5B,mBAAmB,WAAW,GAC9B;AACA,aAAO;AAAA,IACT;AAEA,UAAM,UAAU,QAAQ,aAAa,EAAE,WAA4B;AACnE,UAAM,YAAY,MAAM,KAAK,gBAAgB,EAAE,SAAS,QAAQ,CAAC;AAEjE,QAAI,cAAc,MAAM;AACtB,YAAM,IAAI,oCAAsB,sCAAsC;AAAA,IACxE;AAEA,UAAM,cACJ,KAAK,QAAQ,YAAY,SACrB,yBAAyB,SAAS,SAAS,IAC3C,MAAM,KAAK,QAAQ,QAAQ,EAAE,SAAS,SAAS,UAAU,CAAC;AAEhE,UAAM,KAAK;AAAA,MAAmB;AAAA,MAAwB,CAAC,eACrD,KAAK,OAAO,IAAI,WAAW,YAAY,WAAW;AAAA,IACpD;AACA,UAAM,KAAK;AAAA,MAAmB;AAAA,MAAkB,CAAC,SAC/C,KAAK,OAAO,QAAQ,WAAW,MAAM,WAAW;AAAA,IAClD;AACA,UAAM,KAAK;AAAA,MAAmB;AAAA,MAAoB,CAAC,WACjD,KAAK,OAAO,eAAe,QAAQ,WAAW,WAAW;AAAA,IAC3D;AAEA,WAAO;AAAA,EACT;AAAA,EAEQ,gBACN,aACA,SAC2B;AAC3B,UAAM,wBAAwB,KAAK,UAAU;AAAA,MAC3C;AAAA,MACA,QAAQ,SAAS;AAAA,IACnB;AACA,UAAM,qBAAqB,KAAK,UAAU;AAAA,MACxC;AAAA,MACA,QAAQ,WAAW;AAAA,IACrB;AAEA,WAAO,CAAC,uBAAuB,kBAAkB,EAAE,OAAO,aAAa;AAAA,EACzE;AAAA,EAEA,MAAc,mBACZ,cACA,OACe;AACf,eAAW,eAAe,cAAc;AACtC,YAAM,UAAU,MAAM,QAAQ,IAAI,YAAY,OAAO,IAAI,CAAC,UAAU,MAAM,KAAK,CAAC,CAAC;AACjF,YAAM,UACJ,YAAY,SAAS,QACjB,QAAQ,MAAM,CAAC,WAAW,OAAO,aAAa,OAAO,IACrD,QAAQ,KAAK,CAAC,WAAW,OAAO,aAAa,OAAO;AAE1D,UAAI,CAAC,SAAS;AACZ,cAAM,IAAI,iCAAmB,oBAAoB;AAAA,MACnD;AAAA,IACF;AAAA,EACF;AACF;AA9Ea,YAAN;AAAA,MADN,0BAAW;AAAA,EAIP,6CAAO,WAAW;AAAA,EAClB,6CAAO,sBAAsB;AAAA,EAC7B,6CAAO,YAAY;AAAA,GALX;AAgFb,SAAS,cACP,OACkC;AAClC,SAAO,UAAU,UAAa,MAAM,OAAO,SAAS;AACtD;;;AC/GA,IAAAA,iBAAgD;AAChD,kBAAiC;;;ACC1B,IAAM,0BAAN,MAA0D;AAAA,EAC/D,MAAa,mBAAkD;AAC7D,WAAO;AAAA,EACT;AACF;;;ADGO,IAAM,aAAN,MAAiB;AAAA,EACtB,OAAc,QAAQ,SAA+C;AACnE,WAAO;AAAA,MACL,QAAQ;AAAA,MACR,WAAW;AAAA,QACT,EAAE,SAAS,cAAc,UAAU,QAAQ;AAAA,QAC3C,+BAA+B;AAAA,QAC/B,qBAAqB;AAAA,QACrB;AAAA,MACF;AAAA,MACA,SAAS,CAAC,aAAa,wBAAwB,SAAS;AAAA,IAC1D;AAAA,EACF;AAAA,EAEA,OAAc,aAAa,SAAoD;AAC7E,WAAO;AAAA,MACL,QAAQ;AAAA,MACR,SAAS,QAAQ;AAAA,MACjB,WAAW;AAAA,QACT;AAAA,UACE,SAAS;AAAA,UACT,YAAY,QAAQ;AAAA,UACpB,QAAQ,QAAQ,UAAU,CAAC;AAAA,QAC7B;AAAA,QACA,+BAA+B;AAAA,QAC/B,qBAAqB;AAAA,QACrB;AAAA,MACF;AAAA,MACA,SAAS,CAAC,aAAa,wBAAwB,SAAS;AAAA,IAC1D;AAAA,EACF;AACF;AA/Ba,aAAN;AAAA,MADN,uBAAO,CAAC,CAAC;AAAA,GACG;AAiCb,SAAS,iCAA2C;AAClD,SAAO;AAAA,IACL,SAAS;AAAA,IACT,QAAQ,CAAC,YAAY;AAAA,IACrB,YAAY,CAAC,YAAmC,uBAAuB,QAAQ,QAAQ;AAAA,EACzF;AACF;AAEA,SAAS,uBAAiC;AACxC,SAAO;AAAA,IACL,SAAS;AAAA,IACT,QAAQ,CAAC,YAAY;AAAA,IACrB,YAAY,CAAC,YAAmC;AAC9C,UAAI,QAAQ,WAAW,QAAW;AAChC,eAAO,QAAQ;AAAA,MACjB;AAEA,iBAAO,8BAAiB;AAAA,QACtB,kBAAkB,QAAQ,oBAAoB,IAAI,wBAAwB;AAAA,QAC1E,OAAO,QAAQ;AAAA,QACf,OAAO,QAAQ;AAAA,QACf,UAAU,QAAQ;AAAA,QAClB,YAAY,QAAQ;AAAA,MACtB,CAAC;AAAA,IACH;AAAA,EACF;AACF;;;AEpEA,IAAAC,iBAA4B;AAIrB,SAAS,wBAAwB,aAAyD;AAC/F,aAAO,4BAAY,2BAA2B;AAAA,IAC5C,QAAQ;AAAA,IACR,MAAM;AAAA,EACR,CAAmC;AACrC;;;ACTA,IAAAC,iBAA4B;AAIrB,SAAS,oBAAoB,UAAsD;AACxF,aAAO,4BAAY,wBAAwB;AAAA,IACzC,QAAQ;AAAA,IACR,MAAM;AAAA,EACR,CAAmC;AACrC;;;ACTA,IAAAC,iBAA4B;AAIrB,SAAS,kBAAkB,OAAmD;AACnF,aAAO,4BAAY,qBAAqB;AAAA,IACtC,QAAQ;AAAA,IACR,MAAM;AAAA,EACR,CAAmC;AACrC;;;ACTA,IAAAC,iBAA4B;AAIrB,SAAS,qBAAqB,aAAyD;AAC5F,aAAO,4BAAY,2BAA2B;AAAA,IAC5C,QAAQ;AAAA,IACR,MAAM;AAAA,EACR,CAAmC;AACrC;;;ACTA,IAAAC,iBAA4B;AAIrB,SAAS,iBAAiB,UAAsD;AACrF,aAAO,4BAAY,wBAAwB;AAAA,IACzC,QAAQ;AAAA,IACR,MAAM;AAAA,EACR,CAAmC;AACrC;;;ACTA,IAAAC,iBAA4B;AAIrB,SAAS,eAAe,OAAmD;AAChF,aAAO,4BAAY,qBAAqB;AAAA,IACtC,QAAQ;AAAA,IACR,MAAM;AAAA,EACR,CAAmC;AACrC;","names":["import_common","import_common","import_common","import_common","import_common","import_common","import_common"]}

package/dist/index.d.cts ADDED Viewed

@@ -0,0 +1,87 @@
+import { RbacPrincipal, RbacAuthorizationContext, RbacEngine, AccessRepository, CachePort, AuditPort, PolicyRegistry, RbacRequirementMode } from '@rbacbee-lib/core';
+import { ExecutionContext, ModuleMetadata, FactoryProvider, CanActivate, DynamicModule } from '@nestjs/common';
+import { Reflector } from '@nestjs/core';
+declare const RBAC_ENGINE: unique symbol;
+declare const RBAC_OPTIONS: unique symbol;
+declare const RBAC_IDENTITY_RESOLVER: unique symbol;
+declare const RBAC_PERMISSIONS_METADATA = "rbac:permissions";
+declare const RBAC_ROLES_METADATA = "rbac:roles";
+declare const RBAC_POLICIES_METADATA = "rbac:policies";
+interface RbacHttpRequest {
+    readonly user?: unknown;
+    readonly cookies?: Record<string, unknown>;
+    readonly headers?: Record<string, unknown>;
+    readonly params?: Record<string, unknown>;
+    readonly query?: Record<string, unknown>;
+    readonly body?: unknown;
+    readonly [key: string]: unknown;
+}
+interface RbacIdentityResolverInput {
+    readonly context: ExecutionContext;
+    readonly request: RbacHttpRequest;
+}
+type RbacIdentityResolver = (input: RbacIdentityResolverInput) => RbacPrincipal | null | Promise<RbacPrincipal | null>;
+interface RbacContextResolverInput extends RbacIdentityResolverInput {
+    readonly principal: RbacPrincipal;
+}
+type RbacContextResolver = (input: RbacContextResolverInput) => RbacAuthorizationContext | Promise<RbacAuthorizationContext>;
+interface RbacIdentityOptions {
+    readonly strategy?: 'jwt' | 'cookie' | 'custom';
+    readonly userIdPath?: string;
+    readonly tenantIdPath?: string;
+    readonly resolveUser?: RbacIdentityResolver;
+}
+interface RbacNestModuleOptions {
+    readonly engine?: RbacEngine;
+    readonly accessRepository?: AccessRepository;
+    readonly cache?: CachePort;
+    readonly audit?: AuditPort;
+    readonly policies?: PolicyRegistry;
+    readonly identity?: RbacIdentityOptions;
+    readonly context?: RbacContextResolver;
+    readonly cacheTtlMs?: number;
+}
+interface RbacNestModuleAsyncOptions extends Pick<ModuleMetadata, 'imports'> {
+    readonly inject?: FactoryProvider['inject'];
+    readonly useFactory: (...dependencies: any[]) => RbacNestModuleOptions | Promise<RbacNestModuleOptions>;
+}
+interface RbacRequirementMetadata {
+    readonly values: readonly string[];
+    readonly mode: RbacRequirementMode;
+}
+declare function createIdentityResolver(identity?: RbacIdentityOptions): RbacIdentityResolver;
+declare function createDefaultRbacContext(request: RbacHttpRequest, principal: RbacPrincipal): RbacAuthorizationContext;
+declare function getByPath(source: unknown, path: string): unknown;
+declare class RbacGuard implements CanActivate {
+    private readonly reflector;
+    private readonly engine;
+    private readonly resolveIdentity;
+    private readonly options;
+    constructor(reflector: Reflector, engine: RbacEngine, resolveIdentity: RbacIdentityResolver, options: RbacNestModuleOptions);
+    canActivate(context: ExecutionContext): Promise<boolean>;
+    private getRequirements;
+    private assertRequirements;
+}
+declare class RbacModule {
+    static forRoot(options: RbacNestModuleOptions): DynamicModule;
+    static forRootAsync(options: RbacNestModuleAsyncOptions): DynamicModule;
+}
+declare function RequireAnyPermission(...permissions: string[]): MethodDecorator & ClassDecorator;
+declare function RequireAnyPolicy(...policies: string[]): MethodDecorator & ClassDecorator;
+declare function RequireAnyRole(...roles: string[]): MethodDecorator & ClassDecorator;
+declare function RequirePermission(...permissions: string[]): MethodDecorator & ClassDecorator;
+declare function RequirePolicy(...policies: string[]): MethodDecorator & ClassDecorator;
+declare function RequireRole(...roles: string[]): MethodDecorator & ClassDecorator;
+export { RBAC_ENGINE, RBAC_IDENTITY_RESOLVER, RBAC_OPTIONS, RBAC_PERMISSIONS_METADATA, RBAC_POLICIES_METADATA, RBAC_ROLES_METADATA, type RbacContextResolver, type RbacContextResolverInput, RbacGuard, type RbacHttpRequest, type RbacIdentityOptions, type RbacIdentityResolver, type RbacIdentityResolverInput, RbacModule, type RbacNestModuleAsyncOptions, type RbacNestModuleOptions, type RbacRequirementMetadata, RequireAnyPermission, RequireAnyPolicy, RequireAnyRole, RequirePermission, RequirePolicy, RequireRole, createDefaultRbacContext, createIdentityResolver, getByPath };

package/dist/index.d.ts ADDED Viewed

@@ -0,0 +1,87 @@
+import { RbacPrincipal, RbacAuthorizationContext, RbacEngine, AccessRepository, CachePort, AuditPort, PolicyRegistry, RbacRequirementMode } from '@rbacbee-lib/core';
+import { ExecutionContext, ModuleMetadata, FactoryProvider, CanActivate, DynamicModule } from '@nestjs/common';
+import { Reflector } from '@nestjs/core';
+declare const RBAC_ENGINE: unique symbol;
+declare const RBAC_OPTIONS: unique symbol;
+declare const RBAC_IDENTITY_RESOLVER: unique symbol;
+declare const RBAC_PERMISSIONS_METADATA = "rbac:permissions";
+declare const RBAC_ROLES_METADATA = "rbac:roles";
+declare const RBAC_POLICIES_METADATA = "rbac:policies";
+interface RbacHttpRequest {
+    readonly user?: unknown;
+    readonly cookies?: Record<string, unknown>;
+    readonly headers?: Record<string, unknown>;
+    readonly params?: Record<string, unknown>;
+    readonly query?: Record<string, unknown>;
+    readonly body?: unknown;
+    readonly [key: string]: unknown;
+}
+interface RbacIdentityResolverInput {
+    readonly context: ExecutionContext;
+    readonly request: RbacHttpRequest;
+}
+type RbacIdentityResolver = (input: RbacIdentityResolverInput) => RbacPrincipal | null | Promise<RbacPrincipal | null>;
+interface RbacContextResolverInput extends RbacIdentityResolverInput {
+    readonly principal: RbacPrincipal;
+}
+type RbacContextResolver = (input: RbacContextResolverInput) => RbacAuthorizationContext | Promise<RbacAuthorizationContext>;
+interface RbacIdentityOptions {
+    readonly strategy?: 'jwt' | 'cookie' | 'custom';
+    readonly userIdPath?: string;
+    readonly tenantIdPath?: string;
+    readonly resolveUser?: RbacIdentityResolver;
+}
+interface RbacNestModuleOptions {
+    readonly engine?: RbacEngine;
+    readonly accessRepository?: AccessRepository;
+    readonly cache?: CachePort;
+    readonly audit?: AuditPort;
+    readonly policies?: PolicyRegistry;
+    readonly identity?: RbacIdentityOptions;
+    readonly context?: RbacContextResolver;
+    readonly cacheTtlMs?: number;
+}
+interface RbacNestModuleAsyncOptions extends Pick<ModuleMetadata, 'imports'> {
+    readonly inject?: FactoryProvider['inject'];
+    readonly useFactory: (...dependencies: any[]) => RbacNestModuleOptions | Promise<RbacNestModuleOptions>;
+}
+interface RbacRequirementMetadata {
+    readonly values: readonly string[];
+    readonly mode: RbacRequirementMode;
+}
+declare function createIdentityResolver(identity?: RbacIdentityOptions): RbacIdentityResolver;
+declare function createDefaultRbacContext(request: RbacHttpRequest, principal: RbacPrincipal): RbacAuthorizationContext;
+declare function getByPath(source: unknown, path: string): unknown;
+declare class RbacGuard implements CanActivate {
+    private readonly reflector;
+    private readonly engine;
+    private readonly resolveIdentity;
+    private readonly options;
+    constructor(reflector: Reflector, engine: RbacEngine, resolveIdentity: RbacIdentityResolver, options: RbacNestModuleOptions);
+    canActivate(context: ExecutionContext): Promise<boolean>;
+    private getRequirements;
+    private assertRequirements;
+}
+declare class RbacModule {
+    static forRoot(options: RbacNestModuleOptions): DynamicModule;
+    static forRootAsync(options: RbacNestModuleAsyncOptions): DynamicModule;
+}
+declare function RequireAnyPermission(...permissions: string[]): MethodDecorator & ClassDecorator;
+declare function RequireAnyPolicy(...policies: string[]): MethodDecorator & ClassDecorator;
+declare function RequireAnyRole(...roles: string[]): MethodDecorator & ClassDecorator;
+declare function RequirePermission(...permissions: string[]): MethodDecorator & ClassDecorator;
+declare function RequirePolicy(...policies: string[]): MethodDecorator & ClassDecorator;
+declare function RequireRole(...roles: string[]): MethodDecorator & ClassDecorator;
+export { RBAC_ENGINE, RBAC_IDENTITY_RESOLVER, RBAC_OPTIONS, RBAC_PERMISSIONS_METADATA, RBAC_POLICIES_METADATA, RBAC_ROLES_METADATA, type RbacContextResolver, type RbacContextResolverInput, RbacGuard, type RbacHttpRequest, type RbacIdentityOptions, type RbacIdentityResolver, type RbacIdentityResolverInput, RbacModule, type RbacNestModuleAsyncOptions, type RbacNestModuleOptions, type RbacRequirementMetadata, RequireAnyPermission, RequireAnyPolicy, RequireAnyRole, RequirePermission, RequirePolicy, RequireRole, createDefaultRbacContext, createIdentityResolver, getByPath };

package/dist/index.js ADDED Viewed

@@ -0,0 +1,317 @@
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __decorateClass = (decorators, target, key, kind) => {
+  var result = kind > 1 ? void 0 : kind ? __getOwnPropDesc(target, key) : target;
+  for (var i = decorators.length - 1, decorator; i >= 0; i--)
+    if (decorator = decorators[i])
+      result = (kind ? decorator(target, key, result) : decorator(result)) || result;
+  if (kind && result) __defProp(target, key, result);
+  return result;
+};
+var __decorateParam = (index, decorator) => (target, key) => decorator(target, key, index);
+// src/rbac.constants.ts
+var RBAC_ENGINE = /* @__PURE__ */ Symbol("RBAC_ENGINE");
+var RBAC_OPTIONS = /* @__PURE__ */ Symbol("RBAC_OPTIONS");
+var RBAC_IDENTITY_RESOLVER = /* @__PURE__ */ Symbol("RBAC_IDENTITY_RESOLVER");
+var RBAC_PERMISSIONS_METADATA = "rbac:permissions";
+var RBAC_ROLES_METADATA = "rbac:roles";
+var RBAC_POLICIES_METADATA = "rbac:policies";
+// src/rbac-context.ts
+function createIdentityResolver(identity) {
+  if (identity?.resolveUser !== void 0) {
+    return identity.resolveUser;
+  }
+  return ({ request }) => {
+    const userIdPath = identity?.userIdPath ?? defaultUserIdPath(identity?.strategy);
+    const tenantIdPath = identity?.tenantIdPath ?? defaultTenantIdPath(identity?.strategy);
+    const userId = firstString(getByPath(request, userIdPath), getByPath(request, "user.id"));
+    if (userId === void 0) {
+      return null;
+    }
+    const tenantId = firstString(
+      getByPath(request, tenantIdPath),
+      getByPath(request, "user.tenantId")
+    );
+    const principal = { userId };
+    if (tenantId !== void 0) {
+      return { ...principal, tenantId };
+    }
+    return principal;
+  };
+}
+function createDefaultRbacContext(request, principal) {
+  const resourceId = firstString(request.params?.id, request.params?.resourceId);
+  const resourceType = firstString(request.headers?.["x-resource-type"]);
+  const context = {};
+  if (principal.tenantId !== void 0) {
+    Object.assign(context, { tenantId: principal.tenantId });
+  }
+  if (resourceId !== void 0) {
+    Object.assign(context, { resourceId });
+  }
+  if (resourceType !== void 0) {
+    Object.assign(context, { resourceType });
+  }
+  return context;
+}
+function getByPath(source, path) {
+  const segments = path.split(".").filter(Boolean);
+  let current = source;
+  for (const segment of segments) {
+    if (!isRecord(current)) {
+      return void 0;
+    }
+    current = current[segment];
+  }
+  return current;
+}
+function defaultUserIdPath(strategy) {
+  if (strategy === "cookie") {
+    return "cookies.userId";
+  }
+  return "user.sub";
+}
+function defaultTenantIdPath(strategy) {
+  if (strategy === "cookie") {
+    return "cookies.tenantId";
+  }
+  return "user.tenantId";
+}
+function firstString(...values) {
+  for (const value of values) {
+    if (typeof value === "string" && value.trim().length > 0) {
+      return value.trim();
+    }
+    if (typeof value === "number") {
+      return String(value);
+    }
+  }
+  return void 0;
+}
+function isRecord(value) {
+  return typeof value === "object" && value !== null;
+}
+// src/rbac.guard.ts
+import {
+  ForbiddenException,
+  Inject,
+  Injectable,
+  UnauthorizedException
+} from "@nestjs/common";
+var RbacGuard = class {
+  constructor(reflector, engine, resolveIdentity, options) {
+    this.reflector = reflector;
+    this.engine = engine;
+    this.resolveIdentity = resolveIdentity;
+    this.options = options;
+  }
+  reflector;
+  engine;
+  resolveIdentity;
+  options;
+  async canActivate(context) {
+    const permissionRequirements = this.getRequirements(RBAC_PERMISSIONS_METADATA, context);
+    const roleRequirements = this.getRequirements(RBAC_ROLES_METADATA, context);
+    const policyRequirements = this.getRequirements(RBAC_POLICIES_METADATA, context);
+    if (permissionRequirements.length === 0 && roleRequirements.length === 0 && policyRequirements.length === 0) {
+      return true;
+    }
+    const request = context.switchToHttp().getRequest();
+    const principal = await this.resolveIdentity({ context, request });
+    if (principal === null) {
+      throw new UnauthorizedException("RBAC principal could not be resolved");
+    }
+    const rbacContext = this.options.context === void 0 ? createDefaultRbacContext(request, principal) : await this.options.context({ context, request, principal });
+    await this.assertRequirements(
+      permissionRequirements,
+      (permission) => this.engine.can(principal, permission, rbacContext)
+    );
+    await this.assertRequirements(
+      roleRequirements,
+      (role) => this.engine.hasRole(principal, role, rbacContext)
+    );
+    await this.assertRequirements(
+      policyRequirements,
+      (policy) => this.engine.evaluatePolicy(policy, principal, rbacContext)
+    );
+    return true;
+  }
+  getRequirements(metadataKey, context) {
+    const controllerRequirement = this.reflector.get(
+      metadataKey,
+      context.getClass()
+    );
+    const handlerRequirement = this.reflector.get(
+      metadataKey,
+      context.getHandler()
+    );
+    return [controllerRequirement, handlerRequirement].filter(isRequirement);
+  }
+  async assertRequirements(requirements, check) {
+    for (const requirement of requirements) {
+      const results = await Promise.all(requirement.values.map((value) => check(value)));
+      const allowed = requirement.mode === "all" ? results.every((result) => result.decision === "allow") : results.some((result) => result.decision === "allow");
+      if (!allowed) {
+        throw new ForbiddenException("RBAC access denied");
+      }
+    }
+  }
+};
+RbacGuard = __decorateClass([
+  Injectable(),
+  __decorateParam(1, Inject(RBAC_ENGINE)),
+  __decorateParam(2, Inject(RBAC_IDENTITY_RESOLVER)),
+  __decorateParam(3, Inject(RBAC_OPTIONS))
+], RbacGuard);
+function isRequirement(value) {
+  return value !== void 0 && value.values.length > 0;
+}
+// src/rbac.module.ts
+import { Module } from "@nestjs/common";
+import { createRbacEngine } from "@rbacbee-lib/core";
+// src/deny-all-access-repository.ts
+var DenyAllAccessRepository = class {
+  async getAccessProfile() {
+    return null;
+  }
+};
+// src/rbac.module.ts
+var RbacModule = class {
+  static forRoot(options) {
+    return {
+      module: RbacModule,
+      providers: [
+        { provide: RBAC_OPTIONS, useValue: options },
+        createIdentityResolverProvider(),
+        createEngineProvider(),
+        RbacGuard
+      ],
+      exports: [RBAC_ENGINE, RBAC_IDENTITY_RESOLVER, RbacGuard]
+    };
+  }
+  static forRootAsync(options) {
+    return {
+      module: RbacModule,
+      imports: options.imports,
+      providers: [
+        {
+          provide: RBAC_OPTIONS,
+          useFactory: options.useFactory,
+          inject: options.inject ?? []
+        },
+        createIdentityResolverProvider(),
+        createEngineProvider(),
+        RbacGuard
+      ],
+      exports: [RBAC_ENGINE, RBAC_IDENTITY_RESOLVER, RbacGuard]
+    };
+  }
+};
+RbacModule = __decorateClass([
+  Module({})
+], RbacModule);
+function createIdentityResolverProvider() {
+  return {
+    provide: RBAC_IDENTITY_RESOLVER,
+    inject: [RBAC_OPTIONS],
+    useFactory: (options) => createIdentityResolver(options.identity)
+  };
+}
+function createEngineProvider() {
+  return {
+    provide: RBAC_ENGINE,
+    inject: [RBAC_OPTIONS],
+    useFactory: (options) => {
+      if (options.engine !== void 0) {
+        return options.engine;
+      }
+      return createRbacEngine({
+        accessRepository: options.accessRepository ?? new DenyAllAccessRepository(),
+        audit: options.audit,
+        cache: options.cache,
+        policies: options.policies,
+        cacheTtlMs: options.cacheTtlMs
+      });
+    }
+  };
+}
+// src/decorators/require-any-permission.decorator.ts
+import { SetMetadata } from "@nestjs/common";
+function RequireAnyPermission(...permissions) {
+  return SetMetadata(RBAC_PERMISSIONS_METADATA, {
+    values: permissions,
+    mode: "any"
+  });
+}
+// src/decorators/require-any-policy.decorator.ts
+import { SetMetadata as SetMetadata2 } from "@nestjs/common";
+function RequireAnyPolicy(...policies) {
+  return SetMetadata2(RBAC_POLICIES_METADATA, {
+    values: policies,
+    mode: "any"
+  });
+}
+// src/decorators/require-any-role.decorator.ts
+import { SetMetadata as SetMetadata3 } from "@nestjs/common";
+function RequireAnyRole(...roles) {
+  return SetMetadata3(RBAC_ROLES_METADATA, {
+    values: roles,
+    mode: "any"
+  });
+}
+// src/decorators/require-permission.decorator.ts
+import { SetMetadata as SetMetadata4 } from "@nestjs/common";
+function RequirePermission(...permissions) {
+  return SetMetadata4(RBAC_PERMISSIONS_METADATA, {
+    values: permissions,
+    mode: "all"
+  });
+}
+// src/decorators/require-policy.decorator.ts
+import { SetMetadata as SetMetadata5 } from "@nestjs/common";
+function RequirePolicy(...policies) {
+  return SetMetadata5(RBAC_POLICIES_METADATA, {
+    values: policies,
+    mode: "all"
+  });
+}
+// src/decorators/require-role.decorator.ts
+import { SetMetadata as SetMetadata6 } from "@nestjs/common";
+function RequireRole(...roles) {
+  return SetMetadata6(RBAC_ROLES_METADATA, {
+    values: roles,
+    mode: "all"
+  });
+}
+export {
+  RBAC_ENGINE,
+  RBAC_IDENTITY_RESOLVER,
+  RBAC_OPTIONS,
+  RBAC_PERMISSIONS_METADATA,
+  RBAC_POLICIES_METADATA,
+  RBAC_ROLES_METADATA,
+  RbacGuard,
+  RbacModule,
+  RequireAnyPermission,
+  RequireAnyPolicy,
+  RequireAnyRole,
+  RequirePermission,
+  RequirePolicy,
+  RequireRole,
+  createDefaultRbacContext,
+  createIdentityResolver,
+  getByPath
+};
+//# sourceMappingURL=index.js.map

package/dist/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/rbac.constants.ts","../src/rbac-context.ts","../src/rbac.guard.ts","../src/rbac.module.ts","../src/deny-all-access-repository.ts","../src/decorators/require-any-permission.decorator.ts","../src/decorators/require-any-policy.decorator.ts","../src/decorators/require-any-role.decorator.ts","../src/decorators/require-permission.decorator.ts","../src/decorators/require-policy.decorator.ts","../src/decorators/require-role.decorator.ts"],"sourcesContent":["export const RBAC_ENGINE = Symbol('RBAC_ENGINE');\nexport const RBAC_OPTIONS = Symbol('RBAC_OPTIONS');\nexport const RBAC_IDENTITY_RESOLVER = Symbol('RBAC_IDENTITY_RESOLVER');\n\nexport const RBAC_PERMISSIONS_METADATA = 'rbac:permissions';\nexport const RBAC_ROLES_METADATA = 'rbac:roles';\nexport const RBAC_POLICIES_METADATA = 'rbac:policies';\n","import type { RbacAuthorizationContext, RbacPrincipal } from '@rbacbee-lib/core';\nimport type { RbacHttpRequest, RbacIdentityOptions, RbacIdentityResolver } from './rbac.types';\n\nexport function createIdentityResolver(identity?: RbacIdentityOptions): RbacIdentityResolver {\n if (identity?.resolveUser !== undefined) {\n return identity.resolveUser;\n }\n\n return ({ request }) => {\n const userIdPath = identity?.userIdPath ?? defaultUserIdPath(identity?.strategy);\n const tenantIdPath = identity?.tenantIdPath ?? defaultTenantIdPath(identity?.strategy);\n const userId = firstString(getByPath(request, userIdPath), getByPath(request, 'user.id'));\n\n if (userId === undefined) {\n return null;\n }\n\n const tenantId = firstString(\n getByPath(request, tenantIdPath),\n getByPath(request, 'user.tenantId')\n );\n const principal: RbacPrincipal = { userId };\n\n if (tenantId !== undefined) {\n return { ...principal, tenantId };\n }\n\n return principal;\n };\n}\n\nexport function createDefaultRbacContext(\n request: RbacHttpRequest,\n principal: RbacPrincipal\n): RbacAuthorizationContext {\n const resourceId = firstString(request.params?.id, request.params?.resourceId);\n const resourceType = firstString(request.headers?.['x-resource-type']);\n const context: RbacAuthorizationContext = {};\n\n if (principal.tenantId !== undefined) {\n Object.assign(context, { tenantId: principal.tenantId });\n }\n\n if (resourceId !== undefined) {\n Object.assign(context, { resourceId });\n }\n\n if (resourceType !== undefined) {\n Object.assign(context, { resourceType });\n }\n\n return context;\n}\n\nexport function getByPath(source: unknown, path: string): unknown {\n const segments = path.split('.').filter(Boolean);\n let current: unknown = source;\n\n for (const segment of segments) {\n if (!isRecord(current)) {\n return undefined;\n }\n\n current = current[segment];\n }\n\n return current;\n}\n\nfunction defaultUserIdPath(strategy?: RbacIdentityOptions['strategy']): string {\n if (strategy === 'cookie') {\n return 'cookies.userId';\n }\n\n return 'user.sub';\n}\n\nfunction defaultTenantIdPath(strategy?: RbacIdentityOptions['strategy']): string {\n if (strategy === 'cookie') {\n return 'cookies.tenantId';\n }\n\n return 'user.tenantId';\n}\n\nfunction firstString(...values: unknown[]): string | undefined {\n for (const value of values) {\n if (typeof value === 'string' && value.trim().length > 0) {\n return value.trim();\n }\n\n if (typeof value === 'number') {\n return String(value);\n }\n }\n\n return undefined;\n}\n\nfunction isRecord(value: unknown): value is Record<string, unknown> {\n return typeof value === 'object' && value !== null;\n}\n","import {\n CanActivate,\n ExecutionContext,\n ForbiddenException,\n Inject,\n Injectable,\n UnauthorizedException\n} from '@nestjs/common';\nimport { Reflector } from '@nestjs/core';\nimport type { AuthorizationResult, RbacEngine } from '@rbacbee-lib/core';\nimport {\n RBAC_ENGINE,\n RBAC_IDENTITY_RESOLVER,\n RBAC_OPTIONS,\n RBAC_PERMISSIONS_METADATA,\n RBAC_POLICIES_METADATA,\n RBAC_ROLES_METADATA\n} from './rbac.constants';\nimport { createDefaultRbacContext } from './rbac-context';\nimport type {\n RbacHttpRequest,\n RbacIdentityResolver,\n RbacNestModuleOptions,\n RbacRequirementMetadata\n} from './rbac.types';\n\n@Injectable()\nexport class RbacGuard implements CanActivate {\n public constructor(\n private readonly reflector: Reflector,\n @Inject(RBAC_ENGINE) private readonly engine: RbacEngine,\n @Inject(RBAC_IDENTITY_RESOLVER) private readonly resolveIdentity: RbacIdentityResolver,\n @Inject(RBAC_OPTIONS) private readonly options: RbacNestModuleOptions\n ) {}\n\n public async canActivate(context: ExecutionContext): Promise<boolean> {\n const permissionRequirements = this.getRequirements(RBAC_PERMISSIONS_METADATA, context);\n const roleRequirements = this.getRequirements(RBAC_ROLES_METADATA, context);\n const policyRequirements = this.getRequirements(RBAC_POLICIES_METADATA, context);\n\n if (\n permissionRequirements.length === 0 &&\n roleRequirements.length === 0 &&\n policyRequirements.length === 0\n ) {\n return true;\n }\n\n const request = context.switchToHttp().getRequest<RbacHttpRequest>();\n const principal = await this.resolveIdentity({ context, request });\n\n if (principal === null) {\n throw new UnauthorizedException('RBAC principal could not be resolved');\n }\n\n const rbacContext =\n this.options.context === undefined\n ? createDefaultRbacContext(request, principal)\n : await this.options.context({ context, request, principal });\n\n await this.assertRequirements(permissionRequirements, (permission) =>\n this.engine.can(principal, permission, rbacContext)\n );\n await this.assertRequirements(roleRequirements, (role) =>\n this.engine.hasRole(principal, role, rbacContext)\n );\n await this.assertRequirements(policyRequirements, (policy) =>\n this.engine.evaluatePolicy(policy, principal, rbacContext)\n );\n\n return true;\n }\n\n private getRequirements(\n metadataKey: string,\n context: ExecutionContext\n ): RbacRequirementMetadata[] {\n const controllerRequirement = this.reflector.get<RbacRequirementMetadata>(\n metadataKey,\n context.getClass()\n );\n const handlerRequirement = this.reflector.get<RbacRequirementMetadata>(\n metadataKey,\n context.getHandler()\n );\n\n return [controllerRequirement, handlerRequirement].filter(isRequirement);\n }\n\n private async assertRequirements(\n requirements: readonly RbacRequirementMetadata[],\n check: (value: string) => Promise<AuthorizationResult>\n ): Promise<void> {\n for (const requirement of requirements) {\n const results = await Promise.all(requirement.values.map((value) => check(value)));\n const allowed =\n requirement.mode === 'all'\n ? results.every((result) => result.decision === 'allow')\n : results.some((result) => result.decision === 'allow');\n\n if (!allowed) {\n throw new ForbiddenException('RBAC access denied');\n }\n }\n }\n}\n\nfunction isRequirement(\n value: RbacRequirementMetadata | undefined\n): value is RbacRequirementMetadata {\n return value !== undefined && value.values.length > 0;\n}\n","import { DynamicModule, Module, Provider } from '@nestjs/common';\nimport { createRbacEngine } from '@rbacbee-lib/core';\nimport { RBAC_ENGINE, RBAC_IDENTITY_RESOLVER, RBAC_OPTIONS } from './rbac.constants';\nimport { createIdentityResolver } from './rbac-context';\nimport { RbacGuard } from './rbac.guard';\nimport type { RbacNestModuleAsyncOptions, RbacNestModuleOptions } from './rbac.types';\nimport { DenyAllAccessRepository } from './deny-all-access-repository';\n\n@Module({})\nexport class RbacModule {\n public static forRoot(options: RbacNestModuleOptions): DynamicModule {\n return {\n module: RbacModule,\n providers: [\n { provide: RBAC_OPTIONS, useValue: options },\n createIdentityResolverProvider(),\n createEngineProvider(),\n RbacGuard\n ],\n exports: [RBAC_ENGINE, RBAC_IDENTITY_RESOLVER, RbacGuard]\n };\n }\n\n public static forRootAsync(options: RbacNestModuleAsyncOptions): DynamicModule {\n return {\n module: RbacModule,\n imports: options.imports,\n providers: [\n {\n provide: RBAC_OPTIONS,\n useFactory: options.useFactory,\n inject: options.inject ?? []\n },\n createIdentityResolverProvider(),\n createEngineProvider(),\n RbacGuard\n ],\n exports: [RBAC_ENGINE, RBAC_IDENTITY_RESOLVER, RbacGuard]\n };\n }\n}\n\nfunction createIdentityResolverProvider(): Provider {\n return {\n provide: RBAC_IDENTITY_RESOLVER,\n inject: [RBAC_OPTIONS],\n useFactory: (options: RbacNestModuleOptions) => createIdentityResolver(options.identity)\n };\n}\n\nfunction createEngineProvider(): Provider {\n return {\n provide: RBAC_ENGINE,\n inject: [RBAC_OPTIONS],\n useFactory: (options: RbacNestModuleOptions) => {\n if (options.engine !== undefined) {\n return options.engine;\n }\n\n return createRbacEngine({\n accessRepository: options.accessRepository ?? new DenyAllAccessRepository(),\n audit: options.audit,\n cache: options.cache,\n policies: options.policies,\n cacheTtlMs: options.cacheTtlMs\n });\n }\n };\n}\n","import type { AccessProfile, AccessRepository } from '@rbacbee-lib/core';\n\nexport class DenyAllAccessRepository implements AccessRepository {\n public async getAccessProfile(): Promise<AccessProfile | null> {\n return null;\n }\n}\n","import { SetMetadata } from '@nestjs/common';\nimport { RBAC_PERMISSIONS_METADATA } from '../rbac.constants';\nimport type { RbacRequirementMetadata } from '../rbac.types';\n\nexport function RequireAnyPermission(...permissions: string[]): MethodDecorator & ClassDecorator {\n return SetMetadata(RBAC_PERMISSIONS_METADATA, {\n values: permissions,\n mode: 'any'\n } satisfies RbacRequirementMetadata);\n}\n","import { SetMetadata } from '@nestjs/common';\nimport { RBAC_POLICIES_METADATA } from '../rbac.constants';\nimport type { RbacRequirementMetadata } from '../rbac.types';\n\nexport function RequireAnyPolicy(...policies: string[]): MethodDecorator & ClassDecorator {\n return SetMetadata(RBAC_POLICIES_METADATA, {\n values: policies,\n mode: 'any'\n } satisfies RbacRequirementMetadata);\n}\n","import { SetMetadata } from '@nestjs/common';\nimport { RBAC_ROLES_METADATA } from '../rbac.constants';\nimport type { RbacRequirementMetadata } from '../rbac.types';\n\nexport function RequireAnyRole(...roles: string[]): MethodDecorator & ClassDecorator {\n return SetMetadata(RBAC_ROLES_METADATA, {\n values: roles,\n mode: 'any'\n } satisfies RbacRequirementMetadata);\n}\n","import { SetMetadata } from '@nestjs/common';\nimport { RBAC_PERMISSIONS_METADATA } from '../rbac.constants';\nimport type { RbacRequirementMetadata } from '../rbac.types';\n\nexport function RequirePermission(...permissions: string[]): MethodDecorator & ClassDecorator {\n return SetMetadata(RBAC_PERMISSIONS_METADATA, {\n values: permissions,\n mode: 'all'\n } satisfies RbacRequirementMetadata);\n}\n","import { SetMetadata } from '@nestjs/common';\nimport { RBAC_POLICIES_METADATA } from '../rbac.constants';\nimport type { RbacRequirementMetadata } from '../rbac.types';\n\nexport function RequirePolicy(...policies: string[]): MethodDecorator & ClassDecorator {\n return SetMetadata(RBAC_POLICIES_METADATA, {\n values: policies,\n mode: 'all'\n } satisfies RbacRequirementMetadata);\n}\n","import { SetMetadata } from '@nestjs/common';\nimport { RBAC_ROLES_METADATA } from '../rbac.constants';\nimport type { RbacRequirementMetadata } from '../rbac.types';\n\nexport function RequireRole(...roles: string[]): MethodDecorator & ClassDecorator {\n return SetMetadata(RBAC_ROLES_METADATA, {\n values: roles,\n mode: 'all'\n } satisfies RbacRequirementMetadata);\n}\n"],"mappings":";;;;;;;;;;;;;AAAO,IAAM,cAAc,uBAAO,aAAa;AACxC,IAAM,eAAe,uBAAO,cAAc;AAC1C,IAAM,yBAAyB,uBAAO,wBAAwB;AAE9D,IAAM,4BAA4B;AAClC,IAAM,sBAAsB;AAC5B,IAAM,yBAAyB;;;ACH/B,SAAS,uBAAuB,UAAsD;AAC3F,MAAI,UAAU,gBAAgB,QAAW;AACvC,WAAO,SAAS;AAAA,EAClB;AAEA,SAAO,CAAC,EAAE,QAAQ,MAAM;AACtB,UAAM,aAAa,UAAU,cAAc,kBAAkB,UAAU,QAAQ;AAC/E,UAAM,eAAe,UAAU,gBAAgB,oBAAoB,UAAU,QAAQ;AACrF,UAAM,SAAS,YAAY,UAAU,SAAS,UAAU,GAAG,UAAU,SAAS,SAAS,CAAC;AAExF,QAAI,WAAW,QAAW;AACxB,aAAO;AAAA,IACT;AAEA,UAAM,WAAW;AAAA,MACf,UAAU,SAAS,YAAY;AAAA,MAC/B,UAAU,SAAS,eAAe;AAAA,IACpC;AACA,UAAM,YAA2B,EAAE,OAAO;AAE1C,QAAI,aAAa,QAAW;AAC1B,aAAO,EAAE,GAAG,WAAW,SAAS;AAAA,IAClC;AAEA,WAAO;AAAA,EACT;AACF;AAEO,SAAS,yBACd,SACA,WAC0B;AAC1B,QAAM,aAAa,YAAY,QAAQ,QAAQ,IAAI,QAAQ,QAAQ,UAAU;AAC7E,QAAM,eAAe,YAAY,QAAQ,UAAU,iBAAiB,CAAC;AACrE,QAAM,UAAoC,CAAC;AAE3C,MAAI,UAAU,aAAa,QAAW;AACpC,WAAO,OAAO,SAAS,EAAE,UAAU,UAAU,SAAS,CAAC;AAAA,EACzD;AAEA,MAAI,eAAe,QAAW;AAC5B,WAAO,OAAO,SAAS,EAAE,WAAW,CAAC;AAAA,EACvC;AAEA,MAAI,iBAAiB,QAAW;AAC9B,WAAO,OAAO,SAAS,EAAE,aAAa,CAAC;AAAA,EACzC;AAEA,SAAO;AACT;AAEO,SAAS,UAAU,QAAiB,MAAuB;AAChE,QAAM,WAAW,KAAK,MAAM,GAAG,EAAE,OAAO,OAAO;AAC/C,MAAI,UAAmB;AAEvB,aAAW,WAAW,UAAU;AAC9B,QAAI,CAAC,SAAS,OAAO,GAAG;AACtB,aAAO;AAAA,IACT;AAEA,cAAU,QAAQ,OAAO;AAAA,EAC3B;AAEA,SAAO;AACT;AAEA,SAAS,kBAAkB,UAAoD;AAC7E,MAAI,aAAa,UAAU;AACzB,WAAO;AAAA,EACT;AAEA,SAAO;AACT;AAEA,SAAS,oBAAoB,UAAoD;AAC/E,MAAI,aAAa,UAAU;AACzB,WAAO;AAAA,EACT;AAEA,SAAO;AACT;AAEA,SAAS,eAAe,QAAuC;AAC7D,aAAW,SAAS,QAAQ;AAC1B,QAAI,OAAO,UAAU,YAAY,MAAM,KAAK,EAAE,SAAS,GAAG;AACxD,aAAO,MAAM,KAAK;AAAA,IACpB;AAEA,QAAI,OAAO,UAAU,UAAU;AAC7B,aAAO,OAAO,KAAK;AAAA,IACrB;AAAA,EACF;AAEA,SAAO;AACT;AAEA,SAAS,SAAS,OAAkD;AAClE,SAAO,OAAO,UAAU,YAAY,UAAU;AAChD;;;ACrGA;AAAA,EAGE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AAoBA,IAAM,YAAN,MAAuC;AAAA,EACrC,YACY,WACqB,QACW,iBACV,SACvC;AAJiB;AACqB;AACW;AACV;AAAA,EACtC;AAAA,EAJgB;AAAA,EACqB;AAAA,EACW;AAAA,EACV;AAAA,EAGzC,MAAa,YAAY,SAA6C;AACpE,UAAM,yBAAyB,KAAK,gBAAgB,2BAA2B,OAAO;AACtF,UAAM,mBAAmB,KAAK,gBAAgB,qBAAqB,OAAO;AAC1E,UAAM,qBAAqB,KAAK,gBAAgB,wBAAwB,OAAO;AAE/E,QACE,uBAAuB,WAAW,KAClC,iBAAiB,WAAW,KAC5B,mBAAmB,WAAW,GAC9B;AACA,aAAO;AAAA,IACT;AAEA,UAAM,UAAU,QAAQ,aAAa,EAAE,WAA4B;AACnE,UAAM,YAAY,MAAM,KAAK,gBAAgB,EAAE,SAAS,QAAQ,CAAC;AAEjE,QAAI,cAAc,MAAM;AACtB,YAAM,IAAI,sBAAsB,sCAAsC;AAAA,IACxE;AAEA,UAAM,cACJ,KAAK,QAAQ,YAAY,SACrB,yBAAyB,SAAS,SAAS,IAC3C,MAAM,KAAK,QAAQ,QAAQ,EAAE,SAAS,SAAS,UAAU,CAAC;AAEhE,UAAM,KAAK;AAAA,MAAmB;AAAA,MAAwB,CAAC,eACrD,KAAK,OAAO,IAAI,WAAW,YAAY,WAAW;AAAA,IACpD;AACA,UAAM,KAAK;AAAA,MAAmB;AAAA,MAAkB,CAAC,SAC/C,KAAK,OAAO,QAAQ,WAAW,MAAM,WAAW;AAAA,IAClD;AACA,UAAM,KAAK;AAAA,MAAmB;AAAA,MAAoB,CAAC,WACjD,KAAK,OAAO,eAAe,QAAQ,WAAW,WAAW;AAAA,IAC3D;AAEA,WAAO;AAAA,EACT;AAAA,EAEQ,gBACN,aACA,SAC2B;AAC3B,UAAM,wBAAwB,KAAK,UAAU;AAAA,MAC3C;AAAA,MACA,QAAQ,SAAS;AAAA,IACnB;AACA,UAAM,qBAAqB,KAAK,UAAU;AAAA,MACxC;AAAA,MACA,QAAQ,WAAW;AAAA,IACrB;AAEA,WAAO,CAAC,uBAAuB,kBAAkB,EAAE,OAAO,aAAa;AAAA,EACzE;AAAA,EAEA,MAAc,mBACZ,cACA,OACe;AACf,eAAW,eAAe,cAAc;AACtC,YAAM,UAAU,MAAM,QAAQ,IAAI,YAAY,OAAO,IAAI,CAAC,UAAU,MAAM,KAAK,CAAC,CAAC;AACjF,YAAM,UACJ,YAAY,SAAS,QACjB,QAAQ,MAAM,CAAC,WAAW,OAAO,aAAa,OAAO,IACrD,QAAQ,KAAK,CAAC,WAAW,OAAO,aAAa,OAAO;AAE1D,UAAI,CAAC,SAAS;AACZ,cAAM,IAAI,mBAAmB,oBAAoB;AAAA,MACnD;AAAA,IACF;AAAA,EACF;AACF;AA9Ea,YAAN;AAAA,EADN,WAAW;AAAA,EAIP,0BAAO,WAAW;AAAA,EAClB,0BAAO,sBAAsB;AAAA,EAC7B,0BAAO,YAAY;AAAA,GALX;AAgFb,SAAS,cACP,OACkC;AAClC,SAAO,UAAU,UAAa,MAAM,OAAO,SAAS;AACtD;;;AC/GA,SAAwB,cAAwB;AAChD,SAAS,wBAAwB;;;ACC1B,IAAM,0BAAN,MAA0D;AAAA,EAC/D,MAAa,mBAAkD;AAC7D,WAAO;AAAA,EACT;AACF;;;ADGO,IAAM,aAAN,MAAiB;AAAA,EACtB,OAAc,QAAQ,SAA+C;AACnE,WAAO;AAAA,MACL,QAAQ;AAAA,MACR,WAAW;AAAA,QACT,EAAE,SAAS,cAAc,UAAU,QAAQ;AAAA,QAC3C,+BAA+B;AAAA,QAC/B,qBAAqB;AAAA,QACrB;AAAA,MACF;AAAA,MACA,SAAS,CAAC,aAAa,wBAAwB,SAAS;AAAA,IAC1D;AAAA,EACF;AAAA,EAEA,OAAc,aAAa,SAAoD;AAC7E,WAAO;AAAA,MACL,QAAQ;AAAA,MACR,SAAS,QAAQ;AAAA,MACjB,WAAW;AAAA,QACT;AAAA,UACE,SAAS;AAAA,UACT,YAAY,QAAQ;AAAA,UACpB,QAAQ,QAAQ,UAAU,CAAC;AAAA,QAC7B;AAAA,QACA,+BAA+B;AAAA,QAC/B,qBAAqB;AAAA,QACrB;AAAA,MACF;AAAA,MACA,SAAS,CAAC,aAAa,wBAAwB,SAAS;AAAA,IAC1D;AAAA,EACF;AACF;AA/Ba,aAAN;AAAA,EADN,OAAO,CAAC,CAAC;AAAA,GACG;AAiCb,SAAS,iCAA2C;AAClD,SAAO;AAAA,IACL,SAAS;AAAA,IACT,QAAQ,CAAC,YAAY;AAAA,IACrB,YAAY,CAAC,YAAmC,uBAAuB,QAAQ,QAAQ;AAAA,EACzF;AACF;AAEA,SAAS,uBAAiC;AACxC,SAAO;AAAA,IACL,SAAS;AAAA,IACT,QAAQ,CAAC,YAAY;AAAA,IACrB,YAAY,CAAC,YAAmC;AAC9C,UAAI,QAAQ,WAAW,QAAW;AAChC,eAAO,QAAQ;AAAA,MACjB;AAEA,aAAO,iBAAiB;AAAA,QACtB,kBAAkB,QAAQ,oBAAoB,IAAI,wBAAwB;AAAA,QAC1E,OAAO,QAAQ;AAAA,QACf,OAAO,QAAQ;AAAA,QACf,UAAU,QAAQ;AAAA,QAClB,YAAY,QAAQ;AAAA,MACtB,CAAC;AAAA,IACH;AAAA,EACF;AACF;;;AEpEA,SAAS,mBAAmB;AAIrB,SAAS,wBAAwB,aAAyD;AAC/F,SAAO,YAAY,2BAA2B;AAAA,IAC5C,QAAQ;AAAA,IACR,MAAM;AAAA,EACR,CAAmC;AACrC;;;ACTA,SAAS,eAAAA,oBAAmB;AAIrB,SAAS,oBAAoB,UAAsD;AACxF,SAAOC,aAAY,wBAAwB;AAAA,IACzC,QAAQ;AAAA,IACR,MAAM;AAAA,EACR,CAAmC;AACrC;;;ACTA,SAAS,eAAAC,oBAAmB;AAIrB,SAAS,kBAAkB,OAAmD;AACnF,SAAOC,aAAY,qBAAqB;AAAA,IACtC,QAAQ;AAAA,IACR,MAAM;AAAA,EACR,CAAmC;AACrC;;;ACTA,SAAS,eAAAC,oBAAmB;AAIrB,SAAS,qBAAqB,aAAyD;AAC5F,SAAOC,aAAY,2BAA2B;AAAA,IAC5C,QAAQ;AAAA,IACR,MAAM;AAAA,EACR,CAAmC;AACrC;;;ACTA,SAAS,eAAAC,oBAAmB;AAIrB,SAAS,iBAAiB,UAAsD;AACrF,SAAOC,aAAY,wBAAwB;AAAA,IACzC,QAAQ;AAAA,IACR,MAAM;AAAA,EACR,CAAmC;AACrC;;;ACTA,SAAS,eAAAC,oBAAmB;AAIrB,SAAS,eAAe,OAAmD;AAChF,SAAOC,aAAY,qBAAqB;AAAA,IACtC,QAAQ;AAAA,IACR,MAAM;AAAA,EACR,CAAmC;AACrC;","names":["SetMetadata","SetMetadata","SetMetadata","SetMetadata","SetMetadata","SetMetadata","SetMetadata","SetMetadata","SetMetadata","SetMetadata"]}

package/package.json ADDED Viewed

@@ -0,0 +1,49 @@
+{
+  "name": "@rbacbee-lib/nest",
+  "version": "0.1.0",
+  "description": "NestJS adapter for @rbacbee-lib/core.",
+  "license": "MIT",
+  "type": "module",
+  "sideEffects": false,
+  "main": "./dist/index.cjs",
+  "module": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js",
+      "require": "./dist/index.cjs"
+    }
+  },
+  "files": [
+    "dist",
+    "README.md"
+  ],
+  "scripts": {
+    "build": "tsup src/index.ts --format esm,cjs --dts --sourcemap --clean --external @nestjs/common --external @nestjs/core --external reflect-metadata --external rxjs --external @rbacbee-lib/core",
+    "dev": "tsup src/index.ts --format esm,cjs --dts --sourcemap --watch --external @nestjs/common --external @nestjs/core --external reflect-metadata --external rxjs --external @rbacbee-lib/core",
+    "test": "vitest run --passWithNoTests",
+    "test:watch": "vitest",
+    "lint": "eslint src --max-warnings=0",
+    "typecheck": "tsc --noEmit",
+    "clean": "rimraf dist coverage"
+  },
+  "dependencies": {
+    "@rbacbee-lib/core": "workspace:^"
+  },
+  "peerDependencies": {
+    "@nestjs/common": "^10.0.0 || ^11.0.0",
+    "@nestjs/core": "^10.0.0 || ^11.0.0",
+    "reflect-metadata": "^0.1.13 || ^0.2.0",
+    "rxjs": "^7.8.0"
+  },
+  "devDependencies": {
+    "@nestjs/common": "^11.1.3",
+    "@nestjs/core": "^11.1.3",
+    "reflect-metadata": "^0.2.2",
+    "rxjs": "^7.8.2"
+  },
+  "publishConfig": {
+    "access": "public"
+  }
+}