npm - @venizia/ignis - Versions diffs - 0.0.7-2 → 0.0.7-21 - Mend

@venizia/ignis 0.0.7-2 → 0.0.7-21

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (559) hide show

package/dist/components/auth/authenticate/strategies/strategy-registry.js CHANGED Viewed

@@ -1,19 +1,12 @@
 "use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.authenticate = exports.AuthenticationStrategyRegistry = void 0;
-const inversion_1 = require("../../../../helpers/inversion");
-const ignis_helpers_1 = require("@venizia/ignis-helpers");
-const factory_1 = require("hono/factory");
-const isEmpty_1 = __importDefault(require("lodash/isEmpty"));
+exports.AuthenticationStrategyRegistry = void 0;
+const base_1 = require("../../base");
 const common_1 = require("../common");
-class AuthenticationStrategyRegistry extends ignis_helpers_1.BaseHelper {
-    // ------------------------------------------------------------------------------
+// Authentication Strategy Registry — manages strategy registration and resolution
+class AuthenticationStrategyRegistry extends base_1.AbstractAuthRegistry {
     constructor() {
         super({ scope: AuthenticationStrategyRegistry.name });
-        this.strategies = new Map();
     }
     static getInstance() {
         if (!AuthenticationStrategyRegistry.instance) {
@@ -21,135 +14,19 @@ class AuthenticationStrategyRegistry extends ignis_helpers_1.BaseHelper {
         }
         return AuthenticationStrategyRegistry.instance;
     }
-    // ------------------------------------------------------------------------------
-    getStrategyKey(opts) {
-        if (!opts?.name || (0, isEmpty_1.default)(opts.name)) {
-            throw (0, ignis_helpers_1.getError)({ message: `[getStrategyKey] Invalid strategy name | name: ${opts.name}` });
-        }
-        return [common_1.Authentication.AUTHENTICATION_STRATEGY, opts.name].join('.');
-    }
-    getStrategy(opts) {
-        const { container, name } = opts;
-        return container.get({
-            key: this.getStrategyKey({ name }),
-            isOptional: false,
-        });
+    getBindingPrefix() {
+        return common_1.Authentication.AUTHENTICATION_STRATEGY;
     }
-    // ------------------------------------------------------------------------------
     register(opts) {
         const { container, strategies } = opts;
         for (const { strategy, name } of strategies) {
-            this.strategies.set(name, { container, strategyClass: strategy });
-            container
-                .bind({
-                key: [common_1.Authentication.AUTHENTICATION_STRATEGY, name].join('.'),
-            })
-                .toClass(strategy)
-                .setScope(inversion_1.BindingScopes.SINGLETON);
+            this.registerDescriptor({ container, target: strategy, name });
         }
         return this;
     }
-    // ------------------------------------------------------------------------------
-    authenticate(opts) {
-        const { strategies, mode = 'any' } = opts;
-        const mw = (0, factory_1.createMiddleware)(async (context, next) => {
-            const isSkipAuthenticate = context.get(common_1.Authentication.SKIP_AUTHENTICATION);
-            if (isSkipAuthenticate) {
-                const path = context.req.path;
-                this.logger
-                    .for(this.authenticate.name)
-                    .debug('SKIP checking authentication | action: %s', path);
-                return next();
-            }
-            const isAuthenticated = context.get(common_1.Authentication.CURRENT_USER);
-            if (isAuthenticated) {
-                return next();
-            }
-            switch (mode) {
-                case common_1.AuthenticationModes.ANY: {
-                    // FALLBACK MODE: first success wins
-                    const errors = [];
-                    for (const strategyName of strategies) {
-                        try {
-                            const user = await this.executeStrategy({ context, strategyName });
-                            context.set(common_1.Authentication.CURRENT_USER, user);
-                            if (user?.userId) {
-                                context.set(common_1.Authentication.AUDIT_USER_ID, user.userId);
-                            }
-                            await next();
-                            return;
-                        }
-                        catch (error) {
-                            this.logger
-                                .for(this.authenticate.name)
-                                .debug('Strategy %s failed, trying next...', strategyName);
-                            errors.push(error);
-                        }
-                    }
-                    // All strategies failed
-                    throw (0, ignis_helpers_1.getError)({
-                        statusCode: ignis_helpers_1.HTTP.ResultCodes.RS_4.Unauthorized,
-                        message: `Authentication failed. Tried strategies: ${strategies.join(', ')}`,
-                    });
-                }
-                case common_1.AuthenticationModes.ALL: {
-                    // ALL MODE: all strategies must pass
-                    let authUser = null;
-                    for (const strategyName of strategies) {
-                        const user = await this.executeStrategy({ context, strategyName });
-                        authUser = user;
-                    }
-                    if (authUser?.userId) {
-                        context.set(common_1.Authentication.CURRENT_USER, authUser);
-                        context.set(common_1.Authentication.AUDIT_USER_ID, authUser.userId);
-                    }
-                    else {
-                        this.logger
-                            .for(this.authenticate.name)
-                            .error('Failed to identify authenticated user | user: %j | userId: %s', authUser, authUser?.userId);
-                        throw (0, ignis_helpers_1.getError)({
-                            statusCode: ignis_helpers_1.HTTP.ResultCodes.RS_4.Unauthorized,
-                            message: 'Failed to identify authenticated user!',
-                        });
-                    }
-                    return next();
-                }
-                default: {
-                    throw (0, ignis_helpers_1.getError)({
-                        statusCode: ignis_helpers_1.HTTP.ResultCodes.RS_5.InternalServerError,
-                        message: `Invalid authentication mode | mode: ${mode}`,
-                    });
-                }
-            }
-        });
-        return mw;
-    }
-    // ------------------------------------------------------------------------------
-    executeStrategy(opts) {
-        const { context, strategyName } = opts;
-        const strategyMetadata = this.strategies.get(strategyName);
-        if (!strategyMetadata) {
-            throw (0, ignis_helpers_1.getError)({
-                statusCode: ignis_helpers_1.HTTP.ResultCodes.RS_5.InternalServerError,
-                message: `[executeStrategy] Strategy not found: ${strategyName}`,
-            });
-        }
-        const { container } = strategyMetadata;
-        const strategy = container.get({
-            key: [common_1.Authentication.AUTHENTICATION_STRATEGY, strategyName].join('.'),
-        });
-        if (!strategy) {
-            throw (0, ignis_helpers_1.getError)({
-                statusCode: ignis_helpers_1.HTTP.ResultCodes.RS_5.InternalServerError,
-                message: `[executeStrategy] strategy: ${strategyName} | Authentication Strategy NOT FOUND`,
-            });
-        }
-        return strategy.authenticate(context);
+    resolveStrategy(opts) {
+        return this.resolveDescriptor(opts);
     }
 }
 exports.AuthenticationStrategyRegistry = AuthenticationStrategyRegistry;
-const authenticate = (opts) => {
-    return AuthenticationStrategyRegistry.getInstance().authenticate(opts);
-};
-exports.authenticate = authenticate;
 //# sourceMappingURL=strategy-registry.js.map

package/dist/components/auth/authenticate/strategies/strategy-registry.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"strategy-registry.js","sourceRoot":"","sources":["../../../../../src/components/auth/authenticate/strategies/strategy-registry.ts"],"names":[],"mappings":"~~;;;;;;AAAA~~,~~mDAA+D~~;~~AAC/D~~,~~0DAA4E~~;~~AAE5E~~,~~0CAAgD~~;~~AAChD~~,~~6DAAqC;AACrC,sCAMmB;AAEnB,~~MAAa,~~8BAAoD~~,SAAQ,~~0BAAU~~;~~IAWjF,iFAAiF~~;~~IACjF;~~QACE,KAAK,CAAC,EAAE,KAAK,EAAE,8BAA8B,CAAC,IAAI,EAAE,CAAC,CAAC;~~QACtD~~,~~IAAI,~~CAAC~~,UAAU,GAAG,IAAI,GAAG,EAAE,CAAC~~;~~IAC9B,CAAC;~~IAED,MAAM,CAAC,WAAW;QAChB,IAAI,CAAC,8BAA8B,CAAC,QAAQ,EAAE,CAAC;YAC7C,8BAA8B,CAAC,QAAQ,GAAG,IAAI,8BAA8B,EAAE,CAAC;QACjF,CAAC;QAED,OAAO,8BAA8B,CAAC,QAAQ,CAAC;IACjD,CAAC;~~IAED~~,~~iFAAiF~~;~~IACjF~~,~~cAAc,CAAC,IAAsB;QACnC,IAAI,CAAC,IAAI,EAAE,IAAI,IAAI,IAAA,iBAAO,EAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACtC,MAAM,IAAA,wBAAQ,EAAC,EAAE,~~OAAO,~~EAAE,kDAAkD,IAAI,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;QAC7F,CAAC;QAED,OAAO,CAAC,~~uBAAc,CAAC,uBAAuB,~~EAAE,IAAI,~~CAAC~~,IAAI,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC~~;~~IACvE~~,CAAC;IAED,WAAW,CAAC,IAA4C;QACtD,MAAM,EAAE,SAAS,EAAE,IAAI,EAAE,GAAG,IAAI,CAAC;QACjC,OAAO,SAAS,CAAC,GAAG,CAA0B;YAC5C,GAAG,EAAE,IAAI,CAAC,cAAc,CAAC,EAAE,IAAI,EAAE,CAAC;YAClC,UAAU,EAAE,KAAK;SAClB,CAAC,CAAC;IACL,CAAC;IAED,iFAAiF;IACjF,QAAQ,CAAC,IAGR;QACC,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,GAAG,IAAI,CAAC;QAEvC,KAAK,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,IAAI,UAAU,EAAE,CAAC;YAC5C,IAAI,CAAC,~~UAAU~~,CAAC,~~GAAG,CAAC,IAAI,~~EAAE,~~EAAE,~~SAAS,EAAE,~~aAAa~~,EAAE,QAAQ,EAAE,~~CAAC,CAAC;YAClE,SAAS;iBACN,~~IAAI,~~CAAC;gBACJ,GAAG,~~EAAE,CAAC,~~uBAAc,~~CAAC~~,uBAAuB,EAAE,IAAI,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC~~;~~aAC9D~~,CAAC;~~iBACD,OAAO,CAAC,QAAQ,CAAC;iBACjB,QAAQ,CAAC,yBAAa,CAAC,SAAS,CAAC,CAAC;QACvC,CAAC;~~QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED,iFAAiF;IACjF,YAAY,CAAC,IAAgD;QAC3D,MAAM,EAAE,UAAU,EAAE,IAAI,GAAG,KAAK,EAAE,GAAG,IAAI,CAAC;QAE1C,MAAM,EAAE,GAAG,IAAA,0BAAgB,EAAC,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;YAClD,MAAM,kBAAkB,GAAG,OAAO,CAAC,GAAG,CAAC,uBAAc,CAAC,mBAAmB,CAAC,CAAC;YAC3E,IAAI,kBAAkB,EAAE,CAAC;gBACvB,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC;gBAC9B,IAAI,CAAC,MAAM;qBACR,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC;qBAC3B,KAAK,CAAC,2CAA2C,EAAE,IAAI,CAAC,CAAC;gBAC5D,OAAO,IAAI,EAAE,CAAC;YAChB,CAAC;YAED,MAAM,eAAe,~~GAAG,OAAO,~~CAAC,~~GAAG,CAAC,uBAAc,CAAC,YAAY,CAAC,CAAC~~;~~YACjE~~,~~IAAI,eAAe,EAAE,CAAC;gBACpB,~~OAAO,IAAI,~~EAAE,~~CAAC~~;YAChB~~,~~CAAC;YAED~~,~~QAAQ,IAAI,EAAE,~~CAAC~~;gBACb~~,~~KAAK,4BAAmB,CAAC,GAAG,CAAC,CAAC,CAAC;oBAC7B,oCAAoC;oBACpC,MAAM,MAAM,GAAY,EAAE,CAAC;oBAC3B,KAAK,MAAM,YAAY,~~IAAI,~~UAAU,EAAE,~~CAAC~~;wBACtC~~,~~IAAI,~~CAAC;~~4BACH~~,~~MAAM,IAAI,GAAG,MAAM,IAAI,~~CAAC~~,eAAe,CAAC,EAAE,OAAO,EAAE,YAAY,EAAE,CAAC,CAAC~~;4BACnE,OAAO,CAAC,GAAG,CAAC,uBAAc,CAAC,YAAY,EAAE,IAAI,CAAC,CAAC;4BAC/C,IAAI,IAAI,EAAE,MAAM,EAAE,CAAC;gCACjB,OAAO,CAAC,GAAG,CAAC,uBAAc,CAAC,aAAa,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;4BACzD,CAAC;4BAED,MAAM,IAAI,EAAE,CAAC;4BACb,OAAO;wBACT,CAAC;wBAAC,OAAO,KAAK,EAAE,CAAC;4BACf,IAAI,CAAC,MAAM;iCACR,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC;iCAC3B,KAAK,CAAC,oCAAoC,EAAE,YAAY,CAAC,CAAC;4BAC7D,MAAM,CAAC,IAAI,CAAC,KAAc,CAAC,CAAC;wBAC9B,CAAC;oBACH,CAAC;oBAED,wBAAwB;oBACxB,MAAM,IAAA,wBAAQ,EAAC;wBACb,UAAU,EAAE,oBAAI,CAAC,WAAW,CAAC,IAAI,CAAC,YAAY;wBAC9C,OAAO,EAAE,4CAA4C,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;qBAC7E,CAAC,CAAC;gBACL,CAAC;gBACD,KAAK,4BAAmB,CAAC,GAAG,CAAC,CAAC,CAAC;oBAC7B,qCAAqC;oBACrC,IAAI,QAAQ,GAAqB,IAAI,CAAC;oBACtC,KAAK,MAAM,YAAY,IAAI,UAAU,EAAE,CAAC;wBACtC,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,EAAE,OAAO,EAAE,YAAY,EAAE,CAAC,CAAC;wBACnE,QAAQ,GAAG,IAAI,CAAC;oBAClB,CAAC;oBAED,IAAI,QAAQ,EAAE,MAAM,EAAE,CAAC;wBACrB,OAAO,CAAC,GAAG,CAAC,uBAAc,CAAC,YAAY,EAAE,QAAQ,CAAC,CAAC;wBACnD,OAAO,CAAC,GAAG,CAAC,uBAAc,CAAC,aAAa,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC;oBAC7D,CAAC;yBAAM,CAAC;wBACN,IAAI,CAAC,MAAM;6BACR,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC;6BAC3B,KAAK,CACJ,+DAA+D,EAC/D,QAAQ,EACR,QAAQ,EAAE,MAAM,CACjB,CAAC;wBACJ,MAAM,IAAA,wBAAQ,EAAC;4BACb,UAAU,EAAE,oBAAI,CAAC,WAAW,CAAC,IAAI,CAAC,YAAY;4BAC9C,OAAO,EAAE,wCAAwC;yBAClD,CAAC,CAAC;oBACL,CAAC;oBAED,OAAO,IAAI,EAAE,CAAC;gBAChB,CAAC;gBACD,OAAO,CAAC,CAAC,CAAC;oBACR,MAAM,IAAA,wBAAQ,EAAC;wBACb,UAAU,EAAE,oBAAI,CAAC,WAAW,CAAC,IAAI,CAAC,mBAAmB;wBACrD,OAAO,EAAE,uCAAuC,IAAI,EAAE;qBACvD,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,iFAAiF;IACzE,eAAe,CAAC,IAAmD;QACzE,MAAM,EAAE,OAAO,EAAE,YAAY,EAAE,GAAG,IAAI,CAAC;QACvC,MAAM,gBAAgB,GAAG,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;QAE3D,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACtB,MAAM,IAAA,wBAAQ,EAAC;gBACb,UAAU,EAAE,oBAAI,CAAC,WAAW,CAAC,IAAI,CAAC,mBAAmB;gBACrD,OAAO,EAAE,yCAAyC,YAAY,EAAE;aACjE,CAAC,CAAC;QACL,CAAC;QAED,MAAM,EAAE,SAAS,EAAE,GAAG,gBAAgB,CAAC;QACvC,MAAM,QAAQ,GAAG,SAAS,CAAC,GAAG,CAA6B;YACzD,GAAG,EAAE,CAAC,uBAAc,CAAC,uBAAuB,EAAE,YAAY,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC;SACtE,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAA,wBAAQ,EAAC;gBACb,UAAU,EAAE,oBAAI,CAAC,WAAW,CAAC,IAAI,CAAC,mBAAmB;gBACrD,OAAO,EAAE,+BAA+B,YAAY,sCAAsC;aAC3F,CAAC,CAAC;QACL,CAAC;QAED,OAAO,QAAQ,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC;IACxC,CAAC;CACF;~~AA9KD~~,~~wEA8KC;AAEM,MAAM,YAAY,GAAG,CAAC,IAAgD,EAAE,EAAE;IAC/E,OAAO,8BAA8B,CAAC,WAAW,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC;AACzE,CAAC,CAAC;AAFW,QAAA,YAAY,gBAEvB~~"}
1	+ {"version":3,"file":"strategy-registry.js","sourceRoot":"","sources":["../../../../../src/components/auth/authenticate/strategies/strategy-registry.ts"],"names":[],"mappings":";;;AAEA,qCAAkD;AAClD,sCAAoE;AAEpE,kFAAkF;AAElF,MAAa,8BAA+B,SAAQ,2BAA6C;IAG/F;QACE,KAAK,CAAC,EAAE,KAAK,EAAE,8BAA8B,CAAC,IAAI,EAAE,CAAC,CAAC;IACxD,CAAC;IAED,MAAM,CAAC,WAAW;QAChB,IAAI,CAAC,8BAA8B,CAAC,QAAQ,EAAE,CAAC;YAC7C,8BAA8B,CAAC,QAAQ,GAAG,IAAI,8BAA8B,EAAE,CAAC;QACjF,CAAC;QAED,OAAO,8BAA8B,CAAC,QAAQ,CAAC;IACjD,CAAC;IAES,gBAAgB;QACxB,OAAO,uBAAc,CAAC,uBAAuB,CAAC;IAChD,CAAC;IAED,QAAQ,CAAC,IAGR;QACC,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,GAAG,IAAI,CAAC;QAEvC,KAAK,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,IAAI,UAAU,EAAE,CAAC;YAC5C,IAAI,CAAC,kBAAkB,CAAC,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;QACjE,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED,eAAe,CAAC,IAAsB;QACpC,OAAO,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC;IACtC,CAAC;CACF;AAnCD,wEAmCC"}

package/dist/components/auth/authorize/adapters/base-filtered.d.ts ADDED Viewed

@@ -0,0 +1,73 @@
+import { BaseHelper, ValueOrPromise } from '@venizia/ignis-helpers';
+import { type FilteredAdapter, type Model } from 'casbin';
+export interface IBaseFilteredAdapterEntities {
+    role: {
+        principalType: string;
+    };
+    domain?: {
+        principalType: string;
+    };
+}
+export interface ICasbinPolicyFilter {
+    principalType: string;
+    principalValue: string | number;
+}
+/**
+ * Base policy row shape.
+ *
+ * Declared as `type` (not `interface`) so it carries an implicit index signature —
+ * required by Drizzle's `connector.execute<T>()` which constrains `T extends Record<string, unknown>`.
+ */
+export type TBasePolicyRow = {
+    variant: string;
+    code: string;
+    action: string | null;
+    subjectType: string;
+    subjectId: string | number;
+    effect: string | null;
+    domain: string | null;
+};
+export declare abstract class BaseFilteredAdapter<TEntities extends IBaseFilteredAdapterEntities = IBaseFilteredAdapterEntities, TFilter = ICasbinPolicyFilter, TPolicyRow extends TBasePolicyRow = TBasePolicyRow> extends BaseHelper implements FilteredAdapter {
+    protected readonly entities: TEntities;
+    constructor(opts: {
+        scope: string;
+        entities: TEntities;
+    });
+    loadPolicy(): Promise<void>;
+    loadFilteredPolicy(model: Model, filter: TFilter): Promise<void>;
+    isFiltered(): boolean;
+    savePolicy(): Promise<boolean>;
+    addPolicy(): Promise<void>;
+    removePolicy(): Promise<void>;
+    removeFilteredPolicy(): Promise<void>;
+    /** Query direct permission policies assigned to the principal. Return casbin `p` lines. */
+    protected abstract buildDirectPolicies(opts: {
+        filter: TFilter;
+        rolePrincipal: string;
+    }): ValueOrPromise<string[]>;
+    /** Query role assignments for the principal. Return casbin `g` lines + role IDs. */
+    protected abstract buildGroupPolicies(opts: {
+        filter: TFilter;
+    }): ValueOrPromise<{
+        lines: string[];
+        roleIds: (string | number)[];
+    }>;
+    /** Query permission policies inherited through roles. Return casbin `p` lines. */
+    protected abstract buildRolePolicies(opts: {
+        roleIds: (string | number)[];
+        rolePrincipal: string;
+    }): ValueOrPromise<string[]>;
+    /** Format a domain value with optional entity prefix (e.g., `"Organization_<uuid>"`). */
+    protected formatDomain(domain: string | null): string | null;
+    /** Format a casbin grouping line: `g, <subject>, <role>[, <domain>]`. */
+    protected toGroupLine(opts: {
+        subject: string;
+        role: string;
+        domain: string | null;
+    }): string;
+    /** Format a casbin policy line: `p, <subject>, [<domain>,] <resource>, <action>, <effect>`. */
+    protected toPolicyLine(opts: {
+        row: TPolicyRow;
+    }): string | null;
+}
+//# sourceMappingURL=base-filtered.d.ts.map

package/dist/components/auth/authorize/adapters/base-filtered.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"base-filtered.d.ts","sourceRoot":"","sources":["../../../../../src/components/auth/authorize/adapters/base-filtered.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,cAAc,EAAE,MAAM,wBAAwB,CAAC;AACpE,OAAO,EAAE,KAAK,eAAe,EAAE,KAAK,KAAK,EAAE,MAAM,QAAQ,CAAC;AAE1D,MAAM,WAAW,4BAA4B;IAC3C,IAAI,EAAE;QAAE,aAAa,EAAE,MAAM,CAAA;KAAE,CAAC;IAChC,MAAM,CAAC,EAAE;QAAE,aAAa,EAAE,MAAM,CAAA;KAAE,CAAC;CACpC;AAED,MAAM,WAAW,mBAAmB;IAClC,aAAa,EAAE,MAAM,CAAC;IACtB,cAAc,EAAE,MAAM,GAAG,MAAM,CAAC;CACjC;AAED;;;;;GAKG;AACH,MAAM,MAAM,cAAc,GAAG;IAC3B,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,GAAG,MAAM,CAAC;IAC3B,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;CACvB,CAAC;AAYF,8BAAsB,mBAAmB,CACvC,SAAS,SAAS,4BAA4B,GAAG,4BAA4B,EAC7E,OAAO,GAAG,mBAAmB,EAC7B,UAAU,SAAS,cAAc,GAAG,cAAc,CAElD,SAAQ,UACR,YAAW,eAAe;IAE1B,SAAS,CAAC,QAAQ,CAAC,QAAQ,EAAE,SAAS,CAAC;gBAE3B,IAAI,EAAE;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,SAAS,CAAA;KAAE;IAOlD,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;IAI3B,kBAAkB,CAAC,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC;IAoBtE,UAAU,IAAI,OAAO;IAMf,UAAU,IAAI,OAAO,CAAC,OAAO,CAAC;IAI9B,SAAS,IAAI,OAAO,CAAC,IAAI,CAAC;IAI1B,YAAY,IAAI,OAAO,CAAC,IAAI,CAAC;IAI7B,oBAAoB,IAAI,OAAO,CAAC,IAAI,CAAC;IAM3C,2FAA2F;IAC3F,SAAS,CAAC,QAAQ,CAAC,mBAAmB,CAAC,IAAI,EAAE;QAC3C,MAAM,EAAE,OAAO,CAAC;QAChB,aAAa,EAAE,MAAM,CAAC;KACvB,GAAG,cAAc,CAAC,MAAM,EAAE,CAAC;IAE5B,oFAAoF;IACpF,SAAS,CAAC,QAAQ,CAAC,kBAAkB,CAAC,IAAI,EAAE;QAC1C,MAAM,EAAE,OAAO,CAAC;KACjB,GAAG,cAAc,CAAC;QAAE,KAAK,EAAE,MAAM,EAAE,CAAC;QAAC,OAAO,EAAE,CAAC,MAAM,GAAG,MAAM,CAAC,EAAE,CAAA;KAAE,CAAC;IAErE,kFAAkF;IAClF,SAAS,CAAC,QAAQ,CAAC,iBAAiB,CAAC,IAAI,EAAE;QACzC,OAAO,EAAE,CAAC,MAAM,GAAG,MAAM,CAAC,EAAE,CAAC;QAC7B,aAAa,EAAE,MAAM,CAAC;KACvB,GAAG,cAAc,CAAC,MAAM,EAAE,CAAC;IAI5B,yFAAyF;IACzF,SAAS,CAAC,YAAY,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI;IAS5C,yEAAyE;IACzE,SAAS,CAAC,WAAW,CAAC,IAAI,EAAE;QAAE,OAAO,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,GAAG,IAAI,CAAA;KAAE;IASpF,+FAA+F;IAC/F,SAAS,CAAC,YAAY,CAAC,IAAI,EAAE;QAAE,GAAG,EAAE,UAAU,CAAA;KAAE;CAkBjD"}

package/dist/components/auth/authorize/adapters/base-filtered.js ADDED Viewed

@@ -0,0 +1,90 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.BaseFilteredAdapter = void 0;
+const ignis_helpers_1 = require("@venizia/ignis-helpers");
+const common_1 = require("../common");
+// Base Filtered Adapter — read-only template for casbin FilteredAdapter
+//
+// Generic parameters (ordered by likelihood of customization):
+//   TEntities  — entity configuration (subclass adds data-source-specific fields like tableName)
+//   TFilter    — filter shape passed to loadFilteredPolicy (opaque to the base)
+//   TPolicyRow — policy row shape consumed by toPolicyLine
+//
+// Subclasses implement the three query hooks; the base orchestrates loading,
+// provides shared formatters, and satisfies the no-op write contract.
+class BaseFilteredAdapter extends ignis_helpers_1.BaseHelper {
+    constructor(opts) {
+        super({ scope: opts.scope });
+        this.entities = opts.entities;
+    }
+    // FilteredAdapter — public API
+    async loadPolicy() {
+        return;
+    }
+    async loadFilteredPolicy(model, filter) {
+        const { Helper } = await import('casbin');
+        const rolePrincipal = this.entities.role.principalType;
+        const loadLine = (line) => Helper.loadPolicyLine(line, model);
+        // 1. Direct permissions assigned to the principal
+        const directLines = await this.buildDirectPolicies({ filter, rolePrincipal });
+        directLines.forEach(loadLine);
+        // 2. Role assignments + group lines
+        const { lines: groupLines, roleIds } = await this.buildGroupPolicies({ filter });
+        groupLines.forEach(loadLine);
+        // 3. Permissions inherited through roles
+        if (roleIds.length) {
+            const roleLines = await this.buildRolePolicies({ roleIds, rolePrincipal });
+            roleLines.forEach(loadLine);
+        }
+    }
+    isFiltered() {
+        return true;
+    }
+    // FilteredAdapter — no-op write methods (read-only adapter)
+    async savePolicy() {
+        return true;
+    }
+    async addPolicy() {
+        return;
+    }
+    async removePolicy() {
+        return;
+    }
+    async removeFilteredPolicy() {
+        return;
+    }
+    // Formatters — shared utilities for subclasses
+    /** Format a domain value with optional entity prefix (e.g., `"Organization_<uuid>"`). */
+    formatDomain(domain) {
+        if (!domain) {
+            return null;
+        }
+        const prefix = this.entities.domain?.principalType;
+        return prefix ? `${prefix}_${domain}` : domain;
+    }
+    /** Format a casbin grouping line: `g, <subject>, <role>[, <domain>]`. */
+    toGroupLine(opts) {
+        const { subject, role, domain } = opts;
+        if (domain) {
+            return [common_1.CasbinRuleVariants.G, subject, role, domain].join(', ');
+        }
+        return [common_1.CasbinRuleVariants.G, subject, role].join(', ');
+    }
+    /** Format a casbin policy line: `p, <subject>, [<domain>,] <resource>, <action>, <effect>`. */
+    toPolicyLine(opts) {
+        const { row } = opts;
+        const { code, action } = row;
+        const effect = row.effect ?? 'allow';
+        if (!action) {
+            return null;
+        }
+        const subject = `${row.subjectType}_${row.subjectId}`;
+        const domain = this.formatDomain(row.domain);
+        if (domain) {
+            return [common_1.CasbinRuleVariants.P, subject, domain, code, action, effect].join(', ');
+        }
+        return [common_1.CasbinRuleVariants.P, subject, code, action, effect].join(', ');
+    }
+}
+exports.BaseFilteredAdapter = BaseFilteredAdapter;
+//# sourceMappingURL=base-filtered.js.map

package/dist/components/auth/authorize/adapters/base-filtered.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"base-filtered.js","sourceRoot":"","sources":["../../../../../src/components/auth/authorize/adapters/base-filtered.ts"],"names":[],"mappings":";;;AAAA,0DAAoE;AAEpE,sCAA+C;AA2B/C,wEAAwE;AACxE,EAAE;AACF,+DAA+D;AAC/D,iGAAiG;AACjG,gFAAgF;AAChF,2DAA2D;AAC3D,EAAE;AACF,6EAA6E;AAC7E,sEAAsE;AAEtE,MAAsB,mBAKpB,SAAQ,0BAAU;IAKlB,YAAY,IAA4C;QACtD,KAAK,CAAC,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC;QAC7B,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC;IAChC,CAAC;IAED,+BAA+B;IAE/B,KAAK,CAAC,UAAU;QACd,OAAO;IACT,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,KAAY,EAAE,MAAe;QACpD,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,MAAM,CAAC,QAAQ,CAAC,CAAC;QAC1C,MAAM,aAAa,GAAG,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC;QACvD,MAAM,QAAQ,GAAG,CAAC,IAAY,EAAE,EAAE,CAAC,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;QAEtE,kDAAkD;QAClD,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC,CAAC;QAC9E,WAAW,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;QAE9B,oCAAoC;QACpC,MAAM,EAAE,KAAK,EAAE,UAAU,EAAE,OAAO,EAAE,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC;QACjF,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;QAE7B,yCAAyC;QACzC,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;YACnB,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,EAAE,OAAO,EAAE,aAAa,EAAE,CAAC,CAAC;YAC3E,SAAS,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;QAC9B,CAAC;IACH,CAAC;IAED,UAAU;QACR,OAAO,IAAI,CAAC;IACd,CAAC;IAED,4DAA4D;IAE5D,KAAK,CAAC,UAAU;QACd,OAAO,IAAI,CAAC;IACd,CAAC;IAED,KAAK,CAAC,SAAS;QACb,OAAO;IACT,CAAC;IAED,KAAK,CAAC,YAAY;QAChB,OAAO;IACT,CAAC;IAED,KAAK,CAAC,oBAAoB;QACxB,OAAO;IACT,CAAC;IAqBD,+CAA+C;IAE/C,yFAAyF;IAC/E,YAAY,CAAC,MAAqB;QAC1C,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,MAAM,GAAG,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,aAAa,CAAC;QACnD,OAAO,MAAM,CAAC,CAAC,CAAC,GAAG,MAAM,IAAI,MAAM,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC;IACjD,CAAC;IAED,yEAAyE;IAC/D,WAAW,CAAC,IAA8D;QAClF,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC;QACvC,IAAI,MAAM,EAAE,CAAC;YACX,OAAO,CAAC,2BAAkB,CAAC,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAClE,CAAC;QAED,OAAO,CAAC,2BAAkB,CAAC,CAAC,EAAE,OAAO,EAAE,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC1D,CAAC;IAED,+FAA+F;IACrF,YAAY,CAAC,IAAyB;QAC9C,MAAM,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;QACrB,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,GAAG,CAAC;QAC7B,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,IAAI,OAAO,CAAC;QAErC,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,OAAO,GAAG,GAAG,GAAG,CAAC,WAAW,IAAI,GAAG,CAAC,SAAS,EAAE,CAAC;QACtD,MAAM,MAAM,GAAG,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QAE7C,IAAI,MAAM,EAAE,CAAC;YACX,OAAO,CAAC,2BAAkB,CAAC,CAAC,EAAE,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAClF,CAAC;QAED,OAAO,CAAC,2BAAkB,CAAC,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC1E,CAAC;CACF;AA3HD,kDA2HC"}

package/dist/components/auth/authorize/adapters/drizzle-casbin.d.ts ADDED Viewed

@@ -0,0 +1,40 @@
+import { IDataSource } from '../../../../base/datasources';
+import { BaseFilteredAdapter, type IBaseFilteredAdapterEntities, type ICasbinPolicyFilter } from './base-filtered';
+export interface IDrizzleCasbinEntities extends IBaseFilteredAdapterEntities {
+    permission: {
+        tableName: string;
+        principalType: string;
+    };
+    role: {
+        tableName: string;
+        principalType: string;
+    };
+    policyDefinition: {
+        tableName: string;
+        principalType: string;
+    };
+}
+export interface IDrizzleCasbinAdapterOptions {
+    dataSource: IDataSource;
+    entities: IDrizzleCasbinEntities;
+}
+export declare class DrizzleCasbinAdapter extends BaseFilteredAdapter<IDrizzleCasbinEntities> {
+    private dataSource;
+    private get connector();
+    constructor(opts: IDrizzleCasbinAdapterOptions);
+    protected buildDirectPolicies(opts: {
+        filter: ICasbinPolicyFilter;
+        rolePrincipal: string;
+    }): Promise<string[]>;
+    protected buildGroupPolicies(opts: {
+        filter: ICasbinPolicyFilter;
+    }): Promise<{
+        lines: string[];
+        roleIds: (string | number)[];
+    }>;
+    protected buildRolePolicies(opts: {
+        roleIds: (string | number)[];
+        rolePrincipal: string;
+    }): Promise<string[]>;
+}
+//# sourceMappingURL=drizzle-casbin.d.ts.map

package/dist/components/auth/authorize/adapters/drizzle-casbin.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"drizzle-casbin.d.ts","sourceRoot":"","sources":["../../../../../src/components/auth/authorize/adapters/drizzle-casbin.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAiB,MAAM,oBAAoB,CAAC;AAGhE,OAAO,EACL,mBAAmB,EACnB,KAAK,4BAA4B,EACjC,KAAK,mBAAmB,EAEzB,MAAM,iBAAiB,CAAC;AACzB,MAAM,WAAW,sBAAuB,SAAQ,4BAA4B;IAC1E,UAAU,EAAE;QAAE,SAAS,EAAE,MAAM,CAAC;QAAC,aAAa,EAAE,MAAM,CAAA;KAAE,CAAC;IACzD,IAAI,EAAE;QAAE,SAAS,EAAE,MAAM,CAAC;QAAC,aAAa,EAAE,MAAM,CAAA;KAAE,CAAC;IACnD,gBAAgB,EAAE;QAAE,SAAS,EAAE,MAAM,CAAC;QAAC,aAAa,EAAE,MAAM,CAAA;KAAE,CAAC;CAChE;AAED,MAAM,WAAW,4BAA4B;IAC3C,UAAU,EAAE,WAAW,CAAC;IACxB,QAAQ,EAAE,sBAAsB,CAAC;CAClC;AAID,qBAAa,oBAAqB,SAAQ,mBAAmB,CAAC,sBAAsB,CAAC;IACnF,OAAO,CAAC,UAAU,CAAc;IAEhC,OAAO,KAAK,SAAS,GAEpB;gBAEW,IAAI,EAAE,4BAA4B;cAO9B,mBAAmB,CAAC,IAAI,EAAE;QACxC,MAAM,EAAE,mBAAmB,CAAC;QAC5B,aAAa,EAAE,MAAM,CAAC;KACvB,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;cAiCL,kBAAkB,CAAC,IAAI,EAAE;QACvC,MAAM,EAAE,mBAAmB,CAAC;KAC7B,GAAG,OAAO,CAAC;QAAE,KAAK,EAAE,MAAM,EAAE,CAAC;QAAC,OAAO,EAAE,CAAC,MAAM,GAAG,MAAM,CAAC,EAAE,CAAA;KAAE,CAAC;cAqC9C,iBAAiB,CAAC,IAAI,EAAE;QACtC,OAAO,EAAE,CAAC,MAAM,GAAG,MAAM,CAAC,EAAE,CAAC;QAC7B,aAAa,EAAE,MAAM,CAAC;KACvB,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;CAoCtB"}

package/dist/components/auth/authorize/adapters/drizzle-casbin.js ADDED Viewed

@@ -0,0 +1,99 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DrizzleCasbinAdapter = void 0;
+const drizzle_orm_1 = require("drizzle-orm");
+const common_1 = require("../common");
+const base_filtered_1 = require("./base-filtered");
+// Drizzle Casbin Adapter — read-only FilteredAdapter using raw SQL queries
+class DrizzleCasbinAdapter extends base_filtered_1.BaseFilteredAdapter {
+    get connector() {
+        return this.dataSource.connector;
+    }
+    constructor(opts) {
+        super({ scope: DrizzleCasbinAdapter.name, entities: opts.entities });
+        this.dataSource = opts.dataSource;
+    }
+    // Query builders
+    async buildDirectPolicies(opts) {
+        const { permission: perm, policyDefinition: pd } = this.entities;
+        const { principalType, principalValue } = opts.filter;
+        const result = await this.connector.execute((0, drizzle_orm_1.sql) `
+      SELECT pd.variant, p.code, pd.action,
+             pd.subject_type AS "subjectType", pd.subject_id AS "subjectId",
+             pd.effect, pd.domain
+      FROM ${drizzle_orm_1.sql.identifier(pd.tableName)} pd
+      INNER JOIN ${drizzle_orm_1.sql.identifier(perm.tableName)} p ON pd.target_id = p.id
+      WHERE pd.variant = ${common_1.CasbinRuleVariants.POLICY}
+        AND pd.subject_type = ${principalType}
+        AND pd.subject_id = ${principalValue}
+        AND pd.target_type = ${perm.principalType}
+    `);
+        const policyLines = [];
+        if (!result.rows.length) {
+            return policyLines;
+        }
+        for (const row of result.rows) {
+            const line = this.toPolicyLine({ row });
+            if (!line) {
+                continue;
+            }
+            policyLines.push(line);
+        }
+        return policyLines;
+    }
+    async buildGroupPolicies(opts) {
+        const { role: rol, policyDefinition: pd } = this.entities;
+        const { principalType, principalValue } = opts.filter;
+        const result = await this.connector.execute((0, drizzle_orm_1.sql) `
+      SELECT pd.target_id AS "targetId", pd.domain
+      FROM ${drizzle_orm_1.sql.identifier(pd.tableName)} pd
+      WHERE pd.variant = ${common_1.CasbinRuleVariants.GROUP}
+        AND pd.subject_type = ${principalType}
+        AND pd.subject_id = ${principalValue}
+        AND pd.target_type = ${rol.principalType}
+    `);
+        const policyLines = [];
+        const roleIds = [];
+        if (!result.rows.length) {
+            return { lines: policyLines, roleIds };
+        }
+        for (const row of result.rows) {
+            roleIds.push(row.targetId);
+            policyLines.push(this.toGroupLine({
+                subject: `${principalType}_${principalValue}`,
+                role: `${rol.principalType}_${row.targetId}`,
+                domain: this.formatDomain(row.domain),
+            }));
+        }
+        return { lines: policyLines, roleIds };
+    }
+    async buildRolePolicies(opts) {
+        const { permission: perm, role: rol, policyDefinition: pd } = this.entities;
+        const { roleIds } = opts;
+        const result = await this.connector.execute((0, drizzle_orm_1.sql) `
+      SELECT pd.variant, p.code, pd.action,
+             pd.subject_type AS "subjectType", pd.subject_id AS "subjectId",
+             pd.effect, pd.domain
+      FROM ${drizzle_orm_1.sql.identifier(pd.tableName)} pd
+      INNER JOIN ${drizzle_orm_1.sql.identifier(perm.tableName)} p ON pd.target_id = p.id
+      WHERE pd.variant = ${common_1.CasbinRuleVariants.POLICY}
+        AND pd.subject_type = ${rol.principalType}
+        AND pd.subject_id IN (${drizzle_orm_1.sql.join(roleIds.map(id => (0, drizzle_orm_1.sql) `${id}`), (0, drizzle_orm_1.sql) `, `)})
+        AND pd.target_type = ${perm.principalType}
+    `);
+        const policyLines = [];
+        if (!result.rows.length) {
+            return policyLines;
+        }
+        for (const row of result.rows) {
+            const line = this.toPolicyLine({ row });
+            if (!line) {
+                continue;
+            }
+            policyLines.push(line);
+        }
+        return policyLines;
+    }
+}
+exports.DrizzleCasbinAdapter = DrizzleCasbinAdapter;
+//# sourceMappingURL=drizzle-casbin.js.map

package/dist/components/auth/authorize/adapters/drizzle-casbin.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"drizzle-casbin.js","sourceRoot":"","sources":["../../../../../src/components/auth/authorize/adapters/drizzle-casbin.ts"],"names":[],"mappings":";;;AACA,6CAAkC;AAClC,sCAA+C;AAC/C,mDAKyB;AAYzB,2EAA2E;AAE3E,MAAa,oBAAqB,SAAQ,mCAA2C;IAGnF,IAAY,SAAS;QACnB,OAAO,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC;IACnC,CAAC;IAED,YAAY,IAAkC;QAC5C,KAAK,CAAC,EAAE,KAAK,EAAE,oBAAoB,CAAC,IAAI,EAAE,QAAQ,EAAE,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC;QACrE,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC;IACpC,CAAC;IAED,iBAAiB;IAEP,KAAK,CAAC,mBAAmB,CAAC,IAGnC;QACC,MAAM,EAAE,UAAU,EAAE,IAAI,EAAE,gBAAgB,EAAE,EAAE,EAAE,GAAG,IAAI,CAAC,QAAQ,CAAC;QACjE,MAAM,EAAE,aAAa,EAAE,cAAc,EAAE,GAAG,IAAI,CAAC,MAAM,CAAC;QAEtD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,OAAO,CAAiB,IAAA,iBAAG,EAAA;;;;aAItD,iBAAG,CAAC,UAAU,CAAC,EAAE,CAAC,SAAS,CAAC;mBACtB,iBAAG,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC;2BACtB,2BAAkB,CAAC,MAAM;gCACpB,aAAa;8BACf,cAAc;+BACb,IAAI,CAAC,aAAa;KAC5C,CAAC,CAAC;QAEH,MAAM,WAAW,GAAkB,EAAE,CAAC;QACtC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;YACxB,OAAO,WAAW,CAAC;QACrB,CAAC;QAED,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,EAAE,CAAC;YAC9B,MAAM,IAAI,GAAG,IAAI,CAAC,YAAY,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC;YACxC,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,SAAS;YACX,CAAC;YAED,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACzB,CAAC;QAED,OAAO,WAAW,CAAC;IACrB,CAAC;IAES,KAAK,CAAC,kBAAkB,CAAC,IAElC;QACC,MAAM,EAAE,IAAI,EAAE,GAAG,EAAE,gBAAgB,EAAE,EAAE,EAAE,GAAG,IAAI,CAAC,QAAQ,CAAC;QAC1D,MAAM,EAAE,aAAa,EAAE,cAAc,EAAE,GAAG,IAAI,CAAC,MAAM,CAAC;QAItD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,OAAO,CAAO,IAAA,iBAAG,EAAA;;aAE5C,iBAAG,CAAC,UAAU,CAAC,EAAE,CAAC,SAAS,CAAC;2BACd,2BAAkB,CAAC,KAAK;gCACnB,aAAa;8BACf,cAAc;+BACb,GAAG,CAAC,aAAa;KAC3C,CAAC,CAAC;QAEH,MAAM,WAAW,GAAkB,EAAE,CAAC;QACtC,MAAM,OAAO,GAAwB,EAAE,CAAC;QAExC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;YACxB,OAAO,EAAE,KAAK,EAAE,WAAW,EAAE,OAAO,EAAE,CAAC;QACzC,CAAC;QAED,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,EAAE,CAAC;YAC9B,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;YAE3B,WAAW,CAAC,IAAI,CACd,IAAI,CAAC,WAAW,CAAC;gBACf,OAAO,EAAE,GAAG,aAAa,IAAI,cAAc,EAAE;gBAC7C,IAAI,EAAE,GAAG,GAAG,CAAC,aAAa,IAAI,GAAG,CAAC,QAAQ,EAAE;gBAC5C,MAAM,EAAE,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC;aACtC,CAAC,CACH,CAAC;QACJ,CAAC;QAED,OAAO,EAAE,KAAK,EAAE,WAAW,EAAE,OAAO,EAAE,CAAC;IACzC,CAAC;IAES,KAAK,CAAC,iBAAiB,CAAC,IAGjC;QACC,MAAM,EAAE,UAAU,EAAE,IAAI,EAAE,IAAI,EAAE,GAAG,EAAE,gBAAgB,EAAE,EAAE,EAAE,GAAG,IAAI,CAAC,QAAQ,CAAC;QAC5E,MAAM,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC;QAEzB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,OAAO,CAAiB,IAAA,iBAAG,EAAA;;;;aAItD,iBAAG,CAAC,UAAU,CAAC,EAAE,CAAC,SAAS,CAAC;mBACtB,iBAAG,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC;2BACtB,2BAAkB,CAAC,MAAM;gCACpB,GAAG,CAAC,aAAa;gCACjB,iBAAG,CAAC,IAAI,CAC9B,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC,IAAA,iBAAG,EAAA,GAAG,EAAE,EAAE,CAAC,EAC7B,IAAA,iBAAG,EAAA,IAAI,CACR;+BACsB,IAAI,CAAC,aAAa;KAC5C,CAAC,CAAC;QAEH,MAAM,WAAW,GAAkB,EAAE,CAAC;QAEtC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;YACxB,OAAO,WAAW,CAAC;QACrB,CAAC;QAED,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,EAAE,CAAC;YAC9B,MAAM,IAAI,GAAG,IAAI,CAAC,YAAY,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC;YACxC,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,SAAS;YACX,CAAC;YAED,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACzB,CAAC;QAED,OAAO,WAAW,CAAC;IACrB,CAAC;CACF;AAhID,oDAgIC"}

package/dist/components/auth/authorize/adapters/index.d.ts ADDED Viewed

@@ -0,0 +1,3 @@
+export * from './base-filtered';
+export * from './drizzle-casbin';
+//# sourceMappingURL=index.d.ts.map

package/dist/components/auth/authorize/adapters/index.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../src/components/auth/authorize/adapters/index.ts"],"names":[],"mappings":"AAAA,cAAc,iBAAiB,CAAC;AAChC,cAAc,kBAAkB,CAAC"}

package/dist/components/auth/authorize/adapters/index.js ADDED Viewed

@@ -0,0 +1,19 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./base-filtered"), exports);
+__exportStar(require("./drizzle-casbin"), exports);
+//# sourceMappingURL=index.js.map

package/dist/components/auth/authorize/adapters/index.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../src/components/auth/authorize/adapters/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,kDAAgC;AAChC,mDAAiC"}

package/dist/components/auth/authorize/common/constants.d.ts ADDED Viewed

@@ -0,0 +1,70 @@
+import { TConstValue } from '@venizia/ignis-helpers';
+import { AuthorizationRole } from '../models/authorization-role.model';
+export declare class Authorization {
+    static readonly RULES = "authorization.rules";
+    static readonly SKIP_AUTHORIZATION = "authorization.skip";
+    static readonly ENFORCER = "authorization.enforcer";
+}
+export declare class AuthorizationActions {
+    static readonly CREATE = "create";
+    static readonly READ = "read";
+    static readonly UPDATE = "update";
+    static readonly DELETE = "delete";
+    static readonly EXECUTE = "execute";
+    static readonly SCHEME_SET: Set<string>;
+    static isValid(input: string): boolean;
+}
+export type TAuthorizationAction = TConstValue<typeof AuthorizationActions>;
+export declare class AuthorizationDecisions {
+    static readonly ALLOW = "allow";
+    static readonly DENY = "deny";
+    static readonly ABSTAIN = "abstain";
+    static readonly SCHEME_SET: Set<string>;
+    static isValid(input: string): boolean;
+    static isAllow(input: string | number): boolean;
+    static isDeny(input: string | number): boolean;
+    static isAbstain(input: string | number): boolean;
+}
+export type TAuthorizationDecision = TConstValue<typeof AuthorizationDecisions>;
+export declare class AuthorizationRoles {
+    static readonly SUPER_ADMIN: AuthorizationRole;
+    static readonly ADMIN: AuthorizationRole;
+    static readonly USER: AuthorizationRole;
+    static readonly GUEST: AuthorizationRole;
+    static readonly UNKNOWN_USER: AuthorizationRole;
+    static readonly SCHEME_SET: Set<string>;
+    static isValid(input: string): boolean;
+}
+export declare class AuthorizationEnforcerTypes {
+    static readonly CASBIN = "casbin";
+    static readonly CUSTOM = "custom";
+    static readonly SCHEME_SET: Set<string>;
+    static isValid(input: string): boolean;
+}
+export type TAuthorizationEnforcerType = TConstValue<typeof AuthorizationEnforcerTypes>;
+export declare class CasbinEnforcerCachedDrivers {
+    static readonly IN_MEMORY = "in-memory";
+    static readonly REDIS = "redis";
+    static readonly SCHEME_SET: Set<string>;
+    static isValid(input: string): boolean;
+}
+export type TCasbinEnforcerCachedDriver = TConstValue<typeof CasbinEnforcerCachedDrivers>;
+export declare class CasbinEnforcerModelDrivers {
+    static readonly FILE = "file";
+    static readonly TEXT = "text";
+    static readonly SCHEME_SET: Set<string>;
+    static isValid(input: string): boolean;
+}
+export type TCasbinEnforcerModelDriver = TConstValue<typeof CasbinEnforcerModelDrivers>;
+export declare class CasbinRuleVariants {
+    static readonly POLICY = "policy";
+    static readonly GROUP = "group";
+    /** Casbin line prefix for policy rules. */
+    static readonly P = "p";
+    /** Casbin line prefix for grouping rules. */
+    static readonly G = "g";
+    static readonly SCHEME_SET: Set<string>;
+    static isValid(input: string): boolean;
+}
+export type TCasbinRuleVariant = TConstValue<typeof CasbinRuleVariants>;
+//# sourceMappingURL=constants.d.ts.map

package/dist/components/auth/authorize/common/constants.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../../../../../src/components/auth/authorize/common/constants.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAC;AACrD,OAAO,EAAE,iBAAiB,EAAE,MAAM,oCAAoC,CAAC;AAEvE,qBAAa,aAAa;IACxB,MAAM,CAAC,QAAQ,CAAC,KAAK,yBAAyB;IAC9C,MAAM,CAAC,QAAQ,CAAC,kBAAkB,wBAAwB;IAC1D,MAAM,CAAC,QAAQ,CAAC,QAAQ,4BAA4B;CACrD;AAED,qBAAa,oBAAoB;IAC/B,MAAM,CAAC,QAAQ,CAAC,MAAM,YAAY;IAClC,MAAM,CAAC,QAAQ,CAAC,IAAI,UAAU;IAC9B,MAAM,CAAC,QAAQ,CAAC,MAAM,YAAY;IAClC,MAAM,CAAC,QAAQ,CAAC,MAAM,YAAY;IAClC,MAAM,CAAC,QAAQ,CAAC,OAAO,aAAa;IAEpC,MAAM,CAAC,QAAQ,CAAC,UAAU,cAMvB;IAEH,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO;CAGvC;AACD,MAAM,MAAM,oBAAoB,GAAG,WAAW,CAAC,OAAO,oBAAoB,CAAC,CAAC;AAE5E,qBAAa,sBAAsB;IACjC,MAAM,CAAC,QAAQ,CAAC,KAAK,WAAW;IAChC,MAAM,CAAC,QAAQ,CAAC,IAAI,UAAU;IAC9B,MAAM,CAAC,QAAQ,CAAC,OAAO,aAAa;IAEpC,MAAM,CAAC,QAAQ,CAAC,UAAU,cAAkD;IAE5E,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO;IAItC,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO;IAO/C,MAAM,CAAC,MAAM,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO;IAO9C,MAAM,CAAC,SAAS,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO;CAMlD;AACD,MAAM,MAAM,sBAAsB,GAAG,WAAW,CAAC,OAAO,sBAAsB,CAAC,CAAC;AAEhF,qBAAa,kBAAkB;IAC7B,MAAM,CAAC,QAAQ,CAAC,WAAW,oBAGxB;IACH,MAAM,CAAC,QAAQ,CAAC,KAAK,oBAGlB;IACH,MAAM,CAAC,QAAQ,CAAC,IAAI,oBAGjB;IACH,MAAM,CAAC,QAAQ,CAAC,KAAK,oBAGlB;IACH,MAAM,CAAC,QAAQ,CAAC,YAAY,oBAGzB;IAEH,MAAM,CAAC,QAAQ,CAAC,UAAU,cAMvB;IAEH,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO;CAGvC;AAED,qBAAa,0BAA0B;IACrC,MAAM,CAAC,QAAQ,CAAC,MAAM,YAAY;IAClC,MAAM,CAAC,QAAQ,CAAC,MAAM,YAAY;IAElC,MAAM,CAAC,QAAQ,CAAC,UAAU,cAAuC;IAEjE,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO;CAGvC;AAED,MAAM,MAAM,0BAA0B,GAAG,WAAW,CAAC,OAAO,0BAA0B,CAAC,CAAC;AAExF,qBAAa,2BAA2B;IACtC,MAAM,CAAC,QAAQ,CAAC,SAAS,eAAe;IACxC,MAAM,CAAC,QAAQ,CAAC,KAAK,WAAW;IAEhC,MAAM,CAAC,QAAQ,CAAC,UAAU,cAAyC;IAEnE,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO;CAGvC;AAED,MAAM,MAAM,2BAA2B,GAAG,WAAW,CAAC,OAAO,2BAA2B,CAAC,CAAC;AAE1F,qBAAa,0BAA0B;IACrC,MAAM,CAAC,QAAQ,CAAC,IAAI,UAAU;IAC9B,MAAM,CAAC,QAAQ,CAAC,IAAI,UAAU;IAE9B,MAAM,CAAC,QAAQ,CAAC,UAAU,cAAmC;IAE7D,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO;CAGvC;AAED,MAAM,MAAM,0BAA0B,GAAG,WAAW,CAAC,OAAO,0BAA0B,CAAC,CAAC;AAExF,qBAAa,kBAAkB;IAC7B,MAAM,CAAC,QAAQ,CAAC,MAAM,YAAY;IAClC,MAAM,CAAC,QAAQ,CAAC,KAAK,WAAW;IAEhC,2CAA2C;IAC3C,MAAM,CAAC,QAAQ,CAAC,CAAC,OAAO;IACxB,6CAA6C;IAC7C,MAAM,CAAC,QAAQ,CAAC,CAAC,OAAO;IAExB,MAAM,CAAC,QAAQ,CAAC,UAAU,cAAsC;IAEhE,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO;CAGvC;AAED,MAAM,MAAM,kBAAkB,GAAG,WAAW,CAAC,OAAO,kBAAkB,CAAC,CAAC"}