@venizia/ignis 0.0.9-2 → 0.0.9-20

package/dist/components/auth/authorize/common/policy-builder.d.ts

@@ -0,0 +1,183 @@
+import { IdType } from '../../../../base';
+import { TNullable } from '../../../../helpers';
+import { TAuthorizationAction, TAuthorizationDecision } from './constants';
+/** A grant/assignment domain: a scope literal (`SYSTEM_WIDE`/`ANY_MEMBER`) or a typed domain entity. */
+export type TPolicyDomainInput = string | {
+    type: string;
+    id: IdType;
+};
+export declare class AuthorizationPolicyBuilder {
+    static readonly ACTION_PRINCIPAL = "Action";
+    /**
+     * Serialize a domain to the casbin token the matcher compares against {@link resolveRequestDomain}'s
+     * output: a scope literal (`SYSTEM_WIDE`/`ANY_MEMBER`) passes through unchanged; a typed domain becomes
+     * `<type>_<id>` so `g3(r.dom, p.dom)` cascades; null ⇒ null (the adapter then defaults grants to `ANY_MEMBER`).
+     */
+    private static serializeDomain;
+    /**
+     * A grant (casbin `p`): role/user → permission, carrying action + effect + domain.
+     * `domain` null ⇒ `ANY_MEMBER` (adapter default). Pass a scope literal or a typed `{ type, id }` domain.
+     */
+    static grant(opts: {
+        subject: {
+            type: string;
+            id: IdType;
+        };
+        permission: {
+            type: string;
+            id: IdType;
+        };
+        action: string;
+        domain?: TNullable<TPolicyDomainInput>;
+        effect: TAuthorizationDecision;
+    }): {
+        variant: "grant";
+        subjectType: string;
+        subjectId: IdType;
+        targetType: string;
+        targetId: IdType;
+        action: string;
+        effect: string;
+        domain: TNullable<string>;
+    };
+    /** Assign a role to a user (casbin `g`). `domain` null ⇒ `*` (every domain). */
+    static assignRole(opts: {
+        user: {
+            type: string;
+            id: IdType;
+        };
+        role: {
+            type: string;
+            id: IdType;
+        };
+        domain?: TNullable<TPolicyDomainInput>;
+    }): {
+        variant: "assign_role";
+        subjectType: string;
+        subjectId: IdType;
+        targetType: string;
+        targetId: IdType;
+        domain: TNullable<string>;
+    };
+    /** A user joins a domain (casbin `g2`) — backs the `ANY_MEMBER` grant scope. */
+    static joinDomain(opts: {
+        user: {
+            type: string;
+            id: IdType;
+        };
+        domain: {
+            type: string;
+            id: IdType;
+        };
+    }): {
+        variant: "join_domain";
+        subjectType: string;
+        subjectId: IdType;
+        targetType: string;
+        targetId: IdType;
+    };
+    /** A role inherits another role (casbin `g`, shared relation with assign_role). */
+    static roleInherits(opts: {
+        child: {
+            type: string;
+            id: IdType;
+        };
+        parent: {
+            type: string;
+            id: IdType;
+        };
+    }): {
+        variant: "role_inherits";
+        subjectType: string;
+        subjectId: IdType;
+        targetType: string;
+        targetId: IdType;
+    };
+    /**
+     * A resource inherits another (casbin `g4`): a grant on the PARENT covers the CHILD.
+     * e.g. `{ child: SaleOrder, parent: Sale }` — grant on module `Sale` covers subject `SaleOrder`.
+     * Many-to-many: a subject may inherit several module parents (add one edge each).
+     */
+    static resourceInherits(opts: {
+        child: {
+            type: string;
+            id: IdType;
+        };
+        parent: {
+            type: string;
+            id: IdType;
+        };
+    }): {
+        variant: "resource_inherits";
+        subjectType: string;
+        subjectId: IdType;
+        targetType: string;
+        targetId: IdType;
+    };
+    /** An action inherits another (casbin `g5`): the child action is implied by the parent, e.g. read ⊂ manage. */
+    static actionInherits(opts: {
+        child: TAuthorizationAction;
+        parent: TAuthorizationAction;
+    }): {
+        variant: "action_inherits";
+        subjectType: string;
+        subjectId: string;
+        targetType: string;
+        targetId: string;
+    };
+    /** All `action_inherits` rows for the standard {@link AuthorizationActions.LATTICE}. Seed once, idempotently. */
+    static actionLattice(): {
+        variant: "action_inherits";
+        subjectType: string;
+        subjectId: string;
+        targetType: string;
+        targetId: string;
+    }[];
+    /** A domain inherits another (casbin `g3`): a grant in the parent domain cascades to the child. e.g. Merchant ⊂ Organizer. */
+    static domainInherits(opts: {
+        child: {
+            type: string;
+            id: IdType;
+        };
+        parent: {
+            type: string;
+            id: IdType;
+        };
+    }): {
+        variant: "domain_inherits";
+        subjectType: string;
+        subjectId: IdType;
+        targetType: string;
+        targetId: IdType;
+    };
+    /**
+     * Build a role's coarse grant rows from resolved permission ids. The caller resolves each
+     * `resourceCode` (subject/module) to a `Permission` and supplies the lookup; unresolved codes are skipped.
+     */
+    static roleGrants(opts: {
+        role: {
+            type: string;
+            id: IdType;
+        };
+        permission: {
+            type: string;
+            idByCode: ReadonlyMap<string, string>;
+        };
+        grants: ReadonlyArray<{
+            resourceCode: string;
+            action: string;
+            domain?: TNullable<TPolicyDomainInput>;
+            effect: TAuthorizationDecision;
+        }>;
+    }): {
+        variant: "grant";
+        subjectType: string;
+        subjectId: IdType;
+        targetType: string;
+        targetId: IdType;
+        action: string;
+        effect: string;
+        domain: TNullable<string>;
+    }[];
+}
+//# sourceMappingURL=policy-builder.d.ts.map

package/dist/components/auth/authorize/common/policy-builder.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy-builder.d.ts","sourceRoot":"","sources":["../../../../../src/components/auth/authorize/common/policy-builder.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAChC,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AACtC,OAAO,EAGL,oBAAoB,EACpB,sBAAsB,EACvB,MAAM,aAAa,CAAC;AAErB,wGAAwG;AACxG,MAAM,MAAM,kBAAkB,GAAG,MAAM,GAAG;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,EAAE,EAAE,MAAM,CAAA;CAAE,CAAC;AAEvE,qBAAa,0BAA0B;IACrC,MAAM,CAAC,QAAQ,CAAC,gBAAgB,YAAY;IAE5C;;;;OAIG;IACH,OAAO,CAAC,MAAM,CAAC,eAAe;IAY9B;;;OAGG;IACH,MAAM,CAAC,KAAK,CAAC,IAAI,EAAE;QACjB,OAAO,EAAE;YAAE,IAAI,EAAE,MAAM,CAAC;YAAC,EAAE,EAAE,MAAM,CAAA;SAAE,CAAC;QACtC,UAAU,EAAE;YAAE,IAAI,EAAE,MAAM,CAAC;YAAC,EAAE,EAAE,MAAM,CAAA;SAAE,CAAC;QACzC,MAAM,EAAE,MAAM,CAAC;QACf,MAAM,CAAC,EAAE,SAAS,CAAC,kBAAkB,CAAC,CAAC;QACvC,MAAM,EAAE,sBAAsB,CAAC;KAChC;;;;;;;;;;IAaD,gFAAgF;IAChF,MAAM,CAAC,UAAU,CAAC,IAAI,EAAE;QACtB,IAAI,EAAE;YAAE,IAAI,EAAE,MAAM,CAAC;YAAC,EAAE,EAAE,MAAM,CAAA;SAAE,CAAC;QACnC,IAAI,EAAE;YAAE,IAAI,EAAE,MAAM,CAAC;YAAC,EAAE,EAAE,MAAM,CAAA;SAAE,CAAC;QACnC,MAAM,CAAC,EAAE,SAAS,CAAC,kBAAkB,CAAC,CAAC;KACxC;;;;;;;;IAWD,gFAAgF;IAChF,MAAM,CAAC,UAAU,CAAC,IAAI,EAAE;QACtB,IAAI,EAAE;YAAE,IAAI,EAAE,MAAM,CAAC;YAAC,EAAE,EAAE,MAAM,CAAA;SAAE,CAAC;QACnC,MAAM,EAAE;YAAE,IAAI,EAAE,MAAM,CAAC;YAAC,EAAE,EAAE,MAAM,CAAA;SAAE,CAAC;KACtC;;;;;;;IAUD,mFAAmF;IACnF,MAAM,CAAC,YAAY,CAAC,IAAI,EAAE;QACxB,KAAK,EAAE;YAAE,IAAI,EAAE,MAAM,CAAC;YAAC,EAAE,EAAE,MAAM,CAAA;SAAE,CAAC;QACpC,MAAM,EAAE;YAAE,IAAI,EAAE,MAAM,CAAC;YAAC,EAAE,EAAE,MAAM,CAAA;SAAE,CAAC;KACtC;;;;;;;IAUD;;;;OAIG;IACH,MAAM,CAAC,gBAAgB,CAAC,IAAI,EAAE;QAC5B,KAAK,EAAE;YAAE,IAAI,EAAE,MAAM,CAAC;YAAC,EAAE,EAAE,MAAM,CAAA;SAAE,CAAC;QACpC,MAAM,EAAE;YAAE,IAAI,EAAE,MAAM,CAAC;YAAC,EAAE,EAAE,MAAM,CAAA;SAAE,CAAC;KACtC;;;;;;;IAUD,+GAA+G;IAC/G,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE;QAAE,KAAK,EAAE,oBAAoB,CAAC;QAAC,MAAM,EAAE,oBAAoB,CAAA;KAAE;;;;;;;IAUzF,iHAAiH;IACjH,MAAM,CAAC,aAAa;;;;;;;IAIpB,8HAA8H;IAC9H,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE;QAC1B,KAAK,EAAE;YAAE,IAAI,EAAE,MAAM,CAAC;YAAC,EAAE,EAAE,MAAM,CAAA;SAAE,CAAC;QACpC,MAAM,EAAE;YAAE,IAAI,EAAE,MAAM,CAAC;YAAC,EAAE,EAAE,MAAM,CAAA;SAAE,CAAC;KACtC;;;;;;;IAUD;;;OAGG;IACH,MAAM,CAAC,UAAU,CAAC,IAAI,EAAE;QACtB,IAAI,EAAE;YAAE,IAAI,EAAE,MAAM,CAAC;YAAC,EAAE,EAAE,MAAM,CAAA;SAAE,CAAC;QACnC,UAAU,EAAE;YACV,IAAI,EAAE,MAAM,CAAC;YACb,QAAQ,EAAE,WAAW,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;SACvC,CAAC;QAEF,MAAM,EAAE,aAAa,CAAC;YACpB,YAAY,EAAE,MAAM,CAAC;YACrB,MAAM,EAAE,MAAM,CAAC;YACf,MAAM,CAAC,EAAE,SAAS,CAAC,kBAAkB,CAAC,CAAC;YACvC,MAAM,EAAE,sBAAsB,CAAC;SAChC,CAAC,CAAC;KACJ;;;;;;;;;;CAsBF"}

package/dist/components/auth/authorize/common/policy-builder.js

@@ -0,0 +1,130 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuthorizationPolicyBuilder = void 0;
+const constants_1 = require("./constants");
+class AuthorizationPolicyBuilder {
+    static { this.ACTION_PRINCIPAL = 'Action'; }
+    /**
+     * Serialize a domain to the casbin token the matcher compares against {@link resolveRequestDomain}'s
+     * output: a scope literal (`SYSTEM_WIDE`/`ANY_MEMBER`) passes through unchanged; a typed domain becomes
+     * `<type>_<id>` so `g3(r.dom, p.dom)` cascades; null ⇒ null (the adapter then defaults grants to `ANY_MEMBER`).
+     */
+    static serializeDomain(domain) {
+        if (domain == null) {
+            return null;
+        }
+        if (typeof domain === 'string') {
+            return domain;
+        }
+        return [domain.type, domain.id].join('_');
+    }
+    /**
+     * A grant (casbin `p`): role/user → permission, carrying action + effect + domain.
+     * `domain` null ⇒ `ANY_MEMBER` (adapter default). Pass a scope literal or a typed `{ type, id }` domain.
+     */
+    static grant(opts) {
+        return {
+            variant: constants_1.AuthorizationPolicyVariants.GRANT.action,
+            subjectType: opts.subject.type,
+            subjectId: opts.subject.id,
+            targetType: opts.permission.type,
+            targetId: opts.permission.id,
+            action: opts.action,
+            effect: opts.effect,
+            domain: AuthorizationPolicyBuilder.serializeDomain(opts.domain),
+        };
+    }
+    /** Assign a role to a user (casbin `g`). `domain` null ⇒ `*` (every domain). */
+    static assignRole(opts) {
+        return {
+            variant: constants_1.AuthorizationPolicyVariants.ASSIGN_ROLE.action,
+            subjectType: opts.user.type,
+            subjectId: opts.user.id,
+            targetType: opts.role.type,
+            targetId: opts.role.id,
+            domain: AuthorizationPolicyBuilder.serializeDomain(opts.domain),
+        };
+    }
+    /** A user joins a domain (casbin `g2`) — backs the `ANY_MEMBER` grant scope. */
+    static joinDomain(opts) {
+        return {
+            variant: constants_1.AuthorizationPolicyVariants.JOIN_DOMAIN.action,
+            subjectType: opts.user.type,
+            subjectId: opts.user.id,
+            targetType: opts.domain.type,
+            targetId: opts.domain.id,
+        };
+    }
+    /** A role inherits another role (casbin `g`, shared relation with assign_role). */
+    static roleInherits(opts) {
+        return {
+            variant: constants_1.AuthorizationPolicyVariants.ROLE_INHERITS.action,
+            subjectType: opts.child.type,
+            subjectId: opts.child.id,
+            targetType: opts.parent.type,
+            targetId: opts.parent.id,
+        };
+    }
+    /**
+     * A resource inherits another (casbin `g4`): a grant on the PARENT covers the CHILD.
+     * e.g. `{ child: SaleOrder, parent: Sale }` — grant on module `Sale` covers subject `SaleOrder`.
+     * Many-to-many: a subject may inherit several module parents (add one edge each).
+     */
+    static resourceInherits(opts) {
+        return {
+            variant: constants_1.AuthorizationPolicyVariants.RESOURCE_INHERITS.action,
+            subjectType: opts.child.type,
+            subjectId: opts.child.id,
+            targetType: opts.parent.type,
+            targetId: opts.parent.id,
+        };
+    }
+    /** An action inherits another (casbin `g5`): the child action is implied by the parent, e.g. read ⊂ manage. */
+    static actionInherits(opts) {
+        return {
+            variant: constants_1.AuthorizationPolicyVariants.ACTION_INHERITS.action,
+            subjectType: this.ACTION_PRINCIPAL,
+            subjectId: opts.child,
+            targetType: this.ACTION_PRINCIPAL,
+            targetId: opts.parent,
+        };
+    }
+    /** All `action_inherits` rows for the standard {@link AuthorizationActions.LATTICE}. Seed once, idempotently. */
+    static actionLattice() {
+        return constants_1.AuthorizationActions.LATTICE.map(action => this.actionInherits(action));
+    }
+    /** A domain inherits another (casbin `g3`): a grant in the parent domain cascades to the child. e.g. Merchant ⊂ Organizer. */
+    static domainInherits(opts) {
+        return {
+            variant: constants_1.AuthorizationPolicyVariants.DOMAIN_INHERITS.action,
+            subjectType: opts.child.type,
+            subjectId: opts.child.id,
+            targetType: opts.parent.type,
+            targetId: opts.parent.id,
+        };
+    }
+    /**
+     * Build a role's coarse grant rows from resolved permission ids. The caller resolves each
+     * `resourceCode` (subject/module) to a `Permission` and supplies the lookup; unresolved codes are skipped.
+     */
+    static roleGrants(opts) {
+        const rows = [];
+        for (const grant of opts.grants) {
+            const permissionId = opts.permission.idByCode.get(grant.resourceCode);
+            if (!permissionId) {
+                continue;
+            }
+            const policy = AuthorizationPolicyBuilder.grant({
+                subject: { type: opts.role.type, id: opts.role.id },
+                permission: { type: opts.permission.type, id: permissionId },
+                action: grant.action,
+                domain: grant.domain,
+                effect: grant.effect,
+            });
+            rows.push(policy);
+        }
+        return rows;
+    }
+}
+exports.AuthorizationPolicyBuilder = AuthorizationPolicyBuilder;
+//# sourceMappingURL=policy-builder.js.map

package/dist/components/auth/authorize/common/policy-builder.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy-builder.js","sourceRoot":"","sources":["../../../../../src/components/auth/authorize/common/policy-builder.ts"],"names":[],"mappings":";;;AAEA,2CAKqB;AAKrB,MAAa,0BAA0B;aACrB,qBAAgB,GAAG,QAAQ,CAAC;IAE5C;;;;OAIG;IACK,MAAM,CAAC,eAAe,CAAC,MAAsC;QACnE,IAAI,MAAM,IAAI,IAAI,EAAE,CAAC;YACnB,OAAO,IAAI,CAAC;QACd,CAAC;QAED,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;YAC/B,OAAO,MAAM,CAAC;QAChB,CAAC;QAED,OAAO,CAAC,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC5C,CAAC;IAED;;;OAGG;IACH,MAAM,CAAC,KAAK,CAAC,IAMZ;QACC,OAAO;YACL,OAAO,EAAE,uCAA2B,CAAC,KAAK,CAAC,MAAM;YACjD,WAAW,EAAE,IAAI,CAAC,OAAO,CAAC,IAAI;YAC9B,SAAS,EAAE,IAAI,CAAC,OAAO,CAAC,EAAE;YAC1B,UAAU,EAAE,IAAI,CAAC,UAAU,CAAC,IAAI;YAChC,QAAQ,EAAE,IAAI,CAAC,UAAU,CAAC,EAAE;YAC5B,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,MAAM,EAAE,0BAA0B,CAAC,eAAe,CAAC,IAAI,CAAC,MAAM,CAAC;SAChE,CAAC;IACJ,CAAC;IAED,gFAAgF;IAChF,MAAM,CAAC,UAAU,CAAC,IAIjB;QACC,OAAO;YACL,OAAO,EAAE,uCAA2B,CAAC,WAAW,CAAC,MAAM;YACvD,WAAW,EAAE,IAAI,CAAC,IAAI,CAAC,IAAI;YAC3B,SAAS,EAAE,IAAI,CAAC,IAAI,CAAC,EAAE;YACvB,UAAU,EAAE,IAAI,CAAC,IAAI,CAAC,IAAI;YAC1B,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,EAAE;YACtB,MAAM,EAAE,0BAA0B,CAAC,eAAe,CAAC,IAAI,CAAC,MAAM,CAAC;SAChE,CAAC;IACJ,CAAC;IAED,gFAAgF;IAChF,MAAM,CAAC,UAAU,CAAC,IAGjB;QACC,OAAO;YACL,OAAO,EAAE,uCAA2B,CAAC,WAAW,CAAC,MAAM;YACvD,WAAW,EAAE,IAAI,CAAC,IAAI,CAAC,IAAI;YAC3B,SAAS,EAAE,IAAI,CAAC,IAAI,CAAC,EAAE;YACvB,UAAU,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI;YAC5B,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,EAAE;SACzB,CAAC;IACJ,CAAC;IAED,mFAAmF;IACnF,MAAM,CAAC,YAAY,CAAC,IAGnB;QACC,OAAO;YACL,OAAO,EAAE,uCAA2B,CAAC,aAAa,CAAC,MAAM;YACzD,WAAW,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI;YAC5B,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,EAAE;YACxB,UAAU,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI;YAC5B,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,EAAE;SACzB,CAAC;IACJ,CAAC;IAED;;;;OAIG;IACH,MAAM,CAAC,gBAAgB,CAAC,IAGvB;QACC,OAAO;YACL,OAAO,EAAE,uCAA2B,CAAC,iBAAiB,CAAC,MAAM;YAC7D,WAAW,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI;YAC5B,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,EAAE;YACxB,UAAU,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI;YAC5B,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,EAAE;SACzB,CAAC;IACJ,CAAC;IAED,+GAA+G;IAC/G,MAAM,CAAC,cAAc,CAAC,IAAmE;QACvF,OAAO;YACL,OAAO,EAAE,uCAA2B,CAAC,eAAe,CAAC,MAAM;YAC3D,WAAW,EAAE,IAAI,CAAC,gBAAgB;YAClC,SAAS,EAAE,IAAI,CAAC,KAAK;YACrB,UAAU,EAAE,IAAI,CAAC,gBAAgB;YACjC,QAAQ,EAAE,IAAI,CAAC,MAAM;SACtB,CAAC;IACJ,CAAC;IAED,iHAAiH;IACjH,MAAM,CAAC,aAAa;QAClB,OAAO,gCAAoB,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC;IACjF,CAAC;IAED,8HAA8H;IAC9H,MAAM,CAAC,cAAc,CAAC,IAGrB;QACC,OAAO;YACL,OAAO,EAAE,uCAA2B,CAAC,eAAe,CAAC,MAAM;YAC3D,WAAW,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI;YAC5B,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,EAAE;YACxB,UAAU,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI;YAC5B,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,EAAE;SACzB,CAAC;IACJ,CAAC;IAED;;;OAGG;IACH,MAAM,CAAC,UAAU,CAAC,IAajB;QACC,MAAM,IAAI,GAA+D,EAAE,CAAC;QAE5E,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YAChC,MAAM,YAAY,GAAG,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;YACtE,IAAI,CAAC,YAAY,EAAE,CAAC;gBAClB,SAAS;YACX,CAAC;YAED,MAAM,MAAM,GAAG,0BAA0B,CAAC,KAAK,CAAC;gBAC9C,OAAO,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,EAAE,EAAE,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE;gBACnD,UAAU,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,UAAU,CAAC,IAAI,EAAE,EAAE,EAAE,YAAY,EAAE;gBAC5D,MAAM,EAAE,KAAK,CAAC,MAAM;gBACpB,MAAM,EAAE,KAAK,CAAC,MAAM;gBACpB,MAAM,EAAE,KAAK,CAAC,MAAM;aACrB,CAAC,CAAC;YAEH,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACpB,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;;AA7KH,gEA8KC"}

package/dist/components/auth/authorize/common/resolve-request-domain.d.ts

@@ -0,0 +1,20 @@
+import { TContext } from '../../../../base/controllers/common/types';
+import { TNullable } from '@venizia/ignis-helpers';
+import { Env } from 'hono';
+import { IAuthorizationDomainSource, IAuthorizationSpec, IAuthorizeOptions } from './types';
+/** Read a domain value from a declarative source on the Hono context. */
+export declare const readDeclarative: (opts: {
+    source: IAuthorizationDomainSource;
+    context: TContext<Env, string>;
+}) => TNullable<string>;
+/**
+ * Resolve the request domain scope with precedence:
+ *   spec.domain (method | declarative) → options.domainResolver → SYSTEM_WIDE.
+ * Returns a casbin domain string ("<type>_<id>") or the SYSTEM_WIDE sentinel.
+ */
+export declare const resolveRequestDomain: (opts: {
+    spec: IAuthorizationSpec;
+    context: TContext<Env, string>;
+    options: TNullable<IAuthorizeOptions>;
+}) => Promise<string>;
+//# sourceMappingURL=resolve-request-domain.d.ts.map

package/dist/components/auth/authorize/common/resolve-request-domain.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"resolve-request-domain.d.ts","sourceRoot":"","sources":["../../../../../src/components/auth/authorize/common/resolve-request-domain.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,iCAAiC,CAAC;AAC3D,OAAO,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAC;AACnD,OAAO,EAAE,GAAG,EAAE,MAAM,MAAM,CAAC;AAE3B,OAAO,EAAE,0BAA0B,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,MAAM,SAAS,CAAC;AAE5F,yEAAyE;AACzE,eAAO,MAAM,eAAe,GAAI,MAAM;IACpC,MAAM,EAAE,0BAA0B,CAAC;IACnC,OAAO,EAAE,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;CAChC,KAAG,SAAS,CAAC,MAAM,CAoBnB,CAAC;AAEF;;;;GAIG;AACH,eAAO,MAAM,oBAAoB,GAAU,MAAM;IAC/C,IAAI,EAAE,kBAAkB,CAAC;IACzB,OAAO,EAAE,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;IAC/B,OAAO,EAAE,SAAS,CAAC,iBAAiB,CAAC,CAAC;CACvC,KAAG,OAAO,CAAC,MAAM,CA4BjB,CAAC"}

package/dist/components/auth/authorize/common/resolve-request-domain.js

@@ -0,0 +1,59 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.resolveRequestDomain = exports.readDeclarative = void 0;
+const constants_1 = require("./constants");
+/** Read a domain value from a declarative source on the Hono context. */
+const readDeclarative = (opts) => {
+    const { source, context } = opts;
+    switch (source.from) {
+        case 'param': {
+            return context.req.param(source.key) ?? null;
+        }
+        case 'header': {
+            return context.req.header(source.key) ?? null;
+        }
+        case 'query': {
+            return context.req.query(source.key) ?? null;
+        }
+        case 'context': {
+            const value = context.get(source.key);
+            return value == null ? null : String(value);
+        }
+        default: {
+            return null;
+        }
+    }
+};
+exports.readDeclarative = readDeclarative;
+/**
+ * Resolve the request domain scope with precedence:
+ *   spec.domain (method | declarative) → options.domainResolver → SYSTEM_WIDE.
+ * Returns a casbin domain string ("<type>_<id>") or the SYSTEM_WIDE sentinel.
+ */
+const resolveRequestDomain = async (opts) => {
+    const { spec, context, options } = opts;
+    // (1) spec.domain as a method
+    if (typeof spec.domain === 'function') {
+        const resolved = await spec.domain({ context });
+        return resolved
+            ? [resolved.type, resolved.id].join('_')
+            : constants_1.AuthorizationDomainScopes.SYSTEM_WIDE;
+    }
+    // (2) spec.domain as declarative
+    if (spec.domain) {
+        const id = (0, exports.readDeclarative)({ source: spec.domain, context });
+        return id ? [spec.domain.type, id].join('_') : constants_1.AuthorizationDomainScopes.SYSTEM_WIDE;
+    }
+    // (3) global resolver
+    const globalResolver = options?.domainResolver ?? null;
+    if (globalResolver) {
+        const resolved = await globalResolver({ context });
+        return resolved
+            ? [resolved.type, resolved.id].join('_')
+            : constants_1.AuthorizationDomainScopes.SYSTEM_WIDE;
+    }
+    // (4) nothing → SYSTEM_WIDE
+    return constants_1.AuthorizationDomainScopes.SYSTEM_WIDE;
+};
+exports.resolveRequestDomain = resolveRequestDomain;
+//# sourceMappingURL=resolve-request-domain.js.map

package/dist/components/auth/authorize/common/resolve-request-domain.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"resolve-request-domain.js","sourceRoot":"","sources":["../../../../../src/components/auth/authorize/common/resolve-request-domain.ts"],"names":[],"mappings":";;;AAGA,2CAAwD;AAGxD,yEAAyE;AAClE,MAAM,eAAe,GAAG,CAAC,IAG/B,EAAqB,EAAE;IACtB,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC;IACjC,QAAQ,MAAM,CAAC,IAAI,EAAE,CAAC;QACpB,KAAK,OAAO,CAAC,CAAC,CAAC;YACb,OAAO,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC;QAC/C,CAAC;QACD,KAAK,QAAQ,CAAC,CAAC,CAAC;YACd,OAAO,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC;QAChD,CAAC;QACD,KAAK,OAAO,CAAC,CAAC,CAAC;YACb,OAAO,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC;QAC/C,CAAC;QACD,KAAK,SAAS,CAAC,CAAC,CAAC;YACf,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,GAAY,CAAC,CAAC;YAC/C,OAAO,KAAK,IAAI,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAC9C,CAAC;QACD,OAAO,CAAC,CAAC,CAAC;YACR,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;AACH,CAAC,CAAC;AAvBW,QAAA,eAAe,mBAuB1B;AAEF;;;;GAIG;AACI,MAAM,oBAAoB,GAAG,KAAK,EAAE,IAI1C,EAAmB,EAAE;IACpB,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC;IAExC,8BAA8B;IAC9B,IAAI,OAAO,IAAI,CAAC,MAAM,KAAK,UAAU,EAAE,CAAC;QACtC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC;QAChD,OAAO,QAAQ;YACb,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,EAAE,QAAQ,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC;YACxC,CAAC,CAAC,qCAAyB,CAAC,WAAW,CAAC;IAC5C,CAAC;IAED,iCAAiC;IACjC,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;QAChB,MAAM,EAAE,GAAG,IAAA,uBAAe,EAAC,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,OAAO,EAAE,CAAC,CAAC;QAC7D,OAAO,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,qCAAyB,CAAC,WAAW,CAAC;IACvF,CAAC;IAED,sBAAsB;IACtB,MAAM,cAAc,GAAG,OAAO,EAAE,cAAc,IAAI,IAAI,CAAC;IACvD,IAAI,cAAc,EAAE,CAAC;QACnB,MAAM,QAAQ,GAAG,MAAM,cAAc,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC;QACnD,OAAO,QAAQ;YACb,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,EAAE,QAAQ,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC;YACxC,CAAC,CAAC,qCAAyB,CAAC,WAAW,CAAC;IAC5C,CAAC;IAED,4BAA4B;IAC5B,OAAO,qCAAyB,CAAC,WAAW,CAAC;AAC/C,CAAC,CAAC;AAhCW,QAAA,oBAAoB,wBAgC/B"}

package/dist/components/auth/authorize/common/types.d.ts

@@ -1,9 +1,10 @@
+import { IdType } from '../../../../base';
 import { TContext } from '../../../../base/controllers/common/types';
-import { type DefaultRedisHelper, type ValueOrPromise } from '@venizia/ignis-helpers';
+import { type DefaultRedisHelper, type TNullable, type ValueOrPromise } from '@venizia/ignis-helpers';
 import { type Adapter } from 'casbin';
 import { Env, type MiddlewareHandler } from 'hono';
 import { IAuthUser } from '../../authenticate';
-import { CasbinEnforcerCachedDrivers, CasbinEnforcerModelDrivers, TAuthorizationDecision } from './constants';
+import { CasbinEnforcerCachedDrivers, CasbinEnforcerModelDrivers, TAuthorizationDecision, TCasbinDomainMatchingFunction } from './constants';
 export interface IAuthorizationRole {
     readonly name: string;
     readonly priority: number;
@@ -11,24 +12,49 @@ export interface IAuthorizationRole {
 }
 /** Key-value conditions for attribute-based access control. Values compared with strict equality. */
 export type TAuthorizationConditions<KeyType extends string | symbol = string | symbol, ValueType = string | number | boolean | null> = Record<KeyType, ValueType>;
-export interface IAuthorizationComparable<TElement = string, TCompareResult = number> {
-    value: TElement;
-    compare(other: TElement): TCompareResult;
-    isEqual(other: TElement): boolean;
-}
 export interface IAuthorizationRequest<TAction = string, TResource = string> {
     action: TAction;
     resource: TResource;
     conditions?: TAuthorizationConditions;
+    /**
+     * Resolved domain scope for this request, as a casbin domain string `"<DomainType>_<id>"`
+     * (e.g. `"Merchant_7"`), or the `"SYSTEM_WIDE"` sentinel to enforce across all domains.
+     */
+    domain?: string;
+}
+export interface IAuthorizationUser extends IAuthUser {
+    principalType: string;
+}
+/** What CasbinAuthorizationEnforcer.buildRules returns and evaluate consumes. */
+export interface ICasbinRules {
+    user: IAuthorizationUser;
+    lines: string[];
 }
-/** Authorization enforcer that builds rules and evaluates authorization requests. */
+/** Declarative description of where to read the request domain from. */
+export interface IAuthorizationDomainSource {
+    from: 'param' | 'header' | 'query' | 'context';
+    key: string;
+    type: string;
+}
+/** Returns the current request domain; null = no domain (→ SYSTEM_WIDE). */
+export type TAuthorizationDomainResolver<E extends Env = Env> = (opts: {
+    context: TContext<E, string>;
+}) => ValueOrPromise<TNullable<{
+    type: string;
+    id: IdType;
+}>>;
+/**
+ * Authorization enforcer: builds rules and evaluates requests.
+ *
+ * Cache management (`invalidateUserCache`/`rebuildUserCache`) is OPTIONAL — present only on enforcers
+ * that cache per-user policies (e.g. the Casbin enforcer with the Redis driver). The registry
+ * feature-detects them at runtime before invoking.
+ */
 export interface IAuthorizationEnforcer<E extends Env = Env, TAction = string, TResource = string, TRules = unknown, TBuildRulesReturn = ValueOrPromise<TRules>, TEvaluateReturn = ValueOrPromise<TAuthorizationDecision>> {
     name: string;
     configure(): ValueOrPromise<void>;
     buildRules(opts: {
-        user: {
-            principalType: string;
-        } & IAuthUser;
+        user: IAuthorizationUser;
         context: TContext<E, string>;
     }): TBuildRulesReturn;
     evaluate(opts: {
@@ -36,6 +62,19 @@ export interface IAuthorizationEnforcer<E extends Env = Env, TAction = string, T
         request: IAuthorizationRequest<TAction, TResource>;
         context: TContext<E, string>;
     }): TEvaluateReturn;
+    /** Drop a user's cached policies. Implemented only by caching enforcers. */
+    invalidateUserCache?(opts: {
+        user: IAuthorizationUser;
+    }): Promise<{
+        invalidatedKeys: number;
+    }>;
+    /** Drop + rebuild a user's cached policies. Implemented only by caching enforcers. */
+    rebuildUserCache?(opts: {
+        user: IAuthorizationUser;
+    }): Promise<{
+        cacheKey: string;
+        lineCount: number;
+    }>;
 }
 export type TAuthorizationVoter<E extends Env = Env, TAction = string, TResource = string> = (opts: {
     user: IAuthUser;
@@ -49,26 +88,20 @@ export interface IAuthorizationSpec<E extends Env = Env, TAction = string, TReso
     conditions?: TAuthorizationConditions;
     allowedRoles?: string[];
     voters?: TAuthorizationVoter<E, TAction, TResource>[];
+    /** Optional per-route domain: declarative source OR a resolver method. Omitted → global resolver. */
+    domain?: IAuthorizationDomainSource | TAuthorizationDomainResolver<E>;
 }
 export type TAuthorizeFn<E extends Env = Env, TAction = string, TResource = string> = (opts: {
     spec: IAuthorizationSpec<E, TAction, TResource>;
     enforcerName?: string;
 }) => MiddlewareHandler;
-export interface ICasbinEnforcerCachedMemory {
-    driver: typeof CasbinEnforcerCachedDrivers.IN_MEMORY;
-    options: {
-        expiresIn: number;
-    };
-}
 export interface ICasbinEnforcerCachedRedis {
     driver: typeof CasbinEnforcerCachedDrivers.REDIS;
     options: {
         connection: DefaultRedisHelper;
         expiresIn: number;
         keyFn: (opts: {
-            user: {
-                principalType: string;
-            } & IAuthUser;
+            user: IAuthorizationUser;
         }) => ValueOrPromise<string>;
     };
 }
@@ -82,12 +115,14 @@ export interface ICasbinEnforcerOptions<E extends Env = Env, TAction = string, T
     };
     cached: {
         use: false;
-    } | (ICasbinEnforcerCachedMemory & {
-        use: true;
-    }) | (ICasbinEnforcerCachedRedis & {
+    } | (ICasbinEnforcerCachedRedis & {
         use: true;
     });
     adapter?: TAdapter;
+    domainMatching?: {
+        roleDefinition: string;
+        fn: TCasbinDomainMatchingFunction;
+    };
     normalizePayloadFn?(opts: {
         user: IAuthUser;
         action: TAction;
@@ -99,9 +134,21 @@ export interface ICasbinEnforcerOptions<E extends Env = Env, TAction = string, T
         action: string;
         domain?: string;
     };
+    /**
+     * Turn on the domain-scoped RBAC model. Requests become 4-token `(subject, domain, object, action)`
+     * instead of 3-token, and the enforcer registers the domain matcher (`keyMatch` on `g`) and the
+     * resource matcher (`objectMatch`) needed by that model.
+     */
+    isScoped?: boolean;
+    /** Number of pooled enforcers (each request enforces on its own). Default 16. */
+    poolSize?: number;
+    /** Max ms to wait for a free pooled enforcer before failing closed. Default 5000. */
+    poolAcquireTimeoutMs?: number;
 }
 export interface IAuthorizeOptions {
     defaultDecision: TAuthorizationDecision;
     alwaysAllowRoles?: string[];
+    /** Fallback domain resolver used when a route's spec has no `domain`. */
+    domainResolver?: TAuthorizationDomainResolver;
 }
 //# sourceMappingURL=types.d.ts.map

package/dist/components/auth/authorize/common/types.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../../../src/components/auth/authorize/common/types.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,iCAAiC,CAAC;AAC3D,OAAO,EAAE,KAAK,kBAAkB,EAAE,KAAK,cAAc,EAAE,MAAM,wBAAwB,CAAC;AACtF,OAAO,EAAE,KAAK,OAAO,EAAE,MAAM,QAAQ,CAAC;AACtC,OAAO,EAAE,GAAG,EAAE,KAAK,iBAAiB,EAAE,MAAM,MAAM,CAAC;AACnD,OAAO,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AAC/C,OAAO,EACL,2BAA2B,EAC3B,0BAA0B,EAC1B,sBAAsB,EACvB,MAAM,aAAa,CAAC;AACrB,MAAM,WAAW,kBAAkB;IACjC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;CAC7B;AAED,qGAAqG;AACrG,MAAM,MAAM,wBAAwB,CAClC,OAAO,SAAS,MAAM,GAAG,MAAM,GAAG,MAAM,GAAG,MAAM,EACjD,SAAS,GAAG,MAAM,GAAG,MAAM,GAAG,OAAO,GAAG,IAAI,IAC1C,MAAM,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;AAE/B,MAAM,WAAW,wBAAwB,CAAC,QAAQ,GAAG,MAAM,EAAE,cAAc,GAAG,MAAM;IAClF,KAAK,EAAE,QAAQ,CAAC;IAChB,OAAO,CAAC,KAAK,EAAE,QAAQ,GAAG,cAAc,CAAC;IACzC,OAAO,CAAC,KAAK,EAAE,QAAQ,GAAG,OAAO,CAAC;CACnC;AAED,MAAM,WAAW,qBAAqB,CAAC,OAAO,GAAG,MAAM,EAAE,SAAS,GAAG,MAAM;IACzE,MAAM,EAAE,OAAO,CAAC;IAChB,QAAQ,EAAE,SAAS,CAAC;IACpB,UAAU,CAAC,EAAE,wBAAwB,CAAC;CACvC;AAED,qFAAqF;AACrF,MAAM,WAAW,sBAAsB,CACrC,CAAC,SAAS,GAAG,GAAG,GAAG,EACnB,OAAO,GAAG,MAAM,EAChB,SAAS,GAAG,MAAM,EAClB,MAAM,GAAG,OAAO,EAChB,iBAAiB,GAAG,cAAc,CAAC,MAAM,CAAC,EAC1C,eAAe,GAAG,cAAc,CAAC,sBAAsB,CAAC;IAExD,IAAI,EAAE,MAAM,CAAC;IAEb,SAAS,IAAI,cAAc,CAAC,IAAI,CAAC,CAAC;IAElC,UAAU,CAAC,IAAI,EAAE;QACf,IAAI,EAAE;YAAE,aAAa,EAAE,MAAM,CAAA;SAAE,GAAG,SAAS,CAAC;QAC5C,OAAO,EAAE,QAAQ,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;KAC9B,GAAG,iBAAiB,CAAC;IAEtB,QAAQ,CAAC,IAAI,EAAE;QACb,KAAK,EAAE,MAAM,CAAC;QACd,OAAO,EAAE,qBAAqB,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;QACnD,OAAO,EAAE,QAAQ,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;KAC9B,GAAG,eAAe,CAAC;CACrB;AAED,MAAM,MAAM,mBAAmB,CAC7B,CAAC,SAAS,GAAG,GAAG,GAAG,EACnB,OAAO,GAAG,MAAM,EAChB,SAAS,GAAG,MAAM,IAChB,CAAC,IAAI,EAAE;IACT,IAAI,EAAE,SAAS,CAAC;IAChB,MAAM,EAAE,OAAO,CAAC;IAChB,QAAQ,EAAE,SAAS,CAAC;IACpB,OAAO,EAAE,QAAQ,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;CAC9B,KAAK,cAAc,CAAC,sBAAsB,CAAC,CAAC;AAE7C,MAAM,WAAW,kBAAkB,CAAC,CAAC,SAAS,GAAG,GAAG,GAAG,EAAE,OAAO,GAAG,MAAM,EAAE,SAAS,GAAG,MAAM;IAC3F,MAAM,EAAE,OAAO,CAAC;IAChB,QAAQ,EAAE,SAAS,CAAC;IACpB,UAAU,CAAC,EAAE,wBAAwB,CAAC;IACtC,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,MAAM,CAAC,EAAE,mBAAmB,CAAC,CAAC,EAAE,OAAO,EAAE,SAAS,CAAC,EAAE,CAAC;CACvD;AAED,MAAM,MAAM,YAAY,CAAC,CAAC,SAAS,GAAG,GAAG,GAAG,EAAE,OAAO,GAAG,MAAM,EAAE,SAAS,GAAG,MAAM,IAAI,CAAC,IAAI,EAAE;IAC3F,IAAI,EAAE,kBAAkB,CAAC,CAAC,EAAE,OAAO,EAAE,SAAS,CAAC,CAAC;IAChD,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB,KAAK,iBAAiB,CAAC;AAExB,MAAM,WAAW,2BAA2B;IAC1C,MAAM,EAAE,OAAO,2BAA2B,CAAC,SAAS,CAAC;IACrD,OAAO,EAAE;QACP,SAAS,EAAE,MAAM,CAAC;KACnB,CAAC;CACH;AAED,MAAM,WAAW,0BAA0B;IACzC,MAAM,EAAE,OAAO,2BAA2B,CAAC,KAAK,CAAC;IACjD,OAAO,EAAE;QACP,UAAU,EAAE,kBAAkB,CAAC;QAC/B,SAAS,EAAE,MAAM,CAAC;QAClB,KAAK,EAAE,CAAC,IAAI,EAAE;YAAE,IAAI,EAAE;gBAAE,aAAa,EAAE,MAAM,CAAA;aAAE,GAAG,SAAS,CAAA;SAAE,KAAK,cAAc,CAAC,MAAM,CAAC,CAAC;KAC1F,CAAC;CACH;AAED,MAAM,WAAW,sBAAsB,CACrC,CAAC,SAAS,GAAG,GAAG,GAAG,EACnB,OAAO,GAAG,MAAM,EAChB,SAAS,GAAG,MAAM,EAClB,QAAQ,GAAG,OAAO;IAElB,KAAK,EACD;QAAE,MAAM,EAAE,OAAO,0BAA0B,CAAC,IAAI,CAAC;QAAC,UAAU,EAAE,MAAM,CAAA;KAAE,GACtE;QAAE,MAAM,EAAE,OAAO,0BAA0B,CAAC,IAAI,CAAC;QAAC,UAAU,EAAE,MAAM,CAAA;KAAE,CAAC;IAC3E,MAAM,EACF;QAAE,GAAG,EAAE,KAAK,CAAA;KAAE,GACd,CAAC,2BAA2B,GAAG;QAAE,GAAG,EAAE,IAAI,CAAA;KAAE,CAAC,GAC7C,CAAC,0BAA0B,GAAG;QAAE,GAAG,EAAE,IAAI,CAAA;KAAE,CAAC,CAAC;IACjD,OAAO,CAAC,EAAE,QAAQ,CAAC;IACnB,kBAAkB,CAAC,CAAC,IAAI,EAAE;QACxB,IAAI,EAAE,SAAS,CAAC;QAChB,MAAM,EAAE,OAAO,CAAC;QAChB,QAAQ,EAAE,SAAS,CAAC;QACpB,OAAO,EAAE,QAAQ,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;KAC9B,GAAG;QACF,OAAO,EAAE,MAAM,CAAC;QAChB,QAAQ,EAAE,MAAM,CAAC;QACjB,MAAM,EAAE,MAAM,CAAC;QACf,MAAM,CAAC,EAAE,MAAM,CAAC;KACjB,CAAC;CACH;AAED,MAAM,WAAW,iBAAiB;IAChC,eAAe,EAAE,sBAAsB,CAAC;IACxC,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAC;CAC7B"}
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../../../src/components/auth/authorize/common/types.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAChC,OAAO,EAAE,QAAQ,EAAE,MAAM,iCAAiC,CAAC;AAC3D,OAAO,EACL,KAAK,kBAAkB,EACvB,KAAK,SAAS,EACd,KAAK,cAAc,EACpB,MAAM,wBAAwB,CAAC;AAChC,OAAO,EAAE,KAAK,OAAO,EAAE,MAAM,QAAQ,CAAC;AACtC,OAAO,EAAE,GAAG,EAAE,KAAK,iBAAiB,EAAE,MAAM,MAAM,CAAC;AACnD,OAAO,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AAC/C,OAAO,EACL,2BAA2B,EAC3B,0BAA0B,EAC1B,sBAAsB,EACtB,6BAA6B,EAC9B,MAAM,aAAa,CAAC;AACrB,MAAM,WAAW,kBAAkB;IACjC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;CAC7B;AAED,qGAAqG;AACrG,MAAM,MAAM,wBAAwB,CAClC,OAAO,SAAS,MAAM,GAAG,MAAM,GAAG,MAAM,GAAG,MAAM,EACjD,SAAS,GAAG,MAAM,GAAG,MAAM,GAAG,OAAO,GAAG,IAAI,IAC1C,MAAM,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;AAE/B,MAAM,WAAW,qBAAqB,CAAC,OAAO,GAAG,MAAM,EAAE,SAAS,GAAG,MAAM;IACzE,MAAM,EAAE,OAAO,CAAC;IAChB,QAAQ,EAAE,SAAS,CAAC;IACpB,UAAU,CAAC,EAAE,wBAAwB,CAAC;IACtC;;;OAGG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,kBAAmB,SAAQ,SAAS;IACnD,aAAa,EAAE,MAAM,CAAC;CACvB;AAED,iFAAiF;AACjF,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE,kBAAkB,CAAC;IACzB,KAAK,EAAE,MAAM,EAAE,CAAC;CACjB;AAED,wEAAwE;AACxE,MAAM,WAAW,0BAA0B;IACzC,IAAI,EAAE,OAAO,GAAG,QAAQ,GAAG,OAAO,GAAG,SAAS,CAAC;IAC/C,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,MAAM,CAAC;CACd;AAED,4EAA4E;AAC5E,MAAM,MAAM,4BAA4B,CAAC,CAAC,SAAS,GAAG,GAAG,GAAG,IAAI,CAAC,IAAI,EAAE;IACrE,OAAO,EAAE,QAAQ,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;CAC9B,KAAK,cAAc,CAAC,SAAS,CAAC;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,EAAE,EAAE,MAAM,CAAA;CAAE,CAAC,CAAC,CAAC;AAE9D;;;;;;GAMG;AACH,MAAM,WAAW,sBAAsB,CACrC,CAAC,SAAS,GAAG,GAAG,GAAG,EACnB,OAAO,GAAG,MAAM,EAChB,SAAS,GAAG,MAAM,EAClB,MAAM,GAAG,OAAO,EAChB,iBAAiB,GAAG,cAAc,CAAC,MAAM,CAAC,EAC1C,eAAe,GAAG,cAAc,CAAC,sBAAsB,CAAC;IAExD,IAAI,EAAE,MAAM,CAAC;IAEb,SAAS,IAAI,cAAc,CAAC,IAAI,CAAC,CAAC;IAElC,UAAU,CAAC,IAAI,EAAE;QAAE,IAAI,EAAE,kBAAkB,CAAC;QAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,EAAE,MAAM,CAAC,CAAA;KAAE,GAAG,iBAAiB,CAAC;IAEhG,QAAQ,CAAC,IAAI,EAAE;QACb,KAAK,EAAE,MAAM,CAAC;QACd,OAAO,EAAE,qBAAqB,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;QACnD,OAAO,EAAE,QAAQ,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;KAC9B,GAAG,eAAe,CAAC;IAEpB,4EAA4E;IAC5E,mBAAmB,CAAC,CAAC,IAAI,EAAE;QAAE,IAAI,EAAE,kBAAkB,CAAA;KAAE,GAAG,OAAO,CAAC;QAAE,eAAe,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAE/F,sFAAsF;IACtF,gBAAgB,CAAC,CAAC,IAAI,EAAE;QACtB,IAAI,EAAE,kBAAkB,CAAC;KAC1B,GAAG,OAAO,CAAC;QAAE,QAAQ,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;CACtD;AAED,MAAM,MAAM,mBAAmB,CAC7B,CAAC,SAAS,GAAG,GAAG,GAAG,EACnB,OAAO,GAAG,MAAM,EAChB,SAAS,GAAG,MAAM,IAChB,CAAC,IAAI,EAAE;IACT,IAAI,EAAE,SAAS,CAAC;IAChB,MAAM,EAAE,OAAO,CAAC;IAChB,QAAQ,EAAE,SAAS,CAAC;IACpB,OAAO,EAAE,QAAQ,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;CAC9B,KAAK,cAAc,CAAC,sBAAsB,CAAC,CAAC;AAE7C,MAAM,WAAW,kBAAkB,CAAC,CAAC,SAAS,GAAG,GAAG,GAAG,EAAE,OAAO,GAAG,MAAM,EAAE,SAAS,GAAG,MAAM;IAC3F,MAAM,EAAE,OAAO,CAAC;IAChB,QAAQ,EAAE,SAAS,CAAC;IACpB,UAAU,CAAC,EAAE,wBAAwB,CAAC;IACtC,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,MAAM,CAAC,EAAE,mBAAmB,CAAC,CAAC,EAAE,OAAO,EAAE,SAAS,CAAC,EAAE,CAAC;IACtD,qGAAqG;IACrG,MAAM,CAAC,EAAE,0BAA0B,GAAG,4BAA4B,CAAC,CAAC,CAAC,CAAC;CACvE;AAED,MAAM,MAAM,YAAY,CAAC,CAAC,SAAS,GAAG,GAAG,GAAG,EAAE,OAAO,GAAG,MAAM,EAAE,SAAS,GAAG,MAAM,IAAI,CAAC,IAAI,EAAE;IAC3F,IAAI,EAAE,kBAAkB,CAAC,CAAC,EAAE,OAAO,EAAE,SAAS,CAAC,CAAC;IAChD,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB,KAAK,iBAAiB,CAAC;AAExB,MAAM,WAAW,0BAA0B;IACzC,MAAM,EAAE,OAAO,2BAA2B,CAAC,KAAK,CAAC;IACjD,OAAO,EAAE;QACP,UAAU,EAAE,kBAAkB,CAAC;QAC/B,SAAS,EAAE,MAAM,CAAC;QAClB,KAAK,EAAE,CAAC,IAAI,EAAE;YAAE,IAAI,EAAE,kBAAkB,CAAA;SAAE,KAAK,cAAc,CAAC,MAAM,CAAC,CAAC;KACvE,CAAC;CACH;AAED,MAAM,WAAW,sBAAsB,CACrC,CAAC,SAAS,GAAG,GAAG,GAAG,EACnB,OAAO,GAAG,MAAM,EAChB,SAAS,GAAG,MAAM,EAClB,QAAQ,GAAG,OAAO;IAElB,KAAK,EACD;QAAE,MAAM,EAAE,OAAO,0BAA0B,CAAC,IAAI,CAAC;QAAC,UAAU,EAAE,MAAM,CAAA;KAAE,GACtE;QAAE,MAAM,EAAE,OAAO,0BAA0B,CAAC,IAAI,CAAC;QAAC,UAAU,EAAE,MAAM,CAAA;KAAE,CAAC;IAC3E,MAAM,EAAE;QAAE,GAAG,EAAE,KAAK,CAAA;KAAE,GAAG,CAAC,0BAA0B,GAAG;QAAE,GAAG,EAAE,IAAI,CAAA;KAAE,CAAC,CAAC;IACtE,OAAO,CAAC,EAAE,QAAQ,CAAC;IAEnB,cAAc,CAAC,EAAE;QACf,cAAc,EAAE,MAAM,CAAC;QACvB,EAAE,EAAE,6BAA6B,CAAC;KACnC,CAAC;IAEF,kBAAkB,CAAC,CAAC,IAAI,EAAE;QACxB,IAAI,EAAE,SAAS,CAAC;QAChB,MAAM,EAAE,OAAO,CAAC;QAChB,QAAQ,EAAE,SAAS,CAAC;QACpB,OAAO,EAAE,QAAQ,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;KAC9B,GAAG;QACF,OAAO,EAAE,MAAM,CAAC;QAChB,QAAQ,EAAE,MAAM,CAAC;QACjB,MAAM,EAAE,MAAM,CAAC;QACf,MAAM,CAAC,EAAE,MAAM,CAAC;KACjB,CAAC;IAEF;;;;OAIG;IACH,QAAQ,CAAC,EAAE,OAAO,CAAC;IAEnB,iFAAiF;IACjF,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB,qFAAqF;IACrF,oBAAoB,CAAC,EAAE,MAAM,CAAC;CAC/B;AAED,MAAM,WAAW,iBAAiB;IAChC,eAAe,EAAE,sBAAsB,CAAC;IACxC,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC5B,yEAAyE;IACzE,cAAc,CAAC,EAAE,4BAA4B,CAAC;CAC/C"}