@via-profit/ability 3.4.0 → 3.4.1

package/SECURITY.md

@@ -1,33 +1,33 @@
-# Security Policy
-
-## Reporting a Vulnerability
-
-I take the security of `@via-profit/ability` seriously. If you discover a security vulnerability, please report it responsibly.
-
-### How to Report a Vulnerability
-
-**Please DO NOT create a public GitHub issue for security vulnerabilities.**
-
-Instead, send the details directly to me:
-
-- **Email**: [delhsmail@gmail.com](mailto:delhsmail@gmail.com)
-- **Author**: Vasily Novosad
-- **Timezone**: UTC+5 (for coordinating response time)
-
-### What to Include
-
-To help me address the issue quickly, please include:
-
-- Description of the vulnerability
-- Steps to reproduce (if applicable)
-- Potential impact
-- Suggestions for fixing (if any)
-
-### Process
-
-1. I will acknowledge your report within 48 hours
-2. I will assess the vulnerability
-3. Work on a fix will begin depending on severity
-4. After the fix is released, I will notify you and acknowledge your contribution (if you agree)
-
-Thank you for helping keep this project secure!
+# Security Policy
+
+## Reporting a Vulnerability
+
+I take the security of `@via-profit/ability` seriously. If you discover a security vulnerability, please report it responsibly.
+
+### How to Report a Vulnerability
+
+**Please DO NOT create a public GitHub issue for security vulnerabilities.**
+
+Instead, send the details directly to me:
+
+- **Email**: [delhsmail@gmail.com](mailto:delhsmail@gmail.com)
+- **Author**: Vasily Novosad
+- **Timezone**: UTC+5 (for coordinating response time)
+
+### What to Include
+
+To help me address the issue quickly, please include:
+
+- Description of the vulnerability
+- Steps to reproduce (if applicable)
+- Potential impact
+- Suggestions for fixing (if any)
+
+### Process
+
+1. I will acknowledge your report within 48 hours
+2. I will assess the vulnerability
+3. Work on a fix will begin depending on severity
+4. After the fix is released, I will notify you and acknowledge your contribution (if you agree)
+
+Thank you for helping keep this project secure!

package/dist/core/AbilityCondition.d.ts

@@ -1,6 +1,6 @@
 import AbilityCode from './AbilityCode';
 export type AbilityConditionCodeType = '=' | '<>' | '>' | '<' | '>=' | '<=' | 'in' | 'not in' | 'contains' | 'not contains' | 'length greater than' | 'length less than' | 'length equals' | 'always' | 'never';
-export type AbilityConditionLiteralType = 'equals' | 'not_equals' | 'contains' | 'no_contains' | 'in' | 'not_in' | 'greater_than' | 'less_than' | 'less_or_equal' | 'greater_or_equal' | 'length_greater_than' | 'length_less_than' | 'length_equals' | 'always' | 'never';
+export type AbilityConditionLiteralType = 'equals' | 'not_equals' | 'contains' | 'not_contains' | 'in' | 'not_in' | 'greater_than' | 'less_than' | 'less_or_equal' | 'greater_or_equal' | 'length_greater_than' | 'length_less_than' | 'length_equals' | 'always' | 'never';
 export declare class AbilityCondition extends AbilityCode<AbilityConditionCodeType> {
     static equals: AbilityCondition;
     static not_equals: AbilityCondition;

package/dist/core/AbilityError.d.ts

@@ -1,6 +1,6 @@
 export declare class AbilityError extends Error {
-    constructor(message: string);
+    constructor(message: string, options?: ErrorOptions);
 }
 export declare class AbilityParserError extends Error {
-    constructor(message: string);
+    constructor(message: string, options?: ErrorOptions);
 }

package/dist/core/AbilityRule.d.ts

@@ -1,5 +1,5 @@
 import AbilityMatch from './AbilityMatch';
-import AbilityCondition, { AbilityConditionCodeType } from './AbilityCondition';
+import { AbilityCondition, AbilityConditionCodeType } from './AbilityCondition';
 export type AbilityRuleConfig = {
     readonly id?: string | null;
     readonly name?: string | null;
@@ -42,6 +42,11 @@ export declare class AbilityRule<Resources extends object = object, Environment
      * @param params
      */
     constructor(params: AbilityRuleConstructorProps);
+    private isPrimitive;
+    private isNumber;
+    private isString;
+    private valueLen;
+    private operatorHandlers;
     /**
      * Check if the rule is matched
      * @param resource - The resource to check

package/dist/index.js

@@ -22,75 +22,116 @@ class AbilityCompare extends AbilityCode {
 }
 
 class AbilityError extends Error {
-    constructor(message) {
-        super(message);
+    constructor(message, options) {
+        super(message, options);
+        this.name = 'AbilityError';
+        if (Error.captureStackTrace) {
+            Error.captureStackTrace(this, this.constructor);
+        }
     }
 }
 class AbilityParserError extends Error {
-    constructor(message) {
-        super(message);
+    constructor(message, options) {
+        super(message, options);
+        this.name = 'AbilityParserError';
+        if (Error.captureStackTrace) {
+            Error.captureStackTrace(this, this.constructor);
+        }
     }
 }
 
 class AbilityCondition extends AbilityCode {
-    static equals = new AbilityCondition('=');
-    static not_equals = new AbilityCondition('<>');
-    static greater_than = new AbilityCondition('>');
-    static less_than = new AbilityCondition('<');
-    static less_or_equal = new AbilityCondition('<=');
-    static greater_or_equal = new AbilityCondition('>=');
-    static in = new AbilityCondition('in');
-    static not_in = new AbilityCondition('not in');
-    static contains = new AbilityCondition('contains');
-    static not_contains = new AbilityCondition('not contains');
-    static length_greater_than = new AbilityCondition('length greater than');
-    static length_less_than = new AbilityCondition('length less than');
-    static length_equals = new AbilityCondition('length equals');
-    static always = new AbilityCondition('always');
-    static never = new AbilityCondition('never');
+    static equals;
+    static not_equals;
+    static greater_than;
+    static less_than;
+    static less_or_equal;
+    static greater_or_equal;
+    static in;
+    static not_in;
+    static contains;
+    static not_contains;
+    static length_greater_than;
+    static length_less_than;
+    static length_equals;
+    static always;
+    static never;
+    static {
+        this.equals = new AbilityCondition('=');
+        this.not_equals = new AbilityCondition('<>');
+        this.greater_than = new AbilityCondition('>');
+        this.less_than = new AbilityCondition('<');
+        this.less_or_equal = new AbilityCondition('<=');
+        this.greater_or_equal = new AbilityCondition('>=');
+        this.in = new AbilityCondition('in');
+        this.not_in = new AbilityCondition('not in');
+        this.contains = new AbilityCondition('contains');
+        this.not_contains = new AbilityCondition('not contains');
+        this.length_greater_than = new AbilityCondition('length greater than');
+        this.length_less_than = new AbilityCondition('length less than');
+        this.length_equals = new AbilityCondition('length equals');
+        this.always = new AbilityCondition('always');
+        this.never = new AbilityCondition('never');
+    }
     static fromLiteral(literal) {
-        switch (literal) {
-            case 'equals':
-                return this.equals;
-            case 'not_equals':
-                return this.not_equals;
-            case 'greater_than':
-                return this.greater_than;
-            case 'less_than':
-                return this.less_than;
-            case 'less_or_equal':
-                return this.less_or_equal;
-            case 'greater_or_equal':
-                return this.greater_or_equal;
-            case 'contains':
-                return this.contains;
-            case 'no_contains':
-                return this.not_contains;
+        const map = {
+            equals: this.equals,
+            not_equals: this.not_equals,
+            greater_than: this.greater_than,
+            less_than: this.less_than,
+            less_or_equal: this.less_or_equal,
+            greater_or_equal: this.greater_or_equal,
+            in: this.in,
+            not_in: this.not_in,
+            contains: this.contains,
+            not_contains: this.not_contains,
+            length_greater_than: this.length_greater_than,
+            length_equals: this.length_equals,
+            always: this.always,
+            never: this.never,
+            length_less_than: this.length_less_than,
+        };
+        const condition = map[literal];
+        if (!condition) {
+            throw new AbilityParserError(`Literal "${literal}" does not found in AbilityCondition class`);
+        }
+        return condition;
+    }
+    get literal() {
+        switch (this.code) {
+            case '=':
+                return 'equals';
+            case '<>':
+                return 'not_equals';
+            case '>':
+                return 'greater_than';
+            case '<':
+                return 'less_than';
+            case '>=':
+                return 'greater_or_equal';
+            case '<=':
+                return 'less_or_equal';
             case 'in':
-                return this.in;
-            case 'not_in':
-                return this.not_in;
-            case 'length_greater_than':
-                return this.length_greater_than;
-            case 'length_equals':
-                return this.length_equals;
+                return 'in';
+            case 'not in':
+                return 'not_in';
+            case 'contains':
+                return 'contains';
+            case 'not contains':
+                return 'not_contains';
+            case 'length greater than':
+                return 'length_greater_than';
+            case 'length less than':
+                return 'length_less_than';
+            case 'length equals':
+                return 'length_equals';
             case 'always':
-                return this.always;
+                return 'always';
             case 'never':
-                return this.never;
+                return 'never';
             default:
-                throw new AbilityParserError(`Literal ${literal} does not found in AbilityCondition class`);
-        }
-    }
-    get literal() {
-        const literal = Object.keys(AbilityCondition).find(member => {
-            const val = AbilityCondition[member];
-            return val.code === this.code;
-        });
-        if (typeof literal === 'undefined') {
-            throw new Error(`Literal value does not found in class AbilityCondition`);
+                throw new Error(`Unknown condition code: ${this.code}`);
         }
-        return literal;
     }
 }
 
@@ -624,149 +665,122 @@ class AbilityRule {
         this.resource = resource;
         this.condition = condition;
     }
-    /**
-     * Check if the rule is matched
-     * @param resource - The resource to check
-     * @param environment
-     */
-    async check(resource, environment) {
-        let is = false;
-        const [subjectValue, resourceValue] = this.extractValues(resource, environment);
-        const isValue = (v) => typeof v === 'string' || typeof v === 'number' || typeof v === 'boolean' || v === null;
-        // always
-        if (AbilityCondition.always.isEqual(this.condition)) {
-            is = true;
-        }
-        // equals
-        if (AbilityCondition.equals.isEqual(this.condition)) {
-            is = subjectValue === resourceValue;
-        }
-        // not equals
-        if (AbilityCondition.not_equals.isEqual(this.condition)) {
-            is = subjectValue !== resourceValue;
-        }
-        // less than
-        if (AbilityCondition.less_than.isEqual(this.condition)) {
-            if (typeof subjectValue === 'number' && typeof resourceValue === 'number') {
-                is = subjectValue < resourceValue;
-            }
-        }
-        // less or equal
-        if (AbilityCondition.less_or_equal.isEqual(this.condition)) {
-            if (typeof subjectValue === 'number' && typeof resourceValue === 'number') {
-                is = subjectValue <= resourceValue;
-            }
-        }
-        // more than
-        if (AbilityCondition.greater_than.isEqual(this.condition)) {
-            if (typeof subjectValue === 'number' && typeof resourceValue === 'number') {
-                is = subjectValue > resourceValue;
-            }
-        }
-        // more or equal
-        if (AbilityCondition.greater_or_equal.isEqual(this.condition)) {
-            if (typeof subjectValue === 'number' && typeof resourceValue === 'number') {
-                is = subjectValue >= resourceValue;
-            }
-        }
-        // in
-        if (AbilityCondition.in.isEqual(this.condition)) {
-            // value in array
-            if (isValue(subjectValue) && Array.isArray(resourceValue)) {
-                is = resourceValue.includes(subjectValue);
-            }
-            // array intersects array
-            else if (Array.isArray(subjectValue) && Array.isArray(resourceValue)) {
-                is = subjectValue.some(v => resourceValue.includes(v));
-            }
-        }
-        // not in
-        if (AbilityCondition.not_in.isEqual(this.condition)) {
-            if (isValue(subjectValue) && Array.isArray(resourceValue)) {
-                is = !resourceValue.includes(subjectValue);
-            }
-            else if (Array.isArray(subjectValue) && Array.isArray(resourceValue)) {
-                is = !subjectValue.some(v => resourceValue.includes(v));
-            }
-        }
-        // contains
-        if (AbilityCondition.contains.isEqual(this.condition)) {
-            // array contains value
-            if (Array.isArray(subjectValue) && isValue(resourceValue)) {
-                is = subjectValue.includes(resourceValue);
-            }
-            // array intersects array
-            else if (Array.isArray(subjectValue) && Array.isArray(resourceValue)) {
-                is = subjectValue.some(v => resourceValue.includes(v));
+    isPrimitive(v) {
+        return typeof v === 'string' || typeof v === 'number' || typeof v === 'boolean' || v === null;
+    }
+    isNumber(v) {
+        return typeof v === 'number';
+    }
+    isString(v) {
+        return typeof v === 'string';
+    }
+    valueLen = (v) => this.isString(v) || Array.isArray(v) ? v.length : null;
+    operatorHandlers = {
+        [AbilityCondition.always.literal]: () => true,
+        [AbilityCondition.never.literal]: () => false,
+        [AbilityCondition.equals.literal]: (a, b) => a === b,
+        [AbilityCondition.not_equals.literal]: (a, b) => a !== b,
+        [AbilityCondition.contains.literal]: (a, b) => {
+            if (Array.isArray(a) && this.isPrimitive(b)) {
+                return a.includes(b);
             }
-        }
-        // not contains
-        if (AbilityCondition.not_contains.isEqual(this.condition)) {
-            if (Array.isArray(subjectValue) && isValue(resourceValue)) {
-                is = !subjectValue.includes(resourceValue);
+            if (Array.isArray(a) && Array.isArray(b)) {
+                return a.some(v => b.includes(v));
             }
-            else if (Array.isArray(subjectValue) && Array.isArray(resourceValue)) {
-                is = !subjectValue.some(v => resourceValue.includes(v));
+            return false;
+        },
+        [AbilityCondition.not_contains.literal]: (a, b) => {
+            if (Array.isArray(a) && this.isPrimitive(b)) {
+                return !a.includes(b);
             }
-        }
-        // length equals
-        if (AbilityCondition.length_equals.isEqual(this.condition)) {
-            // foo.bar == n
-            if (isValue(subjectValue) && typeof resourceValue === 'number') {
-                is = String(subjectValue).length === resourceValue;
+            if (Array.isArray(a) && Array.isArray(b)) {
+                return !a.some(v => b.includes(v));
             }
-            // ['foo', 'bar'] = n
-            else if (Array.isArray(subjectValue) && typeof resourceValue === 'number') {
-                is = subjectValue.length === resourceValue;
+            return false;
+        },
+        [AbilityCondition.in.literal]: (a, b) => {
+            if (this.isPrimitive(a) && Array.isArray(b)) {
+                return b.includes(a);
             }
-            // ['foo', 'bar'] = ['baz', 'taz']
-            else if (Array.isArray(subjectValue) && Array.isArray(resourceValue)) {
-                is = subjectValue.length === resourceValue.length;
+            if (Array.isArray(a) && Array.isArray(b)) {
+                return a.some(v => b.includes(v));
             }
-            // 'foo' = 'bar'
-            else if (typeof subjectValue === 'string' && typeof resourceValue === 'string') {
-                is = subjectValue.length === resourceValue.length;
+            return false;
+        },
+        [AbilityCondition.not_in.literal]: (a, b) => {
+            if (this.isPrimitive(a) && Array.isArray(b)) {
+                return !b.includes(a);
             }
-        }
-        // length greater than
-        if (AbilityCondition.length_greater_than.isEqual(this.condition)) {
-            // foo.bar > n
-            if (isValue(subjectValue) && typeof resourceValue === 'number') {
-                is = String(subjectValue).length > resourceValue;
+            if (Array.isArray(a) && Array.isArray(b)) {
+                return !a.some(v => b.includes(v));
             }
-            // ['foo', 'bar'] > n
-            else if (Array.isArray(subjectValue) && typeof resourceValue === 'number') {
-                is = subjectValue.length > resourceValue;
+            return false;
+        },
+        [AbilityCondition.greater_than.literal]: (a, b) => {
+            return this.isNumber(a) && this.isNumber(b) ? a > b : false;
+        },
+        [AbilityCondition.less_than.literal]: (a, b) => {
+            return this.isNumber(a) && this.isNumber(b) ? a < b : false;
+        },
+        [AbilityCondition.greater_or_equal.literal]: (a, b) => {
+            return this.isNumber(a) && this.isNumber(b) ? a >= b : false;
+        },
+        [AbilityCondition.less_or_equal.literal]: (a, b) => {
+            return this.isNumber(a) && this.isNumber(b) ? a <= b : false;
+        },
+        [AbilityCondition.length_greater_than.literal]: (a, b) => {
+            const alen = this.valueLen(a);
+            if (alen === null) {
+                return false;
+            }
+            if (this.isNumber(b)) {
+                return alen > b;
+            }
+            const bLen = this.valueLen(b);
+            if (bLen !== null) {
+                return alen > bLen;
             }
-            // ['foo', 'bar'] > ['baz', 'taz']
-            else if (Array.isArray(subjectValue) && Array.isArray(resourceValue)) {
-                is = subjectValue.length > resourceValue.length;
+            return false;
+        },
+        [AbilityCondition.length_less_than.literal]: (a, b) => {
+            const alen = this.valueLen(a);
+            if (alen === null) {
+                return false;
             }
-            // 'foo' > 'bar'
-            else if (typeof subjectValue === 'string' && typeof resourceValue === 'string') {
-                is = subjectValue.length > resourceValue.length;
+            if (this.isNumber(b)) {
+                return alen < b;
             }
-        }
-        // length greater than
-        if (AbilityCondition.length_less_than.isEqual(this.condition)) {
-            // foo.bar < n
-            if (isValue(subjectValue) && typeof resourceValue === 'number') {
-                is = String(subjectValue).length < resourceValue;
+            const bLen = this.valueLen(b);
+            if (bLen !== null) {
+                return alen < bLen;
             }
-            // ['foo', 'bar'] < n
-            else if (Array.isArray(subjectValue) && typeof resourceValue === 'number') {
-                is = subjectValue.length < resourceValue;
+            return false;
+        },
+        [AbilityCondition.length_equals.literal]: (a, b) => {
+            const alen = this.valueLen(a);
+            if (alen === null) {
+                return false;
             }
-            // ['foo', 'bar'] < ['baz', 'taz']
-            else if (Array.isArray(subjectValue) && Array.isArray(resourceValue)) {
-                is = subjectValue.length < resourceValue.length;
+            if (this.isNumber(b)) {
+                return alen === b;
             }
-            // 'foo' < 'bar'
-            else if (typeof subjectValue === 'string' && typeof resourceValue === 'string') {
-                is = subjectValue.length < resourceValue.length;
+            const bLen = this.valueLen(b);
+            if (bLen !== null) {
+                return alen === bLen;
             }
-        }
-        this.state = is ? AbilityMatch.match : AbilityMatch.mismatch;
+            return false;
+        },
+    };
+    /**
+     * Check if the rule is matched
+     * @param resource - The resource to check
+     * @param environment
+     */
+    async check(resource, environment) {
+        const [subjectValue, resourceValue] = this.extractValues(resource, environment);
+        const handler = this.operatorHandlers[this.condition.literal];
+        const result = handler(subjectValue, resourceValue);
+        this.state = result ? AbilityMatch.match : AbilityMatch.mismatch;
         return this.state;
     }
     /**