@wxn0brp/gate-warden 0.1.0

package/.github/dependabot.yml

@@ -0,0 +1,11 @@
+version: 2
+updates:
+  - package-ecosystem: "npm"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    allow:
+      - dependency-name: "@wx0brp/db"
+    commit-message:
+      prefix: "chore"
+      include: "scope"

package/.github/workflows/build.yml

@@ -0,0 +1,14 @@
+name: Build
+
+on:
+  push:
+    branches:
+      - master
+
+  workflow_dispatch:
+
+jobs:
+  build:
+    uses: wxn0brP/workflow-dist/.github/workflows/build-ts.yml@main
+    with:
+      scriptsHandling: "remove-all"

package/CHANGELOG.md

@@ -0,0 +1,30 @@
+# Changelog
+
+All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
+
+## 0.1.0 (2025-05-05)
+
+
+### ⚠ BREAKING CHANGES
+
+* change result format
+* make logic is logic
+
+### Features
+
+* add GitHub Actions workflow for build process ([3d12dfe](https://github.com/wxn0brP/gate-warden/commit/3d12dfe739397c1b8b3a57e61425a40206779c1c))
+* add README.md ([3b0f311](https://github.com/wxn0brP/gate-warden/commit/3b0f31115d740f63a0f3e94dc89bdacc30e95b63))
+* add simple gui ([c1f4b27](https://github.com/wxn0brP/gate-warden/commit/c1f4b27004a6f07c949d37822d47a80d2b350f46))
+* add user manager and organize files ([120277b](https://github.com/wxn0brP/gate-warden/commit/120277b18ffcff71afb1de7a893f0e82577ba43c))
+* bump @wxn0brp/db version ([fc58a56](https://github.com/wxn0brP/gate-warden/commit/fc58a56947654baa69f9bacba412ac8130da6e2a))
+* bump version to 0.0.3 and update @wxn0brp/db dependency to >=0.5.7; refactor database initialization to use createDb function ([053936e](https://github.com/wxn0brP/gate-warden/commit/053936e02e3af530ef07902bb31148b9f091ab36))
+* change result format ([7948190](https://github.com/wxn0brP/gate-warden/commit/79481900193252c3ff6d52c9e3211fe822fbbc07))
+* **core:** etch the first decrees of the Gatekeeper's will ([c0caa09](https://github.com/wxn0brP/gate-warden/commit/c0caa09f527adad97d3edbeaae180936eeced10c))
+* make logic is logic ([6d4d466](https://github.com/wxn0brP/gate-warden/commit/6d4d466a35d142808fdbd3ec850a080b338b81a4))
+* update ACLRule ([b9e78f2](https://github.com/wxn0brP/gate-warden/commit/b9e78f25da0467b5cb486d5709739a99a72017e7))
+
+
+### Bug Fixes
+
+* aclCheck function to include rules without uid ([0420a69](https://github.com/wxn0brP/gate-warden/commit/0420a6936874c1c0849379e07b912f1e3a11105c))
+* update build workflow to include package.json in distribution files ([5de0f99](https://github.com/wxn0brP/gate-warden/commit/5de0f99b54ad211b08e31fbec0d9de80dfd6c809))

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 wxn0brP
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,89 @@
+# Gate Warden
+
+Gate Warden is a lightweight access control library that supports ACL, RBAC, and ABAC models. It is designed to manage and enforce permissions for users and entities in a flexible and extensible way.
+
+## Features
+
+- **ACL (Access Control List):** Define permissions for specific users on specific entities.
+- **RBAC (Role-Based Access Control):** Assign roles to users and define permissions for roles on entities.
+- **ABAC (Attribute-Based Access Control):** Use dynamic conditions based on user and entity attributes to determine access.
+
+## Installation
+
+Install the library using npm or yarn:
+
+```bash
+yarn add github:wxn0brp/gate-warden#dist
+```
+
+## Usage
+
+### GateWarden
+
+The `GateWarden` class is the main entry point for checking access permissions.
+
+```typescript
+import { GateWarden } from "@wxn0brp/gate-warden";
+import { Valthera } from "@wxn0brp/db";
+
+const wardenString = new GateWarden("dir");
+// or
+const wardenDB = new GateWarden(new Valthera("dir"));
+
+const hasAccess = await warden.hasAccess("userId", "entityId", 0b001);
+console.log(`Access granted: ${hasAccess}`);
+```
+
+### UserManager
+
+The `UserManager` class provides methods to manage users.
+
+```typescript
+import { UserManager } from "@wxn0brp/gate-warden";
+
+const userManager = new UserManager(db);
+
+// Create a new user
+await userManager.createUser({ _id: "userId", roles: ["roleId"] });
+
+// Update user attributes
+await userManager.updateAttributes("userId", { key: "value" });
+```
+
+### WardenManager
+
+The `WardenManager` class provides methods to manage roles and rules.
+
+```typescript
+import { WardenManager } from "@wxn0brp/gate-warden";
+
+const wardenManager = new WardenManager(db);
+
+// Add a new role
+await wardenManager.addRole({ _id: "roleId", name: "Admin" });
+
+// Add an ACL rule
+await wardenManager.addACLRule("entityId", 0b001, "userId");
+
+// Add an ABAC rule
+await wardenManager.addABACRule("entityId", 0b001, (user, entity) => user.attrib.isAdmin);
+```
+
+## Debug Logging
+
+Set the `debugLog` level in `GateWarden` to enable debug messages:
+- `0`: No logs
+- `1`: Basic logs
+- `2`: Detailed logs
+
+## Project Structure
+
+- **src/warden.ts:** Core access control logic.
+- **src/user.ts:** User management.
+- **src/mgr.ts:** Role and rule management.
+- **src/types/system.ts:** Type definitions for roles, rules, and users.
+- **src/log.ts:** Logging utilities.
+
+## License
+
+This project is licensed under the MIT License. See the [LICENSE](LICENSE) file for details.

package/dist/createDb.d.ts

@@ -0,0 +1,4 @@
+import { Valthera } from "@wxn0brp/db";
+import { Remote } from "@wxn0brp/db/dist/client/remote";
+export declare function createDb(valthera: string | Valthera | Remote): Valthera;
+//# sourceMappingURL=createDb.d.ts.map

package/dist/createDb.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"createDb.d.ts","sourceRoot":"","sources":["../src/createDb.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAsB,MAAM,aAAa,CAAC;AAC3D,OAAO,EAAE,MAAM,EAAE,MAAM,gCAAgC,CAAC;AAExD,wBAAgB,QAAQ,CAAC,QAAQ,EAAE,MAAM,GAAG,QAAQ,GAAG,MAAM,GAAG,QAAQ,CAGvE"}

package/dist/createDb.js

@@ -0,0 +1,7 @@
+import { Valthera, ValtheraAutoCreate } from "@wxn0brp/db";
+export function createDb(valthera) {
+    if (valthera instanceof Valthera)
+        return valthera;
+    return ValtheraAutoCreate(valthera);
+}
+//# sourceMappingURL=createDb.js.map

package/dist/createDb.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"createDb.js","sourceRoot":"","sources":["../src/createDb.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAC;AAG3D,MAAM,UAAU,QAAQ,CAAC,QAAoC;IACzD,IAAI,QAAQ,YAAY,QAAQ;QAAE,OAAO,QAAQ,CAAC;IAClD,OAAO,kBAAkB,CAAC,QAAQ,CAAa,CAAC;AACpD,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,6 @@
+import GateWarden from "./warden.js";
+import UserManager from "./user.js";
+import WardenManager from "./mgr.js";
+import { AccessResult } from "./types/system.js";
+export { GateWarden, UserManager, WardenManager, AccessResult };
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,UAAU,MAAM,UAAU,CAAC;AAClC,OAAO,WAAW,MAAM,QAAQ,CAAC;AACjC,OAAO,aAAa,MAAM,OAAO,CAAC;AAClC,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAE9C,OAAO,EACH,UAAU,EACV,WAAW,EACX,aAAa,EACb,YAAY,EACf,CAAC"}

package/dist/index.js

@@ -0,0 +1,5 @@
+import GateWarden from "./warden.js";
+import UserManager from "./user.js";
+import WardenManager from "./mgr.js";
+export { GateWarden, UserManager, WardenManager };
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,UAAU,MAAM,UAAU,CAAC;AAClC,OAAO,WAAW,MAAM,QAAQ,CAAC;AACjC,OAAO,aAAa,MAAM,OAAO,CAAC;AAGlC,OAAO,EACH,UAAU,EACV,WAAW,EACX,aAAa,EAEhB,CAAC"}

package/dist/log.d.ts

@@ -0,0 +1,8 @@
+export declare const COLORS: {
+    reset: string;
+    green: string;
+    yellow: string;
+    red: string;
+    blue: string;
+};
+//# sourceMappingURL=log.d.ts.map

package/dist/log.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"log.d.ts","sourceRoot":"","sources":["../src/log.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,MAAM;;;;;;CAMlB,CAAC"}

package/dist/log.js

@@ -0,0 +1,8 @@
+export const COLORS = {
+    reset: "\x1b[0m",
+    green: "\x1b[32m",
+    yellow: "\x1b[33m",
+    red: "\x1b[31m",
+    blue: "\x1b[34m",
+};
+//# sourceMappingURL=log.js.map

package/dist/log.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"log.js","sourceRoot":"","sources":["../src/log.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,MAAM,GAAG;IAClB,KAAK,EAAE,SAAS;IAChB,KAAK,EAAE,UAAU;IACjB,MAAM,EAAE,UAAU;IAClB,GAAG,EAAE,UAAU;IACf,IAAI,EAAE,UAAU;CACnB,CAAC"}

package/dist/mgr.d.ts

@@ -0,0 +1,18 @@
+import { Id, Valthera } from "@wxn0brp/db";
+import { ABACRule, Role } from "./types/system.js";
+import { Remote } from "@wxn0brp/db/dist/client/remote";
+declare class WardenManager<A = any> {
+    private db;
+    constructor(valthera: string | Valthera | Remote);
+    changeRoleNameToId(name: string): Promise<Id>;
+    addRole(role: Role): Promise<Role>;
+    addACLRule(entityId: string, p: number, uid?: Id): Promise<void>;
+    addRBACRule(role_id: string, entity_id: string, p: number): Promise<void>;
+    addABACRule(entity_id: string, flag: number, condition: ABACRule<A>["conditions"]): Promise<void>;
+    removeRole(roleId: string): Promise<boolean>;
+    removeACLRule(entityId: string, uid?: string): Promise<boolean>;
+    removeRBACRule(roleId: string, entityId: string): Promise<boolean>;
+    removeABACRule(entityId: string, flag: number): Promise<boolean>;
+}
+export default WardenManager;
+//# sourceMappingURL=mgr.d.ts.map

package/dist/mgr.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"mgr.d.ts","sourceRoot":"","sources":["../src/mgr.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,EAAE,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAE,QAAQ,EAAW,IAAI,EAAE,MAAM,gBAAgB,CAAC;AACzD,OAAO,EAAE,MAAM,EAAE,MAAM,gCAAgC,CAAC;AAGxD,cAAM,aAAa,CAAC,CAAC,GAAG,GAAG;IACvB,OAAO,CAAC,EAAE,CAAW;gBACT,QAAQ,EAAE,MAAM,GAAG,QAAQ,GAAG,MAAM;IAI1C,kBAAkB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,EAAE,CAAC;IAK7C,OAAO,CAAC,IAAI,EAAE,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;IAIlC,UAAU,CAAC,QAAQ,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,EAAE,GAAG,CAAC,EAAE,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC;IAMhE,WAAW,CAAC,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAIzE,WAAW,CAAC,SAAS,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC;IAKjG,UAAU,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAI5C,aAAa,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAK/D,cAAc,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAIlE,cAAc,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;CAGzE;AAED,eAAe,aAAa,CAAC"}

package/dist/mgr.js

@@ -0,0 +1,42 @@
+import { createDb } from "./createDb.js";
+class WardenManager {
+    db;
+    constructor(valthera) {
+        this.db = createDb(valthera);
+    }
+    async changeRoleNameToId(name) {
+        return await this.db.findOne("roles", { name });
+    }
+    // ADD
+    async addRole(role) {
+        return await this.db.add("roles", role);
+    }
+    async addACLRule(entityId, p, uid) {
+        const rule = { p };
+        if (uid)
+            rule.uid = uid;
+        return await this.db.add("acl/" + entityId, rule, false);
+    }
+    async addRBACRule(role_id, entity_id, p) {
+        return await this.db.add("role/" + role_id, { _id: entity_id, p }, false);
+    }
+    async addABACRule(entity_id, flag, condition) {
+        return await this.db.add("abac/" + entity_id, { flag, conditions: condition.toString() }, true);
+    }
+    // DELETE
+    async removeRole(roleId) {
+        return await this.db.removeOne("roles", { roleId });
+    }
+    async removeACLRule(entityId, uid) {
+        const q = uid ? { uid } : { $not: { $exists: { "uid": true } } };
+        return await this.db.removeOne("acl/" + entityId, q);
+    }
+    async removeRBACRule(roleId, entityId) {
+        return await this.db.removeOne("role/" + roleId, { _id: entityId });
+    }
+    async removeABACRule(entityId, flag) {
+        return await this.db.removeOne("abac/" + entityId, { flag });
+    }
+}
+export default WardenManager;
+//# sourceMappingURL=mgr.js.map

package/dist/mgr.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"mgr.js","sourceRoot":"","sources":["../src/mgr.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAC;AAEtC,MAAM,aAAa;IACP,EAAE,CAAW;IACrB,YAAY,QAAoC;QAC5C,IAAI,CAAC,EAAE,GAAG,QAAQ,CAAC,QAAQ,CAAC,CAAC;IACjC,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,IAAY;QACjC,OAAO,MAAM,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC;IACpD,CAAC;IAED,MAAM;IACN,KAAK,CAAC,OAAO,CAAC,IAAU;QACpB,OAAO,MAAM,IAAI,CAAC,EAAE,CAAC,GAAG,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;IAC5C,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,QAAgB,EAAE,CAAS,EAAE,GAAQ;QAClD,MAAM,IAAI,GAAY,EAAE,CAAC,EAAE,CAAC;QAC5B,IAAI,GAAG;YAAE,IAAI,CAAC,GAAG,GAAG,GAAG,CAAC;QACxB,OAAO,MAAM,IAAI,CAAC,EAAE,CAAC,GAAG,CAAC,MAAM,GAAC,QAAQ,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC;IAC3D,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,OAAe,EAAE,SAAiB,EAAE,CAAS;QAC3D,OAAO,MAAM,IAAI,CAAC,EAAE,CAAC,GAAG,CAAC,OAAO,GAAG,OAAO,EAAE,EAAE,GAAG,EAAE,SAAS,EAAE,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC;IAC9E,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,SAAiB,EAAE,IAAY,EAAE,SAAoC;QACnF,OAAO,MAAM,IAAI,CAAC,EAAE,CAAC,GAAG,CAAC,OAAO,GAAC,SAAS,EAAE,EAAE,IAAI,EAAE,UAAU,EAAE,SAAS,CAAC,QAAQ,EAAE,EAAE,EAAE,IAAI,CAAC,CAAC;IAClG,CAAC;IAED,SAAS;IACT,KAAK,CAAC,UAAU,CAAC,MAAc;QAC3B,OAAO,MAAM,IAAI,CAAC,EAAE,CAAC,SAAS,CAAC,OAAO,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC;IACxD,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,QAAgB,EAAE,GAAY;QAC9C,MAAM,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,EAAE,OAAO,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC;QACjE,OAAO,MAAM,IAAI,CAAC,EAAE,CAAC,SAAS,CAAC,MAAM,GAAG,QAAQ,EAAE,CAAC,CAAC,CAAC;IACzD,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,MAAc,EAAE,QAAgB;QACjD,OAAO,MAAM,IAAI,CAAC,EAAE,CAAC,SAAS,CAAC,OAAO,GAAG,MAAM,EAAE,EAAE,GAAG,EAAE,QAAQ,EAAE,CAAC,CAAC;IACxE,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,QAAgB,EAAE,IAAY;QAC/C,OAAO,MAAM,IAAI,CAAC,EAAE,CAAC,SAAS,CAAC,OAAO,GAAG,QAAQ,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC;IACjE,CAAC;CACJ;AAED,eAAe,aAAa,CAAC"}

package/dist/test/ramStorage.d.ts

@@ -0,0 +1,4 @@
+import { CustomFileCpu } from "@wxn0brp/db";
+declare const fCPU: CustomFileCpu;
+export default fCPU;
+//# sourceMappingURL=ramStorage.d.ts.map

package/dist/test/ramStorage.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ramStorage.d.ts","sourceRoot":"","sources":["../../src/test/ramStorage.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAa5C,QAAA,MAAM,IAAI,eAAmC,CAAC;AAC9C,eAAe,IAAI,CAAC"}

package/dist/test/ramStorage.js

@@ -0,0 +1,13 @@
+import { CustomFileCpu } from "@wxn0brp/db";
+const temp = new Map();
+async function _read(file) {
+    if (temp.has(file))
+        return temp.get(file) || [];
+    return [];
+}
+async function _write(file, data) {
+    temp.set(file, data);
+}
+const fCPU = new CustomFileCpu(_read, _write);
+export default fCPU;
+//# sourceMappingURL=ramStorage.js.map

package/dist/test/ramStorage.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ramStorage.js","sourceRoot":"","sources":["../../src/test/ramStorage.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAE5C,MAAM,IAAI,GAAG,IAAI,GAAG,EAAiB,CAAC;AAEtC,KAAK,UAAU,KAAK,CAAC,IAAY;IAC7B,IAAI,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC;QAAE,OAAO,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;IAChD,OAAO,EAAE,CAAC;AACd,CAAC;AAED,KAAK,UAAU,MAAM,CAAC,IAAY,EAAE,IAAW;IAC3C,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;AACzB,CAAC;AAED,MAAM,IAAI,GAAG,IAAI,aAAa,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;AAC9C,eAAe,IAAI,CAAC"}

package/dist/test/test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=test.d.ts.map

package/dist/test/test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"test.d.ts","sourceRoot":"","sources":["../../src/test/test.ts"],"names":[],"mappings":""}

package/dist/test/test.js

@@ -0,0 +1,49 @@
+import { GateWarden, UserManager, WardenManager } from "../index.js";
+import sourceMapSupport from "source-map-support";
+import { Valthera } from "@wxn0brp/db";
+import { rmSync } from "fs";
+sourceMapSupport.install();
+let total = 0;
+let ok = 0;
+var PermissionFlags;
+(function (PermissionFlags) {
+    PermissionFlags[PermissionFlags["VIEW"] = 1] = "VIEW";
+    PermissionFlags[PermissionFlags["EDIT"] = 2] = "EDIT";
+    PermissionFlags[PermissionFlags["DELETE"] = 4] = "DELETE";
+    PermissionFlags[PermissionFlags["ADMIN"] = 8] = "ADMIN";
+})(PermissionFlags || (PermissionFlags = {}));
+rmSync("test.db", { recursive: true, force: true });
+const db = new Valthera("test.db", {});
+const gw = new GateWarden(db, 2);
+const gwMgr = new WardenManager(db);
+const userMgr = new UserManager(db);
+// @ts-ignore
+db.add("test", "test", false);
+// debugger
+const admin = await gwMgr.addRole({ _id: "admin", name: "admin" });
+const user = await gwMgr.addRole({ _id: "user", name: "user" });
+const manager = await gwMgr.addRole({ _id: "manager", name: "manager" });
+await gwMgr.addRBACRule(admin._id, "doc123", PermissionFlags.VIEW | PermissionFlags.EDIT | PermissionFlags.DELETE | PermissionFlags.ADMIN);
+await gwMgr.addRBACRule(user._id, "doc123", PermissionFlags.VIEW);
+await gwMgr.addRBACRule(manager._id, "doc123", PermissionFlags.VIEW | PermissionFlags.EDIT);
+await userMgr.createUser({ _id: "alice", roles: [user._id], attrib: { dep: "HR", level: 1 } });
+await userMgr.createUser({ _id: "bob", roles: [manager._id], attrib: { dep: "IT", level: 7 } });
+await userMgr.createUser({ _id: "charlie", roles: [admin._id], attrib: { dep: "IT", level: 5 } });
+await gwMgr.addACLRule("doc123", PermissionFlags.EDIT, "alice");
+await gwMgr.addABACRule("doc123", PermissionFlags.DELETE, (user, entity) => user.attrib.level >= 4);
+const log = (result, required = true) => {
+    total++;
+    ok += result.granted === required ? 1 : 0;
+    console.log(result.granted === required ? "OK" : "FAIL");
+};
+log(await gw.hasAccess("alice", "doc123", PermissionFlags.VIEW), true);
+log(await gw.hasAccess("alice", "doc123", PermissionFlags.EDIT), true);
+log(await gw.hasAccess("alice", "doc999", PermissionFlags.EDIT), false);
+log(await gw.hasAccess("bob", "doc123", PermissionFlags.DELETE), true);
+log(await gw.hasAccess("charlie", "doc123", PermissionFlags.DELETE), true);
+log(await gw.hasAccess("alice", "doc123", PermissionFlags.DELETE), false);
+const userManager = new UserManager(db);
+await userManager.updateAttributes("bob", { level: 1 });
+log(await gw.hasAccess("bob", "doc123", PermissionFlags.DELETE), false);
+console.log(`\nOK: ${ok}/${total} (${(ok / total * 100).toFixed(2)}%)`);
+//# sourceMappingURL=test.js.map

package/dist/test/test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"test.js","sourceRoot":"","sources":["../../src/test/test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAgB,UAAU,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,IAAI,CAAC;AAC1E,OAAO,gBAAgB,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AAEvC,OAAO,EAAE,MAAM,EAAE,MAAM,IAAI,CAAC;AAC5B,gBAAgB,CAAC,OAAO,EAAE,CAAC;AAC3B,IAAI,KAAK,GAAG,CAAC,CAAC;AAAC,IAAI,EAAE,GAAG,CAAC,CAAC;AAO1B,IAAK,eAKJ;AALD,WAAK,eAAe;IAChB,qDAAa,CAAA;IACb,qDAAa,CAAA;IACb,yDAAe,CAAA;IACf,uDAAc,CAAA;AAClB,CAAC,EALI,eAAe,KAAf,eAAe,QAKnB;AAED,MAAM,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;AAEpD,MAAM,EAAE,GAAG,IAAI,QAAQ,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;AACvC,MAAM,EAAE,GAAG,IAAI,UAAU,CAAiB,EAAE,EAAE,CAAC,CAAC,CAAC;AACjD,MAAM,KAAK,GAAG,IAAI,aAAa,CAAiB,EAAE,CAAC,CAAC;AACpD,MAAM,OAAO,GAAG,IAAI,WAAW,CAAiB,EAAE,CAAC,CAAC;AAEpD,aAAa;AACb,EAAE,CAAC,GAAG,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC;AAE9B,WAAW;AACX,MAAM,KAAK,GAAG,MAAM,KAAK,CAAC,OAAO,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAC,CAAC,CAAC;AAClE,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,OAAO,CAAC,EAAE,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAC,CAAC,CAAC;AAC/D,MAAM,OAAO,GAAG,MAAM,KAAK,CAAC,OAAO,CAAC,EAAE,GAAG,EAAE,SAAS,EAAE,IAAI,EAAE,SAAS,EAAC,CAAC,CAAC;AACxE,MAAM,KAAK,CAAC,WAAW,CAAC,KAAK,CAAC,GAAG,EAAE,QAAQ,EAAE,eAAe,CAAC,IAAI,GAAG,eAAe,CAAC,IAAI,GAAG,eAAe,CAAC,MAAM,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC;AAC3I,MAAM,KAAK,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG,EAAE,QAAQ,EAAE,eAAe,CAAC,IAAI,CAAC,CAAC;AAClE,MAAM,KAAK,CAAC,WAAW,CAAC,OAAO,CAAC,GAAG,EAAE,QAAQ,EAAE,eAAe,CAAC,IAAI,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC;AAG5F,MAAM,OAAO,CAAC,UAAU,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,MAAM,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC;AAC/F,MAAM,OAAO,CAAC,UAAU,CAAC,EAAE,GAAG,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,MAAM,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC;AAChG,MAAM,OAAO,CAAC,UAAU,CAAC,EAAE,GAAG,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,MAAM,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC;AAElG,MAAM,KAAK,CAAC,UAAU,CAAC,QAAQ,EAAE,eAAe,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;AAEhE,MAAM,KAAK,CAAC,WAAW,CAAC,QAAQ,EAAE,eAAe,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,IAAI,CAAC,CAAC,CAAC;AAEpG,MAAM,GAAG,GAAG,CAAC,MAAoB,EAAE,WAAoB,IAAI,EAAE,EAAE;IAC3D,KAAK,EAAE,CAAC;IACR,EAAE,IAAI,MAAM,CAAC,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC1C,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;AAC7D,CAAC,CAAA;AAED,GAAG,CAAC,MAAM,EAAE,CAAC,SAAS,CAAC,OAAO,EAAM,QAAQ,EAAE,eAAe,CAAC,IAAI,CAAC,EAAS,IAAI,CAAC,CAAC;AAClF,GAAG,CAAC,MAAM,EAAE,CAAC,SAAS,CAAC,OAAO,EAAM,QAAQ,EAAE,eAAe,CAAC,IAAI,CAAC,EAAS,IAAI,CAAC,CAAC;AAClF,GAAG,CAAC,MAAM,EAAE,CAAC,SAAS,CAAC,OAAO,EAAM,QAAQ,EAAE,eAAe,CAAC,IAAI,CAAC,EAAS,KAAK,CAAC,CAAC;AACnF,GAAG,CAAC,MAAM,EAAE,CAAC,SAAS,CAAC,KAAK,EAAQ,QAAQ,EAAE,eAAe,CAAC,MAAM,CAAC,EAAO,IAAI,CAAC,CAAC;AAClF,GAAG,CAAC,MAAM,EAAE,CAAC,SAAS,CAAC,SAAS,EAAI,QAAQ,EAAE,eAAe,CAAC,MAAM,CAAC,EAAO,IAAI,CAAC,CAAC;AAClF,GAAG,CAAC,MAAM,EAAE,CAAC,SAAS,CAAC,OAAO,EAAM,QAAQ,EAAE,eAAe,CAAC,MAAM,CAAC,EAAO,KAAK,CAAC,CAAC;AAEnF,MAAM,WAAW,GAAG,IAAI,WAAW,CAAiB,EAAE,CAAC,CAAC;AACxD,MAAM,WAAW,CAAC,gBAAgB,CAAC,KAAK,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC,CAAC;AACxD,GAAG,CAAC,MAAM,EAAE,CAAC,SAAS,CAAC,KAAK,EAAE,QAAQ,EAAE,eAAe,CAAC,MAAM,CAAC,EAAE,KAAK,CAAC,CAAC;AAExE,OAAO,CAAC,GAAG,CAAC,SAAS,EAAE,IAAI,KAAK,KAAK,CAAC,EAAE,GAAG,KAAK,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC"}

package/dist/types/system.d.ts

@@ -0,0 +1,27 @@
+import { Id } from "@wxn0brp/db";
+export interface Role {
+    _id: Id;
+    name: string;
+}
+export interface RoleEntity {
+    _id: Id;
+    p: number;
+}
+export interface ACLRule {
+    uid?: Id;
+    p: number;
+}
+export interface ABACRule<A> {
+    flag: number;
+    conditions: (user: User<A>, entity: any) => boolean;
+}
+export interface User<A> {
+    _id: Id;
+    roles: Id[];
+    attrib: A;
+}
+export interface AccessResult {
+    granted: boolean;
+    via: "ACL" | "RBAC" | "ABAC" | "user-404" | "entity-404" | "not-permitted";
+}
+//# sourceMappingURL=system.d.ts.map

package/dist/types/system.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"system.d.ts","sourceRoot":"","sources":["../../src/types/system.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,EAAE,EAAE,MAAM,aAAa,CAAC;AAEjC,MAAM,WAAW,IAAI;IACjB,GAAG,EAAE,EAAE,CAAC;IACR,IAAI,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,UAAU;IACvB,GAAG,EAAE,EAAE,CAAC;IACR,CAAC,EAAE,MAAM,CAAC;CACb;AAED,MAAM,WAAW,OAAO;IACpB,GAAG,CAAC,EAAE,EAAE,CAAC;IACT,CAAC,EAAE,MAAM,CAAC;CACb;AAED,MAAM,WAAW,QAAQ,CAAC,CAAC;IACvB,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,GAAG,KAAK,OAAO,CAAC;CACvD;AAED,MAAM,WAAW,IAAI,CAAC,CAAC;IACnB,GAAG,EAAE,EAAE,CAAC;IACR,KAAK,EAAE,EAAE,EAAE,CAAC;IACZ,MAAM,EAAE,CAAC,CAAC;CACb;AAED,MAAM,WAAW,YAAY;IACzB,OAAO,EAAE,OAAO,CAAC;IACjB,GAAG,EAAE,KAAK,GAAG,MAAM,GAAG,MAAM,GAAG,UAAU,GAAG,YAAY,GAAG,eAAe,CAAC;CAC9E"}

package/dist/types/system.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=system.js.map

package/dist/types/system.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"system.js","sourceRoot":"","sources":["../../src/types/system.ts"],"names":[],"mappings":""}

package/dist/user.d.ts

@@ -0,0 +1,52 @@
+import { Id, Valthera } from "@wxn0brp/db";
+import { User } from "./types/system.js";
+declare class UserManager<A = any> {
+    private db;
+    constructor(valthera: string | Valthera);
+    /**
+     * Creates a new user
+     * @param userData User data (_id is required)
+     */
+    createUser(userData: {
+        _id: Id;
+        roles?: Id[];
+        attrib?: A;
+    }): Promise<void>;
+    /**
+     * Retrieves a user by _id
+     * @param user_id User _id
+     * @returns User or null if it doesn't exist
+     */
+    getUser(user_id: Id): Promise<User<A> | null>;
+    /**
+     * Updates a user's data
+     * @param user_id User _id
+     * @param updates Object with fields to update
+     */
+    updateUser(user_id: Id, updates: Partial<User<A>>): Promise<void>;
+    /**
+     * Deletes a user
+     * @param user_id User _id
+     */
+    deleteUser(user_id: Id): Promise<void>;
+    /**
+     * Adds a role to a user
+     * @param user_id User _id
+     * @param role_id Role _id
+     */
+    addRoleToUser(user_id: Id, role_id: Id): Promise<void>;
+    /**
+     * Removes a role from a user
+     * @param user_id User _id
+     * @param role_id Role _id
+     */
+    removeRoleFromUser(user_id: Id, role_id: Id): Promise<void>;
+    /**
+     * Updates a user's attributes
+     * @param user_id User _id
+     * @param attributes New attributes to merge
+     */
+    updateAttributes(user_id: Id, attributes: Partial<A>): Promise<void>;
+}
+export default UserManager;
+//# sourceMappingURL=user.d.ts.map

package/dist/user.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"user.d.ts","sourceRoot":"","sources":["../src/user.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,EAAE,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAE,IAAI,EAAE,MAAM,gBAAgB,CAAC;AAGtC,cAAM,WAAW,CAAC,CAAC,GAAG,GAAG;IACrB,OAAO,CAAC,EAAE,CAAW;gBAET,QAAQ,EAAE,MAAM,GAAG,QAAQ;IAIvC;;;OAGG;IACG,UAAU,CAAC,QAAQ,EAAE;QAAE,GAAG,EAAE,EAAE,CAAC;QAAC,KAAK,CAAC,EAAE,EAAE,EAAE,CAAC;QAAC,MAAM,CAAC,EAAE,CAAC,CAAA;KAAE,GAAG,OAAO,CAAC,IAAI,CAAC;IAShF;;;;OAIG;IACG,OAAO,CAAC,OAAO,EAAE,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC;IAInD;;;;OAIG;IACG,UAAU,CAAC,OAAO,EAAE,EAAE,EAAE,OAAO,EAAE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC;IAOvE;;;OAGG;IACG,UAAU,CAAC,OAAO,EAAE,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC;IAI5C;;;;OAIG;IACG,aAAa,CAAC,OAAO,EAAE,EAAE,EAAE,OAAO,EAAE,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC;IAS5D;;;;OAIG;IACG,kBAAkB,CAAC,OAAO,EAAE,EAAE,EAAE,OAAO,EAAE,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC;IAUjE;;;;OAIG;IACG,gBAAgB,CAAC,OAAO,EAAE,EAAE,EAAE,UAAU,EAAE,OAAO,CAAC,CAAC,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC;CAM7E;AAED,eAAe,WAAW,CAAC"}

package/dist/user.js

@@ -0,0 +1,89 @@
+import { createDb } from "./createDb.js";
+class UserManager {
+    db;
+    constructor(valthera) {
+        this.db = createDb(valthera);
+    }
+    /**
+     * Creates a new user
+     * @param userData User data (_id is required)
+     */
+    async createUser(userData) {
+        const newUser = {
+            _id: userData._id,
+            roles: userData.roles || [],
+            attrib: userData.attrib || {},
+        };
+        await this.db.add("users", newUser, false);
+    }
+    /**
+     * Retrieves a user by _id
+     * @param user_id User _id
+     * @returns User or null if it doesn't exist
+     */
+    async getUser(user_id) {
+        return this.db.findOne("users", { _id: user_id });
+    }
+    /**
+     * Updates a user's data
+     * @param user_id User _id
+     * @param updates Object with fields to update
+     */
+    async updateUser(user_id, updates) {
+        const existingUser = await this.getUser(user_id);
+        if (!existingUser)
+            throw new Error("User not found");
+        const updatedUser = { ...existingUser, ...updates };
+        await this.db.update("users", { _id: user_id }, updatedUser);
+    }
+    /**
+     * Deletes a user
+     * @param user_id User _id
+     */
+    async deleteUser(user_id) {
+        await this.db.removeOne("users", { _id: user_id });
+    }
+    /**
+     * Adds a role to a user
+     * @param user_id User _id
+     * @param role_id Role _id
+     */
+    async addRoleToUser(user_id, role_id) {
+        const user = await this.getUser(user_id);
+        if (!user)
+            throw new Error("User not found");
+        if (!user.roles.includes(role_id)) {
+            user.roles.push(role_id);
+            await this.db.update("users", { _id: user_id }, user);
+        }
+    }
+    /**
+     * Removes a role from a user
+     * @param user_id User _id
+     * @param role_id Role _id
+     */
+    async removeRoleFromUser(user_id, role_id) {
+        const user = await this.getUser(user_id);
+        if (!user)
+            throw new Error("User not found");
+        const index = user.roles.indexOf(role_id);
+        if (index !== -1) {
+            user.roles.splice(index, 1);
+            await this.db.update("users", { _id: user_id }, user);
+        }
+    }
+    /**
+     * Updates a user's attributes
+     * @param user_id User _id
+     * @param attributes New attributes to merge
+     */
+    async updateAttributes(user_id, attributes) {
+        const user = await this.getUser(user_id);
+        if (!user)
+            throw new Error("User not found");
+        user.attrib = { ...user.attrib, ...attributes };
+        await this.db.update("users", { _id: user_id }, user);
+    }
+}
+export default UserManager;
+//# sourceMappingURL=user.js.map

package/dist/user.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"user.js","sourceRoot":"","sources":["../src/user.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAC;AAEtC,MAAM,WAAW;IACL,EAAE,CAAW;IAErB,YAAY,QAA2B;QACnC,IAAI,CAAC,EAAE,GAAG,QAAQ,CAAC,QAAQ,CAAC,CAAC;IACjC,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,UAAU,CAAC,QAA+C;QAC5D,MAAM,OAAO,GAAY;YACrB,GAAG,EAAE,QAAQ,CAAC,GAAG;YACjB,KAAK,EAAE,QAAQ,CAAC,KAAK,IAAI,EAAE;YAC3B,MAAM,EAAE,QAAQ,CAAC,MAAM,IAAI,EAAO;SACrC,CAAC;QACF,MAAM,IAAI,CAAC,EAAE,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC;IAC/C,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,OAAO,CAAC,OAAW;QACrB,OAAO,IAAI,CAAC,EAAE,CAAC,OAAO,CAAU,OAAO,EAAE,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC,CAAC;IAC/D,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,UAAU,CAAC,OAAW,EAAE,OAAyB;QACnD,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QACjD,IAAI,CAAC,YAAY;YAAE,MAAM,IAAI,KAAK,CAAC,gBAAgB,CAAC,CAAC;QACrD,MAAM,WAAW,GAAG,EAAE,GAAG,YAAY,EAAE,GAAG,OAAO,EAAE,CAAC;QACpD,MAAM,IAAI,CAAC,EAAE,CAAC,MAAM,CAAC,OAAO,EAAE,EAAE,GAAG,EAAE,OAAO,EAAE,EAAE,WAAW,CAAC,CAAC;IACjE,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,UAAU,CAAC,OAAW;QACxB,MAAM,IAAI,CAAC,EAAE,CAAC,SAAS,CAAC,OAAO,EAAE,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC,CAAC;IACvD,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,aAAa,CAAC,OAAW,EAAE,OAAW;QACxC,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QACzC,IAAI,CAAC,IAAI;YAAE,MAAM,IAAI,KAAK,CAAC,gBAAgB,CAAC,CAAC;QAC7C,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;YAChC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YACzB,MAAM,IAAI,CAAC,EAAE,CAAC,MAAM,CAAC,OAAO,EAAE,EAAE,GAAG,EAAE,OAAO,EAAE,EAAE,IAAI,CAAC,CAAC;QAC1D,CAAC;IACL,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,kBAAkB,CAAC,OAAW,EAAE,OAAW;QAC7C,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QACzC,IAAI,CAAC,IAAI;YAAE,MAAM,IAAI,KAAK,CAAC,gBAAgB,CAAC,CAAC;QAC7C,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC1C,IAAI,KAAK,KAAK,CAAC,CAAC,EAAE,CAAC;YACf,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;YAC5B,MAAM,IAAI,CAAC,EAAE,CAAC,MAAM,CAAC,OAAO,EAAE,EAAE,GAAG,EAAE,OAAO,EAAE,EAAE,IAAI,CAAC,CAAC;QAC1D,CAAC;IACL,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,gBAAgB,CAAC,OAAW,EAAE,UAAsB;QACtD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QACzC,IAAI,CAAC,IAAI;YAAE,MAAM,IAAI,KAAK,CAAC,gBAAgB,CAAC,CAAC;QAC7C,IAAI,CAAC,MAAM,GAAG,EAAE,GAAG,IAAI,CAAC,MAAM,EAAE,GAAG,UAAU,EAAE,CAAC;QAChD,MAAM,IAAI,CAAC,EAAE,CAAC,MAAM,CAAC,OAAO,EAAE,EAAE,GAAG,EAAE,OAAO,EAAE,EAAE,IAAI,CAAC,CAAC;IAC1D,CAAC;CACJ;AAED,eAAe,WAAW,CAAC"}

package/dist/warden.d.ts

@@ -0,0 +1,10 @@
+import { Valthera } from "@wxn0brp/db";
+import { AccessResult } from "./types/system.js";
+declare class GateWarden<A = any> {
+    debugLog: number;
+    private db;
+    constructor(valthera: string | Valthera, debugLog?: number);
+    hasAccess(userId: string, entityId: string, flag: number): Promise<AccessResult>;
+}
+export default GateWarden;
+//# sourceMappingURL=warden.d.ts.map

package/dist/warden.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"warden.d.ts","sourceRoot":"","sources":["../src/warden.ts"],"names":[],"mappings":"AAAA,OAAO,EAAM,QAAQ,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAY,YAAY,EAA6B,MAAM,gBAAgB,CAAC;AA0GnF,cAAM,UAAU,CAAC,CAAC,GAAG,GAAG;IAG4B,QAAQ,EAAE,MAAM;IAFhE,OAAO,CAAC,EAAE,CAAW;gBAET,QAAQ,EAAE,MAAM,GAAG,QAAQ,EAAS,QAAQ,GAAE,MAAU;IAI9D,SAAS,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC;CA4BzF;AAED,eAAe,UAAU,CAAC"}

package/dist/warden.js

@@ -0,0 +1,122 @@
+import { COLORS } from "./log.js";
+import { createDb } from "./createDb.js";
+function logAccess(userId, entityId, via, debugLog) {
+    if (debugLog < 1)
+        return;
+    console.log(`${COLORS.green}[GW] Access granted to ${COLORS.yellow}${entityId}${COLORS.green} via ` +
+        `${COLORS.yellow}${via}${COLORS.green} by ${COLORS.yellow}${userId}${COLORS.reset}`);
+}
+async function fetchUser(db, userId) {
+    const user = await db.findOne("users", { _id: userId });
+    if (!user)
+        throw new Error("User not found");
+    return user;
+}
+async function aclCheck({ db, entityId, flag, user }) {
+    if (!await db.issetCollection("acl/" + entityId))
+        return -1;
+    const rules = await db.find("acl/" + entityId, {
+        $or: [
+            { uid: user._id },
+            {
+                $not: {
+                    $exists: { "uid": true }
+                }
+            }
+        ]
+    });
+    if (rules.length === 0)
+        return -1;
+    for (const rule of rules) {
+        if (rule.p & flag)
+            return 1;
+    }
+    return 0;
+}
+async function rbacCheck({ db, flag, user, entityId }) {
+    for (const role of user.roles) {
+        const rolesEntity = await db.find("role/" + role, { _id: entityId });
+        for (const entity of rolesEntity) {
+            if (entity.p & flag)
+                return true;
+        }
+    }
+    return false;
+}
+async function abacCheck({ db, entityId, flag, user, debugLog }) {
+    if (!await db.issetCollection("abac/" + entityId))
+        return false;
+    const rules = await db.find("abac/" + entityId, { flag });
+    for (const rule of rules) {
+        try {
+            const conditions = new Function("user", "entity", `return ${rule.conditions}`)();
+            if (debugLog >= 1)
+                console.log(COLORS.blue + `[GW] ABAC rule: ${COLORS.yellow}${rule.conditions}${COLORS.blue} ` +
+                    `-> ${COLORS.yellow}${conditions(user, entityId)}` + COLORS.reset);
+            if (conditions(user, entityId))
+                return true;
+        }
+        catch (e) {
+            if (debugLog >= 1)
+                console.log(COLORS.red + `[GW] ABAC rule error: ${e}` + COLORS.reset);
+        }
+    }
+    return false;
+}
+async function matchPermission(db, entityId, flag, user, debugLog) {
+    const checks = [
+        { name: "ACL", method: aclCheck },
+        { name: "RBAC", method: rbacCheck },
+        { name: "ABAC", method: abacCheck },
+    ];
+    const results = [];
+    const checkParams = { db, entityId, flag, user, debugLog };
+    for (const check of checks) {
+        const result = await check.method(checkParams);
+        results.push(result);
+        if (result === true || result === 1) {
+            return { granted: true, via: check.name };
+        }
+    }
+    if (results[0] === -1) {
+        return { granted: false, via: "entity-404" };
+    }
+    return { granted: false, via: null };
+}
+class GateWarden {
+    debugLog;
+    db;
+    constructor(valthera, debugLog = 0) {
+        this.debugLog = debugLog;
+        this.db = createDb(valthera);
+    }
+    async hasAccess(userId, entityId, flag) {
+        const user = await fetchUser(this.db, userId);
+        if (!user) {
+            if (this.debugLog >= 1)
+                console.log(COLORS.red + "[GW] User not found." + COLORS.reset);
+            return {
+                granted: false,
+                via: "user-404"
+            };
+        }
+        const matched = await matchPermission(this.db, entityId, flag, user, this.debugLog);
+        if (matched.granted) {
+            logAccess(userId, entityId, matched.via, this.debugLog);
+            return matched;
+        }
+        if (!matched.granted && matched.via === "entity-404") {
+            if (this.debugLog >= 1)
+                console.log(COLORS.red + `[GW] Entity not found: ${entityId}` + COLORS.reset);
+            return matched;
+        }
+        if (this.debugLog >= 1)
+            console.log(COLORS.red + `[GW] Access denied to ${entityId} by ${userId}.` + COLORS.reset);
+        return {
+            granted: false,
+            via: "not-permitted"
+        };
+    }
+}
+export default GateWarden;
+//# sourceMappingURL=warden.js.map

package/dist/warden.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"warden.js","sourceRoot":"","sources":["../src/warden.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,MAAM,EAAE,MAAM,OAAO,CAAC;AAC/B,OAAO,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAC;AAUtC,SAAS,SAAS,CAAC,MAAU,EAAE,QAAY,EAAE,GAAW,EAAE,QAAgB;IACtE,IAAI,QAAQ,GAAG,CAAC;QAAE,OAAO;IACzB,OAAO,CAAC,GAAG,CACP,GAAG,MAAM,CAAC,KAAK,0BAA0B,MAAM,CAAC,MAAM,GAAG,QAAQ,GAAG,MAAM,CAAC,KAAK,OAAO;QACvF,GAAG,MAAM,CAAC,MAAM,GAAG,GAAG,GAAG,MAAM,CAAC,KAAK,OAAO,MAAM,CAAC,MAAM,GAAG,MAAM,GAAG,MAAM,CAAC,KAAK,EAAE,CACtF,CAAC;AACN,CAAC;AAED,KAAK,UAAU,SAAS,CAAI,EAAY,EAAE,MAAU;IAChD,MAAM,IAAI,GAAG,MAAM,EAAE,CAAC,OAAO,CAAU,OAAO,EAAE,EAAE,GAAG,EAAE,MAAM,EAAE,CAAC,CAAC;IACjE,IAAI,CAAC,IAAI;QAAE,MAAM,IAAI,KAAK,CAAC,gBAAgB,CAAC,CAAC;IAC7C,OAAO,IAAI,CAAC;AAChB,CAAC;AAED,KAAK,UAAU,QAAQ,CAAI,EAAE,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,IAAI,EAAkB;IACnE,IAAI,CAAC,MAAM,EAAE,CAAC,eAAe,CAAC,MAAM,GAAG,QAAQ,CAAC;QAAE,OAAO,CAAC,CAAC,CAAC;IAC5D,MAAM,KAAK,GAAG,MAAM,EAAE,CAAC,IAAI,CAAU,MAAM,GAAG,QAAQ,EAAE;QACpD,GAAG,EAAE;YACD,EAAE,GAAG,EAAE,IAAI,CAAC,GAAG,EAAE;YACjB;gBACI,IAAI,EAAE;oBACF,OAAO,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE;iBAC3B;aACJ;SACJ;KACJ,CAAC,CAAC;IACH,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,CAAC,CAAC,CAAC;IAClC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACvB,IAAI,IAAI,CAAC,CAAC,GAAG,IAAI;YAAE,OAAO,CAAC,CAAC;IAChC,CAAC;IACD,OAAO,CAAC,CAAC;AACb,CAAC;AAED,KAAK,UAAU,SAAS,CAAI,EAAE,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,QAAQ,EAAkB;IACpE,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;QAC5B,MAAM,WAAW,GAAG,MAAM,EAAE,CAAC,IAAI,CAAa,OAAO,GAAG,IAAI,EAAE,EAAE,GAAG,EAAE,QAAQ,EAAE,CAAC,CAAC;QACjF,KAAK,MAAM,MAAM,IAAI,WAAW,EAAE,CAAC;YAC/B,IAAI,MAAM,CAAC,CAAC,GAAG,IAAI;gBAAE,OAAO,IAAI,CAAC;QACrC,CAAC;IACL,CAAC;IACD,OAAO,KAAK,CAAC;AACjB,CAAC;AAED,KAAK,UAAU,SAAS,CAAI,EAAE,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,IAAI,EAAE,QAAQ,EAAkB;IAC9E,IAAI,CAAC,MAAM,EAAE,CAAC,eAAe,CAAC,OAAO,GAAG,QAAQ,CAAC;QAAE,OAAO,KAAK,CAAC;IAChE,MAAM,KAAK,GAAG,MAAM,EAAE,CAAC,IAAI,CAAc,OAAO,GAAG,QAAQ,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC;IACvE,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACvB,IAAI,CAAC;YACD,MAAM,UAAU,GAAG,IAAI,QAAQ,CAAC,MAAM,EAAE,QAAQ,EAAE,UAAU,IAAI,CAAC,UAAU,EAAE,CAAC,EAAE,CAAC;YACjF,IAAI,QAAQ,IAAI,CAAC;gBACb,OAAO,CAAC,GAAG,CACP,MAAM,CAAC,IAAI,GAAG,mBAAmB,MAAM,CAAC,MAAM,GAAG,IAAI,CAAC,UAAU,GAAG,MAAM,CAAC,IAAI,GAAG;oBACjF,MAAM,MAAM,CAAC,MAAM,GAAG,UAAU,CAAC,IAAI,EAAE,QAAQ,CAAC,EAAE,GAAG,MAAM,CAAC,KAAK,CACpE,CAAC;YAEN,IAAI,UAAU,CAAC,IAAI,EAAE,QAAQ,CAAC;gBAAE,OAAO,IAAI,CAAC;QAChD,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACT,IAAI,QAAQ,IAAI,CAAC;gBAAE,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,GAAG,yBAAyB,CAAC,EAAE,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;QAC7F,CAAC;IACL,CAAC;IACD,OAAO,KAAK,CAAC;AACjB,CAAC;AAED,KAAK,UAAU,eAAe,CAC1B,EAAY,EACZ,QAAY,EACZ,IAAY,EACZ,IAAa,EACb,QAAgB;IAEhB,MAAM,MAAM,GAAG;QACX,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE;QACjC,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE;QACnC,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE;KAC7B,CAAC;IAEX,MAAM,OAAO,GAAG,EAAE,CAAC;IAEnB,MAAM,WAAW,GAAmB,EAAE,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;IAC3E,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QACzB,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;QAC/C,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACrB,IAAI,MAAM,KAAK,IAAI,IAAI,MAAM,KAAK,CAAC,EAAE,CAAC;YAClC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,CAAC,IAAI,EAAE,CAAC;QAC9C,CAAC;IACL,CAAC;IAED,IAAI,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC;QACpB,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,YAAY,EAAE,CAAC;IACjD,CAAC;IAED,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,IAAI,EAAE,CAAC;AACzC,CAAC;AAED,MAAM,UAAU;IAGoC;IAFxC,EAAE,CAAW;IAErB,YAAY,QAA2B,EAAS,WAAmB,CAAC;QAApB,aAAQ,GAAR,QAAQ,CAAY;QAChE,IAAI,CAAC,EAAE,GAAG,QAAQ,CAAC,QAAQ,CAAC,CAAC;IACjC,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,MAAc,EAAE,QAAgB,EAAE,IAAY;QAC1D,MAAM,IAAI,GAAG,MAAM,SAAS,CAAI,IAAI,CAAC,EAAE,EAAE,MAAM,CAAC,CAAC;QACjD,IAAI,CAAC,IAAI,EAAE,CAAC;YACR,IAAI,IAAI,CAAC,QAAQ,IAAI,CAAC;gBAAE,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,GAAG,sBAAsB,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;YACxF,OAAO;gBACH,OAAO,EAAE,KAAK;gBACd,GAAG,EAAE,UAAU;aAClB,CAAC;QACN,CAAC;QAED,MAAM,OAAO,GAAG,MAAM,eAAe,CAAC,IAAI,CAAC,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;QAEpF,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;YAClB,SAAS,CAAC,MAAM,EAAE,QAAQ,EAAE,OAAO,CAAC,GAAG,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;YACxD,OAAO,OAAO,CAAC;QACnB,CAAC;QAED,IAAI,CAAC,OAAO,CAAC,OAAO,IAAI,OAAO,CAAC,GAAG,KAAK,YAAY,EAAE,CAAC;YACnD,IAAI,IAAI,CAAC,QAAQ,IAAI,CAAC;gBAAE,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,GAAG,0BAA0B,QAAQ,EAAE,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;YACtG,OAAO,OAAO,CAAC;QACnB,CAAC;QAED,IAAI,IAAI,CAAC,QAAQ,IAAI,CAAC;YAAE,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,GAAG,yBAAyB,QAAQ,OAAO,MAAM,GAAG,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;QACnH,OAAO;YACH,OAAO,EAAE,KAAK;YACd,GAAG,EAAE,eAAe;SACvB,CAAC;IACN,CAAC;CACJ;AAED,eAAe,UAAU,CAAC"}

package/package.json

@@ -0,0 +1,34 @@
+{
+    "name": "@wxn0brp/gate-warden",
+    "version": "0.1.0",
+    "main": "dist/index.js",
+    "types": "dist/index.d.ts",
+    "author": "wxn0brP",
+    "license": "MIT",
+    "type": "module",
+    "scripts": {
+        "build": "tsc && tsc-alias",
+        "build-dev": "tsc -p tsconfig.dev.json && tsc-alias",
+        "test": "node dist/test/test.js"
+    },
+    "devDependencies": {
+        "@types/node": "^22.13.11",
+        "@wxn0brp/db": ">=0.7.1",
+        "source-map-support": "^0.5.21",
+        "tsc-alias": "^1.8.10",
+        "typescript": "^5.7.3"
+    },
+    "peerDependencies": {
+        "@wxn0brp/db": ">=0.7.1"
+    },
+    "exports": {
+        ".": {
+            "types": "./dist/index.d.ts",
+            "import": "./dist/index.js"
+        },
+        "./*": {
+            "types": "./*",
+            "import": "./*"
+        }
+    }
+}

package/src/createDb.ts

@@ -0,0 +1,7 @@
+import { Valthera, ValtheraAutoCreate } from "@wxn0brp/db";
+import { Remote } from "@wxn0brp/db/dist/client/remote";
+
+export function createDb(valthera: string | Valthera | Remote): Valthera {
+    if (valthera instanceof Valthera) return valthera;
+    return ValtheraAutoCreate(valthera) as Valthera;
+}

package/src/index.ts

@@ -0,0 +1,11 @@
+import GateWarden from "./warden";
+import UserManager from "./user";
+import WardenManager from "./mgr";
+import { AccessResult } from "./types/system";
+
+export {
+    GateWarden,
+    UserManager,
+    WardenManager,
+    AccessResult
+};

package/src/log.ts

@@ -0,0 +1,7 @@
+export const COLORS = {
+    reset: "\x1b[0m",
+    green: "\x1b[32m",
+    yellow: "\x1b[33m",
+    red: "\x1b[31m",
+    blue: "\x1b[34m",
+};

package/src/mgr.ts

@@ -0,0 +1,54 @@
+import { Id, Valthera } from "@wxn0brp/db";
+import { ABACRule, ACLRule, Role } from "./types/system";
+import { Remote } from "@wxn0brp/db/dist/client/remote";
+import { createDb } from "./createDb";
+
+class WardenManager<A = any> {
+    private db: Valthera;
+    constructor(valthera: string | Valthera | Remote) {
+        this.db = createDb(valthera);
+    }
+
+    async changeRoleNameToId(name: string): Promise<Id> {
+        return await this.db.findOne("roles", { name });
+    }
+
+    // ADD
+    async addRole(role: Role): Promise<Role> {
+        return await this.db.add("roles", role);
+    }
+
+    async addACLRule(entityId: string, p: number, uid?: Id): Promise<void> {
+        const rule: ACLRule = { p };
+        if (uid) rule.uid = uid;
+        return await this.db.add("acl/"+entityId, rule, false);
+    }
+
+    async addRBACRule(role_id: string, entity_id: string, p: number): Promise<void> {
+        return await this.db.add("role/" + role_id, { _id: entity_id, p }, false);
+    }
+
+    async addABACRule(entity_id: string, flag: number, condition: ABACRule<A>["conditions"]): Promise<void> {
+        return await this.db.add("abac/"+entity_id, { flag, conditions: condition.toString() }, true);
+    }
+
+    // DELETE
+    async removeRole(roleId: string): Promise<boolean> {
+        return await this.db.removeOne("roles", { roleId });
+    }
+
+    async removeACLRule(entityId: string, uid?: string): Promise<boolean> {
+        const q = uid ? { uid } : { $not: { $exists: { "uid": true } } };
+        return await this.db.removeOne("acl/" + entityId, q);
+    }
+
+    async removeRBACRule(roleId: string, entityId: string): Promise<boolean> {
+        return await this.db.removeOne("role/" + roleId, { _id: entityId });
+    }
+
+    async removeABACRule(entityId: string, flag: number): Promise<boolean> {
+        return await this.db.removeOne("abac/" + entityId, { flag });
+    }
+}
+
+export default WardenManager;

package/src/types/system.ts

@@ -0,0 +1,32 @@
+import { Id } from "@wxn0brp/db";
+
+export interface Role {
+    _id: Id;
+    name: string;
+}
+
+export interface RoleEntity {
+    _id: Id;
+    p: number;
+}
+
+export interface ACLRule {
+    uid?: Id;
+    p: number;
+}
+
+export interface ABACRule<A> {
+    flag: number;
+    conditions: (user: User<A>, entity: any) => boolean;
+}
+
+export interface User<A> {
+    _id: Id;
+    roles: Id[];
+    attrib: A;
+}
+
+export interface AccessResult {
+    granted: boolean;
+    via: "ACL" | "RBAC" | "ABAC" | "user-404" | "entity-404" | "not-permitted";
+}

package/src/user.ts

@@ -0,0 +1,96 @@
+import { Id, Valthera } from "@wxn0brp/db";
+import { User } from "./types/system";
+import { createDb } from "./createDb";
+
+class UserManager<A = any> {
+    private db: Valthera;
+
+    constructor(valthera: string | Valthera) {
+        this.db = createDb(valthera);
+    }
+
+    /**
+     * Creates a new user
+     * @param userData User data (_id is required)
+     */
+    async createUser(userData: { _id: Id; roles?: Id[]; attrib?: A }): Promise<void> {
+        const newUser: User<A> = {
+            _id: userData._id,
+            roles: userData.roles || [],
+            attrib: userData.attrib || {} as A,
+        };
+        await this.db.add("users", newUser, false);
+    }
+
+    /**
+     * Retrieves a user by _id
+     * @param user_id User _id
+     * @returns User or null if it doesn't exist
+     */
+    async getUser(user_id: Id): Promise<User<A> | null> {
+        return this.db.findOne<User<A>>("users", { _id: user_id });
+    }
+
+    /**
+     * Updates a user's data
+     * @param user_id User _id
+     * @param updates Object with fields to update
+     */
+    async updateUser(user_id: Id, updates: Partial<User<A>>): Promise<void> {
+        const existingUser = await this.getUser(user_id);
+        if (!existingUser) throw new Error("User not found");
+        const updatedUser = { ...existingUser, ...updates };
+        await this.db.update("users", { _id: user_id }, updatedUser);
+    }
+
+    /**
+     * Deletes a user
+     * @param user_id User _id
+     */
+    async deleteUser(user_id: Id): Promise<void> {
+        await this.db.removeOne("users", { _id: user_id });
+    }
+
+    /**
+     * Adds a role to a user
+     * @param user_id User _id
+     * @param role_id Role _id
+     */
+    async addRoleToUser(user_id: Id, role_id: Id): Promise<void> {
+        const user = await this.getUser(user_id);
+        if (!user) throw new Error("User not found");
+        if (!user.roles.includes(role_id)) {
+            user.roles.push(role_id);
+            await this.db.update("users", { _id: user_id }, user);
+        }
+    }
+
+    /**
+     * Removes a role from a user
+     * @param user_id User _id
+     * @param role_id Role _id
+     */
+    async removeRoleFromUser(user_id: Id, role_id: Id): Promise<void> {
+        const user = await this.getUser(user_id);
+        if (!user) throw new Error("User not found");
+        const index = user.roles.indexOf(role_id);
+        if (index !== -1) {
+            user.roles.splice(index, 1);
+            await this.db.update("users", { _id: user_id }, user);
+        }
+    }
+
+    /**
+     * Updates a user's attributes
+     * @param user_id User _id
+     * @param attributes New attributes to merge
+     */
+    async updateAttributes(user_id: Id, attributes: Partial<A>): Promise<void> {
+        const user = await this.getUser(user_id);
+        if (!user) throw new Error("User not found");
+        user.attrib = { ...user.attrib, ...attributes };
+        await this.db.update("users", { _id: user_id }, user);
+    }
+}
+
+export default UserManager;

package/src/warden.ts

@@ -0,0 +1,145 @@
+import { Id, Valthera } from "@wxn0brp/db";
+import { ABACRule, AccessResult, ACLRule, RoleEntity, User } from "./types/system";
+import { COLORS } from "./log";
+import { createDb } from "./createDb";
+
+interface CheckParams<A> {
+    db: Valthera;
+    entityId: Id;
+    flag: number;
+    user: User<A>;
+    debugLog: number;
+}
+
+function logAccess(userId: Id, entityId: Id, via: string, debugLog: number) {
+    if (debugLog < 1) return;
+    console.log(
+        `${COLORS.green}[GW] Access granted to ${COLORS.yellow}${entityId}${COLORS.green} via ` +
+        `${COLORS.yellow}${via}${COLORS.green} by ${COLORS.yellow}${userId}${COLORS.reset}`
+    );
+}
+
+async function fetchUser<A>(db: Valthera, userId: Id): Promise<User<A>> {
+    const user = await db.findOne<User<A>>("users", { _id: userId });
+    if (!user) throw new Error("User not found");
+    return user;
+}
+
+async function aclCheck<A>({ db, entityId, flag, user }: CheckParams<A>): Promise<number> {
+    if (!await db.issetCollection("acl/" + entityId)) return -1;
+    const rules = await db.find<ACLRule>("acl/" + entityId, {
+        $or: [
+            { uid: user._id },
+            {
+                $not: {
+                    $exists: { "uid": true }
+                }
+            }
+        ]
+    });
+    if (rules.length === 0) return -1;
+    for (const rule of rules) {
+        if (rule.p & flag) return 1;
+    }
+    return 0;
+}
+
+async function rbacCheck<A>({ db, flag, user, entityId }: CheckParams<A>): Promise<boolean> {
+    for (const role of user.roles) {
+        const rolesEntity = await db.find<RoleEntity>("role/" + role, { _id: entityId });
+        for (const entity of rolesEntity) {
+            if (entity.p & flag) return true;
+        }
+    }
+    return false;
+}
+
+async function abacCheck<A>({ db, entityId, flag, user, debugLog }: CheckParams<A>): Promise<boolean> {
+    if (!await db.issetCollection("abac/" + entityId)) return false;
+    const rules = await db.find<ABACRule<A>>("abac/" + entityId, { flag });
+    for (const rule of rules) {
+        try {
+            const conditions = new Function("user", "entity", `return ${rule.conditions}`)();
+            if (debugLog >= 1)
+                console.log(
+                    COLORS.blue + `[GW] ABAC rule: ${COLORS.yellow}${rule.conditions}${COLORS.blue} ` +
+                    `-> ${COLORS.yellow}${conditions(user, entityId)}` + COLORS.reset
+                );
+
+            if (conditions(user, entityId)) return true;
+        } catch (e) {
+            if (debugLog >= 1) console.log(COLORS.red + `[GW] ABAC rule error: ${e}` + COLORS.reset);
+        }
+    }
+    return false;
+}
+
+async function matchPermission<A>(
+    db: Valthera,
+    entityId: Id,
+    flag: number,
+    user: User<A>,
+    debugLog: number
+): Promise<AccessResult> {
+    const checks = [
+        { name: "ACL", method: aclCheck },
+        { name: "RBAC", method: rbacCheck },
+        { name: "ABAC", method: abacCheck },
+    ] as const;
+
+    const results = [];
+
+    const checkParams: CheckParams<A> = { db, entityId, flag, user, debugLog };
+    for (const check of checks) {
+        const result = await check.method(checkParams);
+        results.push(result);
+        if (result === true || result === 1) {
+            return { granted: true, via: check.name };
+        }
+    }
+
+    if (results[0] === -1) {
+        return { granted: false, via: "entity-404" };
+    }
+
+    return { granted: false, via: null };
+}
+
+class GateWarden<A = any> {
+    private db: Valthera;
+
+    constructor(valthera: string | Valthera, public debugLog: number = 0) {
+        this.db = createDb(valthera);
+    }
+
+    async hasAccess(userId: string, entityId: string, flag: number): Promise<AccessResult> {
+        const user = await fetchUser<A>(this.db, userId);
+        if (!user) {
+            if (this.debugLog >= 1) console.log(COLORS.red + "[GW] User not found." + COLORS.reset);
+            return {
+                granted: false,
+                via: "user-404"
+            };
+        }
+
+        const matched = await matchPermission(this.db, entityId, flag, user, this.debugLog);
+
+        if (matched.granted) {
+            logAccess(userId, entityId, matched.via, this.debugLog);
+            return matched;
+        }
+
+        if (!matched.granted && matched.via === "entity-404") {
+            if (this.debugLog >= 1) console.log(COLORS.red + `[GW] Entity not found: ${entityId}` + COLORS.reset);
+            return matched;
+        }
+
+        if (this.debugLog >= 1) console.log(COLORS.red + `[GW] Access denied to ${entityId} by ${userId}.` + COLORS.reset);
+        return {
+            granted: false,
+            via: "not-permitted"
+        };
+    }
+}
+
+export default GateWarden;

package/suglite.json

@@ -0,0 +1,11 @@
+{
+    "cmd": "yarn build-dev && yarn test",
+    "watch": [
+        "src"
+    ],
+    "restart_cmd": "clear",
+    "events": {
+        "rs": "clear",
+        "clear": "rm -rf dist"
+    }
+}

package/tsconfig.dev.json

@@ -0,0 +1,6 @@
+{
+    "extends": "./tsconfig.json",
+    "exclude": [
+        "node_modules"
+    ]
+}

package/tsconfig.json

@@ -0,0 +1,26 @@
+{
+    "compilerOptions": {
+        "module": "ES2022",
+        "target": "ES2022",
+        "moduleResolution": "Node",
+        "paths": {},
+        "esModuleInterop": true,
+        "skipLibCheck": true,
+        "outDir": "./dist",
+        "inlineSourceMap": false,
+        "sourceMap": true,
+        "declaration": true,
+        "declarationMap": true,
+    },
+    "include": [
+       "./src"
+    ],
+    "exclude": [
+        "node_modules",
+        "src/test"
+    ],
+    "tsc-alias": {
+        "resolveFullPaths": true,
+        "verbose": false
+    }
+}