@zssz-soft/firebase-functions-shared 1.1.0

package/lib/modules/security/effective-permissions.triggers.js

@@ -0,0 +1,307 @@
+"use strict";
+/**
+ * Effective Permissions Trigger Factories
+ *
+ * Factory functions that create Firebase Cloud Functions v2 triggers
+ * for automatically maintaining the effective permissions cache.
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createUserPermissionTriggers = createUserPermissionTriggers;
+exports.createRolePermissionTriggers = createRolePermissionTriggers;
+exports.createAdminPermissionEndpoints = createAdminPermissionEndpoints;
+const admin = __importStar(require("firebase-admin"));
+const firestore_1 = require("firebase-functions/v2/firestore");
+const https_1 = require("firebase-functions/v2/https");
+const effective_permissions_1 = require("./effective-permissions");
+const effective_permissions_models_1 = require("./effective-permissions.models");
+/**
+ * Create user lifecycle triggers
+ * Automatically maintains permission cache when users are created, updated, or deleted
+ *
+ * @param config - Configuration for the permission system
+ * @returns Object containing the three trigger functions
+ */
+function createUserPermissionTriggers(config = {}) {
+    const cfg = Object.assign(Object.assign({}, effective_permissions_models_1.DEFAULT_EFFECTIVE_PERMISSIONS_CONFIG), config);
+    return {
+        /**
+         * Trigger when a new user is created
+         * Calculates initial effective permissions
+         */
+        onUserCreate: (0, firestore_1.onDocumentCreated)({
+            document: `${cfg.userCollection}/{userId}`,
+            region: cfg.region,
+            maxInstances: cfg.maxInstances,
+        }, async (event) => {
+            const userId = event.params.userId;
+            console.log(`New user created: ${userId}`);
+            await (0, effective_permissions_1.calculateEffectivePermissions)(userId, config);
+        }),
+        /**
+         * Trigger when a user document is updated
+         * Recalculates effective permissions if roles changed
+         */
+        onUserRoleChange: (0, firestore_1.onDocumentUpdated)({
+            document: `${cfg.userCollection}/{userId}`,
+            region: cfg.region,
+            maxInstances: cfg.maxInstances,
+        }, async (event) => {
+            var _a, _b;
+            const userId = event.params.userId;
+            const before = (_a = event.data) === null || _a === void 0 ? void 0 : _a.before.data();
+            const after = (_b = event.data) === null || _b === void 0 ? void 0 : _b.after.data();
+            if (!before || !after)
+                return;
+            const roleIdsBefore = before[cfg.userRoleIdsField] || [];
+            const roleIdsAfter = after[cfg.userRoleIdsField] || [];
+            // Check if roles actually changed
+            const rolesChanged = roleIdsBefore.length !== roleIdsAfter.length ||
+                roleIdsBefore.some((id) => !roleIdsAfter.includes(id)) ||
+                roleIdsAfter.some((id) => !roleIdsBefore.includes(id));
+            if (rolesChanged) {
+                console.log(`User ${userId} ${cfg.userRoleIdsField} changed`);
+                await (0, effective_permissions_1.calculateEffectivePermissions)(userId, config);
+            }
+        }),
+        /**
+         * Trigger when a user is deleted
+         * Cleans up the permission cache
+         */
+        onUserDelete: (0, firestore_1.onDocumentDeleted)({
+            document: `${cfg.userCollection}/{userId}`,
+            region: cfg.region,
+            maxInstances: cfg.maxInstances,
+        }, async (event) => {
+            const userId = event.params.userId;
+            console.log(`User deleted: ${userId}`);
+            await (0, effective_permissions_1.deleteEffectivePermissions)(userId, config);
+        }),
+    };
+}
+/**
+ * Create role permission change triggers
+ * Automatically updates all affected users when role permissions change
+ *
+ * @param config - Configuration for the permission system
+ * @returns Object containing the two trigger functions
+ */
+function createRolePermissionTriggers(config = {}) {
+    const cfg = Object.assign(Object.assign({}, effective_permissions_models_1.DEFAULT_EFFECTIVE_PERMISSIONS_CONFIG), config);
+    return {
+        /**
+         * Trigger when a role's permissions are updated
+         * Updates all users who have this role
+         */
+        onRolePermissionsChange: (0, firestore_1.onDocumentUpdated)({
+            document: `${cfg.roleCollection}/{roleId}`,
+            region: cfg.region,
+            maxInstances: cfg.maxInstances,
+        }, async (event) => {
+            var _a, _b;
+            const roleId = event.params.roleId;
+            const before = (_a = event.data) === null || _a === void 0 ? void 0 : _a.before.data();
+            const after = (_b = event.data) === null || _b === void 0 ? void 0 : _b.after.data();
+            if (!before || !after)
+                return;
+            const permissionsBefore = before[cfg.rolePermissionsField] || [];
+            const permissionsAfter = after[cfg.rolePermissionsField] || [];
+            // Check if permissions actually changed
+            const permissionsChanged = permissionsBefore.length !== permissionsAfter.length ||
+                permissionsBefore.some((p) => !permissionsAfter.includes(p)) ||
+                permissionsAfter.some((p) => !permissionsBefore.includes(p));
+            if (!permissionsChanged) {
+                return;
+            }
+            console.log(`Role ${roleId} ${cfg.rolePermissionsField} changed`);
+            // Find all users with this role
+            const db = admin.firestore();
+            const usersSnapshot = await db
+                .collection(cfg.userCollection)
+                .where(cfg.userRoleIdsField, 'array-contains', roleId)
+                .get();
+            console.log(`Found ${usersSnapshot.size} users with role ${roleId}`);
+            const userIds = usersSnapshot.docs.map((doc) => doc.id);
+            await (0, effective_permissions_1.batchUpdateEffectivePermissions)(userIds, config);
+        }),
+        /**
+         * Trigger when a role is deleted
+         * Updates all users who had this role
+         */
+        onRoleDelete: (0, firestore_1.onDocumentDeleted)({
+            document: `${cfg.roleCollection}/{roleId}`,
+            region: cfg.region,
+            maxInstances: cfg.maxInstances,
+        }, async (event) => {
+            const roleId = event.params.roleId;
+            console.log(`Role ${roleId} deleted`);
+            // Find all users with this role
+            const db = admin.firestore();
+            const usersSnapshot = await db
+                .collection(cfg.userCollection)
+                .where(cfg.userRoleIdsField, 'array-contains', roleId)
+                .get();
+            const userIds = usersSnapshot.docs.map((doc) => doc.id);
+            await (0, effective_permissions_1.batchUpdateEffectivePermissions)(userIds, config);
+            console.log(`Updated ${usersSnapshot.size} users after role deletion`);
+        }),
+    };
+}
+/**
+ * Create admin HTTP endpoints for manual permission management
+ *
+ * @param config - Configuration for the permission system
+ * @param adminSecretKey - Key in functions config where admin secret is stored (e.g., 'admin.secret')
+ * @returns Object containing bootstrap and recalculate endpoints
+ */
+function createAdminPermissionEndpoints(config = {}, adminSecretKey = 'admin.secret') {
+    const cfg = Object.assign(Object.assign({}, effective_permissions_models_1.DEFAULT_EFFECTIVE_PERMISSIONS_CONFIG), config);
+    /**
+     * Validate admin secret from request headers
+     */
+    function validateAdminSecret(req) {
+        var _a;
+        const providedSecret = (_a = req.headers.authorization) === null || _a === void 0 ? void 0 : _a.replace('Bearer ', '');
+        const configPath = adminSecretKey.split('.');
+        let secret = require('firebase-functions').config();
+        for (const key of configPath) {
+            secret = secret === null || secret === void 0 ? void 0 : secret[key];
+        }
+        return providedSecret === secret;
+    }
+    return {
+        /**
+         * Bootstrap endpoint - initialize permissions for all existing users
+         * POST /bootstrapEffectivePermissions
+         * Requires Authorization: Bearer <admin-secret>
+         */
+        bootstrapEffectivePermissions: (0, https_1.onRequest)({
+            region: cfg.region,
+            maxInstances: cfg.maxInstances,
+        }, async (req, res) => {
+            // CORS
+            res.set('Access-Control-Allow-Origin', '*');
+            if (req.method === 'OPTIONS') {
+                res.set('Access-Control-Allow-Methods', 'POST');
+                res.set('Access-Control-Allow-Headers', 'Authorization,Content-Type');
+                res.status(204).send('');
+                return;
+            }
+            // Validate admin secret
+            if (!validateAdminSecret(req)) {
+                res.status(403).json({ error: 'Forbidden: Invalid admin secret' });
+                return;
+            }
+            try {
+                console.log('Starting bootstrap of effective permissions for all users...');
+                const db = admin.firestore();
+                const usersSnapshot = await db.collection(cfg.userCollection).get();
+                const totalUsers = usersSnapshot.size;
+                console.log(`Found ${totalUsers} users to bootstrap`);
+                if (totalUsers === 0) {
+                    res.json({
+                        success: true,
+                        message: 'No users found to bootstrap',
+                        usersProcessed: 0,
+                    });
+                    return;
+                }
+                const userIds = usersSnapshot.docs.map((doc) => doc.id);
+                await (0, effective_permissions_1.batchUpdateEffectivePermissions)(userIds, config);
+                res.json({
+                    success: true,
+                    message: `Bootstrapped effective permissions for ${totalUsers} users`,
+                    usersProcessed: totalUsers,
+                    totalUsers,
+                });
+            }
+            catch (error) {
+                console.error('Error during bootstrap:', error);
+                res.status(500).json({
+                    error: 'Bootstrap failed',
+                    message: error.message,
+                });
+            }
+        }),
+        /**
+         * Recalculate endpoint - manually recalculate permissions for a single user
+         * POST /recalculateUserPermissions
+         * Body: { userId: string }
+         * Requires Authorization: Bearer <admin-secret>
+         */
+        recalculateUserPermissions: (0, https_1.onRequest)({
+            region: cfg.region,
+            maxInstances: cfg.maxInstances,
+        }, async (req, res) => {
+            var _a;
+            // CORS
+            res.set('Access-Control-Allow-Origin', '*');
+            if (req.method === 'OPTIONS') {
+                res.set('Access-Control-Allow-Methods', 'POST');
+                res.set('Access-Control-Allow-Headers', 'Authorization,Content-Type');
+                res.status(204).send('');
+                return;
+            }
+            // Validate admin secret
+            if (!validateAdminSecret(req)) {
+                res.status(403).json({ error: 'Forbidden: Invalid admin secret' });
+                return;
+            }
+            const userId = ((_a = req.body) === null || _a === void 0 ? void 0 : _a.userId) || req.query.userId;
+            if (!userId) {
+                res.status(400).json({ error: 'Missing userId parameter' });
+                return;
+            }
+            try {
+                console.log(`Manual recalculation requested for user: ${userId}`);
+                await (0, effective_permissions_1.calculateEffectivePermissions)(userId, config);
+                res.json({
+                    success: true,
+                    message: `Effective permissions recalculated for user ${userId}`,
+                    userId,
+                });
+            }
+            catch (error) {
+                console.error(`Error recalculating permissions for ${userId}:`, error);
+                res.status(500).json({
+                    error: 'Recalculation failed',
+                    message: error.message,
+                    userId,
+                });
+            }
+        }),
+    };
+}
+//# sourceMappingURL=effective-permissions.triggers.js.map

package/lib/modules/security/effective-permissions.triggers.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"effective-permissions.triggers.js","sourceRoot":"","sources":["../../../src/modules/security/effective-permissions.triggers.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA0BH,oEAuEC;AASD,oEAkFC;AASD,wEA6IC;AAhVD,sDAAwC;AACxC,+DAIyC;AACzC,uDAAwD;AACxD,mEAIiC;AACjC,iFAGwC;AAExC;;;;;;GAMG;AACH,SAAgB,4BAA4B,CAAC,SAA8C,EAAE;IAC3F,MAAM,GAAG,mCAAQ,mEAAoC,GAAK,MAAM,CAAE,CAAC;IAEnE,OAAO;QACL;;;WAGG;QACH,YAAY,EAAE,IAAA,6BAAiB,EAC7B;YACE,QAAQ,EAAE,GAAG,GAAG,CAAC,cAAc,WAAW;YAC1C,MAAM,EAAE,GAAG,CAAC,MAAM;YAClB,YAAY,EAAE,GAAG,CAAC,YAAY;SAC/B,EACD,KAAK,EAAE,KAAK,EAAE,EAAE;YACd,MAAM,MAAM,GAAG,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC;YACnC,OAAO,CAAC,GAAG,CAAC,qBAAqB,MAAM,EAAE,CAAC,CAAC;YAC3C,MAAM,IAAA,qDAA6B,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACtD,CAAC,CACF;QAED;;;WAGG;QACH,gBAAgB,EAAE,IAAA,6BAAiB,EACjC;YACE,QAAQ,EAAE,GAAG,GAAG,CAAC,cAAc,WAAW;YAC1C,MAAM,EAAE,GAAG,CAAC,MAAM;YAClB,YAAY,EAAE,GAAG,CAAC,YAAY;SAC/B,EACD,KAAK,EAAE,KAAK,EAAE,EAAE;;YACd,MAAM,MAAM,GAAG,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC;YACnC,MAAM,MAAM,GAAG,MAAA,KAAK,CAAC,IAAI,0CAAE,MAAM,CAAC,IAAI,EAAE,CAAC;YACzC,MAAM,KAAK,GAAG,MAAA,KAAK,CAAC,IAAI,0CAAE,KAAK,CAAC,IAAI,EAAE,CAAC;YAEvC,IAAI,CAAC,MAAM,IAAI,CAAC,KAAK;gBAAE,OAAO;YAE9B,MAAM,aAAa,GAAa,MAAM,CAAC,GAAG,CAAC,gBAAgB,CAAC,IAAI,EAAE,CAAC;YACnE,MAAM,YAAY,GAAa,KAAK,CAAC,GAAG,CAAC,gBAAgB,CAAC,IAAI,EAAE,CAAC;YAEjE,kCAAkC;YAClC,MAAM,YAAY,GAChB,aAAa,CAAC,MAAM,KAAK,YAAY,CAAC,MAAM;gBAC5C,aAAa,CAAC,IAAI,CAAC,CAAC,EAAU,EAAE,EAAE,CAAC,CAAC,YAAY,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;gBAC9D,YAAY,CAAC,IAAI,CAAC,CAAC,EAAU,EAAE,EAAE,CAAC,CAAC,aAAa,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC;YAEjE,IAAI,YAAY,EAAE,CAAC;gBACjB,OAAO,CAAC,GAAG,CAAC,QAAQ,MAAM,IAAI,GAAG,CAAC,gBAAgB,UAAU,CAAC,CAAC;gBAC9D,MAAM,IAAA,qDAA6B,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;YACtD,CAAC;QACH,CAAC,CACF;QAED;;;WAGG;QACH,YAAY,EAAE,IAAA,6BAAiB,EAC7B;YACE,QAAQ,EAAE,GAAG,GAAG,CAAC,cAAc,WAAW;YAC1C,MAAM,EAAE,GAAG,CAAC,MAAM;YAClB,YAAY,EAAE,GAAG,CAAC,YAAY;SAC/B,EACD,KAAK,EAAE,KAAK,EAAE,EAAE;YACd,MAAM,MAAM,GAAG,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC;YACnC,OAAO,CAAC,GAAG,CAAC,iBAAiB,MAAM,EAAE,CAAC,CAAC;YACvC,MAAM,IAAA,kDAA0B,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACnD,CAAC,CACF;KACF,CAAC;AACJ,CAAC;AAED;;;;;;GAMG;AACH,SAAgB,4BAA4B,CAAC,SAA8C,EAAE;IAC3F,MAAM,GAAG,mCAAQ,mEAAoC,GAAK,MAAM,CAAE,CAAC;IAEnE,OAAO;QACL;;;WAGG;QACH,uBAAuB,EAAE,IAAA,6BAAiB,EACxC;YACE,QAAQ,EAAE,GAAG,GAAG,CAAC,cAAc,WAAW;YAC1C,MAAM,EAAE,GAAG,CAAC,MAAM;YAClB,YAAY,EAAE,GAAG,CAAC,YAAY;SAC/B,EACD,KAAK,EAAE,KAAK,EAAE,EAAE;;YACd,MAAM,MAAM,GAAG,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC;YACnC,MAAM,MAAM,GAAG,MAAA,KAAK,CAAC,IAAI,0CAAE,MAAM,CAAC,IAAI,EAAE,CAAC;YACzC,MAAM,KAAK,GAAG,MAAA,KAAK,CAAC,IAAI,0CAAE,KAAK,CAAC,IAAI,EAAE,CAAC;YAEvC,IAAI,CAAC,MAAM,IAAI,CAAC,KAAK;gBAAE,OAAO;YAE9B,MAAM,iBAAiB,GAAa,MAAM,CAAC,GAAG,CAAC,oBAAoB,CAAC,IAAI,EAAE,CAAC;YAC3E,MAAM,gBAAgB,GAAa,KAAK,CAAC,GAAG,CAAC,oBAAoB,CAAC,IAAI,EAAE,CAAC;YAEzE,wCAAwC;YACxC,MAAM,kBAAkB,GACtB,iBAAiB,CAAC,MAAM,KAAK,gBAAgB,CAAC,MAAM;gBACpD,iBAAiB,CAAC,IAAI,CAAC,CAAC,CAAS,EAAE,EAAE,CAAC,CAAC,gBAAgB,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;gBACpE,gBAAgB,CAAC,IAAI,CAAC,CAAC,CAAS,EAAE,EAAE,CAAC,CAAC,iBAAiB,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;YAEvE,IAAI,CAAC,kBAAkB,EAAE,CAAC;gBACxB,OAAO;YACT,CAAC;YAED,OAAO,CAAC,GAAG,CAAC,QAAQ,MAAM,IAAI,GAAG,CAAC,oBAAoB,UAAU,CAAC,CAAC;YAElE,gCAAgC;YAChC,MAAM,EAAE,GAAG,KAAK,CAAC,SAAS,EAAE,CAAC;YAC7B,MAAM,aAAa,GAAG,MAAM,EAAE;iBAC3B,UAAU,CAAC,GAAG,CAAC,cAAc,CAAC;iBAC9B,KAAK,CAAC,GAAG,CAAC,gBAAgB,EAAE,gBAAgB,EAAE,MAAM,CAAC;iBACrD,GAAG,EAAE,CAAC;YAET,OAAO,CAAC,GAAG,CAAC,SAAS,aAAa,CAAC,IAAI,oBAAoB,MAAM,EAAE,CAAC,CAAC;YAErE,MAAM,OAAO,GAAG,aAAa,CAAC,IAAI,CAAC,GAAG,CACpC,CAAC,GAA0C,EAAE,EAAE,CAAC,GAAG,CAAC,EAAE,CACvD,CAAC;YACF,MAAM,IAAA,uDAA+B,EAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QACzD,CAAC,CACF;QAED;;;WAGG;QACH,YAAY,EAAE,IAAA,6BAAiB,EAC7B;YACE,QAAQ,EAAE,GAAG,GAAG,CAAC,cAAc,WAAW;YAC1C,MAAM,EAAE,GAAG,CAAC,MAAM;YAClB,YAAY,EAAE,GAAG,CAAC,YAAY;SAC/B,EACD,KAAK,EAAE,KAAK,EAAE,EAAE;YACd,MAAM,MAAM,GAAG,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC;YACnC,OAAO,CAAC,GAAG,CAAC,QAAQ,MAAM,UAAU,CAAC,CAAC;YAEtC,gCAAgC;YAChC,MAAM,EAAE,GAAG,KAAK,CAAC,SAAS,EAAE,CAAC;YAC7B,MAAM,aAAa,GAAG,MAAM,EAAE;iBAC3B,UAAU,CAAC,GAAG,CAAC,cAAc,CAAC;iBAC9B,KAAK,CAAC,GAAG,CAAC,gBAAgB,EAAE,gBAAgB,EAAE,MAAM,CAAC;iBACrD,GAAG,EAAE,CAAC;YAET,MAAM,OAAO,GAAG,aAAa,CAAC,IAAI,CAAC,GAAG,CACpC,CAAC,GAA0C,EAAE,EAAE,CAAC,GAAG,CAAC,EAAE,CACvD,CAAC;YACF,MAAM,IAAA,uDAA+B,EAAC,OAAO,EAAE,MAAM,CAAC,CAAC;YAEvD,OAAO,CAAC,GAAG,CAAC,WAAW,aAAa,CAAC,IAAI,4BAA4B,CAAC,CAAC;QACzE,CAAC,CACF;KACF,CAAC;AACJ,CAAC;AAED;;;;;;GAMG;AACH,SAAgB,8BAA8B,CAC5C,SAA8C,EAAE,EAChD,iBAAyB,cAAc;IAEvC,MAAM,GAAG,mCAAQ,mEAAoC,GAAK,MAAM,CAAE,CAAC;IAEnE;;OAEG;IACH,SAAS,mBAAmB,CAAC,GAAQ;;QACnC,MAAM,cAAc,GAAG,MAAA,GAAG,CAAC,OAAO,CAAC,aAAa,0CAAE,OAAO,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;QACzE,MAAM,UAAU,GAAG,cAAc,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC7C,IAAI,MAAM,GAAQ,OAAO,CAAC,oBAAoB,CAAC,CAAC,MAAM,EAAE,CAAC;QAEzD,KAAK,MAAM,GAAG,IAAI,UAAU,EAAE,CAAC;YAC7B,MAAM,GAAG,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAG,GAAG,CAAC,CAAC;QACzB,CAAC;QAED,OAAO,cAAc,KAAK,MAAM,CAAC;IACnC,CAAC;IAED,OAAO;QACL;;;;WAIG;QACH,6BAA6B,EAAE,IAAA,iBAAS,EACtC;YACE,MAAM,EAAE,GAAG,CAAC,MAAM;YAClB,YAAY,EAAE,GAAG,CAAC,YAAY;SAC/B,EACD,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;YACjB,OAAO;YACP,GAAG,CAAC,GAAG,CAAC,6BAA6B,EAAE,GAAG,CAAC,CAAC;YAC5C,IAAI,GAAG,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;gBAC7B,GAAG,CAAC,GAAG,CAAC,8BAA8B,EAAE,MAAM,CAAC,CAAC;gBAChD,GAAG,CAAC,GAAG,CAAC,8BAA8B,EAAE,4BAA4B,CAAC,CAAC;gBACtE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;gBACzB,OAAO;YACT,CAAC;YAED,wBAAwB;YACxB,IAAI,CAAC,mBAAmB,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC9B,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,iCAAiC,EAAE,CAAC,CAAC;gBACnE,OAAO;YACT,CAAC;YAED,IAAI,CAAC;gBACH,OAAO,CAAC,GAAG,CAAC,8DAA8D,CAAC,CAAC;gBAE5E,MAAM,EAAE,GAAG,KAAK,CAAC,SAAS,EAAE,CAAC;gBAC7B,MAAM,aAAa,GAAG,MAAM,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC,GAAG,EAAE,CAAC;gBACpE,MAAM,UAAU,GAAG,aAAa,CAAC,IAAI,CAAC;gBAEtC,OAAO,CAAC,GAAG,CAAC,SAAS,UAAU,qBAAqB,CAAC,CAAC;gBAEtD,IAAI,UAAU,KAAK,CAAC,EAAE,CAAC;oBACrB,GAAG,CAAC,IAAI,CAAC;wBACP,OAAO,EAAE,IAAI;wBACb,OAAO,EAAE,6BAA6B;wBACtC,cAAc,EAAE,CAAC;qBAClB,CAAC,CAAC;oBACH,OAAO;gBACT,CAAC;gBAED,MAAM,OAAO,GAAG,aAAa,CAAC,IAAI,CAAC,GAAG,CACpC,CAAC,GAA0C,EAAE,EAAE,CAAC,GAAG,CAAC,EAAE,CACvD,CAAC;gBACF,MAAM,IAAA,uDAA+B,EAAC,OAAO,EAAE,MAAM,CAAC,CAAC;gBAEvD,GAAG,CAAC,IAAI,CAAC;oBACP,OAAO,EAAE,IAAI;oBACb,OAAO,EAAE,0CAA0C,UAAU,QAAQ;oBACrE,cAAc,EAAE,UAAU;oBAC1B,UAAU;iBACX,CAAC,CAAC;YACL,CAAC;YAAC,OAAO,KAAU,EAAE,CAAC;gBACpB,OAAO,CAAC,KAAK,CAAC,yBAAyB,EAAE,KAAK,CAAC,CAAC;gBAChD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;oBACnB,KAAK,EAAE,kBAAkB;oBACzB,OAAO,EAAE,KAAK,CAAC,OAAO;iBACvB,CAAC,CAAC;YACL,CAAC;QACH,CAAC,CACF;QAED;;;;;WAKG;QACH,0BAA0B,EAAE,IAAA,iBAAS,EACnC;YACE,MAAM,EAAE,GAAG,CAAC,MAAM;YAClB,YAAY,EAAE,GAAG,CAAC,YAAY;SAC/B,EACD,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;;YACjB,OAAO;YACP,GAAG,CAAC,GAAG,CAAC,6BAA6B,EAAE,GAAG,CAAC,CAAC;YAC5C,IAAI,GAAG,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;gBAC7B,GAAG,CAAC,GAAG,CAAC,8BAA8B,EAAE,MAAM,CAAC,CAAC;gBAChD,GAAG,CAAC,GAAG,CAAC,8BAA8B,EAAE,4BAA4B,CAAC,CAAC;gBACtE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;gBACzB,OAAO;YACT,CAAC;YAED,wBAAwB;YACxB,IAAI,CAAC,mBAAmB,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC9B,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,iCAAiC,EAAE,CAAC,CAAC;gBACnE,OAAO;YACT,CAAC;YAED,MAAM,MAAM,GAAG,CAAA,MAAA,GAAG,CAAC,IAAI,0CAAE,MAAM,KAAI,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC;YAEpD,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,0BAA0B,EAAE,CAAC,CAAC;gBAC5D,OAAO;YACT,CAAC;YAED,IAAI,CAAC;gBACH,OAAO,CAAC,GAAG,CAAC,4CAA4C,MAAM,EAAE,CAAC,CAAC;gBAClE,MAAM,IAAA,qDAA6B,EAAC,MAAgB,EAAE,MAAM,CAAC,CAAC;gBAE9D,GAAG,CAAC,IAAI,CAAC;oBACP,OAAO,EAAE,IAAI;oBACb,OAAO,EAAE,+CAA+C,MAAM,EAAE;oBAChE,MAAM;iBACP,CAAC,CAAC;YACL,CAAC;YAAC,OAAO,KAAU,EAAE,CAAC;gBACpB,OAAO,CAAC,KAAK,CAAC,uCAAuC,MAAM,GAAG,EAAE,KAAK,CAAC,CAAC;gBACvE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;oBACnB,KAAK,EAAE,sBAAsB;oBAC7B,OAAO,EAAE,KAAK,CAAC,OAAO;oBACtB,MAAM;iBACP,CAAC,CAAC;YACL,CAAC;QACH,CAAC,CACF;KACF,CAAC;AACJ,CAAC"}

package/lib/modules/security/index.d.ts

@@ -0,0 +1,10 @@
+/**
+ * Security Module - Effective Permissions System
+ *
+ * Provides automatic permission caching for Firebase security rules.
+ * Maintains denormalized cache based on user roles and permissions.
+ */
+export { EffectivePermissionsConfig, DEFAULT_EFFECTIVE_PERMISSIONS_CONFIG, EffectivePermissions, UserDocument, } from './effective-permissions.models';
+export * from './effective-permissions';
+export * from './effective-permissions.triggers';
+//# sourceMappingURL=index.d.ts.map

package/lib/modules/security/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/modules/security/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EACL,0BAA0B,EAC1B,oCAAoC,EACpC,oBAAoB,EACpB,YAAY,GACb,MAAM,gCAAgC,CAAC;AAExC,cAAc,yBAAyB,CAAC;AACxC,cAAc,kCAAkC,CAAC"}

package/lib/modules/security/index.js

@@ -0,0 +1,28 @@
+"use strict";
+/**
+ * Security Module - Effective Permissions System
+ *
+ * Provides automatic permission caching for Firebase security rules.
+ * Maintains denormalized cache based on user roles and permissions.
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DEFAULT_EFFECTIVE_PERMISSIONS_CONFIG = void 0;
+var effective_permissions_models_1 = require("./effective-permissions.models");
+Object.defineProperty(exports, "DEFAULT_EFFECTIVE_PERMISSIONS_CONFIG", { enumerable: true, get: function () { return effective_permissions_models_1.DEFAULT_EFFECTIVE_PERMISSIONS_CONFIG; } });
+__exportStar(require("./effective-permissions"), exports);
+__exportStar(require("./effective-permissions.triggers"), exports);
+//# sourceMappingURL=index.js.map

package/lib/modules/security/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/modules/security/index.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;;;;;;;;;;;;;;;;AAEH,+EAKwC;AAHtC,oJAAA,oCAAoC,OAAA;AAKtC,0DAAwC;AACxC,mEAAiD"}

package/lib/modules/storage/index.d.ts

@@ -0,0 +1,2 @@
+export * from './thumbnail-functions';
+//# sourceMappingURL=index.d.ts.map

package/lib/modules/storage/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/modules/storage/index.ts"],"names":[],"mappings":"AAAA,cAAc,uBAAuB,CAAC"}

package/lib/modules/storage/index.js

@@ -0,0 +1,18 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./thumbnail-functions"), exports);
+//# sourceMappingURL=index.js.map

package/lib/modules/storage/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/modules/storage/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,wDAAsC"}

package/lib/modules/storage/thumbnail-functions.d.ts

@@ -0,0 +1,10 @@
+interface GenerateThumbnailRequest {
+    path: string;
+    maxWidth?: number;
+    maxHeight?: number;
+    force?: boolean;
+    documentId?: string;
+}
+export declare const generateThumbnail: import("firebase-functions/v2/https").CallableFunction<GenerateThumbnailRequest, any, unknown>;
+export {};
+//# sourceMappingURL=thumbnail-functions.d.ts.map

package/lib/modules/storage/thumbnail-functions.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"thumbnail-functions.d.ts","sourceRoot":"","sources":["../../../src/modules/storage/thumbnail-functions.ts"],"names":[],"mappings":"AASA,UAAU,wBAAwB;IAChC,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAiTD,eAAO,MAAM,iBAAiB,gGAwO7B,CAAC"}