webapp-factory 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (574) hide show
  1. package/README.md +145 -0
  2. package/dist/access-control/adapters/in-memory-relations.d.ts +7 -0
  3. package/dist/access-control/adapters/in-memory-relations.d.ts.map +1 -0
  4. package/dist/access-control/adapters/in-memory-relations.js +6 -0
  5. package/dist/access-control/adapters/in-memory-relations.js.map +1 -0
  6. package/dist/access-control/core/enforcement.d.ts +13 -0
  7. package/dist/access-control/core/enforcement.d.ts.map +1 -0
  8. package/dist/access-control/core/enforcement.js +38 -0
  9. package/dist/access-control/core/enforcement.js.map +1 -0
  10. package/dist/access-control/core/errors.d.ts +30 -0
  11. package/dist/access-control/core/errors.d.ts.map +1 -0
  12. package/dist/access-control/core/errors.js +46 -0
  13. package/dist/access-control/core/errors.js.map +1 -0
  14. package/dist/access-control/core/pdp.d.ts +14 -0
  15. package/dist/access-control/core/pdp.d.ts.map +1 -0
  16. package/dist/access-control/core/pdp.js +79 -0
  17. package/dist/access-control/core/pdp.js.map +1 -0
  18. package/dist/access-control/core/ports.d.ts +68 -0
  19. package/dist/access-control/core/ports.d.ts.map +1 -0
  20. package/dist/access-control/core/ports.js +6 -0
  21. package/dist/access-control/core/ports.js.map +1 -0
  22. package/dist/access-control/core/rbac.d.ts +10 -0
  23. package/dist/access-control/core/rbac.d.ts.map +1 -0
  24. package/dist/access-control/core/rbac.js +78 -0
  25. package/dist/access-control/core/rbac.js.map +1 -0
  26. package/dist/access-control/core/rebac.d.ts +15 -0
  27. package/dist/access-control/core/rebac.d.ts.map +1 -0
  28. package/dist/access-control/core/rebac.js +48 -0
  29. package/dist/access-control/core/rebac.js.map +1 -0
  30. package/dist/access-control/index.d.ts +15 -0
  31. package/dist/access-control/index.d.ts.map +1 -0
  32. package/dist/access-control/index.js +20 -0
  33. package/dist/access-control/index.js.map +1 -0
  34. package/dist/access-control/nestjs/access-control.module.d.ts +34 -0
  35. package/dist/access-control/nestjs/access-control.module.d.ts.map +1 -0
  36. package/dist/access-control/nestjs/access-control.module.js +80 -0
  37. package/dist/access-control/nestjs/access-control.module.js.map +1 -0
  38. package/dist/audit/adapters/in-memory-store.d.ts +3 -0
  39. package/dist/audit/adapters/in-memory-store.d.ts.map +1 -0
  40. package/dist/audit/adapters/in-memory-store.js +66 -0
  41. package/dist/audit/adapters/in-memory-store.js.map +1 -0
  42. package/dist/audit/adapters/pg-store.d.ts +22 -0
  43. package/dist/audit/adapters/pg-store.d.ts.map +1 -0
  44. package/dist/audit/adapters/pg-store.js +119 -0
  45. package/dist/audit/adapters/pg-store.js.map +1 -0
  46. package/dist/audit/core/audit-log.d.ts +41 -0
  47. package/dist/audit/core/audit-log.d.ts.map +1 -0
  48. package/dist/audit/core/audit-log.js +78 -0
  49. package/dist/audit/core/audit-log.js.map +1 -0
  50. package/dist/audit/core/errors.d.ts +22 -0
  51. package/dist/audit/core/errors.d.ts.map +1 -0
  52. package/dist/audit/core/errors.js +35 -0
  53. package/dist/audit/core/errors.js.map +1 -0
  54. package/dist/audit/core/hash.d.ts +9 -0
  55. package/dist/audit/core/hash.d.ts.map +1 -0
  56. package/dist/audit/core/hash.js +45 -0
  57. package/dist/audit/core/hash.js.map +1 -0
  58. package/dist/audit/core/ports.d.ts +68 -0
  59. package/dist/audit/core/ports.d.ts.map +1 -0
  60. package/dist/audit/core/ports.js +6 -0
  61. package/dist/audit/core/ports.js.map +1 -0
  62. package/dist/audit/index.d.ts +13 -0
  63. package/dist/audit/index.d.ts.map +1 -0
  64. package/dist/audit/index.js +16 -0
  65. package/dist/audit/index.js.map +1 -0
  66. package/dist/auth/adapters/argon2id-hasher.d.ts +15 -0
  67. package/dist/auth/adapters/argon2id-hasher.d.ts.map +1 -0
  68. package/dist/auth/adapters/argon2id-hasher.js +61 -0
  69. package/dist/auth/adapters/argon2id-hasher.js.map +1 -0
  70. package/dist/auth/adapters/in-memory-stores.d.ts +14 -0
  71. package/dist/auth/adapters/in-memory-stores.d.ts.map +1 -0
  72. package/dist/auth/adapters/in-memory-stores.js +78 -0
  73. package/dist/auth/adapters/in-memory-stores.js.map +1 -0
  74. package/dist/auth/core/auth-service.d.ts +40 -0
  75. package/dist/auth/core/auth-service.d.ts.map +1 -0
  76. package/dist/auth/core/auth-service.js +106 -0
  77. package/dist/auth/core/auth-service.js.map +1 -0
  78. package/dist/auth/core/credentials.d.ts +15 -0
  79. package/dist/auth/core/credentials.d.ts.map +1 -0
  80. package/dist/auth/core/credentials.js +15 -0
  81. package/dist/auth/core/credentials.js.map +1 -0
  82. package/dist/auth/core/crypto-util.d.ts +7 -0
  83. package/dist/auth/core/crypto-util.d.ts.map +1 -0
  84. package/dist/auth/core/crypto-util.js +15 -0
  85. package/dist/auth/core/crypto-util.js.map +1 -0
  86. package/dist/auth/core/errors.d.ts +33 -0
  87. package/dist/auth/core/errors.d.ts.map +1 -0
  88. package/dist/auth/core/errors.js +48 -0
  89. package/dist/auth/core/errors.js.map +1 -0
  90. package/dist/auth/core/jwt.d.ts +5 -0
  91. package/dist/auth/core/jwt.d.ts.map +1 -0
  92. package/dist/auth/core/jwt.js +40 -0
  93. package/dist/auth/core/jwt.js.map +1 -0
  94. package/dist/auth/core/ports.d.ts +95 -0
  95. package/dist/auth/core/ports.d.ts.map +1 -0
  96. package/dist/auth/core/ports.js +7 -0
  97. package/dist/auth/core/ports.js.map +1 -0
  98. package/dist/auth/core/single-use.d.ts +10 -0
  99. package/dist/auth/core/single-use.d.ts.map +1 -0
  100. package/dist/auth/core/single-use.js +47 -0
  101. package/dist/auth/core/single-use.js.map +1 -0
  102. package/dist/auth/core/tokens.d.ts +14 -0
  103. package/dist/auth/core/tokens.d.ts.map +1 -0
  104. package/dist/auth/core/tokens.js +85 -0
  105. package/dist/auth/core/tokens.js.map +1 -0
  106. package/dist/auth/index.d.ts +18 -0
  107. package/dist/auth/index.d.ts.map +1 -0
  108. package/dist/auth/index.js +22 -0
  109. package/dist/auth/index.js.map +1 -0
  110. package/dist/auth/nestjs/auth.module.d.ts +17 -0
  111. package/dist/auth/nestjs/auth.module.d.ts.map +1 -0
  112. package/dist/auth/nestjs/auth.module.js +18 -0
  113. package/dist/auth/nestjs/auth.module.js.map +1 -0
  114. package/dist/cache/adapters/in-memory-store.d.ts +6 -0
  115. package/dist/cache/adapters/in-memory-store.d.ts.map +1 -0
  116. package/dist/cache/adapters/in-memory-store.js +65 -0
  117. package/dist/cache/adapters/in-memory-store.js.map +1 -0
  118. package/dist/cache/adapters/redis-store.d.ts +32 -0
  119. package/dist/cache/adapters/redis-store.d.ts.map +1 -0
  120. package/dist/cache/adapters/redis-store.js +59 -0
  121. package/dist/cache/adapters/redis-store.js.map +1 -0
  122. package/dist/cache/core/cache.d.ts +31 -0
  123. package/dist/cache/core/cache.d.ts.map +1 -0
  124. package/dist/cache/core/cache.js +89 -0
  125. package/dist/cache/core/cache.js.map +1 -0
  126. package/dist/cache/core/errors.d.ts +17 -0
  127. package/dist/cache/core/errors.d.ts.map +1 -0
  128. package/dist/cache/core/errors.js +27 -0
  129. package/dist/cache/core/errors.js.map +1 -0
  130. package/dist/cache/core/lock.d.ts +21 -0
  131. package/dist/cache/core/lock.d.ts.map +1 -0
  132. package/dist/cache/core/lock.js +47 -0
  133. package/dist/cache/core/lock.js.map +1 -0
  134. package/dist/cache/core/ports.d.ts +33 -0
  135. package/dist/cache/core/ports.d.ts.map +1 -0
  136. package/dist/cache/core/ports.js +6 -0
  137. package/dist/cache/core/ports.js.map +1 -0
  138. package/dist/cache/core/pubsub.d.ts +14 -0
  139. package/dist/cache/core/pubsub.d.ts.map +1 -0
  140. package/dist/cache/core/pubsub.js +13 -0
  141. package/dist/cache/core/pubsub.js.map +1 -0
  142. package/dist/cache/core/serializer.d.ts +4 -0
  143. package/dist/cache/core/serializer.d.ts.map +1 -0
  144. package/dist/cache/core/serializer.js +6 -0
  145. package/dist/cache/core/serializer.js.map +1 -0
  146. package/dist/cache/index.d.ts +14 -0
  147. package/dist/cache/index.d.ts.map +1 -0
  148. package/dist/cache/index.js +19 -0
  149. package/dist/cache/index.js.map +1 -0
  150. package/dist/config/adapters/reporters.d.ts +17 -0
  151. package/dist/config/adapters/reporters.d.ts.map +1 -0
  152. package/dist/config/adapters/reporters.js +35 -0
  153. package/dist/config/adapters/reporters.js.map +1 -0
  154. package/dist/config/adapters/secret-resolvers.d.ts +21 -0
  155. package/dist/config/adapters/secret-resolvers.d.ts.map +1 -0
  156. package/dist/config/adapters/secret-resolvers.js +60 -0
  157. package/dist/config/adapters/secret-resolvers.js.map +1 -0
  158. package/dist/config/adapters/zod-schema.d.ts +20 -0
  159. package/dist/config/adapters/zod-schema.d.ts.map +1 -0
  160. package/dist/config/adapters/zod-schema.js +35 -0
  161. package/dist/config/adapters/zod-schema.js.map +1 -0
  162. package/dist/config/core/env-loader.d.ts +47 -0
  163. package/dist/config/core/env-loader.d.ts.map +1 -0
  164. package/dist/config/core/env-loader.js +155 -0
  165. package/dist/config/core/env-loader.js.map +1 -0
  166. package/dist/config/core/errors.d.ts +34 -0
  167. package/dist/config/core/errors.d.ts.map +1 -0
  168. package/dist/config/core/errors.js +49 -0
  169. package/dist/config/core/errors.js.map +1 -0
  170. package/dist/config/core/freeze.d.ts +7 -0
  171. package/dist/config/core/freeze.d.ts.map +1 -0
  172. package/dist/config/core/freeze.js +20 -0
  173. package/dist/config/core/freeze.js.map +1 -0
  174. package/dist/config/core/load-config.d.ts +43 -0
  175. package/dist/config/core/load-config.d.ts.map +1 -0
  176. package/dist/config/core/load-config.js +74 -0
  177. package/dist/config/core/load-config.js.map +1 -0
  178. package/dist/config/core/merge.d.ts +19 -0
  179. package/dist/config/core/merge.d.ts.map +1 -0
  180. package/dist/config/core/merge.js +31 -0
  181. package/dist/config/core/merge.js.map +1 -0
  182. package/dist/config/core/ports.d.ts +58 -0
  183. package/dist/config/core/ports.d.ts.map +1 -0
  184. package/dist/config/core/ports.js +2 -0
  185. package/dist/config/core/ports.js.map +1 -0
  186. package/dist/config/core/secret-resolver.d.ts +16 -0
  187. package/dist/config/core/secret-resolver.d.ts.map +1 -0
  188. package/dist/config/core/secret-resolver.js +73 -0
  189. package/dist/config/core/secret-resolver.js.map +1 -0
  190. package/dist/config/core/secret.d.ts +21 -0
  191. package/dist/config/core/secret.d.ts.map +1 -0
  192. package/dist/config/core/secret.js +40 -0
  193. package/dist/config/core/secret.js.map +1 -0
  194. package/dist/config/index.d.ts +16 -0
  195. package/dist/config/index.d.ts.map +1 -0
  196. package/dist/config/index.js +23 -0
  197. package/dist/config/index.js.map +1 -0
  198. package/dist/config/nestjs/config-kit.module.d.ts +37 -0
  199. package/dist/config/nestjs/config-kit.module.d.ts.map +1 -0
  200. package/dist/config/nestjs/config-kit.module.js +24 -0
  201. package/dist/config/nestjs/config-kit.module.js.map +1 -0
  202. package/dist/http/adapters/zod-schema.d.ts +11 -0
  203. package/dist/http/adapters/zod-schema.d.ts.map +1 -0
  204. package/dist/http/adapters/zod-schema.js +74 -0
  205. package/dist/http/adapters/zod-schema.js.map +1 -0
  206. package/dist/http/core/context.d.ts +25 -0
  207. package/dist/http/core/context.d.ts.map +1 -0
  208. package/dist/http/core/context.js +60 -0
  209. package/dist/http/core/context.js.map +1 -0
  210. package/dist/http/core/errors.d.ts +41 -0
  211. package/dist/http/core/errors.d.ts.map +1 -0
  212. package/dist/http/core/errors.js +99 -0
  213. package/dist/http/core/errors.js.map +1 -0
  214. package/dist/http/core/kernel.d.ts +54 -0
  215. package/dist/http/core/kernel.d.ts.map +1 -0
  216. package/dist/http/core/kernel.js +122 -0
  217. package/dist/http/core/kernel.js.map +1 -0
  218. package/dist/http/core/openapi.d.ts +37 -0
  219. package/dist/http/core/openapi.d.ts.map +1 -0
  220. package/dist/http/core/openapi.js +99 -0
  221. package/dist/http/core/openapi.js.map +1 -0
  222. package/dist/http/core/pagination.d.ts +17 -0
  223. package/dist/http/core/pagination.d.ts.map +1 -0
  224. package/dist/http/core/pagination.js +108 -0
  225. package/dist/http/core/pagination.js.map +1 -0
  226. package/dist/http/core/ports.d.ts +106 -0
  227. package/dist/http/core/ports.d.ts.map +1 -0
  228. package/dist/http/core/ports.js +6 -0
  229. package/dist/http/core/ports.js.map +1 -0
  230. package/dist/http/core/redaction.d.ts +8 -0
  231. package/dist/http/core/redaction.d.ts.map +1 -0
  232. package/dist/http/core/redaction.js +45 -0
  233. package/dist/http/core/redaction.js.map +1 -0
  234. package/dist/http/core/router.d.ts +37 -0
  235. package/dist/http/core/router.d.ts.map +1 -0
  236. package/dist/http/core/router.js +120 -0
  237. package/dist/http/core/router.js.map +1 -0
  238. package/dist/http/core/security.d.ts +43 -0
  239. package/dist/http/core/security.d.ts.map +1 -0
  240. package/dist/http/core/security.js +66 -0
  241. package/dist/http/core/security.js.map +1 -0
  242. package/dist/http/core/validation.d.ts +9 -0
  243. package/dist/http/core/validation.d.ts.map +1 -0
  244. package/dist/http/core/validation.js +36 -0
  245. package/dist/http/core/validation.js.map +1 -0
  246. package/dist/http/index.d.ts +20 -0
  247. package/dist/http/index.d.ts.map +1 -0
  248. package/dist/http/index.js +29 -0
  249. package/dist/http/index.js.map +1 -0
  250. package/dist/http/nestjs/http-kernel.module.d.ts +37 -0
  251. package/dist/http/nestjs/http-kernel.module.d.ts.map +1 -0
  252. package/dist/http/nestjs/http-kernel.module.js +77 -0
  253. package/dist/http/nestjs/http-kernel.module.js.map +1 -0
  254. package/dist/http/nodejs/http-adapter.d.ts +11 -0
  255. package/dist/http/nodejs/http-adapter.d.ts.map +1 -0
  256. package/dist/http/nodejs/http-adapter.js +60 -0
  257. package/dist/http/nodejs/http-adapter.js.map +1 -0
  258. package/dist/i18n/core/catalog.d.ts +23 -0
  259. package/dist/i18n/core/catalog.d.ts.map +1 -0
  260. package/dist/i18n/core/catalog.js +31 -0
  261. package/dist/i18n/core/catalog.js.map +1 -0
  262. package/dist/i18n/core/errors.d.ts +14 -0
  263. package/dist/i18n/core/errors.d.ts.map +1 -0
  264. package/dist/i18n/core/errors.js +22 -0
  265. package/dist/i18n/core/errors.js.map +1 -0
  266. package/dist/i18n/core/i18n.d.ts +20 -0
  267. package/dist/i18n/core/i18n.d.ts.map +1 -0
  268. package/dist/i18n/core/i18n.js +48 -0
  269. package/dist/i18n/core/i18n.js.map +1 -0
  270. package/dist/i18n/core/message.d.ts +8 -0
  271. package/dist/i18n/core/message.d.ts.map +1 -0
  272. package/dist/i18n/core/message.js +38 -0
  273. package/dist/i18n/core/message.js.map +1 -0
  274. package/dist/i18n/core/negotiate.d.ts +13 -0
  275. package/dist/i18n/core/negotiate.d.ts.map +1 -0
  276. package/dist/i18n/core/negotiate.js +46 -0
  277. package/dist/i18n/core/negotiate.js.map +1 -0
  278. package/dist/i18n/core/ports.d.ts +35 -0
  279. package/dist/i18n/core/ports.d.ts.map +1 -0
  280. package/dist/i18n/core/ports.js +6 -0
  281. package/dist/i18n/core/ports.js.map +1 -0
  282. package/dist/i18n/index.d.ts +14 -0
  283. package/dist/i18n/index.d.ts.map +1 -0
  284. package/dist/i18n/index.js +18 -0
  285. package/dist/i18n/index.js.map +1 -0
  286. package/dist/i18n/nestjs/i18n.module.d.ts +16 -0
  287. package/dist/i18n/nestjs/i18n.module.d.ts.map +1 -0
  288. package/dist/i18n/nestjs/i18n.module.js +17 -0
  289. package/dist/i18n/nestjs/i18n.module.js.map +1 -0
  290. package/dist/index.d.ts +31 -0
  291. package/dist/index.d.ts.map +1 -0
  292. package/dist/index.js +31 -0
  293. package/dist/index.js.map +1 -0
  294. package/dist/jobs/adapters/in-memory-idempotency.d.ts +9 -0
  295. package/dist/jobs/adapters/in-memory-idempotency.d.ts.map +1 -0
  296. package/dist/jobs/adapters/in-memory-idempotency.js +34 -0
  297. package/dist/jobs/adapters/in-memory-idempotency.js.map +1 -0
  298. package/dist/jobs/adapters/in-memory-queue-store.d.ts +7 -0
  299. package/dist/jobs/adapters/in-memory-queue-store.d.ts.map +1 -0
  300. package/dist/jobs/adapters/in-memory-queue-store.js +70 -0
  301. package/dist/jobs/adapters/in-memory-queue-store.js.map +1 -0
  302. package/dist/jobs/adapters/redis-queue-store.d.ts +28 -0
  303. package/dist/jobs/adapters/redis-queue-store.d.ts.map +1 -0
  304. package/dist/jobs/adapters/redis-queue-store.js +86 -0
  305. package/dist/jobs/adapters/redis-queue-store.js.map +1 -0
  306. package/dist/jobs/core/backoff.d.ts +15 -0
  307. package/dist/jobs/core/backoff.d.ts.map +1 -0
  308. package/dist/jobs/core/backoff.js +20 -0
  309. package/dist/jobs/core/backoff.js.map +1 -0
  310. package/dist/jobs/core/cron.d.ts +13 -0
  311. package/dist/jobs/core/cron.d.ts.map +1 -0
  312. package/dist/jobs/core/cron.js +101 -0
  313. package/dist/jobs/core/cron.js.map +1 -0
  314. package/dist/jobs/core/errors.d.ts +18 -0
  315. package/dist/jobs/core/errors.d.ts.map +1 -0
  316. package/dist/jobs/core/errors.js +30 -0
  317. package/dist/jobs/core/errors.js.map +1 -0
  318. package/dist/jobs/core/ports.d.ts +80 -0
  319. package/dist/jobs/core/ports.d.ts.map +1 -0
  320. package/dist/jobs/core/ports.js +6 -0
  321. package/dist/jobs/core/ports.js.map +1 -0
  322. package/dist/jobs/core/queue.d.ts +16 -0
  323. package/dist/jobs/core/queue.d.ts.map +1 -0
  324. package/dist/jobs/core/queue.js +29 -0
  325. package/dist/jobs/core/queue.js.map +1 -0
  326. package/dist/jobs/core/registry.d.ts +4 -0
  327. package/dist/jobs/core/registry.d.ts.map +1 -0
  328. package/dist/jobs/core/registry.js +11 -0
  329. package/dist/jobs/core/registry.js.map +1 -0
  330. package/dist/jobs/core/scheduler.d.ts +30 -0
  331. package/dist/jobs/core/scheduler.d.ts.map +1 -0
  332. package/dist/jobs/core/scheduler.js +53 -0
  333. package/dist/jobs/core/scheduler.js.map +1 -0
  334. package/dist/jobs/core/serializer.d.ts +3 -0
  335. package/dist/jobs/core/serializer.d.ts.map +1 -0
  336. package/dist/jobs/core/serializer.js +5 -0
  337. package/dist/jobs/core/serializer.js.map +1 -0
  338. package/dist/jobs/core/worker.d.ts +28 -0
  339. package/dist/jobs/core/worker.d.ts.map +1 -0
  340. package/dist/jobs/core/worker.js +118 -0
  341. package/dist/jobs/core/worker.js.map +1 -0
  342. package/dist/jobs/index.d.ts +18 -0
  343. package/dist/jobs/index.d.ts.map +1 -0
  344. package/dist/jobs/index.js +23 -0
  345. package/dist/jobs/index.js.map +1 -0
  346. package/dist/mailer/adapters/dev-inbox.d.ts +17 -0
  347. package/dist/mailer/adapters/dev-inbox.d.ts.map +1 -0
  348. package/dist/mailer/adapters/dev-inbox.js +29 -0
  349. package/dist/mailer/adapters/dev-inbox.js.map +1 -0
  350. package/dist/mailer/adapters/i18n-renderer.d.ts +13 -0
  351. package/dist/mailer/adapters/i18n-renderer.d.ts.map +1 -0
  352. package/dist/mailer/adapters/i18n-renderer.js +27 -0
  353. package/dist/mailer/adapters/i18n-renderer.js.map +1 -0
  354. package/dist/mailer/adapters/in-memory-templates.d.ts +6 -0
  355. package/dist/mailer/adapters/in-memory-templates.d.ts.map +1 -0
  356. package/dist/mailer/adapters/in-memory-templates.js +6 -0
  357. package/dist/mailer/adapters/in-memory-templates.js.map +1 -0
  358. package/dist/mailer/adapters/transports.d.ts +19 -0
  359. package/dist/mailer/adapters/transports.d.ts.map +1 -0
  360. package/dist/mailer/adapters/transports.js +38 -0
  361. package/dist/mailer/adapters/transports.js.map +1 -0
  362. package/dist/mailer/core/errors.d.ts +23 -0
  363. package/dist/mailer/core/errors.d.ts.map +1 -0
  364. package/dist/mailer/core/errors.js +40 -0
  365. package/dist/mailer/core/errors.js.map +1 -0
  366. package/dist/mailer/core/failover.d.ts +3 -0
  367. package/dist/mailer/core/failover.d.ts.map +1 -0
  368. package/dist/mailer/core/failover.js +30 -0
  369. package/dist/mailer/core/failover.js.map +1 -0
  370. package/dist/mailer/core/mailer.d.ts +25 -0
  371. package/dist/mailer/core/mailer.d.ts.map +1 -0
  372. package/dist/mailer/core/mailer.js +61 -0
  373. package/dist/mailer/core/mailer.js.map +1 -0
  374. package/dist/mailer/core/ports.d.ts +54 -0
  375. package/dist/mailer/core/ports.d.ts.map +1 -0
  376. package/dist/mailer/core/ports.js +6 -0
  377. package/dist/mailer/core/ports.js.map +1 -0
  378. package/dist/mailer/core/render.d.ts +4 -0
  379. package/dist/mailer/core/render.d.ts.map +1 -0
  380. package/dist/mailer/core/render.js +29 -0
  381. package/dist/mailer/core/render.js.map +1 -0
  382. package/dist/mailer/index.d.ts +17 -0
  383. package/dist/mailer/index.d.ts.map +1 -0
  384. package/dist/mailer/index.js +21 -0
  385. package/dist/mailer/index.js.map +1 -0
  386. package/dist/mailer/nestjs/mailer.module.d.ts +17 -0
  387. package/dist/mailer/nestjs/mailer.module.d.ts.map +1 -0
  388. package/dist/mailer/nestjs/mailer.module.js +15 -0
  389. package/dist/mailer/nestjs/mailer.module.js.map +1 -0
  390. package/dist/observability/core/context.d.ts +9 -0
  391. package/dist/observability/core/context.d.ts.map +1 -0
  392. package/dist/observability/core/context.js +15 -0
  393. package/dist/observability/core/context.js.map +1 -0
  394. package/dist/observability/core/health.d.ts +40 -0
  395. package/dist/observability/core/health.d.ts.map +1 -0
  396. package/dist/observability/core/health.js +51 -0
  397. package/dist/observability/core/health.js.map +1 -0
  398. package/dist/observability/core/logger.d.ts +22 -0
  399. package/dist/observability/core/logger.d.ts.map +1 -0
  400. package/dist/observability/core/logger.js +45 -0
  401. package/dist/observability/core/logger.js.map +1 -0
  402. package/dist/observability/core/metrics.d.ts +63 -0
  403. package/dist/observability/core/metrics.d.ts.map +1 -0
  404. package/dist/observability/core/metrics.js +172 -0
  405. package/dist/observability/core/metrics.js.map +1 -0
  406. package/dist/observability/core/redaction.d.ts +10 -0
  407. package/dist/observability/core/redaction.d.ts.map +1 -0
  408. package/dist/observability/core/redaction.js +48 -0
  409. package/dist/observability/core/redaction.js.map +1 -0
  410. package/dist/observability/core/tracing.d.ts +52 -0
  411. package/dist/observability/core/tracing.d.ts.map +1 -0
  412. package/dist/observability/core/tracing.js +88 -0
  413. package/dist/observability/core/tracing.js.map +1 -0
  414. package/dist/observability/index.d.ts +14 -0
  415. package/dist/observability/index.d.ts.map +1 -0
  416. package/dist/observability/index.js +19 -0
  417. package/dist/observability/index.js.map +1 -0
  418. package/dist/observability/nestjs/observability.module.d.ts +35 -0
  419. package/dist/observability/nestjs/observability.module.d.ts.map +1 -0
  420. package/dist/observability/nestjs/observability.module.js +87 -0
  421. package/dist/observability/nestjs/observability.module.js.map +1 -0
  422. package/dist/persistence/adapters/in-memory-driver.d.ts +18 -0
  423. package/dist/persistence/adapters/in-memory-driver.d.ts.map +1 -0
  424. package/dist/persistence/adapters/in-memory-driver.js +229 -0
  425. package/dist/persistence/adapters/in-memory-driver.js.map +1 -0
  426. package/dist/persistence/adapters/pg-driver.d.ts +21 -0
  427. package/dist/persistence/adapters/pg-driver.d.ts.map +1 -0
  428. package/dist/persistence/adapters/pg-driver.js +42 -0
  429. package/dist/persistence/adapters/pg-driver.js.map +1 -0
  430. package/dist/persistence/adapters/testcontainer-harness.d.ts +37 -0
  431. package/dist/persistence/adapters/testcontainer-harness.d.ts.map +1 -0
  432. package/dist/persistence/adapters/testcontainer-harness.js +79 -0
  433. package/dist/persistence/adapters/testcontainer-harness.js.map +1 -0
  434. package/dist/persistence/core/errors.d.ts +36 -0
  435. package/dist/persistence/core/errors.d.ts.map +1 -0
  436. package/dist/persistence/core/errors.js +58 -0
  437. package/dist/persistence/core/errors.js.map +1 -0
  438. package/dist/persistence/core/migrations.d.ts +16 -0
  439. package/dist/persistence/core/migrations.d.ts.map +1 -0
  440. package/dist/persistence/core/migrations.js +95 -0
  441. package/dist/persistence/core/migrations.js.map +1 -0
  442. package/dist/persistence/core/pool.d.ts +4 -0
  443. package/dist/persistence/core/pool.d.ts.map +1 -0
  444. package/dist/persistence/core/pool.js +180 -0
  445. package/dist/persistence/core/pool.js.map +1 -0
  446. package/dist/persistence/core/ports.d.ts +91 -0
  447. package/dist/persistence/core/ports.d.ts.map +1 -0
  448. package/dist/persistence/core/ports.js +6 -0
  449. package/dist/persistence/core/ports.js.map +1 -0
  450. package/dist/persistence/core/repository.d.ts +18 -0
  451. package/dist/persistence/core/repository.d.ts.map +1 -0
  452. package/dist/persistence/core/repository.js +113 -0
  453. package/dist/persistence/core/repository.js.map +1 -0
  454. package/dist/persistence/core/sql.d.ts +13 -0
  455. package/dist/persistence/core/sql.d.ts.map +1 -0
  456. package/dist/persistence/core/sql.js +35 -0
  457. package/dist/persistence/core/sql.js.map +1 -0
  458. package/dist/persistence/index.d.ts +14 -0
  459. package/dist/persistence/index.d.ts.map +1 -0
  460. package/dist/persistence/index.js +22 -0
  461. package/dist/persistence/index.js.map +1 -0
  462. package/dist/persistence/pg.d.ts +7 -0
  463. package/dist/persistence/pg.d.ts.map +1 -0
  464. package/dist/persistence/pg.js +7 -0
  465. package/dist/persistence/pg.js.map +1 -0
  466. package/dist/privacy/adapters/audit-sink.d.ts +19 -0
  467. package/dist/privacy/adapters/audit-sink.d.ts.map +1 -0
  468. package/dist/privacy/adapters/audit-sink.js +13 -0
  469. package/dist/privacy/adapters/audit-sink.js.map +1 -0
  470. package/dist/privacy/adapters/in-memory-consent-store.d.ts +7 -0
  471. package/dist/privacy/adapters/in-memory-consent-store.d.ts.map +1 -0
  472. package/dist/privacy/adapters/in-memory-consent-store.js +18 -0
  473. package/dist/privacy/adapters/in-memory-consent-store.js.map +1 -0
  474. package/dist/privacy/adapters/pg-consent-store.d.ts +26 -0
  475. package/dist/privacy/adapters/pg-consent-store.d.ts.map +1 -0
  476. package/dist/privacy/adapters/pg-consent-store.js +43 -0
  477. package/dist/privacy/adapters/pg-consent-store.js.map +1 -0
  478. package/dist/privacy/core/consent.d.ts +35 -0
  479. package/dist/privacy/core/consent.d.ts.map +1 -0
  480. package/dist/privacy/core/consent.js +49 -0
  481. package/dist/privacy/core/consent.js.map +1 -0
  482. package/dist/privacy/core/erasure.d.ts +22 -0
  483. package/dist/privacy/core/erasure.d.ts.map +1 -0
  484. package/dist/privacy/core/erasure.js +35 -0
  485. package/dist/privacy/core/erasure.js.map +1 -0
  486. package/dist/privacy/core/errors.d.ts +18 -0
  487. package/dist/privacy/core/errors.d.ts.map +1 -0
  488. package/dist/privacy/core/errors.js +30 -0
  489. package/dist/privacy/core/errors.js.map +1 -0
  490. package/dist/privacy/core/export.d.ts +20 -0
  491. package/dist/privacy/core/export.d.ts.map +1 -0
  492. package/dist/privacy/core/export.js +30 -0
  493. package/dist/privacy/core/export.js.map +1 -0
  494. package/dist/privacy/core/ports.d.ts +48 -0
  495. package/dist/privacy/core/ports.d.ts.map +1 -0
  496. package/dist/privacy/core/ports.js +6 -0
  497. package/dist/privacy/core/ports.js.map +1 -0
  498. package/dist/privacy/core/registry.d.ts +17 -0
  499. package/dist/privacy/core/registry.d.ts.map +1 -0
  500. package/dist/privacy/core/registry.js +31 -0
  501. package/dist/privacy/core/registry.js.map +1 -0
  502. package/dist/privacy/index.d.ts +16 -0
  503. package/dist/privacy/index.d.ts.map +1 -0
  504. package/dist/privacy/index.js +21 -0
  505. package/dist/privacy/index.js.map +1 -0
  506. package/dist/rate-limit/adapters/in-memory-store.d.ts +7 -0
  507. package/dist/rate-limit/adapters/in-memory-store.d.ts.map +1 -0
  508. package/dist/rate-limit/adapters/in-memory-store.js +50 -0
  509. package/dist/rate-limit/adapters/in-memory-store.js.map +1 -0
  510. package/dist/rate-limit/adapters/redis-store.d.ts +11 -0
  511. package/dist/rate-limit/adapters/redis-store.d.ts.map +1 -0
  512. package/dist/rate-limit/adapters/redis-store.js +93 -0
  513. package/dist/rate-limit/adapters/redis-store.js.map +1 -0
  514. package/dist/rate-limit/core/enforcer.d.ts +23 -0
  515. package/dist/rate-limit/core/enforcer.d.ts.map +1 -0
  516. package/dist/rate-limit/core/enforcer.js +27 -0
  517. package/dist/rate-limit/core/enforcer.js.map +1 -0
  518. package/dist/rate-limit/core/errors.d.ts +19 -0
  519. package/dist/rate-limit/core/errors.d.ts.map +1 -0
  520. package/dist/rate-limit/core/errors.js +32 -0
  521. package/dist/rate-limit/core/errors.js.map +1 -0
  522. package/dist/rate-limit/core/ports.d.ts +50 -0
  523. package/dist/rate-limit/core/ports.d.ts.map +1 -0
  524. package/dist/rate-limit/core/ports.js +6 -0
  525. package/dist/rate-limit/core/ports.js.map +1 -0
  526. package/dist/rate-limit/core/sliding-window.d.ts +9 -0
  527. package/dist/rate-limit/core/sliding-window.d.ts.map +1 -0
  528. package/dist/rate-limit/core/sliding-window.js +24 -0
  529. package/dist/rate-limit/core/sliding-window.js.map +1 -0
  530. package/dist/rate-limit/core/token-bucket.d.ts +9 -0
  531. package/dist/rate-limit/core/token-bucket.d.ts.map +1 -0
  532. package/dist/rate-limit/core/token-bucket.js +24 -0
  533. package/dist/rate-limit/core/token-bucket.js.map +1 -0
  534. package/dist/rate-limit/index.d.ts +15 -0
  535. package/dist/rate-limit/index.d.ts.map +1 -0
  536. package/dist/rate-limit/index.js +19 -0
  537. package/dist/rate-limit/index.js.map +1 -0
  538. package/dist/rate-limit/nestjs/rate-limit.module.d.ts +25 -0
  539. package/dist/rate-limit/nestjs/rate-limit.module.d.ts.map +1 -0
  540. package/dist/rate-limit/nestjs/rate-limit.module.js +63 -0
  541. package/dist/rate-limit/nestjs/rate-limit.module.js.map +1 -0
  542. package/dist/rate-limit/nodejs/middleware.d.ts +16 -0
  543. package/dist/rate-limit/nodejs/middleware.d.ts.map +1 -0
  544. package/dist/rate-limit/nodejs/middleware.js +26 -0
  545. package/dist/rate-limit/nodejs/middleware.js.map +1 -0
  546. package/dist/test-kit/adapters/infra-bootstrap.d.ts +40 -0
  547. package/dist/test-kit/adapters/infra-bootstrap.d.ts.map +1 -0
  548. package/dist/test-kit/adapters/infra-bootstrap.js +64 -0
  549. package/dist/test-kit/adapters/infra-bootstrap.js.map +1 -0
  550. package/dist/test-kit/core/contract.d.ts +49 -0
  551. package/dist/test-kit/core/contract.d.ts.map +1 -0
  552. package/dist/test-kit/core/contract.js +52 -0
  553. package/dist/test-kit/core/contract.js.map +1 -0
  554. package/dist/test-kit/core/errors.d.ts +12 -0
  555. package/dist/test-kit/core/errors.d.ts.map +1 -0
  556. package/dist/test-kit/core/errors.js +19 -0
  557. package/dist/test-kit/core/errors.js.map +1 -0
  558. package/dist/test-kit/core/factories.d.ts +24 -0
  559. package/dist/test-kit/core/factories.d.ts.map +1 -0
  560. package/dist/test-kit/core/factories.js +57 -0
  561. package/dist/test-kit/core/factories.js.map +1 -0
  562. package/dist/test-kit/core/http-client.d.ts +46 -0
  563. package/dist/test-kit/core/http-client.d.ts.map +1 -0
  564. package/dist/test-kit/core/http-client.js +63 -0
  565. package/dist/test-kit/core/http-client.js.map +1 -0
  566. package/dist/test-kit/index.d.ts +10 -0
  567. package/dist/test-kit/index.d.ts.map +1 -0
  568. package/dist/test-kit/index.js +14 -0
  569. package/dist/test-kit/index.js.map +1 -0
  570. package/dist/test-kit/infra.d.ts +6 -0
  571. package/dist/test-kit/infra.d.ts.map +1 -0
  572. package/dist/test-kit/infra.js +6 -0
  573. package/dist/test-kit/infra.js.map +1 -0
  574. package/package.json +170 -0
package/README.md ADDED
@@ -0,0 +1,145 @@
1
+ # webapp-factory
2
+
3
+ Collectie van **domein-loze, herbruikbare backend-kits**. Elke kit is een pure TypeScript-module
4
+ (ports & adapters, geen domeinkennis) die via een namespace of subpath geïmporteerd wordt. Eén
5
+ package, één versielijn, semver.
6
+
7
+ ```ts
8
+ // Namespace-import (root):
9
+ import { config } from 'webapp-factory/backend-foundation';
10
+ const cfg = await config.loadConfig({ schema, env: process.env });
11
+
12
+ // of subpath-import (laadt alleen die kit):
13
+ import { loadConfig } from 'webapp-factory/backend-foundation/config';
14
+ ```
15
+
16
+ ## Installatie
17
+
18
+ ```bash
19
+ npm install webapp-factory zod
20
+ ```
21
+
22
+ `zod` is een (optionele) peer-dependency voor de kits die schemavalidatie bieden.
23
+
24
+ ## Kits
25
+
26
+ | Kit | Namespace | Subpath | Status |
27
+ |-----|-----------|---------|--------|
28
+ | config | `config` | `webapp-factory/backend-foundation/config` | [Integratiegids](./docs/config.md) | ✅ EPIC-01 (US-0101 t/m US-0105) |
29
+ | http | `http` | `webapp-factory/backend-foundation/http` | [Integratiegids](./docs/http.md) | ✅ EPIC-02 (US-0201 t/m US-0207) |
30
+ | persistence | `persistence` | `webapp-factory/backend-foundation/persistence` | [Integratiegids](./docs/persistence.md) | ✅ EPIC-03 (US-0301 t/m US-0305) |
31
+ | auth | `auth` | `webapp-factory/backend-foundation/auth` | [Integratiegids](./docs/auth.md) | ✅ EPIC-04 (US-0401 t/m US-0404) |
32
+ | access-control | `accessControl` | `webapp-factory/backend-foundation/access-control` | [Integratiegids](./docs/access-control.md) | ✅ EPIC-05 (US-0501 t/m US-0504) |
33
+ | rate-limit | `rateLimit` | `webapp-factory/backend-foundation/rate-limit` | [Integratiegids](./docs/rate-limit.md) | ✅ EPIC-06 (US-0601 t/m US-0604) |
34
+ | cache | `cache` | `webapp-factory/backend-foundation/cache` | [Integratiegids](./docs/cache.md) | ✅ EPIC-07 (US-0701 t/m US-0704) |
35
+ | jobs | `jobs` | `webapp-factory/backend-foundation/jobs` | [Integratiegids](./docs/jobs.md) | ✅ EPIC-08 (US-0801 t/m US-0804) |
36
+ | audit-log | `auditLog` | `webapp-factory/backend-foundation/audit-log` | [Integratiegids](./docs/audit-log.md) | ✅ EPIC-10 (US-1001 t/m US-1004) |
37
+ | observability | `observability` | `webapp-factory/backend-foundation/observability` | [Integratiegids](./docs/observability.md) | ✅ EPIC-11 (US-1101 t/m US-1104) |
38
+ | i18n | `i18n` | `webapp-factory/backend-foundation/i18n` | [Integratiegids](./docs/i18n.md) | ✅ EPIC-13 (US-1301 t/m US-1304) |
39
+ | mailer | `mailer` | `webapp-factory/backend-foundation/mailer` | [Integratiegids](./docs/mailer.md) | ✅ EPIC-09 (US-0901 t/m US-0904) |
40
+ | privacy | `privacy` | `webapp-factory/backend-foundation/privacy` | [Integratiegids](./docs/privacy.md) | ✅ EPIC-12 (US-1201 t/m US-1205) |
41
+ | test-kit | `testKit` | `webapp-factory/backend-foundation/test-kit` | [Integratiegids](./docs/test-kit.md) | ✅ EPIC-14 (US-1401 t/m US-1404) |
42
+
43
+ > De kolom-kop hierboven is: Kit · Namespace · Subpath · Integratiegids · Status.
44
+
45
+ Per kit is er een **taakgerichte integratiegids** in [`docs/`](./docs/README.md): poorten, wiring,
46
+ recepten, testadvies en valkuilen (deze README geeft alleen het API-overzicht).
47
+
48
+ Een nieuwe kit toevoegen betekent:
49
+
50
+ 1. `src/<kit>/` met een eigen `index.ts` (pure core + adapters).
51
+ 2. een namespace-export in de root-`src/index.ts` (`export * as <kit> from './<kit>/index.js'`).
52
+ 3. een subpath in `exports` (en `/<kit>/nestjs` als er een Nest-adapter is).
53
+ 4. een integratiegids `docs/<kit>.md` volgens de vaste opbouw in [`docs/README.md`](./docs/README.md).
54
+
55
+ ## Kit: `config`
56
+
57
+ Getypte configuratie- en secret-loading met schemavalidatie, fail-fast start en per-omgeving
58
+ overrides.
59
+
60
+ ```ts
61
+ import { z } from 'zod';
62
+ import { config } from 'webapp-factory/backend-foundation';
63
+
64
+ const schema = config.zodSchema(
65
+ z.object({
66
+ app: z.object({ name: z.string() }),
67
+ db: z.object({
68
+ host: z.string(),
69
+ port: z.coerce.number().int().min(1).max(65535).default(5432),
70
+ password: config.zodSecret(), // opgelost + geredigeerd
71
+ }),
72
+ log: z.object({ level: z.enum(['debug', 'info', 'warn', 'error']).default('info') }),
73
+ }),
74
+ );
75
+
76
+ const cfg = await config.loadConfig({
77
+ schema,
78
+ base: { log: { level: 'info' } },
79
+ overrides: { production: { log: { level: 'warn' } } },
80
+ environmentKey: 'APP_ENV',
81
+ env: process.env, // DB__HOST -> db.host, DB__PORT -> db.port (gecoerced)
82
+ resolver: config.compositeSecretResolver(
83
+ config.fileSecretResolver(), // file:///run/secrets/...
84
+ config.mapSecretResolver('vault', { 'kv/data/db#password': '…' }),
85
+ ),
86
+ reporter: config.consoleReporter(),
87
+ onFailure: 'exit', // fail-fast met niet-nul exitcode
88
+ });
89
+
90
+ cfg.db.port; // number, default toegepast
91
+ cfg.db.password.reveal(); // pas op het punt van gebruik
92
+ JSON.stringify(cfg); // db.password -> "***"
93
+ ```
94
+
95
+ ### Kernconcepten
96
+
97
+ - **Env (US-0101):** `DB__HOST` → `db.host`; scheidingsteken `__`, lowercased; optionele `prefix`.
98
+ Voorrang laag→hoog: `base` → per-omgeving override → `sources` → `.env` → `env`. Coercie
99
+ schema-gedreven (`z.coerce.*`) of standalone met `coerceByMap`.
100
+ - **Secrets (US-0102):** referenties (`file://`, `vault://`, custom) worden via de
101
+ `SecretResolver`-poort opgelost en in een `Secret` gewrapt die zichzelf consequent redigeert
102
+ (`JSON.stringify`/`inspect`/`String`/spread). Onoplosbaar → `SecretResolutionError` zonder
103
+ secretwaarde.
104
+ - **Validatie (US-0103):** `zodSchema(...)` leidt het type af via `z.infer`, verzamelt álle
105
+ overtredingen (pad + reden, geen invoerwaarden) en levert een bevroren object.
106
+ - **Fail-fast (US-0104):** geaggregeerd, geredigeerd rapport via de `Reporter`-poort; `onFailure:
107
+ 'exit'` → niet-nul exitcode, anders `ConfigValidationError`.
108
+ - **Overrides (US-0105):** `base` + `overrides[<env>]` diepe merge (override wint); onbekende
109
+ omgeving valt terug op de basis; fouten benoemen de omgeving.
110
+
111
+ ### Ports (injecteer je eigen adapters)
112
+
113
+ | Port | Verantwoordelijkheid | Meegeleverde adapters |
114
+ |------|----------------------|-----------------------|
115
+ | `ConfigSchema<T>` | valideren + type afleiden | `zodSchema`, `zodSecret` |
116
+ | `SecretResolver` | referenties oplossen | `fileSecretResolver`, `mapSecretResolver`, `functionSecretResolver`, `compositeSecretResolver` |
117
+ | `Reporter` | foutrapport uitschrijven | `consoleReporter`, `collectingReporter` |
118
+
119
+ ### NestJS
120
+
121
+ ```ts
122
+ import { ConfigKitModule, CONFIG_KIT } from 'webapp-factory/backend-foundation/config/nestjs';
123
+
124
+ @Module({ imports: [ConfigKitModule.forRootAsync({ schema, env: process.env })] })
125
+ export class AppModule {}
126
+ // constructor(@Inject(CONFIG_KIT) private readonly cfg: AppConfig) {}
127
+ ```
128
+
129
+ ## Ontwikkeling
130
+
131
+ ```bash
132
+ npm install # vanuit de repo-root (npm workspaces) of vanuit deze package
133
+ npm run build # tsc -> dist/
134
+ npm test # vitest run (324 tests, incl. HTTP-e2e, echte Postgres- en Redis-testcontainer-e2e, auth-flow- en guard-e2e)
135
+ npm run typecheck
136
+ ```
137
+
138
+ ## Portabiliteits-contract (per kit)
139
+
140
+ - **Geen domeinkennis** — alleen abstracties (schema, resolver, reporter, omgevingen).
141
+ - **Ports & adapters** — de core definieert interfaces; het project levert adapters/config.
142
+ - **Config-injectie** — geen hardcoded waardes of vaste omgevingsnamen.
143
+ - **Semver** — breaking changes aan de publieke API vereisen een major-bump van de collectie.
144
+
145
+ Bron & conventies: [`../../GENERATION-GUIDE.md`](../../GENERATION-GUIDE.md).
@@ -0,0 +1,7 @@
1
+ /**
2
+ * Dep-vrije referentie-{@link RelationResolver} (US-0503): levert relatie-edges uit een in-memory
3
+ * lijst. Productie-adapters (bv. bovenop persistence-kit) levert het consumerende project.
4
+ */
5
+ import type { RelationEdge, RelationResolver } from '../core/ports.js';
6
+ export declare function inMemoryRelationResolver(edges: RelationEdge[]): RelationResolver;
7
+ //# sourceMappingURL=in-memory-relations.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"in-memory-relations.d.ts","sourceRoot":"","sources":["../../../src/access-control/adapters/in-memory-relations.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,OAAO,KAAK,EAAE,YAAY,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AAEvE,wBAAgB,wBAAwB,CAAC,KAAK,EAAE,YAAY,EAAE,GAAG,gBAAgB,CAIhF"}
@@ -0,0 +1,6 @@
1
+ export function inMemoryRelationResolver(edges) {
2
+ return {
3
+ relationsFrom: async (node) => edges.filter((edge) => edge.from === node),
4
+ };
5
+ }
6
+ //# sourceMappingURL=in-memory-relations.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"in-memory-relations.js","sourceRoot":"","sources":["../../../src/access-control/adapters/in-memory-relations.ts"],"names":[],"mappings":"AAMA,MAAM,UAAU,wBAAwB,CAAC,KAAqB;IAC5D,OAAO;QACL,aAAa,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,KAAK,IAAI,CAAC;KAC1E,CAAC;AACJ,CAAC"}
@@ -0,0 +1,13 @@
1
+ import type { Rbac } from './rbac.js';
2
+ import type { Decision, Subject } from './ports.js';
3
+ export interface AuthorizePermissionsParams {
4
+ subject?: Subject | null;
5
+ /** Vereiste permissies (AND). Leeg = geen declaratie → default-beleid. */
6
+ required: string[];
7
+ rbac: Rbac;
8
+ /** Beleid wanneer een handler geen permissies declareert. Default `deny`. */
9
+ defaultDecision?: 'allow' | 'deny';
10
+ }
11
+ /** Beslist toegang op basis van vereiste permissies en de effectieve permissies van het subject. */
12
+ export declare function authorizePermissions(params: AuthorizePermissionsParams): Decision;
13
+ //# sourceMappingURL=enforcement.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"enforcement.d.ts","sourceRoot":"","sources":["../../../src/access-control/core/enforcement.ts"],"names":[],"mappings":"AAQA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACtC,OAAO,KAAK,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,YAAY,CAAC;AAEpD,MAAM,WAAW,0BAA0B;IACzC,OAAO,CAAC,EAAE,OAAO,GAAG,IAAI,CAAC;IACzB,0EAA0E;IAC1E,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,IAAI,EAAE,IAAI,CAAC;IACX,6EAA6E;IAC7E,eAAe,CAAC,EAAE,OAAO,GAAG,MAAM,CAAC;CACpC;AAED,oGAAoG;AACpG,wBAAgB,oBAAoB,CAAC,MAAM,EAAE,0BAA0B,GAAG,QAAQ,CA8BjF"}
@@ -0,0 +1,38 @@
1
+ /**
2
+ * US-0502 — Enforcement (framework-agnostische kern van guard/decorator).
3
+ *
4
+ * Evalueert of een subject de vereiste permissies heeft, met **default-deny**: geen subject → deny;
5
+ * geen permissie-declaratie → het geconfigureerde default-beleid. De reden lekt geen rol-/permissie-
6
+ * informatie naar de eindgebruiker.
7
+ */
8
+ import { UnknownRoleError } from './errors.js';
9
+ /** Beslist toegang op basis van vereiste permissies en de effectieve permissies van het subject. */
10
+ export function authorizePermissions(params) {
11
+ const { subject, required, rbac } = params;
12
+ // Geen geldig subject → deny zonder de permissie-resolutie te draaien (US-0502 AC3).
13
+ if (!subject) {
14
+ return { allowed: false, reason: 'geen geauthenticeerd subject' };
15
+ }
16
+ if (required.length === 0) {
17
+ const fallback = params.defaultDecision ?? 'deny';
18
+ return fallback === 'allow'
19
+ ? { allowed: true, reason: 'default-allow' }
20
+ : { allowed: false, reason: 'default-deny (geen permissie-declaratie)' };
21
+ }
22
+ let effective;
23
+ try {
24
+ effective = rbac.resolve(subject.roles);
25
+ }
26
+ catch (error) {
27
+ // Onbekende rol → fail-closed (deny), niet crashen.
28
+ if (error instanceof UnknownRoleError) {
29
+ return { allowed: false, reason: 'onbekende rol (fail-closed)' };
30
+ }
31
+ throw error;
32
+ }
33
+ const satisfied = required.every((permission) => effective.has(permission));
34
+ return satisfied
35
+ ? { allowed: true, reason: 'permissies voldaan' }
36
+ : { allowed: false, reason: 'ontbrekende permissie' };
37
+ }
38
+ //# sourceMappingURL=enforcement.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"enforcement.js","sourceRoot":"","sources":["../../../src/access-control/core/enforcement.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AACH,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAa/C,oGAAoG;AACpG,MAAM,UAAU,oBAAoB,CAAC,MAAkC;IACrE,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,GAAG,MAAM,CAAC;IAE3C,qFAAqF;IACrF,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,8BAA8B,EAAE,CAAC;IACpE,CAAC;IAED,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1B,MAAM,QAAQ,GAAG,MAAM,CAAC,eAAe,IAAI,MAAM,CAAC;QAClD,OAAO,QAAQ,KAAK,OAAO;YACzB,CAAC,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,eAAe,EAAE;YAC5C,CAAC,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,0CAA0C,EAAE,CAAC;IAC7E,CAAC;IAED,IAAI,SAAsB,CAAC;IAC3B,IAAI,CAAC;QACH,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;IAC1C,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,oDAAoD;QACpD,IAAI,KAAK,YAAY,gBAAgB,EAAE,CAAC;YACtC,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,6BAA6B,EAAE,CAAC;QACnE,CAAC;QACD,MAAM,KAAK,CAAC;IACd,CAAC;IAED,MAAM,SAAS,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,UAAU,EAAE,EAAE,CAAC,SAAS,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC;IAC5E,OAAO,SAAS;QACd,CAAC,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,oBAAoB,EAAE;QACjD,CAAC,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,uBAAuB,EAAE,CAAC;AAC1D,CAAC"}
@@ -0,0 +1,30 @@
1
+ /**
2
+ * Foutentaxonomie voor access-control. Fouten lekken geen rol-/permissie-/policy-details naar
3
+ * eindgebruikers (geen informatie-lek); default is altijd deny (fail-closed).
4
+ */
5
+ export declare class AccessControlError extends Error {
6
+ readonly code: string;
7
+ constructor(message: string, code: string);
8
+ }
9
+ /** Onbekende rol bij toewijzing/resolutie (US-0501 AC3). */
10
+ export declare class UnknownRoleError extends AccessControlError {
11
+ readonly role: string;
12
+ constructor(role: string);
13
+ }
14
+ /** Cyclische rol-hiërarchie gedetecteerd bij het laden van het model (US-0501 AC2). */
15
+ export declare class RoleCycleError extends AccessControlError {
16
+ constructor(cycle: string[]);
17
+ }
18
+ /** Structureel ongeldige autorisatie-aanvraag (US-0504 AC3). */
19
+ export declare class InvalidAuthorizationRequestError extends AccessControlError {
20
+ constructor(reason: string);
21
+ }
22
+ /** Fout bij het oplossen van relaties via de relatie-port (US-0503 AC3). Niet-lekkend. */
23
+ export declare class RelationResolutionError extends AccessControlError {
24
+ constructor();
25
+ }
26
+ /** Toegang geweigerd (bruikbaar door adapters om op 403 te mappen). */
27
+ export declare class AccessDeniedError extends AccessControlError {
28
+ constructor(reason?: string);
29
+ }
30
+ //# sourceMappingURL=errors.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../../../src/access-control/core/errors.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,qBAAa,kBAAmB,SAAQ,KAAK;IAC3C,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;gBACV,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM;CAM1C;AAED,4DAA4D;AAC5D,qBAAa,gBAAiB,SAAQ,kBAAkB;IACtD,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;gBACV,IAAI,EAAE,MAAM;CAIzB;AAED,uFAAuF;AACvF,qBAAa,cAAe,SAAQ,kBAAkB;gBACxC,KAAK,EAAE,MAAM,EAAE;CAG5B;AAED,gEAAgE;AAChE,qBAAa,gCAAiC,SAAQ,kBAAkB;gBAC1D,MAAM,EAAE,MAAM;CAG3B;AAED,0FAA0F;AAC1F,qBAAa,uBAAwB,SAAQ,kBAAkB;;CAI9D;AAED,uEAAuE;AACvE,qBAAa,iBAAkB,SAAQ,kBAAkB;gBAC3C,MAAM,SAAsB;CAGzC"}
@@ -0,0 +1,46 @@
1
+ /**
2
+ * Foutentaxonomie voor access-control. Fouten lekken geen rol-/permissie-/policy-details naar
3
+ * eindgebruikers (geen informatie-lek); default is altijd deny (fail-closed).
4
+ */
5
+ export class AccessControlError extends Error {
6
+ code;
7
+ constructor(message, code) {
8
+ super(message);
9
+ this.name = new.target.name;
10
+ this.code = code;
11
+ Object.setPrototypeOf(this, new.target.prototype);
12
+ }
13
+ }
14
+ /** Onbekende rol bij toewijzing/resolutie (US-0501 AC3). */
15
+ export class UnknownRoleError extends AccessControlError {
16
+ role;
17
+ constructor(role) {
18
+ super(`Onbekende rol: "${role}"`, 'UNKNOWN_ROLE');
19
+ this.role = role;
20
+ }
21
+ }
22
+ /** Cyclische rol-hiërarchie gedetecteerd bij het laden van het model (US-0501 AC2). */
23
+ export class RoleCycleError extends AccessControlError {
24
+ constructor(cycle) {
25
+ super(`Cyclische rol-verwijzing: ${cycle.join(' -> ')}`, 'ROLE_CYCLE');
26
+ }
27
+ }
28
+ /** Structureel ongeldige autorisatie-aanvraag (US-0504 AC3). */
29
+ export class InvalidAuthorizationRequestError extends AccessControlError {
30
+ constructor(reason) {
31
+ super(`Ongeldige autorisatie-aanvraag: ${reason}`, 'INVALID_REQUEST');
32
+ }
33
+ }
34
+ /** Fout bij het oplossen van relaties via de relatie-port (US-0503 AC3). Niet-lekkend. */
35
+ export class RelationResolutionError extends AccessControlError {
36
+ constructor() {
37
+ super('Relatie-evaluatie mislukt', 'RELATION_RESOLUTION');
38
+ }
39
+ }
40
+ /** Toegang geweigerd (bruikbaar door adapters om op 403 te mappen). */
41
+ export class AccessDeniedError extends AccessControlError {
42
+ constructor(reason = 'Toegang geweigerd') {
43
+ super(reason, 'ACCESS_DENIED');
44
+ }
45
+ }
46
+ //# sourceMappingURL=errors.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"errors.js","sourceRoot":"","sources":["../../../src/access-control/core/errors.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,MAAM,OAAO,kBAAmB,SAAQ,KAAK;IAClC,IAAI,CAAS;IACtB,YAAY,OAAe,EAAE,IAAY;QACvC,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC;QAC5B,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;QACjB,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACpD,CAAC;CACF;AAED,4DAA4D;AAC5D,MAAM,OAAO,gBAAiB,SAAQ,kBAAkB;IAC7C,IAAI,CAAS;IACtB,YAAY,IAAY;QACtB,KAAK,CAAC,mBAAmB,IAAI,GAAG,EAAE,cAAc,CAAC,CAAC;QAClD,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;IACnB,CAAC;CACF;AAED,uFAAuF;AACvF,MAAM,OAAO,cAAe,SAAQ,kBAAkB;IACpD,YAAY,KAAe;QACzB,KAAK,CAAC,6BAA6B,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,EAAE,YAAY,CAAC,CAAC;IACzE,CAAC;CACF;AAED,gEAAgE;AAChE,MAAM,OAAO,gCAAiC,SAAQ,kBAAkB;IACtE,YAAY,MAAc;QACxB,KAAK,CAAC,mCAAmC,MAAM,EAAE,EAAE,iBAAiB,CAAC,CAAC;IACxE,CAAC;CACF;AAED,0FAA0F;AAC1F,MAAM,OAAO,uBAAwB,SAAQ,kBAAkB;IAC7D;QACE,KAAK,CAAC,2BAA2B,EAAE,qBAAqB,CAAC,CAAC;IAC5D,CAAC;CACF;AAED,uEAAuE;AACvE,MAAM,OAAO,iBAAkB,SAAQ,kBAAkB;IACvD,YAAY,MAAM,GAAG,mBAAmB;QACtC,KAAK,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;IACjC,CAAC;CACF"}
@@ -0,0 +1,14 @@
1
+ import type { RebacChecker } from './rebac.js';
2
+ import type { Rbac } from './rbac.js';
3
+ import type { Decision, DecisionRequest, Policy } from './ports.js';
4
+ export interface PdpDependencies {
5
+ rbac: Rbac;
6
+ rebac?: RebacChecker;
7
+ policies: Policy[];
8
+ }
9
+ export declare class PolicyDecisionPoint {
10
+ #private;
11
+ constructor(deps: PdpDependencies);
12
+ decide(request: DecisionRequest): Promise<Decision>;
13
+ }
14
+ //# sourceMappingURL=pdp.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"pdp.d.ts","sourceRoot":"","sources":["../../../src/access-control/core/pdp.ts"],"names":[],"mappings":"AASA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAC/C,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACtC,OAAO,KAAK,EAAE,QAAQ,EAAE,eAAe,EAAE,MAAM,EAAE,MAAM,YAAY,CAAC;AAEpE,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,IAAI,CAAC;IACX,KAAK,CAAC,EAAE,YAAY,CAAC;IACrB,QAAQ,EAAE,MAAM,EAAE,CAAC;CACpB;AAED,qBAAa,mBAAmB;;gBAKlB,IAAI,EAAE,eAAe;IAM3B,MAAM,CAAC,OAAO,EAAE,eAAe,GAAG,OAAO,CAAC,QAAQ,CAAC;CA+D1D"}
@@ -0,0 +1,79 @@
1
+ /**
2
+ * US-0504 — Policy-definitie + centraal decision-point (PDP).
3
+ *
4
+ * Evalueert een aanvraag (subject, action, resource, context) tegen geïnjecteerde policies en geeft
5
+ * een expliciete beslissing terug: `allow`/`deny` mét reden. Combineert RBAC- (permissies) en ReBAC-
6
+ * signalen (relaties/ownership) per policy. Default is deny bij afwezigheid van een toestaande policy;
7
+ * een structureel ongeldige aanvraag faalt fail-fast.
8
+ */
9
+ import { InvalidAuthorizationRequestError } from './errors.js';
10
+ export class PolicyDecisionPoint {
11
+ #rbac;
12
+ #rebac;
13
+ #policies;
14
+ constructor(deps) {
15
+ this.#rbac = deps.rbac;
16
+ this.#rebac = deps.rebac;
17
+ this.#policies = deps.policies;
18
+ }
19
+ async decide(request) {
20
+ this.#validate(request);
21
+ const candidates = this.#policies.filter((p) => p.action === request.action && (!p.resourceType || p.resourceType === request.resource?.type));
22
+ if (candidates.length === 0) {
23
+ return { allowed: false, reason: 'geen toestaande policy (default-deny)' };
24
+ }
25
+ let lastFailure = 'geen toestaande policy (default-deny)';
26
+ for (const policy of candidates) {
27
+ const failure = await this.#evaluate(policy, request);
28
+ if (failure === null) {
29
+ return { allowed: true, reason: `toegestaan door policy "${policy.id}"`, policyId: policy.id };
30
+ }
31
+ lastFailure = failure;
32
+ }
33
+ return { allowed: false, reason: lastFailure };
34
+ }
35
+ #validate(request) {
36
+ const subject = request?.subject;
37
+ if (!subject || typeof subject.id !== 'string' || !Array.isArray(subject.roles)) {
38
+ throw new InvalidAuthorizationRequestError('ontbrekend of ongeldig subject');
39
+ }
40
+ if (typeof request.action !== 'string' || request.action.length === 0) {
41
+ throw new InvalidAuthorizationRequestError('ontbrekende action');
42
+ }
43
+ }
44
+ /** Retourneert `null` als de policy toestaat, anders een faal-reden. */
45
+ async #evaluate(policy, request) {
46
+ if (policy.requirePermissions?.length) {
47
+ let effective;
48
+ try {
49
+ effective = this.#rbac.resolve(request.subject.roles);
50
+ }
51
+ catch {
52
+ return 'onbekende rol (RBAC)';
53
+ }
54
+ if (!policy.requirePermissions.every((p) => effective.has(p))) {
55
+ return 'ontbrekende permissie (RBAC)';
56
+ }
57
+ }
58
+ const relations = policy.requireOwnership
59
+ ? ['owner', ...(policy.requireRelations ?? [])]
60
+ : policy.requireRelations;
61
+ if (relations && relations.length > 0) {
62
+ if (!this.#rebac)
63
+ return 'ReBAC-conditie kan niet worden geëvalueerd (geen relatie-checker)';
64
+ if (!request.resource)
65
+ return 'ReBAC-conditie vereist een resource';
66
+ let result;
67
+ try {
68
+ result = await this.#rebac.check(request.subject.id, request.resource.id, { relations });
69
+ }
70
+ catch {
71
+ return 'relatie-evaluatie mislukt';
72
+ }
73
+ if (!result.allowed)
74
+ return 'ownership-conditie (ReBAC) niet voldaan';
75
+ }
76
+ return null;
77
+ }
78
+ }
79
+ //# sourceMappingURL=pdp.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"pdp.js","sourceRoot":"","sources":["../../../src/access-control/core/pdp.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AACH,OAAO,EAAE,gCAAgC,EAAE,MAAM,aAAa,CAAC;AAW/D,MAAM,OAAO,mBAAmB;IACrB,KAAK,CAAO;IACZ,MAAM,CAA2B;IACjC,SAAS,CAAW;IAE7B,YAAY,IAAqB;QAC/B,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,IAAI,CAAC;QACvB,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC;QACzB,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,QAAQ,CAAC;IACjC,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,OAAwB;QACnC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;QAExB,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,CACtC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,OAAO,CAAC,MAAM,IAAI,CAAC,CAAC,CAAC,CAAC,YAAY,IAAI,CAAC,CAAC,YAAY,KAAK,OAAO,CAAC,QAAQ,EAAE,IAAI,CAAC,CACrG,CAAC;QACF,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC5B,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,uCAAuC,EAAE,CAAC;QAC7E,CAAC;QAED,IAAI,WAAW,GAAG,uCAAuC,CAAC;QAC1D,KAAK,MAAM,MAAM,IAAI,UAAU,EAAE,CAAC;YAChC,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;YACtD,IAAI,OAAO,KAAK,IAAI,EAAE,CAAC;gBACrB,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,2BAA2B,MAAM,CAAC,EAAE,GAAG,EAAE,QAAQ,EAAE,MAAM,CAAC,EAAE,EAAE,CAAC;YACjG,CAAC;YACD,WAAW,GAAG,OAAO,CAAC;QACxB,CAAC;QACD,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC;IACjD,CAAC;IAED,SAAS,CAAC,OAAwB;QAChC,MAAM,OAAO,GAAG,OAAO,EAAE,OAAO,CAAC;QACjC,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,CAAC,EAAE,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;YAChF,MAAM,IAAI,gCAAgC,CAAC,gCAAgC,CAAC,CAAC;QAC/E,CAAC;QACD,IAAI,OAAO,OAAO,CAAC,MAAM,KAAK,QAAQ,IAAI,OAAO,CAAC,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACtE,MAAM,IAAI,gCAAgC,CAAC,oBAAoB,CAAC,CAAC;QACnE,CAAC;IACH,CAAC;IAED,wEAAwE;IACxE,KAAK,CAAC,SAAS,CAAC,MAAc,EAAE,OAAwB;QACtD,IAAI,MAAM,CAAC,kBAAkB,EAAE,MAAM,EAAE,CAAC;YACtC,IAAI,SAAsB,CAAC;YAC3B,IAAI,CAAC;gBACH,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;YACxD,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,sBAAsB,CAAC;YAChC,CAAC;YACD,IAAI,CAAC,MAAM,CAAC,kBAAkB,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC9D,OAAO,8BAA8B,CAAC;YACxC,CAAC;QACH,CAAC;QAED,MAAM,SAAS,GAAG,MAAM,CAAC,gBAAgB;YACvC,CAAC,CAAC,CAAC,OAAO,EAAE,GAAG,CAAC,MAAM,CAAC,gBAAgB,IAAI,EAAE,CAAC,CAAC;YAC/C,CAAC,CAAC,MAAM,CAAC,gBAAgB,CAAC;QAE5B,IAAI,SAAS,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACtC,IAAI,CAAC,IAAI,CAAC,MAAM;gBAAE,OAAO,mEAAmE,CAAC;YAC7F,IAAI,CAAC,OAAO,CAAC,QAAQ;gBAAE,OAAO,qCAAqC,CAAC;YACpE,IAAI,MAAM,CAAC;YACX,IAAI,CAAC;gBACH,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,EAAE,OAAO,CAAC,QAAQ,CAAC,EAAE,EAAE,EAAE,SAAS,EAAE,CAAC,CAAC;YAC3F,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,2BAA2B,CAAC;YACrC,CAAC;YACD,IAAI,CAAC,MAAM,CAAC,OAAO;gBAAE,OAAO,yCAAyC,CAAC;QACxE,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;CACF"}
@@ -0,0 +1,68 @@
1
+ /**
2
+ * Poorten & types voor de access-control-kit. Rollen, permissies, relaties en policies worden door
3
+ * het consumerende project geïnjecteerd; de kit bevat geen concrete rol-/permissie-namen of regels.
4
+ */
5
+ /** Geauthenticeerd subject (identiteit-context, komt bv. van auth-kit). */
6
+ export interface Subject {
7
+ id: string;
8
+ roles: string[];
9
+ }
10
+ export interface Resource {
11
+ id: string;
12
+ type?: string;
13
+ }
14
+ /** Uitkomst van een autorisatie-beslissing: expliciet allow/deny mét reden. */
15
+ export interface Decision {
16
+ allowed: boolean;
17
+ /** Verklaarbare reden (voor audit); niet bedoeld om ruw aan eindgebruikers te tonen. */
18
+ reason: string;
19
+ /** Id van de toepasselijke policy bij een allow via het PDP. */
20
+ policyId?: string;
21
+ }
22
+ export interface RoleDefinition {
23
+ name: string;
24
+ permissions?: string[];
25
+ /** Andere rollen die deze rol omvat (rol-hiërarchie). */
26
+ includes?: string[];
27
+ }
28
+ export interface RbacDefinition {
29
+ roles: RoleDefinition[];
30
+ }
31
+ export interface RelationEdge {
32
+ from: string;
33
+ relation: string;
34
+ to: string;
35
+ }
36
+ /** Levert de directe relatie-edges vanaf een node (subject/team/resource). Data zit niet in de kit. */
37
+ export interface RelationResolver {
38
+ relationsFrom(node: string): Promise<RelationEdge[]>;
39
+ }
40
+ export interface RebacResult {
41
+ allowed: boolean;
42
+ /** De terminale relatie waarmee de resource is bereikt (bv. `owner`). */
43
+ relation?: string;
44
+ /** Het opgeloste pad subject → … → resource. */
45
+ path?: string[];
46
+ }
47
+ export interface Policy {
48
+ id: string;
49
+ /** Action waarop deze policy van toepassing is, bv. `article:write`. */
50
+ action: string;
51
+ /** Optioneel: alleen van toepassing op dit resource-type. */
52
+ resourceType?: string;
53
+ /** RBAC-conditie: subject moet alle genoemde permissies hebben. */
54
+ requirePermissions?: string[];
55
+ /** ReBAC-conditie: subject moet in een (van deze) relatie(s) tot de resource staan. */
56
+ requireRelations?: string[];
57
+ /** ReBAC-conditie: subject moet eigenaar van de resource zijn (alias voor `requireRelations: ['owner']`). */
58
+ requireOwnership?: boolean;
59
+ /** Alleen allow-policies; deny is het default (afwezigheid van een toestaande policy). */
60
+ effect?: 'allow';
61
+ }
62
+ export interface DecisionRequest {
63
+ subject: Subject;
64
+ action: string;
65
+ resource?: Resource;
66
+ context?: Record<string, unknown>;
67
+ }
68
+ //# sourceMappingURL=ports.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"ports.d.ts","sourceRoot":"","sources":["../../../src/access-control/core/ports.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,2EAA2E;AAC3E,MAAM,WAAW,OAAO;IACtB,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,EAAE,CAAC;CACjB;AAED,MAAM,WAAW,QAAQ;IACvB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAED,+EAA+E;AAC/E,MAAM,WAAW,QAAQ;IACvB,OAAO,EAAE,OAAO,CAAC;IACjB,wFAAwF;IACxF,MAAM,EAAE,MAAM,CAAC;IACf,gEAAgE;IAChE,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAID,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,yDAAyD;IACzD,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;CACrB;AAED,MAAM,WAAW,cAAc;IAC7B,KAAK,EAAE,cAAc,EAAE,CAAC;CACzB;AAID,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,EAAE,EAAE,MAAM,CAAC;CACZ;AAED,uGAAuG;AACvG,MAAM,WAAW,gBAAgB;IAC/B,aAAa,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC,CAAC;CACtD;AAED,MAAM,WAAW,WAAW;IAC1B,OAAO,EAAE,OAAO,CAAC;IACjB,yEAAyE;IACzE,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,gDAAgD;IAChD,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;CACjB;AAID,MAAM,WAAW,MAAM;IACrB,EAAE,EAAE,MAAM,CAAC;IACX,wEAAwE;IACxE,MAAM,EAAE,MAAM,CAAC;IACf,6DAA6D;IAC7D,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,mEAAmE;IACnE,kBAAkB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC9B,uFAAuF;IACvF,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC5B,6GAA6G;IAC7G,gBAAgB,CAAC,EAAE,OAAO,CAAC;IAC3B,0FAA0F;IAC1F,MAAM,CAAC,EAAE,OAAO,CAAC;CAClB;AAED,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,QAAQ,CAAC;IACpB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACnC"}
@@ -0,0 +1,6 @@
1
+ /**
2
+ * Poorten & types voor de access-control-kit. Rollen, permissies, relaties en policies worden door
3
+ * het consumerende project geïnjecteerd; de kit bevat geen concrete rol-/permissie-namen of regels.
4
+ */
5
+ export {};
6
+ //# sourceMappingURL=ports.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"ports.js","sourceRoot":"","sources":["../../../src/access-control/core/ports.ts"],"names":[],"mappings":"AAAA;;;GAGG"}
@@ -0,0 +1,10 @@
1
+ import type { RbacDefinition } from './ports.js';
2
+ export interface Rbac {
3
+ /** Effectieve permissies voor een set rollen (incl. geërfde permissies via `includes`). */
4
+ resolve(roleNames: string[]): Set<string>;
5
+ hasPermission(roleNames: string[], permission: string): boolean;
6
+ readonly roleNames: string[];
7
+ }
8
+ /** Bouwt een RBAC-model uit een geïnjecteerde definitie; valideert referenties + cycli fail-fast. */
9
+ export declare function createRbac(definition: RbacDefinition): Rbac;
10
+ //# sourceMappingURL=rbac.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"rbac.d.ts","sourceRoot":"","sources":["../../../src/access-control/core/rbac.ts"],"names":[],"mappings":"AAQA,OAAO,KAAK,EAAE,cAAc,EAAkB,MAAM,YAAY,CAAC;AAEjE,MAAM,WAAW,IAAI;IACnB,2FAA2F;IAC3F,OAAO,CAAC,SAAS,EAAE,MAAM,EAAE,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC;IAC1C,aAAa,CAAC,SAAS,EAAE,MAAM,EAAE,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC;IAChE,QAAQ,CAAC,SAAS,EAAE,MAAM,EAAE,CAAC;CAC9B;AAED,qGAAqG;AACrG,wBAAgB,UAAU,CAAC,UAAU,EAAE,cAAc,GAAG,IAAI,CA8B3D"}
@@ -0,0 +1,78 @@
1
+ /**
2
+ * US-0501 — Rollen/permissie-model met resolutie van effectieve permissies en rol-hiërarchie.
3
+ *
4
+ * Het model wordt geïnjecteerd (config/policies-port); de kit kent geen concrete rol-/permissie-namen.
5
+ * Cyclische rol-verwijzingen worden bij het laden gedetecteerd en geweigerd. Resolutie van een
6
+ * onbekende rol faalt fail-fast; onbekende permissies leiden nooit tot impliciete toegang.
7
+ */
8
+ import { RoleCycleError, UnknownRoleError } from './errors.js';
9
+ /** Bouwt een RBAC-model uit een geïnjecteerde definitie; valideert referenties + cycli fail-fast. */
10
+ export function createRbac(definition) {
11
+ const roles = new Map();
12
+ for (const role of definition.roles) {
13
+ roles.set(role.name, role);
14
+ }
15
+ // Alle `includes` moeten bestaande rollen zijn.
16
+ for (const role of definition.roles) {
17
+ for (const included of role.includes ?? []) {
18
+ if (!roles.has(included))
19
+ throw new UnknownRoleError(included);
20
+ }
21
+ }
22
+ detectCycles(roles);
23
+ const resolve = (roleNames) => {
24
+ const permissions = new Set();
25
+ const visited = new Set();
26
+ for (const name of roleNames) {
27
+ if (!roles.has(name))
28
+ throw new UnknownRoleError(name);
29
+ expand(name, roles, visited, permissions);
30
+ }
31
+ return permissions;
32
+ };
33
+ return {
34
+ resolve,
35
+ hasPermission: (roleNames, permission) => resolve(roleNames).has(permission),
36
+ roleNames: [...roles.keys()],
37
+ };
38
+ }
39
+ function expand(name, roles, visited, out) {
40
+ if (visited.has(name))
41
+ return;
42
+ visited.add(name);
43
+ const role = roles.get(name);
44
+ if (!role)
45
+ return;
46
+ for (const permission of role.permissions ?? [])
47
+ out.add(permission);
48
+ for (const included of role.includes ?? [])
49
+ expand(included, roles, visited, out);
50
+ }
51
+ function detectCycles(roles) {
52
+ const WHITE = 0;
53
+ const GRAY = 1;
54
+ const BLACK = 2;
55
+ const color = new Map();
56
+ for (const name of roles.keys())
57
+ color.set(name, WHITE);
58
+ const visit = (name, stack) => {
59
+ color.set(name, GRAY);
60
+ stack.push(name);
61
+ for (const included of roles.get(name)?.includes ?? []) {
62
+ const c = color.get(included);
63
+ if (c === GRAY) {
64
+ const start = stack.indexOf(included);
65
+ throw new RoleCycleError([...stack.slice(start), included]);
66
+ }
67
+ if (c === WHITE)
68
+ visit(included, stack);
69
+ }
70
+ color.set(name, BLACK);
71
+ stack.pop();
72
+ };
73
+ for (const name of roles.keys()) {
74
+ if (color.get(name) === WHITE)
75
+ visit(name, []);
76
+ }
77
+ }
78
+ //# sourceMappingURL=rbac.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"rbac.js","sourceRoot":"","sources":["../../../src/access-control/core/rbac.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AACH,OAAO,EAAE,cAAc,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAU/D,qGAAqG;AACrG,MAAM,UAAU,UAAU,CAAC,UAA0B;IACnD,MAAM,KAAK,GAAG,IAAI,GAAG,EAA0B,CAAC;IAChD,KAAK,MAAM,IAAI,IAAI,UAAU,CAAC,KAAK,EAAE,CAAC;QACpC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IAC7B,CAAC;IAED,gDAAgD;IAChD,KAAK,MAAM,IAAI,IAAI,UAAU,CAAC,KAAK,EAAE,CAAC;QACpC,KAAK,MAAM,QAAQ,IAAI,IAAI,CAAC,QAAQ,IAAI,EAAE,EAAE,CAAC;YAC3C,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC;gBAAE,MAAM,IAAI,gBAAgB,CAAC,QAAQ,CAAC,CAAC;QACjE,CAAC;IACH,CAAC;IAED,YAAY,CAAC,KAAK,CAAC,CAAC;IAEpB,MAAM,OAAO,GAAG,CAAC,SAAmB,EAAe,EAAE;QACnD,MAAM,WAAW,GAAG,IAAI,GAAG,EAAU,CAAC;QACtC,MAAM,OAAO,GAAG,IAAI,GAAG,EAAU,CAAC;QAClC,KAAK,MAAM,IAAI,IAAI,SAAS,EAAE,CAAC;YAC7B,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC;gBAAE,MAAM,IAAI,gBAAgB,CAAC,IAAI,CAAC,CAAC;YACvD,MAAM,CAAC,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE,WAAW,CAAC,CAAC;QAC5C,CAAC;QACD,OAAO,WAAW,CAAC;IACrB,CAAC,CAAC;IAEF,OAAO;QACL,OAAO;QACP,aAAa,EAAE,CAAC,SAAS,EAAE,UAAU,EAAE,EAAE,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,GAAG,CAAC,UAAU,CAAC;QAC5E,SAAS,EAAE,CAAC,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;KAC7B,CAAC;AACJ,CAAC;AAED,SAAS,MAAM,CACb,IAAY,EACZ,KAAkC,EAClC,OAAoB,EACpB,GAAgB;IAEhB,IAAI,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC;QAAE,OAAO;IAC9B,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAClB,MAAM,IAAI,GAAG,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAC7B,IAAI,CAAC,IAAI;QAAE,OAAO;IAClB,KAAK,MAAM,UAAU,IAAI,IAAI,CAAC,WAAW,IAAI,EAAE;QAAE,GAAG,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IACrE,KAAK,MAAM,QAAQ,IAAI,IAAI,CAAC,QAAQ,IAAI,EAAE;QAAE,MAAM,CAAC,QAAQ,EAAE,KAAK,EAAE,OAAO,EAAE,GAAG,CAAC,CAAC;AACpF,CAAC;AAED,SAAS,YAAY,CAAC,KAAkC;IACtD,MAAM,KAAK,GAAG,CAAC,CAAC;IAChB,MAAM,IAAI,GAAG,CAAC,CAAC;IACf,MAAM,KAAK,GAAG,CAAC,CAAC;IAChB,MAAM,KAAK,GAAG,IAAI,GAAG,EAAkB,CAAC;IACxC,KAAK,MAAM,IAAI,IAAI,KAAK,CAAC,IAAI,EAAE;QAAE,KAAK,CAAC,GAAG,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IAExD,MAAM,KAAK,GAAG,CAAC,IAAY,EAAE,KAAe,EAAQ,EAAE;QACpD,KAAK,CAAC,GAAG,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;QACtB,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACjB,KAAK,MAAM,QAAQ,IAAI,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,QAAQ,IAAI,EAAE,EAAE,CAAC;YACvD,MAAM,CAAC,GAAG,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;YAC9B,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC;gBACf,MAAM,KAAK,GAAG,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;gBACtC,MAAM,IAAI,cAAc,CAAC,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,QAAQ,CAAC,CAAC,CAAC;YAC9D,CAAC;YACD,IAAI,CAAC,KAAK,KAAK;gBAAE,KAAK,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;QAC1C,CAAC;QACD,KAAK,CAAC,GAAG,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;QACvB,KAAK,CAAC,GAAG,EAAE,CAAC;IACd,CAAC,CAAC;IAEF,KAAK,MAAM,IAAI,IAAI,KAAK,CAAC,IAAI,EAAE,EAAE,CAAC;QAChC,IAAI,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,KAAK,KAAK;YAAE,KAAK,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;IACjD,CAAC;AACH,CAAC"}
@@ -0,0 +1,15 @@
1
+ import type { RebacResult, RelationResolver } from './ports.js';
2
+ export interface RebacOptions {
3
+ /** Maximale keten-diepte. Default 5. */
4
+ maxDepth?: number;
5
+ }
6
+ export interface CheckOptions {
7
+ /** Alleen deze terminale relaties tellen als toegang (bv. `['owner']`). Leeg = elke relatie. */
8
+ relations?: string[];
9
+ }
10
+ export declare class RebacChecker {
11
+ #private;
12
+ constructor(resolver: RelationResolver, options?: RebacOptions);
13
+ check(subject: string, resource: string, options?: CheckOptions): Promise<RebacResult>;
14
+ }
15
+ //# sourceMappingURL=rebac.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"rebac.d.ts","sourceRoot":"","sources":["../../../src/access-control/core/rebac.ts"],"names":[],"mappings":"AASA,OAAO,KAAK,EAAE,WAAW,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAEhE,MAAM,WAAW,YAAY;IAC3B,wCAAwC;IACxC,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,YAAY;IAC3B,gGAAgG;IAChG,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;CACtB;AAQD,qBAAa,YAAY;;gBAIX,QAAQ,EAAE,gBAAgB,EAAE,OAAO,GAAE,YAAiB;IAK5D,KAAK,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,OAAO,GAAE,YAAiB,GAAG,OAAO,CAAC,WAAW,CAAC;CAgCjG"}