UNPKG

@flavoai/fastfold

Version:

Zero-boilerplate backend for React apps with auto-generated CRUD and declarative security

65 lines 3.04 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
import { SecurityRule, SecurityContext } from '../types'; import { Request, Response, NextFunction } from 'express'; export declare class Security { /** * 🔓 PUBLIC ACCESS - Anyone can access this table * Perfect for: blogs, public content, marketing pages * * Example: Security.public() * Can also be used as Express middleware: app.get('/api/endpoint', Security.public(), handler) */ static public(): SecurityRule & ((req: Request, res: Response, next: NextFunction) => void); /** * 🔐 ADMIN ONLY - Only admin users can access this table * Perfect for: admin logs, system settings, sensitive data * * Example: Security.admin() * Can also be used as Express middleware: app.post('/api/admin', Security.admin(), handler) */ static admin(): SecurityRule & ((req: Request, res: Response, next: NextFunction) => void); /** * 👤 OWNER-BASED - Users can only access their own records * Perfect for: user profiles, user posts, private data * * @param ownerField The field that contains the user ID (default: 'userId') * * Example: Security.owner('userId') or Security.owner() * Can also be used as Express middleware: app.get('/api/posts', Security.owner('authorId'), handler) */ static owner(ownerField?: string): SecurityRule & ((req: Request, res: Response, next: NextFunction) => void); /** * 🔑 AUTHENTICATED - Any logged-in user can access * Perfect for: user dashboards, protected content * * Example: Security.authenticated() * Can also be used as Express middleware: app.get('/api/profile', Security.authenticated(), handler) */ static authenticated(): SecurityRule & ((req: Request, res: Response, next: NextFunction) => void); /** * ⚙️ CUSTOM RULE - Define your own security logic * Perfect for: complex business rules, team-based access * * @param rule Custom function that returns true/false for access * * Example: Security.custom((ctx) => ctx.user?.teamId === ctx.data?.teamId) * Can also be used as Express middleware: app.post('/api/data', Security.custom(myRule), handler) */ static custom(rule: (context: SecurityContext) => boolean | Promise<boolean>): SecurityRule & ((req: Request, res: Response, next: NextFunction) => void); /** * 👥 TEAM-BASED - Users can only access records from their team * * @param teamField The field that contains the team ID (default: 'teamId') */ static team(teamField?: string): SecurityRule; /** * 📝 READ-ONLY PUBLIC - Anyone can read, only admins can write * Perfect for: announcements, company info */ static readOnlyPublic(): SecurityRule; } export declare class SecurityEnforcer { static checkAccess(rule: SecurityRule, context: SecurityContext): Promise<boolean>; static createUnauthorizedError(operation: string, tableName: string): Error; } export default Security; //# sourceMappingURL=index.d.ts.map