UNPKG

@noony-serverless/core

Version:

A Middy base framework compatible with Firebase and GCP Cloud Functions with TypeScript

github.com/noony-serverless/noony-core

noony-serverless/noony-core

393 lines 14.4 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
"use strict"; /** * Guard System Configuration * * Comprehensive configuration system for the high-performance guard system. * Provides type-safe configuration for different deployment environments with * configurable performance strategies and security policies. * * Key Features: * - Permission resolution strategy configuration (pre-expansion vs on-demand) * - Cache adapter injection for different environments * - Performance profiles for development, staging, and production * - Security policies with conservative cache invalidation * - Bounded complexity limits for patterns and expressions * * @author Noony Framework Team * @version 1.0.0 */ Object.defineProperty(exports, "__esModule", { value: true }); exports.GuardConfiguration = exports.MonitoringLevel = exports.CacheInvalidationStrategy = exports.PermissionResolutionStrategy = void 0; /** * Permission resolution strategies for wildcard permissions. * Determines how wildcard patterns are processed for optimal performance. * * @example * Pre-expansion strategy (production recommended): * ```typescript * const productionConfig = { * permissionResolutionStrategy: PermissionResolutionStrategy.PRE_EXPANSION, * // Expands "admin.*" to ["admin.users", "admin.reports", "admin.settings"] * // at user context load time for O(1) runtime checks * }; * ``` * * @example * On-demand strategy (memory efficient): * ```typescript * const memoryEfficientConfig = { * permissionResolutionStrategy: PermissionResolutionStrategy.ON_DEMAND, * // Matches "admin.*" pattern against user permissions at runtime * // Lower memory usage but requires pattern matching overhead * }; * ``` * * PRE_EXPANSION: Expand wildcards at user context load time * - Pros: Faster runtime permission checks (O(1) set lookups) * - Cons: Higher memory usage, requires permission registry * * ON_DEMAND: Match wildcards at permission check time * - Pros: Lower memory usage, supports dynamic permissions * - Cons: Pattern matching overhead per request */ var PermissionResolutionStrategy; (function (PermissionResolutionStrategy) { PermissionResolutionStrategy["PRE_EXPANSION"] = "pre-expansion"; PermissionResolutionStrategy["ON_DEMAND"] = "on-demand"; })(PermissionResolutionStrategy || (exports.PermissionResolutionStrategy = PermissionResolutionStrategy = {})); /** * Cache invalidation strategies for security */ var CacheInvalidationStrategy; (function (CacheInvalidationStrategy) { CacheInvalidationStrategy["FLUSH_ALL"] = "flush-all"; CacheInvalidationStrategy["USER_SPECIFIC"] = "user-specific"; })(CacheInvalidationStrategy || (exports.CacheInvalidationStrategy = CacheInvalidationStrategy = {})); /** * Performance monitoring levels */ var MonitoringLevel; (function (MonitoringLevel) { MonitoringLevel["NONE"] = "none"; MonitoringLevel["BASIC"] = "basic"; MonitoringLevel["DETAILED"] = "detailed"; MonitoringLevel["VERBOSE"] = "verbose"; })(MonitoringLevel || (exports.MonitoringLevel = MonitoringLevel = {})); /** * GuardConfiguration class implementation. * Immutable configuration object for the Noony guard system with factory methods * for creating configurations from environment profiles or predefined templates. * * @example * Create from environment profile: * ```typescript * import { GuardConfiguration } from '@noony/core'; * * const config = GuardConfiguration.fromEnvironmentProfile({ * environment: 'production', * cacheType: 'redis', * security: { ... }, * cache: { ... }, * monitoring: { ... } * }); * ``` * * @example * Use predefined configurations: * ```typescript * // Development configuration * const devConfig = GuardConfiguration.development(); * * // Production configuration * const prodConfig = GuardConfiguration.production(); * * // Testing configuration * const testConfig = GuardConfiguration.testing(); * ``` * * @example * Manual configuration: * ```typescript * const customConfig = new GuardConfiguration( * { permissionResolutionStrategy: PermissionResolutionStrategy.PRE_EXPANSION }, * { maxEntries: 10000, defaultTtlMs: 300000 }, * { enablePerformanceTracking: true, logLevel: 'info' } * ); * ``` */ class GuardConfiguration { /** * Security configuration settings. * Contains permission resolution strategies and security limits. */ security; /** * Cache configuration settings. * Contains cache size limits and TTL values. */ cache; /** * Monitoring configuration settings. * Contains logging and metrics collection settings. */ monitoring; /** * Creates a new GuardConfiguration instance. * * @param security - Security configuration settings * @param cache - Cache configuration settings * @param monitoring - Monitoring configuration settings * * @example * ```typescript * const config = new GuardConfiguration( * { * permissionResolutionStrategy: PermissionResolutionStrategy.PRE_EXPANSION, * conservativeCacheInvalidation: true, * maxExpressionComplexity: 100 * }, * { * maxEntries: 10000, * defaultTtlMs: 300000, * userContextTtlMs: 600000, * authTokenTtlMs: 900000 * }, * { * enablePerformanceTracking: true, * enableDetailedLogging: false, * logLevel: 'info', * metricsCollectionInterval: 60000 * } * ); * ``` */ constructor(security, cache, monitoring) { this.security = security; this.cache = cache; this.monitoring = monitoring; } /** * Create GuardConfiguration from environment profile. * Factory method that constructs a configuration from a complete environment profile. * * @param profile - Complete environment profile with all configuration sections * @returns New GuardConfiguration instance * * @example * Create from production profile: * ```typescript * const productionProfile: GuardEnvironmentProfile = { * environment: 'production', * cacheType: 'redis', * security: { * permissionResolutionStrategy: PermissionResolutionStrategy.PRE_EXPANSION, * conservativeCacheInvalidation: true, * maxExpressionComplexity: 100 * }, * cache: { * maxEntries: 50000, * defaultTtlMs: 600000, * userContextTtlMs: 1800000, * authTokenTtlMs: 3600000 * }, * monitoring: { * enablePerformanceTracking: true, * enableDetailedLogging: false, * logLevel: 'error', * metricsCollectionInterval: 60000 * } * }; * * const config = GuardConfiguration.fromEnvironmentProfile(productionProfile); * ``` */ static fromEnvironmentProfile(profile) { return new GuardConfiguration(profile.security, profile.cache, profile.monitoring); } /** * Create default development configuration. * Pre-configured settings optimized for development environments with fast refresh * and detailed logging for debugging. * * @returns GuardConfiguration optimized for development * * @example * ```typescript * const devConfig = GuardConfiguration.development(); * * // Configuration includes: * // - On-demand permission resolution (lower memory, dynamic) * // - Conservative cache invalidation disabled (faster refresh) * // - Lower complexity limits for faster feedback * // - Shorter TTL values for rapid development cycles * // - Detailed logging and debug level * // - Frequent metrics collection (30 seconds) * ``` */ static development() { return new GuardConfiguration({ permissionResolutionStrategy: PermissionResolutionStrategy.ON_DEMAND, conservativeCacheInvalidation: false, maxExpressionComplexity: 50, maxPatternDepth: 3, maxNestingDepth: 2, }, { maxEntries: 500, defaultTtlMs: 5 * 60 * 1000, // 5 minutes userContextTtlMs: 2 * 60 * 1000, // 2 minutes authTokenTtlMs: 2 * 60 * 1000, // 2 minutes }, { enablePerformanceTracking: true, enableDetailedLogging: true, logLevel: 'debug', metricsCollectionInterval: 30000, // 30 seconds }); } /** * Create default production configuration. * Pre-configured settings optimized for production environments with high performance, * security, and stability. * * @returns GuardConfiguration optimized for production * * @example * ```typescript * const prodConfig = GuardConfiguration.production(); * * // Configuration includes: * // - Pre-expansion permission resolution (high performance) * // - Conservative cache invalidation enabled (high security) * // - Higher complexity limits for production workloads * // - Longer TTL values for better performance * // - Performance tracking enabled, detailed logging disabled * // - Standard metrics collection (1 minute intervals) * ``` */ static production() { return new GuardConfiguration({ permissionResolutionStrategy: PermissionResolutionStrategy.PRE_EXPANSION, conservativeCacheInvalidation: true, maxExpressionComplexity: 100, maxPatternDepth: 3, maxNestingDepth: 2, }, { maxEntries: 2000, defaultTtlMs: 15 * 60 * 1000, // 15 minutes userContextTtlMs: 10 * 60 * 1000, // 10 minutes authTokenTtlMs: 5 * 60 * 1000, // 5 minutes }, { enablePerformanceTracking: true, enableDetailedLogging: false, logLevel: 'info', metricsCollectionInterval: 60000, // 1 minute }); } /** * Validate configuration settings. * Ensures all configuration values are within acceptable bounds and constraints * to prevent security vulnerabilities and performance issues. * * @throws Error if any configuration value is invalid * * @example * ```typescript * const config = new GuardConfiguration(securityConfig, cacheConfig, monitoringConfig); * * try { * config.validate(); * console.log('Configuration is valid'); * } catch (error) { * console.error('Invalid configuration:', error.message); * // Handle configuration error * } * ``` * * @example * Validation constraints: * ```typescript * // These will throw validation errors: * // maxPatternDepth must be 2 or 3 (prevents deep recursion) * // maxNestingDepth must be 2 (prevents complex expressions) * // maxExpressionComplexity must be positive * // defaultTtlMs must be at least 1000ms (1 second) * ``` */ /** * Check if caching is enabled via environment variable. * * Caching is disabled by default for security-first approach. * Only enabled when NOONY_GUARD_CACHE_ENABLE is explicitly set to 'true'. * * @returns true if caching should be enabled, false otherwise * * @example * ```typescript * // Caching disabled (default) * process.env.NOONY_GUARD_CACHE_ENABLE = undefined; * console.log(GuardConfiguration.isCachingEnabled()); // false * * // Caching enabled * process.env.NOONY_GUARD_CACHE_ENABLE = 'true'; * console.log(GuardConfiguration.isCachingEnabled()); // true * * // Caching disabled (any other value) * process.env.NOONY_GUARD_CACHE_ENABLE = 'false'; * console.log(GuardConfiguration.isCachingEnabled()); // false * ``` */ static isCachingEnabled() { return process.env.NOONY_GUARD_CACHE_ENABLE === 'true'; } /** * Get effective cache type considering environment variable override. * * Environment variable takes precedence for security: * - If NOONY_GUARD_CACHE_ENABLE is not 'true', returns 'none' * - Otherwise returns the specified cacheType * * @param cacheType - Configured cache type * @returns Effective cache type after environment variable consideration * * @example * ```typescript * // Environment variable not set - caching disabled * process.env.NOONY_GUARD_CACHE_ENABLE = undefined; * console.log(GuardConfiguration.getEffectiveCacheType('memory')); // 'none' * console.log(GuardConfiguration.getEffectiveCacheType('redis')); // 'none' * console.log(GuardConfiguration.getEffectiveCacheType('none')); // 'none' * * // Environment variable enabled - respect cacheType * process.env.NOONY_GUARD_CACHE_ENABLE = 'true'; * console.log(GuardConfiguration.getEffectiveCacheType('memory')); // 'memory' * console.log(GuardConfiguration.getEffectiveCacheType('redis')); // 'redis' * console.log(GuardConfiguration.getEffectiveCacheType('none')); // 'none' * ``` */ static getEffectiveCacheType(cacheType) { // If caching is disabled by environment variable, always return 'none' if (!GuardConfiguration.isCachingEnabled()) { return 'none'; } // Otherwise return the specified cache type return cacheType; } validate() { if (this.security.maxPatternDepth !== undefined && (this.security.maxPatternDepth < 2 || this.security.maxPatternDepth > 3)) { throw new Error('maxPatternDepth must be 2 or 3'); } if (this.security.maxNestingDepth !== undefined && this.security.maxNestingDepth !== 2) { throw new Error('maxNestingDepth must be 2'); } if (this.security.maxExpressionComplexity !== undefined && this.security.maxExpressionComplexity < 1) { throw new Error('maxExpressionComplexity must be positive'); } if (this.cache.defaultTtlMs < 1000) { throw new Error('defaultTtlMs must be at least 1 second'); } } } exports.GuardConfiguration = GuardConfiguration; //# sourceMappingURL=GuardConfiguration.js.map