@noony-serverless/core/build/middlewares/guards/index.js

A Middy base framework compatible with Firebase and GCP Cloud Functions with TypeScript

"use strict";
/**
 * Noony Guards - High-Performance Permission System
 *
 * A comprehensive permission and authentication system designed for serverless
 * environments with sub-millisecond cached permission checks.
 *
 * Features:
 * - Multi-layer caching (L1 memory + L2 distributed)
 * - Three distinct permission resolution strategies
 * - Conservative cache invalidation for security
 * - NestJS-inspired guard decorators and middleware
 * - Framework-agnostic middleware integration
 * - Comprehensive monitoring and audit trails
 *
 * @author Noony Framework Team
 * @version 1.0.0
 */
Object.defineProperty(exports, "__esModule", { value: true });
exports.GuardSetup = exports.PERMISSION_PATTERNS = exports.GUARD_DEFAULTS = exports.TokenVerificationAdapterFactory = exports.CustomTokenVerificationPortAdapter = exports.PermissionGuardFactory = exports.FastAuthGuard = exports.FastUserContextService = exports.ExpressionPermissionResolver = exports.WildcardPermissionResolver = exports.PlainPermissionResolver = exports.PermissionUtils = exports.PermissionResolverType = exports.PermissionResolver = exports.InvalidationScope = exports.InvalidationType = exports.ConservativeCacheInvalidation = exports.NoopCacheAdapter = exports.MemoryCacheAdapter = exports.CacheKeyBuilder = exports.PermissionResolutionStrategy = exports.GuardConfiguration = exports.RouteGuards = void 0;
// Main facade - primary entry point
var RouteGuards_1 = require("./RouteGuards");
Object.defineProperty(exports, "RouteGuards", { enumerable: true, get: function () { return RouteGuards_1.RouteGuards; } });
// Configuration
var GuardConfiguration_1 = require("./config/GuardConfiguration");
Object.defineProperty(exports, "GuardConfiguration", { enumerable: true, get: function () { return GuardConfiguration_1.GuardConfiguration; } });
Object.defineProperty(exports, "PermissionResolutionStrategy", { enumerable: true, get: function () { return GuardConfiguration_1.PermissionResolutionStrategy; } });
// Cache system
var CacheAdapter_1 = require("./cache/CacheAdapter");
Object.defineProperty(exports, "CacheKeyBuilder", { enumerable: true, get: function () { return CacheAdapter_1.CacheKeyBuilder; } });
var MemoryCacheAdapter_1 = require("./cache/MemoryCacheAdapter");
Object.defineProperty(exports, "MemoryCacheAdapter", { enumerable: true, get: function () { return MemoryCacheAdapter_1.MemoryCacheAdapter; } });
var NoopCacheAdapter_1 = require("./cache/NoopCacheAdapter");
Object.defineProperty(exports, "NoopCacheAdapter", { enumerable: true, get: function () { return NoopCacheAdapter_1.NoopCacheAdapter; } });
var ConservativeCacheInvalidation_1 = require("./cache/ConservativeCacheInvalidation");
Object.defineProperty(exports, "ConservativeCacheInvalidation", { enumerable: true, get: function () { return ConservativeCacheInvalidation_1.ConservativeCacheInvalidation; } });
Object.defineProperty(exports, "InvalidationType", { enumerable: true, get: function () { return ConservativeCacheInvalidation_1.InvalidationType; } });
Object.defineProperty(exports, "InvalidationScope", { enumerable: true, get: function () { return ConservativeCacheInvalidation_1.InvalidationScope; } });
// Permission resolvers
var PermissionResolver_1 = require("./resolvers/PermissionResolver");
Object.defineProperty(exports, "PermissionResolver", { enumerable: true, get: function () { return PermissionResolver_1.PermissionResolver; } });
Object.defineProperty(exports, "PermissionResolverType", { enumerable: true, get: function () { return PermissionResolver_1.PermissionResolverType; } });
Object.defineProperty(exports, "PermissionUtils", { enumerable: true, get: function () { return PermissionResolver_1.PermissionUtils; } });
var PlainPermissionResolver_1 = require("./resolvers/PlainPermissionResolver");
Object.defineProperty(exports, "PlainPermissionResolver", { enumerable: true, get: function () { return PlainPermissionResolver_1.PlainPermissionResolver; } });
var WildcardPermissionResolver_1 = require("./resolvers/WildcardPermissionResolver");
Object.defineProperty(exports, "WildcardPermissionResolver", { enumerable: true, get: function () { return WildcardPermissionResolver_1.WildcardPermissionResolver; } });
var ExpressionPermissionResolver_1 = require("./resolvers/ExpressionPermissionResolver");
Object.defineProperty(exports, "ExpressionPermissionResolver", { enumerable: true, get: function () { return ExpressionPermissionResolver_1.ExpressionPermissionResolver; } });
// Services
var FastUserContextService_1 = require("./services/FastUserContextService");
Object.defineProperty(exports, "FastUserContextService", { enumerable: true, get: function () { return FastUserContextService_1.FastUserContextService; } });
// Guards
var FastAuthGuard_1 = require("./guards/FastAuthGuard");
Object.defineProperty(exports, "FastAuthGuard", { enumerable: true, get: function () { return FastAuthGuard_1.FastAuthGuard; } });
var PermissionGuardFactory_1 = require("./guards/PermissionGuardFactory");
Object.defineProperty(exports, "PermissionGuardFactory", { enumerable: true, get: function () { return PermissionGuardFactory_1.PermissionGuardFactory; } });
// Token verification adapters for integration with AuthenticationMiddleware
var CustomTokenVerificationPortAdapter_1 = require("./adapters/CustomTokenVerificationPortAdapter");
Object.defineProperty(exports, "CustomTokenVerificationPortAdapter", { enumerable: true, get: function () { return CustomTokenVerificationPortAdapter_1.CustomTokenVerificationPortAdapter; } });
Object.defineProperty(exports, "TokenVerificationAdapterFactory", { enumerable: true, get: function () { return CustomTokenVerificationPortAdapter_1.TokenVerificationAdapterFactory; } });
// Utility types and constants
exports.GUARD_DEFAULTS = {
    CACHE_TTL_MS: 15 * 60 * 1000, // 15 minutes
    AUTH_TOKEN_TTL_MS: 5 * 60 * 1000, // 5 minutes
    MAX_CACHE_ENTRIES: 1000,
    MAX_EXPRESSION_COMPLEXITY: 100,
    MAX_PATTERN_DEPTH: 3,
    MAX_NESTING_DEPTH: 2,
};
exports.PERMISSION_PATTERNS = {
    VALID_PERMISSION: /^[a-zA-Z][a-zA-Z0-9_]*(\.[a-zA-Z][a-zA-Z0-9_]*){1,2}(\*)?$/,
    WILDCARD_SUFFIX: /\*$/,
    PERMISSION_PARTS: /\./,
};
// Import the types we need for the class methods
const GuardConfiguration_2 = require("./config/GuardConfiguration");
/**
 * Quick setup helper for common configurations
 */
class GuardSetup {
    /**
     * Development environment setup
     *
     * Note: Caching is disabled by default unless NOONY_GUARD_CACHE_ENABLE=true is set.
     * Even with cacheType: 'memory', the environment variable takes precedence.
     *
     * @example
     * ```bash
     * # Caching disabled (default)
     * npm run dev
     *
     * # Caching enabled
     * NOONY_GUARD_CACHE_ENABLE=true npm run dev
     * ```
     */
    static development() {
        return {
            environment: 'development',
            cacheType: 'memory',
            security: {
                permissionResolutionStrategy: GuardConfiguration_2.PermissionResolutionStrategy.ON_DEMAND,
                conservativeCacheInvalidation: false,
                maxExpressionComplexity: 50,
                maxPatternDepth: 3,
                maxNestingDepth: 2,
            },
            cache: {
                maxEntries: 500,
                defaultTtlMs: 5 * 60 * 1000, // 5 minutes
                userContextTtlMs: 2 * 60 * 1000, // 2 minutes
                authTokenTtlMs: 2 * 60 * 1000, // 2 minutes
            },
            monitoring: {
                enablePerformanceTracking: true,
                enableDetailedLogging: true,
                logLevel: 'debug',
                metricsCollectionInterval: 30000, // 30 seconds
            },
        };
    }
    /**
     * Production environment setup
     *
     * Note: Caching is disabled by default unless NOONY_GUARD_CACHE_ENABLE=true is set.
     * This provides a security-first approach where caching must be explicitly enabled.
     *
     * @example
     * ```bash
     * # Production with caching enabled (recommended)
     * NOONY_GUARD_CACHE_ENABLE=true node dist/index.js
     *
     * # Production with caching disabled (debugging/troubleshooting)
     * node dist/index.js
     * ```
     */
    static production() {
        return {
            environment: 'production',
            cacheType: 'memory', // Would be 'redis' in real production
            security: {
                permissionResolutionStrategy: GuardConfiguration_2.PermissionResolutionStrategy.PRE_EXPANSION,
                conservativeCacheInvalidation: true,
                maxExpressionComplexity: 100,
                maxPatternDepth: 3,
                maxNestingDepth: 2,
            },
            cache: {
                maxEntries: 2000,
                defaultTtlMs: 15 * 60 * 1000, // 15 minutes
                userContextTtlMs: 10 * 60 * 1000, // 10 minutes
                authTokenTtlMs: 5 * 60 * 1000, // 5 minutes
            },
            monitoring: {
                enablePerformanceTracking: true,
                enableDetailedLogging: false,
                logLevel: 'info',
                metricsCollectionInterval: 60000, // 1 minute
            },
        };
    }
    /**
     * Serverless environment setup (optimized for cold starts)
     *
     * Note: Caching is disabled by default unless NOONY_GUARD_CACHE_ENABLE=true is set.
     * For serverless environments, consider enabling caching to improve performance
     * across warm invocations.
     *
     * @example
     * ```bash
     * # Serverless with caching enabled (recommended for warm starts)
     * NOONY_GUARD_CACHE_ENABLE=true serverless deploy
     *
     * # Serverless with caching disabled (cold start optimization)
     * serverless deploy
     * ```
     */
    static serverless() {
        return {
            environment: 'serverless',
            cacheType: 'memory',
            security: {
                permissionResolutionStrategy: GuardConfiguration_2.PermissionResolutionStrategy.PRE_EXPANSION,
                conservativeCacheInvalidation: true,
                maxExpressionComplexity: 75,
                maxPatternDepth: 2, // Reduced for faster cold starts
                maxNestingDepth: 2,
            },
            cache: {
                maxEntries: 1000,
                defaultTtlMs: 10 * 60 * 1000, // 10 minutes
                userContextTtlMs: 5 * 60 * 1000, // 5 minutes
                authTokenTtlMs: 3 * 60 * 1000, // 3 minutes
            },
            monitoring: {
                enablePerformanceTracking: true,
                enableDetailedLogging: false,
                logLevel: 'warn',
                metricsCollectionInterval: 120000, // 2 minutes
            },
        };
    }
    /**
     * Testing environment setup
     *
     * Note: Uses cacheType: 'none' explicitly, so caching is always disabled
     * regardless of NOONY_GUARD_CACHE_ENABLE environment variable.
     * This ensures predictable test behavior.
     */
    static testing() {
        return {
            environment: 'testing',
            cacheType: 'none', // Disable caching for predictable tests
            security: {
                permissionResolutionStrategy: GuardConfiguration_2.PermissionResolutionStrategy.ON_DEMAND,
                conservativeCacheInvalidation: false,
                maxExpressionComplexity: 25,
                maxPatternDepth: 3,
                maxNestingDepth: 2,
            },
            cache: {
                maxEntries: 100,
                defaultTtlMs: 1000, // 1 second
                userContextTtlMs: 1000,
                authTokenTtlMs: 1000,
            },
            monitoring: {
                enablePerformanceTracking: false,
                enableDetailedLogging: true,
                logLevel: 'debug',
                metricsCollectionInterval: 1000, // 1 second
            },
        };
    }
}
exports.GuardSetup = GuardSetup;
//# sourceMappingURL=index.js.map