database-proxy/dist/policy/policy.d.ts

Through a set of access control rules configuration database access to realize the client directly access the database via HTTP.

import { Params } from '../types';
import { Handler } from '../processor';
import { AccessorInterface } from '../accessor';
import { LoggerInterface } from '../logger';
import { PermissionRule, PolicyInterface, ValidateResult } from './interface';
/**
 * 访问规则结构：
 * DatabaseRule:
 *   -> CollectionRule:
 *       ->  read: PermissionRule[]
 *       ->  add:  PermissionRule[]
 *       ->  update: PermissionRule[]
 *       ->  remove: PermissionRule[]
 *       ->  count:  PermissionRule[]
 *       ->  watch:  PermissionRule[]
 */
export declare enum PermissionTypeV1 {
    READ = ".read",
    UPDATE = ".update",
    ADD = ".add",
    REMOVE = ".remove",
    COUNT = ".count"
}
export declare enum PermissionType {
    READ = "read",
    UPDATE = "update",
    ADD = "add",
    REMOVE = "remove",
    COUNT = "count",
    WATCH = "watch",
    AGGREGATE = "aggregate"
}
export interface DatabaseRule {
    [collection: string]: CollectionRule;
}
export type CollectionRule = {
    $schema: PermissionRule[];
    read: PermissionRule[];
    add: PermissionRule[];
    update: PermissionRule[];
    remove: PermissionRule[];
    count: PermissionRule[];
    watch: PermissionRule[];
};
export interface ValidatorMap {
    [name: string]: Handler;
}
export declare class Policy implements PolicyInterface {
    readonly version = 2;
    protected _accessor: AccessorInterface;
    protected _logger: LoggerInterface;
    /**
     * 验证器注册表
     */
    protected validators: ValidatorMap;
    /**
     * 解析后的数据库规则树
     */
    protected rules: DatabaseRule;
    private get logger();
    setLogger(logger: LoggerInterface): void;
    get accessor(): AccessorInterface;
    setAccessor(accessor: AccessorInterface): void;
    get collections(): string[];
    constructor(accessor?: AccessorInterface);
    /**
     * 加载 rules in json
     * @param rules any
     * @returns
     */
    load(rules: any): boolean;
    /**
     * 添加一个集合的访问规则，同 {set()}，但当集合已存在时，则添加失败
     * @param collection 集合名称
     * @param rules 集合的访问规则，是一个对象， like { "read": {...}, 'update': {...} }
     */
    add(collection: string, rules: any): void;
    /**
     * 设置一个集合的访问规则，若集合规则已存在，则替换其规则
     * @param collection 集合名称
     * @param rules 集合的访问规则，是一个对象， like { "read": {...}, 'update': {...} }
     */
    set(collection: string, rules: any): void;
    /**
     * 转换 v1 版本的权限名到 v2
     * example:
     * ".read" -> "read"
     * ".update" -> ".update"
     * ...
     * @param rules
     * @returns
     */
    private convertPermissionConfig;
    /**
     * normalize：将输入规则格式转为内部统一形式，即对象数组
     * 1. boolean -> [{ condition: "bool string"}]
     * 2. string -> [{ condition: "expression string" }]
     * 3. object -> [ object ]
     * 4. array -> array
     * @param permissionRules
     * @returns
     */
    private wrapRawPermissionRuleToArray;
    /**
     * 实例化验证器
     * @param permissionRules 权限规则
     */
    private instantiateValidators;
    /**
     * 验证访问规则
     * @param params
     * @param injections
     */
    validate(params: Params, injections: object): Promise<ValidateResult>;
    /**
     * 注册验证器
     * @param name
     * @param handler
     */
    register(name: string, handler: Handler): void;
    /**
     * 加载内置验证器
     */
    private loadBuiltins;
    /**
     * 获取指定 ActionType 对应的权限名
     * @param action ActionType
     * @returns
     */
    private getPermissionName;
}
//# sourceMappingURL=policy.d.ts.map