prisma-zod-generator/lib/utils/businessSecurity.d.ts

Prisma 2+ generator to emit Zod schemas from your Prisma schema

/**
 * Business Logic Security Utilities
 *
 * Comprehensive protection against business logic vulnerabilities
 * including authorization bypasses, privilege escalation, and data leakage
 */
import { LicenseInfo } from '../license';
export interface SecurityContext {
    userId: string;
    roles: string[];
    tenantId?: string;
    permissions: string[];
    sessionId: string;
    isAdmin: boolean;
    licenseInfo?: LicenseInfo;
}
export interface AuthorizationRule {
    resource: string;
    action: string;
    requiredRoles?: string[];
    requiredPermissions?: string[];
    customValidator?: (context: SecurityContext, resource: any) => boolean;
    tenantIsolation?: boolean;
}
export declare class BusinessSecurityError extends Error {
    readonly errorType: 'authorization' | 'tenant_isolation' | 'privilege_escalation' | 'data_leakage';
    readonly context?: Record<string, unknown> | undefined;
    constructor(message: string, errorType: 'authorization' | 'tenant_isolation' | 'privilege_escalation' | 'data_leakage', context?: Record<string, unknown> | undefined);
}
/**
 * Business Logic Security Manager
 */
export declare class BusinessSecurity {
    private authorizationRules;
    private sensitiveFields;
    private auditLog;
    constructor();
    /**
     * Validate feature access with comprehensive checks
     */
    validateFeatureAccess(feature: string, license: LicenseInfo | null, context: SecurityContext): {
        allowed: boolean;
        reason?: string;
    };
    /**
     * Strict tenant isolation validation
     */
    validateTenantIsolation(data: any, context: SecurityContext, tenantField?: string): {
        isolated: boolean;
        reason?: string;
    };
    /**
     * Comprehensive authorization check
     */
    authorize(context: SecurityContext, resource: string, action: string, data?: any): {
        authorized: boolean;
        reason?: string;
    };
    /**
     * Sanitize data to prevent information leakage
     */
    sanitizeData(data: any, context: SecurityContext): any;
    /**
     * Validate dashboard permissions securely
     */
    validateDashboardAccess(dashboard: any, context: SecurityContext): {
        allowed: boolean;
        reason?: string;
    };
    /**
     * Secure dashboard creation with permission validation
     */
    validateDashboardCreation(dashboardConfig: any, context: SecurityContext): {
        allowed: boolean;
        reason?: string;
        sanitizedConfig?: any;
    };
    /**
     * Get audit log for security monitoring
     */
    getAuditLog(filter?: {
        userId?: string;
        action?: string;
        resource?: string;
        startDate?: Date;
        endDate?: Date;
        allowedOnly?: boolean;
    }): Array<{
        timestamp: Date;
        userId: string;
        action: string;
        resource: string;
        allowed: boolean;
        reason?: string;
    }>;
    private initializeDefaultRules;
    private initializeSensitiveFields;
    private getFeaturePlans;
    private getMinimumPlan;
    private describePlan;
    private validateSecurityContext;
    private isSensitiveField;
}
/**
 * Global business security instance
 */
export declare const businessSecurity: BusinessSecurity;
/**
 * Decorator for securing business logic methods
 */
export declare function secureBusinessLogic(resource: string, action: string, options?: {
    tenantIsolation?: boolean;
}): (target: any, propertyKey: string, descriptor: PropertyDescriptor) => PropertyDescriptor;