@aspecto/privacy-rules

0.0.10 • Public • Published

Aspecto Privacy Rules

Privacy rules allow to specify which requests or fields need to be blocked or scrambled. Rules are described in a JSON with a certain structure and can be executed by PrivacyEngine.

Example

// specify some rules
const blockRule: PrivacyRuleDef = {
    conditions: [{ conditionType: 'always' }],
    actions: [{ actionType: 'block-request' }],
};

const scrambleFieldRule: PrivacyRuleDef = {
    conditions: [{ conditionType: 'route', conditionData: { filterType: 'by-value', filterValue: '/users/' } }],
    actions: [
        {
            actionType: 'scramble-field',
            actionData: {
                fieldTypes: ['header', 'body-json', 'query-param'],
                filter: { filterType: 'by-key', filterValue: 'Authentication' },
            },
        },
        {
            actionType: 'scramble-field',
            actionData: {
                fieldTypes: ['header', 'body-json', 'query-param'],
                filter: { filterType: 'by-key', filterValue: 'Bearer' },
            },
        },
    ],
};

const blockFieldRule: PrivacyRuleDef = {
    conditions: [{ conditionType: 'service', conditionData: { filterType: 'by-value', filterValue: 'user-service' } }],
    actions: [
        {
            actionType: 'block-field',
            actionData: {
                fieldTypes: ['header', 'body-json', 'query-param'],
                filter: { filterType: 'by-key', filterValue: 'Authentication' },
            },
        },
        {
            actionType: 'block-field',
            actionData: {
                fieldTypes: ['header', 'body-json', 'query-param'],
                filter: { filterType: 'by-key', filterValue: 'Bearer' },
            },
        },
    ],
};

// example message (http request-response)
export const sampleMessage: AspectoMessage = {
    packageName: 'user-service',
    HTTP_REQUEST: {
        route: { path: '/users/' },
        body: { user: 'daniel', password: 'craig' },
        query: {
            auth: 'token',
            param1: 'notprivate',
        },
        requestHeaders: {
            Bearer: 'req-token',
        },
        responseHeaders: {
            Authentication: 'resp-token',
        },
    },
};

// create an instance of the engine, set rules and execute them
const privacyEngine = new PrivacyEngine();
const rules: any[] = [blockRule, blockFieldRule, scrambleFieldRule];
privacyEngine.setRules(rules);
// this will mutate the message, blocking or scrambling certain fields
const result = privacyEngine.executeRules(sampleMessage);

Readme

Keywords

none

Package Sidebar

Install

npm i @aspecto/privacy-rules

Weekly Downloads

0

Version

0.0.10

License

ISC

Unpacked Size

31 kB

Total Files

33

Last publish

Collaborators

  • habmic
  • amir.aspecto
  • aspecto-release-bot
  • andriy-aspecto
  • yanivd