3de3c8cb36
- matrix-gateway: POST /internal/matrix/presence/online endpoint - usePresenceHeartbeat hook with activity tracking - Auto away after 5 min inactivity - Offline on page close/visibility change - Integrated in MatrixChatRoom component
101 lines
2.6 KiB
TypeScript
101 lines
2.6 KiB
TypeScript
/**
|
|
* PDP Service (MVP)
|
|
* Based on: pdp_access.md, core-services-mvp.md
|
|
*
|
|
* Responsibilities:
|
|
* - Centralized access decision making
|
|
* - Interpret policies from pdp_access.md
|
|
* - Provide simple API for other services
|
|
*/
|
|
|
|
import type { PdpRequest, PdpResponse, PolicyId, PdpContext } from '../../domain/pdp/policy.model';
|
|
import { policiesConfig } from './policies.config';
|
|
import { walletService } from '../wallet/wallet.service';
|
|
|
|
export class PdpService {
|
|
/**
|
|
* Check policy and return decision
|
|
*/
|
|
async check(
|
|
policyId: PolicyId,
|
|
resource: Record<string, unknown>,
|
|
context: PdpContext
|
|
): Promise<PdpResponse> {
|
|
const policy = policiesConfig[policyId];
|
|
|
|
if (!policy) {
|
|
return {
|
|
decision: 'deny',
|
|
reason: `Policy ${policyId} not found`,
|
|
};
|
|
}
|
|
|
|
// Evaluate policy conditions
|
|
const result = await this.evaluatePolicy(policy, resource, context);
|
|
|
|
return result;
|
|
}
|
|
|
|
private async evaluatePolicy(
|
|
policy: any,
|
|
resource: Record<string, unknown>,
|
|
context: PdpContext
|
|
): Promise<PdpResponse> {
|
|
// MVP: Simple evaluation
|
|
// Future: More complex condition evaluation
|
|
|
|
// Example: policy.dao.create
|
|
if (policy.id === 'policy.dao.create') {
|
|
const hasEnough = await walletService.hasEnoughForDaoCreate(context.userId || '');
|
|
if (!hasEnough) {
|
|
return {
|
|
decision: 'deny',
|
|
reason: 'INSUFFICIENT_BALANCE',
|
|
details: {
|
|
required: { DAAR: 1.0, DAARION: 0.01 },
|
|
},
|
|
};
|
|
}
|
|
return { decision: 'allow' };
|
|
}
|
|
|
|
// Example: policy.platform.create
|
|
if (policy.id === 'policy.platform.create') {
|
|
const hasEnough = await walletService.hasEnoughForPlatformCreate(context.userId || '');
|
|
if (!hasEnough) {
|
|
return {
|
|
decision: 'deny',
|
|
reason: 'INSUFFICIENT_BALANCE',
|
|
details: {
|
|
required: { DAARION: 1.0 },
|
|
},
|
|
};
|
|
}
|
|
return { decision: 'allow' };
|
|
}
|
|
|
|
// Example: policy.vendor.register
|
|
if (policy.id === 'policy.vendor.register') {
|
|
const hasEnough = await walletService.hasEnoughForVendorRegister(context.userId || '');
|
|
if (!hasEnough) {
|
|
return {
|
|
decision: 'deny',
|
|
reason: 'INSUFFICIENT_STAKED_DAARION',
|
|
details: {
|
|
required: { DAARION: 0.01 },
|
|
},
|
|
};
|
|
}
|
|
return { decision: 'allow' };
|
|
}
|
|
|
|
// Default: allow (for MVP, can be more restrictive later)
|
|
return { decision: 'allow' };
|
|
}
|
|
}
|
|
|
|
// Singleton instance
|
|
export const pdpService = new PdpService();
|
|
|
|
|