feat: modular domain driven boilerplate

2025-09-22 01:29:55 +02:00
parent 2433f59d1a
commit 9be3230c84
160 changed files with 2468 additions and 1525 deletions
--- a/platform/cerbos/client.ts
+++ b/platform/cerbos/client.ts
@@ -0,0 +1,8 @@
+import { HTTP } from "@cerbos/http";
+
+export const cerbos = new HTTP("http://localhost:3592", {
+  adminCredentials: {
+    username: "cerbos",
+    password: "cerbosAdmin",
+  },
+});
--- a/platform/cerbos/config.yaml
+++ b/platform/cerbos/config.yaml
@@ -0,0 +1,14 @@
+server:
+  adminAPI:
+    enabled: true
+    adminCredentials:
+      username: cerbos
+      passwordHash: JDJ5JDEwJDc5VzBkQ0NUWHFTT3N1OW9xZkx5ZC43M0tuM0JBSTU0dVRsMVBkOEtuYVBCaWFzVXk5d0phCgo=
+  httpListenAddr: ":3592"
+  grpcListenAddr: ":3593"
+
+storage:
+  driver: disk
+  disk:
+    directory: /data/policies
+    watchForChanges: true
--- a/platform/cerbos/package.json
+++ b/platform/cerbos/package.json
@@ -0,0 +1,10 @@
+{
+  "name": "@platform/cerbos",
+  "version": "0.0.0",
+  "private": true,
+  "type": "module",
+  "dependencies": {
+    "@cerbos/http": "0.23.1",
+    "@valkyr/auth": "npm:@jsr/valkyr__auth@2.1.4"
+  }
+}
--- a/platform/cerbos/policies/identity.yaml
+++ b/platform/cerbos/policies/identity.yaml
@@ -0,0 +1,47 @@
+# yaml-language-server: $schema=https://api.cerbos.dev/latest/cerbos/policy/v1/Policy.schema.json
+# docs: https://docs.cerbos.dev/cerbos/latest/policies/resource_policies
+
+apiVersion: api.cerbos.dev/v1
+resourcePolicy:
+  resource: identity
+  version: default
+  rules:
+
+    ### Read
+
+    - actions:
+        - read
+      effect: EFFECT_ALLOW
+      roles:
+        - admin
+
+    - actions:
+        - read
+      effect: EFFECT_ALLOW
+      roles:
+        - user
+      condition:
+        match:
+          expr: request.resource.id == request.principal.id
+
+    ### Update
+
+    - actions:
+        - update
+      effect: EFFECT_ALLOW
+      roles:
+        - user
+      condition:
+        match:
+          expr: request.resource.id == request.principal.id
+
+    ### Delete
+    
+    - actions:
+        - delete
+      effect: EFFECT_ALLOW
+      roles:
+        - user
+      condition:
+        match:
+          expr: request.resource.id == request.principal.id
--- a/platform/cerbos/resources.ts
+++ b/platform/cerbos/resources.ts
@@ -0,0 +1,10 @@
+import { ResourceRegistry } from "@valkyr/auth";
+
+export const resources = new ResourceRegistry([
+  {
+    kind: "identity",
+    attr: {},
+  },
+] as const);
+
+export type Resource = typeof resources.$resource;