policies and policy on resource structure in a good place

2026-06-16 04:16:52 +00:00 · 2026-06-07 12:19:33 -07:00
parent aa47f522ef
commit 3b675f7de1
36 changed files with 1579 additions and 1147 deletions
--- a/server/lib/validators.ts
+++ b/server/lib/validators.ts
@@ -1,5 +1,7 @@
 import z from "zod";
 import ipaddr from "ipaddr.js";
+import { COUNTRIES } from "@server/db/countries";
+import { isValidRegionId } from "@server/db/regions";

 export function isValidCIDR(cidr: string): boolean {
    return (
@@ -67,6 +69,45 @@ export function isValidUrlGlobPattern(pattern: string): boolean {
    return true;
 }

+export const RESOURCE_RULE_MATCH_TYPES = [
+    "CIDR",
+    "IP",
+    "PATH",
+    "COUNTRY",
+    "ASN",
+    "REGION"
+] as const;
+
+export type ResourceRuleMatchType = (typeof RESOURCE_RULE_MATCH_TYPES)[number];
+
+export function getResourceRuleValueValidationError(
+    match: ResourceRuleMatchType,
+    value: string
+): string | null {
+    switch (match) {
+        case "CIDR":
+            return isValidCIDR(value) ? null : "Invalid CIDR provided";
+        case "IP":
+            return isValidIP(value) ? null : "Invalid IP provided";
+        case "PATH":
+            return isValidUrlGlobPattern(value)
+                ? null
+                : "Invalid URL glob pattern provided";
+        case "REGION":
+            return isValidRegionId(value) ? null : "Invalid region ID provided";
+        case "COUNTRY":
+            return COUNTRIES.some((country) => country.code === value)
+                ? null
+                : "Invalid country code provided";
+        case "ASN":
+            return /^AS\d+$/i.test(value.trim())
+                ? null
+                : "Invalid ASN provided";
+        default:
+            return "Invalid rule match type provided";
+    }
+}
+
 export function isUrlValid(url: string | undefined) {
    if (!url) return true; // the link is optional in the schema so if it's empty it's valid
    var pattern = new RegExp(