#!/usr/bin/env node import db from '../src/db/models/index.ts'; import AccessPolicyAuditService from '../src/services/access-policy-audit.ts'; import type { AccessPolicyAuditReport, PublicAccessHardeningSummary, } from '../src/types/index.ts'; const shouldFix = process.argv.includes('--fix'); const EXIT_TIMEOUT_MS = 1500; function summarizeReport( report: AccessPolicyAuditReport, ): PublicAccessHardeningSummary { return { publicRolePermissions: report.publicRolePermissions.length, publicUsersWithCustomPermissions: report.publicUsersWithCustomPermissions.length, productionPresentationAccessForNonPublicUsers: report.productionPresentationAccessForNonPublicUsers.length, }; } function logJson(value: unknown): void { console.log(JSON.stringify(value, null, 2)); } function logError(error: unknown): void { console.error(error); } async function main(): Promise { if (shouldFix) { const result = await db.sequelize.transaction((transaction) => AccessPolicyAuditService.cleanupViolations({ transaction }), ); logJson({ fixed: true, summary: { removedPublicRolePermissions: result.removedPublicRolePermissions, clearedPublicUserCustomPermissions: result.clearedPublicUserCustomPermissions, removedNonPublicProductionPresentationGrants: result.removedNonPublicProductionPresentationGrants, }, }); return; } const report = await AccessPolicyAuditService.findViolations(); const hasViolations = AccessPolicyAuditService.hasViolations(report); logJson({ ok: !hasViolations, summary: summarizeReport(report), report, }); if (hasViolations) { process.exitCode = 1; } } main() .catch((error) => { logError(error); process.exitCode = 1; }) .finally(async () => { try { await Promise.race([ db.sequelize.close(), new Promise((resolve) => setTimeout(resolve, EXIT_TIMEOUT_MS)), ]); } finally { process.exit(process.exitCode || 0); } });