governance apis for getApplicableRulesForUserId (#110)

* add getApplicationUserRules

* refactored code to be more concise.

* expose the methods on top level.

* added unit test for governance check

* bump version

* bump version.

* Update lib/governanceRulesManager.js

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

---------

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

Author: xinghengwang

lib/governanceRulesManager.js

@@ -200,6 +200,40 @@ function modifyResponseForOneRule(rule, responseHolder, mergeTagValues) {
   return responseHolder;
 }
 
+// Internal helper to compute applicable rules based only on cohort membership and applied_to.
+// Logic (ignoring regex):
+//  - If entity (user/company) is in rule cohort and rule.applied_to !== 'not_matching' -> include.
+//  - If entity NOT in rule cohort and rule.applied_to === 'not_matching' -> include.
+function getApplicableRulesByCohortOnly(configRuleValues, rulesHashByRuleId, logger) {
+  const rulesEntityInCohortHash = {};
+  const applicable = [];
+
+  if (Array.isArray(configRuleValues) && configRuleValues.length > 0) {
+    configRuleValues.forEach(function (entry) {
+      const ruleId = entry.rules;
+      rulesEntityInCohortHash[ruleId] = true;
+      const rule = rulesHashByRuleId[ruleId];
+      if (!rule) {
+        if (logger) logger('rule not found for rule id from config: ' + ruleId + '. It could be deleted.');
+        return;
+      }
+      if (rule.applied_to === 'not_matching') {
+        // entity is in cohort; rule applies only to those NOT in cohort -> skip
+        return;
+      }
+      applicable.push(rule);
+    });
+  }
+
+  Object.values(rulesHashByRuleId).forEach(function (rule) {
+    if (rule.applied_to === 'not_matching' && !rulesEntityInCohortHash[rule._id]) {
+      applicable.push(rule);
+    }
+  });
+
+  return applicable;
+}
+
 /**
  *
  * @type Class
@@ -352,66 +386,16 @@ GovernanceRulesManager.prototype._getApplicableUserRules = function (
   requestBody,
   requestHeaders
 ) {
-  const self = this;
-
-  const applicableRules = [];
-  const rulesThatUserIsInCohortHash = {};
-
-  const userRulesHashByRuleId = this.userRulesHashByRuleId;
-
-  // handle if user is in cohort.
-  // if user is in a rule's cohort, the data is from config_rule_rules_values
-  if (Array.isArray(configUserRulesValues) && configUserRulesValues.length > 0) {
-    configUserRulesValues.forEach(function (entry) {
-      const ruleId = entry.rules;
-
-      // cache the fact current user is in the cohort of this rule.
-      rulesThatUserIsInCohortHash[ruleId] = true;
-
-      const foundRule = userRulesHashByRuleId[ruleId];
-      if (!foundRule) {
-        // skip not found, but shouldn't be the case here.
-        self.log('rule not found for rule id from config' + ruleId);
-        return;
-      }
-
-      const regexMatched = doesRegexConfigMatch(
-        foundRule.regex_config,
-        requestFields,
-        requestBody,
-        requestHeaders
-      );
-
-      if (!regexMatched) {
-        // skipping because regex didn't not match.
-        return;
-      }
-
-      if (foundRule.applied_to === 'not_matching') {
-        // skipping because rule is apply to those not in cohort.
-        return;
-      } else {
-        applicableRules.push(foundRule);
-      }
-    });
-  }
-
-  // handle if rule is not matching and user is not in the cohort.
-  Object.values(userRulesHashByRuleId).forEach((rule) => {
-    if (rule.applied_to === 'not_matching' && !rulesThatUserIsInCohortHash[rule._id]) {
-      const regexMatched = doesRegexConfigMatch(
-        rule.regex_config,
-        requestFields,
-        requestBody,
-        requestHeaders
-      );
-      if (regexMatched) {
-        applicableRules.push(rule);
-      }
-    }
-  });
-
-  return applicableRules;
+  // Use cohort-only helper then apply regex filtering identical to original behavior.
+  const userRulesHashByRuleId = this.userRulesHashByRuleId || {};
+  const cohortCandidates = getApplicableRulesByCohortOnly(
+    configUserRulesValues,
+    userRulesHashByRuleId,
+    (msg) => this.log(msg)
+  );
+  return cohortCandidates.filter((rule) =>
+    doesRegexConfigMatch(rule.regex_config, requestFields, requestBody, requestHeaders)
+  );
 };
 
 GovernanceRulesManager.prototype._getApplicableCompanyRules = function (
@@ -420,65 +404,15 @@ GovernanceRulesManager.prototype._getApplicableCompanyRules = function (
   requestBody,
   requestHeaders
 ) {
-  const applicableRules = [];
-  const rulesThatCompanyIsInCohortHash = {};
-  const self = this;
-
-  const rulesHashByRuleId = this.companyRulesHashByRuleId;
-
-  // handle if company is in cohort.
-  // if company is in a rule's cohort, the data is from config_rules_values
-  if (Array.isArray(configCompanyRulesValues) && configCompanyRulesValues.length > 0) {
-    configCompanyRulesValues.forEach(function (entry) {
-      const ruleId = entry.rules;
-
-      // cache the fact current company is in the cohort of this rule.
-      rulesThatCompanyIsInCohortHash[ruleId] = true;
-
-      const foundRule = rulesHashByRuleId[ruleId];
-      if (!foundRule) {
-        // skip not found, but shouldn't be the case here.
-        self.log('rule not found for rule id from config' + ruleId);
-        return;
-      }
-
-      const regexMatched = doesRegexConfigMatch(
-        foundRule.regex_config,
-        requestFields,
-        requestBody,
-        requestHeaders
-      );
-
-      if (!regexMatched) {
-        // skipping because regex didn't not match.
-        return;
-      }
-
-      if (foundRule.applied_to === 'not_matching') {
-        // skipping because rule is apply to those not in cohort.
-        return;
-      } else {
-        applicableRules.push(foundRule);
-      }
-    });
-  }
-
-  //  company is not in cohort, and if rule is not matching we apply the rule.
-  Object.values(rulesHashByRuleId).forEach((rule) => {
-    if (rule.applied_to === 'not_matching' && !rulesThatCompanyIsInCohortHash[rule._id]) {
-      const regexMatched = doesRegexConfigMatch(
-        rule.regex_config,
-        requestFields,
-        requestBody,
-        requestHeaders
-      );
-      if (regexMatched) {
-        applicableRules.push(rule);
-      }
-    }
-  });
-
-  return applicableRules;
+  const companyRulesHashByRuleId = this.companyRulesHashByRuleId || {};
+  const cohortCandidates = getApplicableRulesByCohortOnly(
+    configCompanyRulesValues,
+    companyRulesHashByRuleId,
+    (msg) => this.log(msg)
+  );
+  return cohortCandidates.filter((rule) =>
+    doesRegexConfigMatch(rule.regex_config, requestFields, requestBody, requestHeaders)
+  );
 };
 
 GovernanceRulesManager.prototype.applyRuleList = function (
@@ -552,11 +486,10 @@ GovernanceRulesManager.prototype.governInternal = function (
       responseHolder = this.applyRuleList(anonCompanyRules, responseHolder);
     } else {
       const configCompanyRulesValues = safeGet(safeGet(config, 'company_rules'), companyId);
-      const idCompanyRules = this._getApplicableCompanyRules(
-        configCompanyRulesValues,
-        requestFields,
-        requestBody,
-        requestHeaders
+      // Get cohort-based list using new public helper then filter by regex for current request context.
+      const companyCohortCandidates = this.getApplicableRulesForCompanyId(companyId, config);
+      const idCompanyRules = companyCohortCandidates.filter((rule) =>
+        doesRegexConfigMatch(rule.regex_config, requestFields, requestBody, requestHeaders)
       );
       responseHolder = this.applyRuleList(idCompanyRules, responseHolder, configCompanyRulesValues);
     }
@@ -570,11 +503,10 @@ GovernanceRulesManager.prototype.governInternal = function (
       responseHolder = this.applyRuleList(anonUserRules, responseHolder);
     } else {
       const configUserRulesValues = safeGet(safeGet(config, 'user_rules'), userId);
-      const idUserRules = this._getApplicableUserRules(
-        configUserRulesValues,
-        requestFields,
-        requestBody,
-        requestHeaders
+      // Cohort-only then regex filter for current request context.
+      const userCohortCandidates = this.getApplicableRulesForUserId(userId, config);
+      const idUserRules = userCohortCandidates.filter((rule) =>
+        doesRegexConfigMatch(rule.regex_config, requestFields, requestBody, requestHeaders)
       );
       responseHolder = this.applyRuleList(idUserRules, responseHolder, configUserRulesValues);
     }
@@ -641,4 +573,50 @@ GovernanceRulesManager.prototype.governRequest = function (config, userId, compa
   );
 };
 
+/**
+ * Return all user rules applicable for the given userId based solely on cohort membership
+ * (config user_rules values) and the rule's applied_to property. Ignores request fields,
+ * body, headers, and regex matching. Logic:
+ *  - If user is in a rule cohort and rule.applied_to !== 'not_matching' -> include.
+ *  - If user is NOT in a rule cohort and rule.applied_to === 'not_matching' -> include.
+ * @param {String} userId
+ * @param {Object} config Full config object containing user_rules hash
+ * @returns {Array<Object>} array of rule objects applicable to the userId
+ */
+GovernanceRulesManager.prototype.getApplicableRulesForUserId = function (userId, config) {
+  if (isNil(userId)) {
+    return [];
+  }
+  const userRulesHashByRuleId = this.userRulesHashByRuleId || {};
+  const configUserRulesValues = safeGet(safeGet(config, 'user_rules'), userId);
+  return getApplicableRulesByCohortOnly(
+    configUserRulesValues,
+    userRulesHashByRuleId,
+    (msg) => this.log(msg)
+  );
+};
+
+/**
+ * Return all company rules applicable for the given companyId based solely on cohort membership
+ * (config company_rules values) and the rule's applied_to property. Ignores request fields,
+ * body, headers, and regex matching. Logic:
+ *  - If company is in a rule cohort and rule.applied_to !== 'not_matching' -> include.
+ *  - If company is NOT in a rule cohort and rule.applied_to === 'not_matching' -> include.
+ * @param {String} companyId
+ * @param {Object} config Full config object containing company_rules hash
+ * @returns {Array<Object>} array of rule objects applicable to the companyId
+ */
+GovernanceRulesManager.prototype.getApplicableRulesForCompanyId = function (companyId, config) {
+  if (isNil(companyId)) {
+    return [];
+  }
+  const companyRulesHashByRuleId = this.companyRulesHashByRuleId || {};
+  const configCompanyRulesValues = safeGet(safeGet(config, 'company_rules'), companyId);
+  return getApplicableRulesByCohortOnly(
+    configCompanyRulesValues,
+    companyRulesHashByRuleId,
+    (msg) => this.log(msg)
+  );
+};
+
 module.exports = new GovernanceRulesManager();

lib/index.js

@@ -111,7 +111,7 @@ function makeMoesifMiddleware(options) {
    * @type {string}
    */
   config.ApplicationId = options.applicationId || options.ApplicationId;
-  config.UserAgent = 'moesif-nodejs/' + '3.10.0';
+  config.UserAgent = 'moesif-nodejs/' + '3.11.0';
   config.BaseUri = options.baseUri || options.BaseUri || config.BaseUri;
   // default retry to 1.
   config.retry = isNil(options.retry) ? 1 : options.retry;
@@ -878,6 +878,32 @@ function makeMoesifMiddleware(options) {
     }
   };
 
+  // Expose governance rule helpers using internally cached config
+  moesifMiddleware.getApplicableRulesForUserId = function (userId) {
+    // refresh config/rules opportunistically
+    moesifConfigManager.tryGetConfig();
+    governanceRulesManager.tryGetRules();
+    if (!governanceRulesManager.hasRules()) {
+      return [];
+    }
+    return governanceRulesManager.getApplicableRulesForUserId(
+      ensureToString(userId),
+      moesifConfigManager._config
+    );
+  };
+
+  moesifMiddleware.getApplicableRulesForCompanyId = function (companyId) {
+    moesifConfigManager.tryGetConfig();
+    governanceRulesManager.tryGetRules();
+    if (!governanceRulesManager.hasRules()) {
+      return [];
+    }
+    return governanceRulesManager.getApplicableRulesForCompanyId(
+      ensureToString(companyId),
+      moesifConfigManager._config
+    );
+  };
+
   logMessage(options.debug, 'moesifInitiator', 'returning moesifMiddleware Function');
   return moesifMiddleware;
 }

package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "moesif-nodejs",
-  "version": "3.10.0",
+  "version": "3.11.0",
   "description": "Monitoring agent to log API calls to Moesif for deep API analytics",
   "main": "lib/index.js",
   "typings": "dist/index.d.ts",