UNPKG

@accounter/server

Version:
48 lines 1.78 kB
import { __decorate, __metadata } from "tslib"; import { GraphQLError } from 'graphql'; import { Injectable, Scope } from 'graphql-modules'; import { sql } from '@pgtyped/runtime'; import { TenantAwareDBClient } from '../../app-providers/tenant-db-client.js'; import { AuthContextProvider } from './auth-context.provider.js'; const getSuperAdminByAuth0Id = sql ` SELECT auth0_user_id FROM accounter_schema.super_admins WHERE auth0_user_id = $auth0UserId LIMIT 1; `; let SuperAdminProvider = class SuperAdminProvider { db; authContextProvider; constructor(db, authContextProvider) { this.db = db; this.authContextProvider = authContextProvider; } async isSuperAdmin(auth0UserId) { const rows = await getSuperAdminByAuth0Id.run({ auth0UserId }, this.db); return rows.length > 0; } async requireSuperAdmin() { const auth = await this.authContextProvider.getAuthContext(); const auth0UserId = auth?.user?.auth0UserId; const userId = auth?.user?.userId; if (!auth0UserId || !userId) { throw new GraphQLError('Authentication required', { extensions: { code: 'UNAUTHENTICATED' }, }); } const ok = await this.isSuperAdmin(auth0UserId); if (!ok) { throw new GraphQLError('Super-admin access required', { extensions: { code: 'FORBIDDEN' }, }); } return { userId, auth0UserId }; } }; SuperAdminProvider = __decorate([ Injectable({ scope: Scope.Operation, global: true }), __metadata("design:paramtypes", [TenantAwareDBClient, AuthContextProvider]) ], SuperAdminProvider); export { SuperAdminProvider }; //# sourceMappingURL=super-admin.provider.js.map