@accounter/server
Version:
Accounter GraphQL server
38 lines (37 loc) • 1.51 kB
TypeScript
import type { RawAuth } from '../../../plugins/auth-plugin.js';
import type { AuthContext } from '../../../shared/types/auth.js';
import type { Environment } from '../../../shared/types/index.js';
import { DBProvider } from '../../app-providers/db.provider.js';
type QueryableDB = Pick<DBProvider, 'query'>;
export declare function handleDevBypassAuth(db: QueryableDB, userId: string): Promise<AuthContext | null>;
export declare class AuthContextProvider {
private env;
private rawAuth;
private db;
private cachedContext;
private handlingAuth;
constructor(env: Environment, rawAuth: RawAuth, db: DBProvider);
getJwtIdentity(): Promise<{
auth0UserId: string;
email: string | null;
emailVerified: boolean;
} | null>;
getAuthContext(): Promise<AuthContext | null>;
/**
* Resolve the request's read scope and attach it to the context.
*
* - Defaults to every business the user belongs to.
* - When a valid `X-Business-Scope` header is present, narrows to that subset;
* rejects (returns null) if it requests a business outside the memberships
* or if the header was malformed.
* - API keys are pinned to their single business and ignore the header.
*/
private applyRequestedReadScope;
private handleDevBypassAuth;
private handleApiKeyAuth;
private resolveApiKeyContext;
private handleGatewayControlPlaneAuth;
private handleJwtAuth;
private mapAuth0UserToLocal;
}
export {};