@accounter/server
Version:
Accounter GraphQL server
48 lines • 1.78 kB
JavaScript
import { __decorate, __metadata } from "tslib";
import { GraphQLError } from 'graphql';
import { Injectable, Scope } from 'graphql-modules';
import { sql } from '@pgtyped/runtime';
import { TenantAwareDBClient } from '../../app-providers/tenant-db-client.js';
import { AuthContextProvider } from './auth-context.provider.js';
const getSuperAdminByAuth0Id = sql `
SELECT auth0_user_id
FROM accounter_schema.super_admins
WHERE auth0_user_id = $auth0UserId
LIMIT 1;
`;
let SuperAdminProvider = class SuperAdminProvider {
db;
authContextProvider;
constructor(db, authContextProvider) {
this.db = db;
this.authContextProvider = authContextProvider;
}
async isSuperAdmin(auth0UserId) {
const rows = await getSuperAdminByAuth0Id.run({ auth0UserId }, this.db);
return rows.length > 0;
}
async requireSuperAdmin() {
const auth = await this.authContextProvider.getAuthContext();
const auth0UserId = auth?.user?.auth0UserId;
const userId = auth?.user?.userId;
if (!auth0UserId || !userId) {
throw new GraphQLError('Authentication required', {
extensions: { code: 'UNAUTHENTICATED' },
});
}
const ok = await this.isSuperAdmin(auth0UserId);
if (!ok) {
throw new GraphQLError('Super-admin access required', {
extensions: { code: 'FORBIDDEN' },
});
}
return { userId, auth0UserId };
}
};
SuperAdminProvider = __decorate([
Injectable({ scope: Scope.Operation, global: true }),
__metadata("design:paramtypes", [TenantAwareDBClient,
AuthContextProvider])
], SuperAdminProvider);
export { SuperAdminProvider };
//# sourceMappingURL=super-admin.provider.js.map