@aws-amplify/datastore

Version:

AppSyncLocal support for aws-amplify

aws-amplify.github.io

1 lines • 8.59 kB

Source Map (JSON)

{"version":3,"file":"multiAuthStrategy.mjs","sources":["../../../src/authModeStrategies/multiAuthStrategy.ts"],"sourcesContent":["// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.\n// SPDX-License-Identifier: Apache-2.0\nimport { fetchAuthSession } from '@aws-amplify/core';\nimport { ModelAttributeAuthAllow, ModelAttributeAuthProvider, } from '../types';\nfunction getProviderFromRule(rule) {\n // private with no provider means userPools\n if (rule.allow === 'private' && !rule.provider) {\n return ModelAttributeAuthProvider.USER_POOLS;\n }\n // public with no provider means apiKey\n if (rule.allow === 'public' && !rule.provider) {\n return ModelAttributeAuthProvider.API_KEY;\n }\n return rule.provider;\n}\nfunction sortAuthRulesWithPriority(rules) {\n const allowSortPriority = [\n ModelAttributeAuthAllow.CUSTOM,\n ModelAttributeAuthAllow.OWNER,\n ModelAttributeAuthAllow.GROUPS,\n ModelAttributeAuthAllow.PRIVATE,\n ModelAttributeAuthAllow.PUBLIC,\n ];\n const providerSortPriority = [\n ModelAttributeAuthProvider.FUNCTION,\n ModelAttributeAuthProvider.USER_POOLS,\n ModelAttributeAuthProvider.OIDC,\n ModelAttributeAuthProvider.IAM,\n ModelAttributeAuthProvider.API_KEY,\n ];\n return [...rules].sort((a, b) => {\n if (a.allow === b.allow) {\n return (providerSortPriority.indexOf(getProviderFromRule(a)) -\n providerSortPriority.indexOf(getProviderFromRule(b)));\n }\n return (allowSortPriority.indexOf(a.allow) - allowSortPriority.indexOf(b.allow));\n });\n}\nfunction getAuthRules({ rules, currentUser, }) {\n // Using Set to ensure uniqueness\n const authModes = new Set();\n rules.forEach(rule => {\n switch (rule.allow) {\n case ModelAttributeAuthAllow.CUSTOM:\n // custom with no provider -> function\n if (!rule.provider ||\n rule.provider === ModelAttributeAuthProvider.FUNCTION) {\n authModes.add('lambda');\n }\n break;\n case ModelAttributeAuthAllow.GROUPS:\n case ModelAttributeAuthAllow.OWNER: {\n // We shouldn't attempt User Pool or OIDC if there isn't an authenticated user\n if (currentUser) {\n if (rule.provider === ModelAttributeAuthProvider.USER_POOLS) {\n authModes.add('userPool');\n }\n else if (rule.provider === ModelAttributeAuthProvider.OIDC) {\n authModes.add('oidc');\n }\n }\n break;\n }\n case ModelAttributeAuthAllow.PRIVATE: {\n // We shouldn't attempt private if there isn't an authenticated user\n if (currentUser) {\n // private with no provider means userPools\n if (!rule.provider ||\n rule.provider === ModelAttributeAuthProvider.USER_POOLS) {\n authModes.add('userPool');\n }\n else if (rule.provider === ModelAttributeAuthProvider.IAM) {\n authModes.add('iam');\n }\n }\n break;\n }\n case ModelAttributeAuthAllow.PUBLIC: {\n if (rule.provider === ModelAttributeAuthProvider.IAM) {\n authModes.add('iam');\n }\n else if (!rule.provider ||\n rule.provider === ModelAttributeAuthProvider.API_KEY) {\n // public with no provider means apiKey\n authModes.add('apiKey');\n }\n break;\n }\n default:\n break;\n }\n });\n return Array.from(authModes);\n}\n/**\n * Returns an array of auth modes to try based on the schema, model, and\n * authenticated user (or lack thereof). Rules are sourced from `getAuthRules`\n * and returned in the order they ought to be attempted.\n *\n * @see sortAuthRulesWithPriority\n * @see getAuthRules\n *\n * @param param0 The `{schema, modelName}` to inspect.\n * @returns A sorted array of auth modes to attempt.\n */\nexport const multiAuthStrategy = () => async ({ schema, modelName }) => {\n let currentUser;\n try {\n const authSession = await fetchAuthSession();\n if (authSession.tokens.accessToken) {\n // the user is authenticated\n currentUser = authSession;\n }\n }\n catch (e) {\n // No current user\n }\n const { attributes } = schema.namespaces.user.models[modelName];\n if (attributes) {\n const authAttribute = attributes.find(attr => attr.type === 'auth');\n if (authAttribute?.properties?.rules) {\n const sortedRules = sortAuthRulesWithPriority(authAttribute.properties.rules);\n return getAuthRules({ currentUser, rules: sortedRules });\n }\n }\n return [];\n};\n"],"names":[],"mappings":";;;AAAA;AACA;AAGA,SAAS,mBAAmB,CAAC,IAAI,EAAE;AACnC;AACA,IAAI,IAAI,IAAI,CAAC,KAAK,KAAK,SAAS,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE;AACpD,QAAQ,OAAO,0BAA0B,CAAC,UAAU;AACpD,IAAI;AACJ;AACA,IAAI,IAAI,IAAI,CAAC,KAAK,KAAK,QAAQ,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE;AACnD,QAAQ,OAAO,0BAA0B,CAAC,OAAO;AACjD,IAAI;AACJ,IAAI,OAAO,IAAI,CAAC,QAAQ;AACxB;AACA,SAAS,yBAAyB,CAAC,KAAK,EAAE;AAC1C,IAAI,MAAM,iBAAiB,GAAG;AAC9B,QAAQ,uBAAuB,CAAC,MAAM;AACtC,QAAQ,uBAAuB,CAAC,KAAK;AACrC,QAAQ,uBAAuB,CAAC,MAAM;AACtC,QAAQ,uBAAuB,CAAC,OAAO;AACvC,QAAQ,uBAAuB,CAAC,MAAM;AACtC,KAAK;AACL,IAAI,MAAM,oBAAoB,GAAG;AACjC,QAAQ,0BAA0B,CAAC,QAAQ;AAC3C,QAAQ,0BAA0B,CAAC,UAAU;AAC7C,QAAQ,0BAA0B,CAAC,IAAI;AACvC,QAAQ,0BAA0B,CAAC,GAAG;AACtC,QAAQ,0BAA0B,CAAC,OAAO;AAC1C,KAAK;AACL,IAAI,OAAO,CAAC,GAAG,KAAK,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,KAAK;AACrC,QAAQ,IAAI,CAAC,CAAC,KAAK,KAAK,CAAC,CAAC,KAAK,EAAE;AACjC,YAAY,QAAQ,oBAAoB,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC,CAAC,CAAC;AACxE,gBAAgB,oBAAoB,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC,CAAC,CAAC;AACpE,QAAQ;AACR,QAAQ,QAAQ,iBAAiB,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,iBAAiB,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC;AACvF,IAAI,CAAC,CAAC;AACN;AACA,SAAS,YAAY,CAAC,EAAE,KAAK,EAAE,WAAW,GAAG,EAAE;AAC/C;AACA,IAAI,MAAM,SAAS,GAAG,IAAI,GAAG,EAAE;AAC/B,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,IAAI;AAC1B,QAAQ,QAAQ,IAAI,CAAC,KAAK;AAC1B,YAAY,KAAK,uBAAuB,CAAC,MAAM;AAC/C;AACA,gBAAgB,IAAI,CAAC,IAAI,CAAC,QAAQ;AAClC,oBAAoB,IAAI,CAAC,QAAQ,KAAK,0BAA0B,CAAC,QAAQ,EAAE;AAC3E,oBAAoB,SAAS,CAAC,GAAG,CAAC,QAAQ,CAAC;AAC3C,gBAAgB;AAChB,gBAAgB;AAChB,YAAY,KAAK,uBAAuB,CAAC,MAAM;AAC/C,YAAY,KAAK,uBAAuB,CAAC,KAAK,EAAE;AAChD;AACA,gBAAgB,IAAI,WAAW,EAAE;AACjC,oBAAoB,IAAI,IAAI,CAAC,QAAQ,KAAK,0BAA0B,CAAC,UAAU,EAAE;AACjF,wBAAwB,SAAS,CAAC,GAAG,CAAC,UAAU,CAAC;AACjD,oBAAoB;AACpB,yBAAyB,IAAI,IAAI,CAAC,QAAQ,KAAK,0BAA0B,CAAC,IAAI,EAAE;AAChF,wBAAwB,SAAS,CAAC,GAAG,CAAC,MAAM,CAAC;AAC7C,oBAAoB;AACpB,gBAAgB;AAChB,gBAAgB;AAChB,YAAY;AACZ,YAAY,KAAK,uBAAuB,CAAC,OAAO,EAAE;AAClD;AACA,gBAAgB,IAAI,WAAW,EAAE;AACjC;AACA,oBAAoB,IAAI,CAAC,IAAI,CAAC,QAAQ;AACtC,wBAAwB,IAAI,CAAC,QAAQ,KAAK,0BAA0B,CAAC,UAAU,EAAE;AACjF,wBAAwB,SAAS,CAAC,GAAG,CAAC,UAAU,CAAC;AACjD,oBAAoB;AACpB,yBAAyB,IAAI,IAAI,CAAC,QAAQ,KAAK,0BAA0B,CAAC,GAAG,EAAE;AAC/E,wBAAwB,SAAS,CAAC,GAAG,CAAC,KAAK,CAAC;AAC5C,oBAAoB;AACpB,gBAAgB;AAChB,gBAAgB;AAChB,YAAY;AACZ,YAAY,KAAK,uBAAuB,CAAC,MAAM,EAAE;AACjD,gBAAgB,IAAI,IAAI,CAAC,QAAQ,KAAK,0BAA0B,CAAC,GAAG,EAAE;AACtE,oBAAoB,SAAS,CAAC,GAAG,CAAC,KAAK,CAAC;AACxC,gBAAgB;AAChB,qBAAqB,IAAI,CAAC,IAAI,CAAC,QAAQ;AACvC,oBAAoB,IAAI,CAAC,QAAQ,KAAK,0BAA0B,CAAC,OAAO,EAAE;AAC1E;AACA,oBAAoB,SAAS,CAAC,GAAG,CAAC,QAAQ,CAAC;AAC3C,gBAAgB;AAChB,gBAAgB;AAChB,YAAY;AAGZ;AACA,IAAI,CAAC,CAAC;AACN,IAAI,OAAO,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC;AAChC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACY,MAAC,iBAAiB,GAAG,MAAM,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,KAAK;AACxE,IAAI,IAAI,WAAW;AACnB,IAAI,IAAI;AACR,QAAQ,MAAM,WAAW,GAAG,MAAM,gBAAgB,EAAE;AACpD,QAAQ,IAAI,WAAW,CAAC,MAAM,CAAC,WAAW,EAAE;AAC5C;AACA,YAAY,WAAW,GAAG,WAAW;AACrC,QAAQ;AACR,IAAI;AACJ,IAAI,OAAO,CAAC,EAAE;AACd;AACA,IAAI;AACJ,IAAI,MAAM,EAAE,UAAU,EAAE,GAAG,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC;AACnE,IAAI,IAAI,UAAU,EAAE;AACpB,QAAQ,MAAM,aAAa,GAAG,UAAU,CAAC,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,KAAK,MAAM,CAAC;AAC3E,QAAQ,IAAI,aAAa,EAAE,UAAU,EAAE,KAAK,EAAE;AAC9C,YAAY,MAAM,WAAW,GAAG,yBAAyB,CAAC,aAAa,CAAC,UAAU,CAAC,KAAK,CAAC;AACzF,YAAY,OAAO,YAAY,CAAC,EAAE,WAAW,EAAE,KAAK,EAAE,WAAW,EAAE,CAAC;AACpE,QAAQ;AACR,IAAI;AACJ,IAAI,OAAO,EAAE;AACb;;;;"}