@envelop/operation-field-permissions/cjs/index.js

Disallow executing operations that select certain fields. Useful if you want to restrict the scope of certain public API users to a subset of the public GraphQL schema, without triggering execution (e.g. how [graphql-shield](https://github.com/maticzav/gr

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.useOperationFieldPermissions = void 0;
const graphql_1 = require("graphql");
const core_1 = require("@envelop/core");
const extended_validation_1 = require("@envelop/extended-validation");
const promise_helpers_1 = require("@whatwg-node/promise-helpers");
const OPERATION_PERMISSIONS_SYMBOL = Symbol('OPERATION_PERMISSIONS_SYMBOL');
/**
 * Returns a set of type names that allow access to all fields in the type.
 */
const getWildcardTypes = (scope) => {
    const wildcardTypes = new Set();
    for (const item of scope) {
        if (item.endsWith('*')) {
            const [typeName] = item.split('.');
            wildcardTypes.add(typeName);
        }
    }
    return wildcardTypes;
};
const toSet = (input) => typeof input === 'string' ? new Set([input]) : input;
const getContext = (input) => {
    if (typeof input !== 'object' || !input || !(OPERATION_PERMISSIONS_SYMBOL in input)) {
        throw new Error('OperationScopeRule was used without context.');
    }
    return input[OPERATION_PERMISSIONS_SYMBOL];
};
/**
 * Validate whether a user is allowed to execute a certain GraphQL operation.
 */
const OperationScopeRule = (options) => (context, executionArgs) => {
    const permissionContext = getContext(executionArgs.contextValue);
    const handleField = (node, objectType) => {
        const schemaCoordinate = `${objectType.name}.${node.name.value}`;
        if (!permissionContext.allowAll &&
            !permissionContext.wildcardTypes.has(objectType.name) &&
            !permissionContext.schemaCoordinates.has(schemaCoordinate)) {
            // We should use GraphQLError once the object constructor lands in stable GraphQL.js
            // and useMaskedErrors supports it.
            const error = new graphql_1.GraphQLError(options.formatError(schemaCoordinate));
            error.nodes = [node];
            context.reportError(error);
        }
    };
    return {
        Field(node) {
            const type = context.getType();
            if (type) {
                const namedType = (0, graphql_1.getNamedType)(type);
                if ((0, graphql_1.isIntrospectionType)(namedType)) {
                    return false;
                }
            }
            const parentType = context.getParentType();
            if (parentType) {
                if ((0, graphql_1.isIntrospectionType)(parentType)) {
                    return false;
                }
                // We handle objects, interface and union permissions differently.
                // When accessing an an object field, we check simply run the check.
                if ((0, graphql_1.isObjectType)(parentType)) {
                    handleField(node, parentType);
                }
                // To allow a union case, every type in the union has to be allowed/
                // If one of the types doesn't permit access we should throw a validation error.
                if ((0, graphql_1.isUnionType)(parentType)) {
                    for (const objectType of parentType.getTypes()) {
                        handleField(node, objectType);
                    }
                }
                // Same goes for interfaces. Every implementation should allow the access of the given
                // field to pass the validation rule.
                if ((0, graphql_1.isInterfaceType)(parentType)) {
                    for (const objectType of executionArgs.schema.getImplementations(parentType).objects) {
                        handleField(node, objectType);
                    }
                }
            }
            return undefined;
        },
    };
};
const defaultFormatError = (schemaCoordinate) => `Insufficient permissions for selecting '${schemaCoordinate}'.`;
const useOperationFieldPermissions = (opts) => {
    return {
        onPluginInit({ addPlugin }) {
            addPlugin((0, extended_validation_1.useExtendedValidation)({
                rules: [
                    OperationScopeRule({
                        formatError: opts.formatError ?? defaultFormatError,
                    }),
                ],
            }));
            addPlugin((0, core_1.useExtendContext)(context => (0, promise_helpers_1.handleMaybePromise)(() => opts.getPermissions(context), permissions => {
                // Schema coordinates is a set of type-name field-name strings that
                // describe the position of a field in the schema.
                const schemaCoordinates = toSet(permissions);
                const wildcardTypes = getWildcardTypes(schemaCoordinates);
                const scopeContext = {
                    schemaCoordinates,
                    wildcardTypes,
                    allowAll: schemaCoordinates.has('*'),
                };
                return {
                    [OPERATION_PERMISSIONS_SYMBOL]: scopeContext,
                };
            })));
        },
    };
};
exports.useOperationFieldPermissions = useOperationFieldPermissions;