@envelop/operation-field-permissions
Version:
Disallow executing operations that select certain fields. Useful if you want to restrict the scope of certain public API users to a subset of the public GraphQL schema, without triggering execution (e.g. how [graphql-shield](https://github.com/maticzav/gr
109 lines (108 loc) • 4.77 kB
JavaScript
import { getNamedType, GraphQLError, isInterfaceType, isIntrospectionType, isObjectType, isUnionType, } from 'graphql';
import { useExtendContext } from '@envelop/core';
import { useExtendedValidation } from '@envelop/extended-validation';
import { handleMaybePromise } from '@whatwg-node/promise-helpers';
const OPERATION_PERMISSIONS_SYMBOL = Symbol('OPERATION_PERMISSIONS_SYMBOL');
/**
* Returns a set of type names that allow access to all fields in the type.
*/
const getWildcardTypes = (scope) => {
const wildcardTypes = new Set();
for (const item of scope) {
if (item.endsWith('*')) {
const [typeName] = item.split('.');
wildcardTypes.add(typeName);
}
}
return wildcardTypes;
};
const toSet = (input) => typeof input === 'string' ? new Set([input]) : input;
const getContext = (input) => {
if (typeof input !== 'object' || !input || !(OPERATION_PERMISSIONS_SYMBOL in input)) {
throw new Error('OperationScopeRule was used without context.');
}
return input[OPERATION_PERMISSIONS_SYMBOL];
};
/**
* Validate whether a user is allowed to execute a certain GraphQL operation.
*/
const OperationScopeRule = (options) => (context, executionArgs) => {
const permissionContext = getContext(executionArgs.contextValue);
const handleField = (node, objectType) => {
const schemaCoordinate = `${objectType.name}.${node.name.value}`;
if (!permissionContext.allowAll &&
!permissionContext.wildcardTypes.has(objectType.name) &&
!permissionContext.schemaCoordinates.has(schemaCoordinate)) {
// We should use GraphQLError once the object constructor lands in stable GraphQL.js
// and useMaskedErrors supports it.
const error = new GraphQLError(options.formatError(schemaCoordinate));
error.nodes = [node];
context.reportError(error);
}
};
return {
Field(node) {
const type = context.getType();
if (type) {
const namedType = getNamedType(type);
if (isIntrospectionType(namedType)) {
return false;
}
}
const parentType = context.getParentType();
if (parentType) {
if (isIntrospectionType(parentType)) {
return false;
}
// We handle objects, interface and union permissions differently.
// When accessing an an object field, we check simply run the check.
if (isObjectType(parentType)) {
handleField(node, parentType);
}
// To allow a union case, every type in the union has to be allowed/
// If one of the types doesn't permit access we should throw a validation error.
if (isUnionType(parentType)) {
for (const objectType of parentType.getTypes()) {
handleField(node, objectType);
}
}
// Same goes for interfaces. Every implementation should allow the access of the given
// field to pass the validation rule.
if (isInterfaceType(parentType)) {
for (const objectType of executionArgs.schema.getImplementations(parentType).objects) {
handleField(node, objectType);
}
}
}
return undefined;
},
};
};
const defaultFormatError = (schemaCoordinate) => `Insufficient permissions for selecting '${schemaCoordinate}'.`;
export const useOperationFieldPermissions = (opts) => {
return {
onPluginInit({ addPlugin }) {
addPlugin(useExtendedValidation({
rules: [
OperationScopeRule({
formatError: opts.formatError ?? defaultFormatError,
}),
],
}));
addPlugin(useExtendContext(context => handleMaybePromise(() => opts.getPermissions(context), permissions => {
// Schema coordinates is a set of type-name field-name strings that
// describe the position of a field in the schema.
const schemaCoordinates = toSet(permissions);
const wildcardTypes = getWildcardTypes(schemaCoordinates);
const scopeContext = {
schemaCoordinates,
wildcardTypes,
allowAll: schemaCoordinates.has('*'),
};
return {
[OPERATION_PERMISSIONS_SYMBOL]: scopeContext,
};
})));
},
};
};