@graphql-mesh/plugin-jwt-auth/cjs/index.js

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.extractFromHeader = exports.extractFromCookie = exports.createRemoteJwksSigningKeyProvider = exports.createInlineSigningKeyProvider = void 0;
exports.useForwardedJWT = useForwardedJWT;
exports.useJWT = useJWT;
const plugin_jwt_1 = require("@graphql-yoga/plugin-jwt");
var plugin_jwt_2 = require("@graphql-yoga/plugin-jwt");
Object.defineProperty(exports, "createInlineSigningKeyProvider", { enumerable: true, get: function () { return plugin_jwt_2.createInlineSigningKeyProvider; } });
Object.defineProperty(exports, "createRemoteJwksSigningKeyProvider", { enumerable: true, get: function () { return plugin_jwt_2.createRemoteJwksSigningKeyProvider; } });
Object.defineProperty(exports, "extractFromCookie", { enumerable: true, get: function () { return plugin_jwt_2.extractFromCookie; } });
Object.defineProperty(exports, "extractFromHeader", { enumerable: true, get: function () { return plugin_jwt_2.extractFromHeader; } });
/**
 * This Yoga plugin is used to extracted the forwarded (from Mesh gateway) the JWT token and claims.
 * Use this plugin in your Yoga server to extract the JWT token and claims from the forwarded extensions.
 */
function useForwardedJWT(config) {
    const extensionsJwtFieldName = config.extensionsFieldName ?? 'jwt';
    const extendContextFieldName = config.extendContextFieldName ?? 'jwt';
    return {
        onContextBuilding({ context, extendContext }) {
            if (context.params.extensions?.[extensionsJwtFieldName]) {
                const jwt = context.params.extensions[extensionsJwtFieldName];
                extendContext({
                    [extendContextFieldName]: jwt,
                });
            }
        },
    };
}
/**
 * This Mesh Gateway plugin is used to extract the JWT token and payload from the request and forward it to the subgraph.
 */
function useJWT(options) {
    const forwardPayload = options?.forward?.payload ?? true;
    const forwardToken = options?.forward?.token ?? false;
    const shouldForward = forwardPayload || forwardToken;
    const fieldName = options?.forward?.extensionsFieldName ?? 'jwt';
    return {
        onPluginInit({ addPlugin }) {
            // TODO: fix useYogaJWT typings to inherit the context
            addPlugin((0, plugin_jwt_1.useJWT)(options));
        },
        // When a subgraph is about to be executed, we check if the initial request has a JWT token
        // that needs to be passed. At the moment, only GraphQL subgraphs will have the option to forward tokens/payload.
        // The JWT info will be passed to the subgraph execution request.
        onSubgraphExecute({ executionRequest, subgraphName, setExecutionRequest, logger }) {
            if (shouldForward && executionRequest.context.jwt) {
                const jwtData = {
                    payload: forwardPayload ? executionRequest.context.jwt.payload : undefined,
                    token: forwardToken ? executionRequest.context.jwt.token : undefined,
                };
                logger.debug(`Forwarding JWT payload to subgraph ${subgraphName}, payload: `, jwtData.payload);
                setExecutionRequest({
                    ...executionRequest,
                    extensions: {
                        ...executionRequest.extensions,
                        [fieldName]: jwtData,
                    },
                });
            }
        },
    };
}
exports.default = useJWT;