@netlify/content-engine/dist/schema/extensions/auth-labels.js

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.checkAuthLabelsForResolver = checkAuthLabelsForResolver;
const graphql_1 = require("graphql");
function checkAuthLabelsForResolver(context, info) {
    const thisField = info.parentType?.getFields?.()?.[info.fieldName];
    const fieldAuthorizationLabels = thisField?.extensions?.authorization?.labels || [];
    const typeName = (0, graphql_1.getNamedType)(thisField?.type || info.returnType)?.name;
    // for some reason the GraphQLSchema instance loses all custom type directives on object types.
    // so I've resorted to passing the graphql-compose schema composer in context... this may be a bad idea but I don't know for sure
    const type = context.schemaComposer?.getAnyTC(typeName);
    const typeAuthorizationLabels = type?.getDirectiveByName(`authorization`)?.labels || [];
    if (!fieldAuthorizationLabels?.length && !typeAuthorizationLabels?.length) {
        // the field has no authorization directive so the user is authorized to query it
        return `AUTHORIZED`;
    }
    const combinedAuthorizationLabels = [
        ...fieldAuthorizationLabels,
        ...typeAuthorizationLabels,
    ];
    const userTokenLabels = context.authLabels;
    const userHasRequiredAuthLabel = 
    // this field has authorization labels but if the user request has no labels
    // they're not authorized to see this data
    userTokenLabels?.length &&
        // if the user does have labels, compare them to see if they are authorized
        !!combinedAuthorizationLabels?.every((fieldLabel) => userTokenLabels.includes(fieldLabel));
    switch (userHasRequiredAuthLabel) {
        case true:
            return `AUTHORIZED`;
        case false:
        default:
            return `UNAUTHORIZED`;
    }
}
//# sourceMappingURL=auth-labels.js.map