@pothos/plugin-scope-auth
Version:
A Pothos plugin for adding scope based authorization checks to your GraphQL Schema
241 lines (240 loc) • 11.5 kB
JavaScript
;
Object.defineProperty(exports, "__esModule", {
value: true
});
function _export(target, all) {
for(var name in all)Object.defineProperty(target, name, {
enumerable: true,
get: Object.getOwnPropertyDescriptor(all, name).get
});
}
_export(exports, {
get PothosScopeAuthPlugin () {
return PothosScopeAuthPlugin;
},
get RequestCache () {
return _requestcache.default;
},
get default () {
return _default;
}
});
require("./global-types");
require("./schema-builder");
require("./field-builders");
const _core = /*#__PURE__*/ _interop_require_wildcard(require("@pothos/core"));
const _istypeofhelper = require("./is-type-of-helper");
const _requestcache = /*#__PURE__*/ _interop_require_default(require("./request-cache"));
const _resolvehelper = require("./resolve-helper");
const _steps = require("./steps");
_export_star(require("./errors"), exports);
_export_star(require("./types"), exports);
function _export_star(from, to) {
Object.keys(from).forEach(function(k) {
if (k !== "default" && !Object.prototype.hasOwnProperty.call(to, k)) {
Object.defineProperty(to, k, {
enumerable: true,
get: function() {
return from[k];
}
});
}
});
return from;
}
function _interop_require_default(obj) {
return obj && obj.__esModule ? obj : {
default: obj
};
}
function _getRequireWildcardCache(nodeInterop) {
if (typeof WeakMap !== "function") return null;
var cacheBabelInterop = new WeakMap();
var cacheNodeInterop = new WeakMap();
return (_getRequireWildcardCache = function(nodeInterop) {
return nodeInterop ? cacheNodeInterop : cacheBabelInterop;
})(nodeInterop);
}
function _interop_require_wildcard(obj, nodeInterop) {
if (!nodeInterop && obj && obj.__esModule) {
return obj;
}
if (obj === null || typeof obj !== "object" && typeof obj !== "function") {
return {
default: obj
};
}
var cache = _getRequireWildcardCache(nodeInterop);
if (cache && cache.has(obj)) {
return cache.get(obj);
}
var newObj = {
__proto__: null
};
var hasPropertyDescriptor = Object.defineProperty && Object.getOwnPropertyDescriptor;
for(var key in obj){
if (key !== "default" && Object.prototype.hasOwnProperty.call(obj, key)) {
var desc = hasPropertyDescriptor ? Object.getOwnPropertyDescriptor(obj, key) : null;
if (desc && (desc.get || desc.set)) {
Object.defineProperty(newObj, key, desc);
} else {
newObj[key] = obj[key];
}
}
}
newObj.default = obj;
if (cache) {
cache.set(obj, newObj);
}
return newObj;
}
const pluginName = 'scopeAuth';
const _default = pluginName;
let inResolveType = false;
class PothosScopeAuthPlugin extends _core.BasePlugin {
wrapResolve(resolver, fieldConfig) {
var _this_builder_options_scopeAuth, _this_builder_options_scopeAuth1;
if (this.options.disableScopeAuth) {
return resolver;
}
const typeConfig = this.buildCache.getTypeConfig(fieldConfig.parentType);
if (typeConfig.graphqlKind !== 'Object' && typeConfig.graphqlKind !== 'Interface') {
throw new _core.PothosSchemaError(`Got fields for ${fieldConfig.parentType} which is a ${typeConfig.graphqlKind} which cannot have fields`);
}
const authorizedOnSubscribe = !!((_this_builder_options_scopeAuth = this.builder.options.scopeAuth) === null || _this_builder_options_scopeAuth === void 0 ? void 0 : _this_builder_options_scopeAuth.authorizeOnSubscribe) && typeConfig.kind === 'Subscription';
const nonRoot = (typeConfig.graphqlKind === 'Interface' || typeConfig.graphqlKind === 'Object') && typeConfig.kind !== 'Query' && typeConfig.kind !== 'Mutation' && typeConfig.kind !== 'Subscription';
var _typeConfig_pothosOptions_runScopesOnType, _ref;
const runTypeScopesOnField = !nonRoot || !((_ref = (_typeConfig_pothosOptions_runScopesOnType = typeConfig.pothosOptions.runScopesOnType) !== null && _typeConfig_pothosOptions_runScopesOnType !== void 0 ? _typeConfig_pothosOptions_runScopesOnType : (_this_builder_options_scopeAuth1 = this.builder.options.scopeAuth) === null || _this_builder_options_scopeAuth1 === void 0 ? void 0 : _this_builder_options_scopeAuth1.runScopesOnType) !== null && _ref !== void 0 ? _ref : false);
const steps = this.createResolveSteps(fieldConfig, typeConfig, resolver, runTypeScopesOnField, authorizedOnSubscribe);
if (steps.length > 1) {
return (0, _resolvehelper.resolveHelper)(steps, this, fieldConfig);
}
return resolver;
}
wrapSubscribe(subscriber, fieldConfig) {
var _this_builder_options_scopeAuth;
if (this.options.disableScopeAuth) {
return subscriber;
}
const typeConfig = this.buildCache.getTypeConfig(fieldConfig.parentType);
if (typeConfig.graphqlKind !== 'Object' && typeConfig.graphqlKind !== 'Interface') {
throw new _core.PothosSchemaError(`Got fields for ${fieldConfig.parentType} which is a ${typeConfig.graphqlKind} which cannot have fields`);
}
if (!((_this_builder_options_scopeAuth = this.builder.options.scopeAuth) === null || _this_builder_options_scopeAuth === void 0 ? void 0 : _this_builder_options_scopeAuth.authorizeOnSubscribe) || typeConfig.kind !== 'Subscription') {
return subscriber;
}
const steps = this.createSubscribeSteps(fieldConfig, typeConfig, subscriber);
if (steps.length > 1) {
return (0, _resolvehelper.resolveHelper)(steps, this, fieldConfig);
}
return subscriber;
}
wrapResolveType(resolveType) {
return (...args)=>{
inResolveType = true;
try {
return resolveType(...args);
} finally{
inResolveType = false;
}
};
}
wrapIsTypeOf(isTypeOf, typeConfig) {
var _this_builder_options_scopeAuth;
if (this.options.disableScopeAuth) {
return isTypeOf;
}
var _typeConfig_pothosOptions_runScopesOnType, _ref;
const shouldRunTypeScopes = (_ref = (_typeConfig_pothosOptions_runScopesOnType = typeConfig.pothosOptions.runScopesOnType) !== null && _typeConfig_pothosOptions_runScopesOnType !== void 0 ? _typeConfig_pothosOptions_runScopesOnType : (_this_builder_options_scopeAuth = this.builder.options.scopeAuth) === null || _this_builder_options_scopeAuth === void 0 ? void 0 : _this_builder_options_scopeAuth.runScopesOnType) !== null && _ref !== void 0 ? _ref : false;
if (!shouldRunTypeScopes) {
return isTypeOf;
}
const steps = this.createStepsForType(typeConfig, {
forField: false
});
if (steps.length === 0) {
return isTypeOf;
}
const runSteps = (0, _istypeofhelper.isTypeOfHelper)(steps, this, isTypeOf);
return (source, context, info)=>{
if (inResolveType) {
var _isTypeOf;
return (_isTypeOf = isTypeOf === null || isTypeOf === void 0 ? void 0 : isTypeOf(source, context, info)) !== null && _isTypeOf !== void 0 ? _isTypeOf : false;
}
return runSteps(source, context, info);
};
}
createStepsForType(typeConfig, { skipTypeScopes, skipInterfaceScopes, forField }) {
const parentAuthScope = typeConfig.pothosOptions.authScopes;
const parentGrantScopes = typeConfig.pothosOptions.grantScopes;
const interfaceConfigs = typeConfig.kind === 'Object' || typeConfig.kind === 'Interface' ? typeConfig.interfaces.map((iface)=>this.buildCache.getTypeConfig(iface, 'Interface')) : [];
const steps = [];
if (parentAuthScope && !skipTypeScopes) {
steps.push((0, _steps.createTypeAuthScopesStep)(parentAuthScope, typeConfig.name));
}
if (!skipInterfaceScopes && !(typeConfig.kind === 'Object' && typeConfig.pothosOptions.skipInterfaceScopes)) {
for (const interfaceConfig of interfaceConfigs){
if (interfaceConfig.pothosOptions.authScopes) {
steps.push((0, _steps.createTypeAuthScopesStep)(interfaceConfig.pothosOptions.authScopes, interfaceConfig.name));
}
}
}
if (parentGrantScopes) {
steps.push((0, _steps.createTypeGrantScopesStep)(parentGrantScopes, typeConfig.name, forField));
}
return steps;
}
createResolveSteps(fieldConfig, typeConfig, resolver, shouldRunTypeScopes, authorizedOnSubscribe) {
var _ref, _ref1;
const stepsForType = shouldRunTypeScopes && !authorizedOnSubscribe ? this.createStepsForType(typeConfig, {
skipTypeScopes: (_ref = (fieldConfig.graphqlKind === 'Interface' || fieldConfig.graphqlKind === 'Object') && fieldConfig.pothosOptions.skipTypeScopes) !== null && _ref !== void 0 ? _ref : false,
skipInterfaceScopes: (_ref1 = (fieldConfig.graphqlKind === 'Interface' || fieldConfig.kind === 'Object') && fieldConfig.pothosOptions.skipInterfaceScopes) !== null && _ref1 !== void 0 ? _ref1 : false,
forField: true
}) : [];
const fieldAuthScopes = fieldConfig.pothosOptions.authScopes;
const fieldGrantScopes = fieldConfig.pothosOptions.grantScopes;
const steps = [
...stepsForType
];
if (fieldAuthScopes && !authorizedOnSubscribe) {
steps.push((0, _steps.createFieldAuthScopesStep)(fieldAuthScopes));
}
steps.push((0, _steps.createResolveStep)(resolver));
if (fieldGrantScopes) {
steps.push((0, _steps.createFieldGrantScopesStep)(fieldGrantScopes));
}
return steps;
}
createSubscribeSteps(fieldConfig, typeConfig, subscriber) {
var _ref, _ref1;
const stepsForType = this.createStepsForType(typeConfig, {
skipTypeScopes: (_ref = (fieldConfig.graphqlKind === 'Interface' || fieldConfig.graphqlKind === 'Object') && fieldConfig.pothosOptions.skipTypeScopes) !== null && _ref !== void 0 ? _ref : false,
skipInterfaceScopes: (_ref1 = (fieldConfig.graphqlKind === 'Interface' || fieldConfig.kind === 'Object') && fieldConfig.pothosOptions.skipInterfaceScopes) !== null && _ref1 !== void 0 ? _ref1 : false,
forField: true
});
const fieldAuthScopes = fieldConfig.pothosOptions.authScopes;
const steps = [
...stepsForType
];
if (fieldAuthScopes) {
steps.push((0, _steps.createFieldAuthScopesStep)(fieldAuthScopes));
}
steps.push((0, _steps.createResolveStep)(subscriber));
return steps;
}
}
const fieldBuilderProto = _core.RootFieldBuilder.prototype;
fieldBuilderProto.authField = function authField(options) {
return this.field(options);
};
_core.default.registerPlugin(pluginName, PothosScopeAuthPlugin, {
v3: (options)=>({
scopeAuthOptions: undefined,
authScopes: undefined,
scopeAuth: {
...options.scopeAuthOptions,
authScopes: options.authScopes
}
})
});
//# sourceMappingURL=index.js.map