UNPKG

nexus

Version:

Scalable, strongly typed GraphQL schema development

nexusjs.org

graphql-nexus/nexus

89 lines 4.31 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
import { plugin } from '../plugin'; import { printedGenTyping, printedGenTypingImport } from '../utils'; const FieldauthorizeResolverImport = printedGenTypingImport({ module: 'nexus/dist/plugins/fieldAuthorizePlugin', bindings: ['FieldAuthorizeResolver'], }); const fieldDefTypes = printedGenTyping({ optional: true, name: 'authorize', description: ` Authorization for an individual field. Returning "true" or "Promise<true>" means the field can be accessed. Returning "false" or "Promise<false>" will respond with a "Not Authorized" error for the field. Returning or throwing an error will also prevent the resolver from executing. `, type: 'FieldAuthorizeResolver<TypeName, FieldName>', imports: [FieldauthorizeResolverImport], }); export const defaultFormatError = ({ error }) => { const err = new Error('Not authorized'); err.originalError = error; return err; }; export const fieldAuthorizePlugin = (authConfig = {}) => { const { formatError = defaultFormatError } = authConfig; const ensureError = (root, args, ctx, info) => (error) => { const finalErr = formatError({ error, root, args, ctx, info }); if (finalErr instanceof Error) { throw finalErr; } console.error(`Non-Error value ${finalErr} returned from custom formatError in authorize plugin`); throw new Error('Not authorized'); }; let hasWarned = false; return plugin({ name: 'NexusAuthorize', description: 'The authorize plugin provides field-level authorization for a schema.', fieldDefTypes: fieldDefTypes, onCreateFieldResolver(config) { var _a, _b, _c; const authorize = (_b = (_a = config.fieldConfig.extensions) === null || _a === void 0 ? void 0 : _a.nexus) === null || _b === void 0 ? void 0 : _b.config.authorize; // If the field doesn't have an authorize field, don't worry about wrapping the resolver if (authorize == null) { return; } // If it does have this field, but it's not a function, it's wrong - let's provide a warning if (typeof authorize !== 'function') { console.error(new Error(`The authorize property provided to ${config.fieldConfig.name} with type ${config.fieldConfig.type} should be a function, saw ${typeof authorize}`)); return; } // If they have it, but didn't explicitly specify a plugins array, warn them. if (!((_c = config.schemaConfig.plugins) === null || _c === void 0 ? void 0 : _c.find((p) => p.config.name === 'NexusAuthorize'))) { if (!hasWarned) { console.warn('The GraphQL Nexus "authorize" feature has been moved to a plugin, add [fieldAuthorizePlugin()] to your makeSchema plugin config to remove this warning.'); hasWarned = true; } } // The authorize wrapping resolver. return function (root, args, ctx, info, next) { let toComplete; try { toComplete = authorize(root, args, ctx, info); } catch (e) { toComplete = Promise.reject(e); } return plugin.completeValue(toComplete, (authResult) => { if (authResult === true) { return next(root, args, ctx, info); } const finalFormatError = ensureError(root, args, ctx, info); if (authResult instanceof Error) { finalFormatError(authResult); } if (authResult === false) { finalFormatError(new Error('Not authorized')); } const { fieldName, parentType: { name: parentTypeName }, } = info; finalFormatError(new Error(`Nexus authorize for ${parentTypeName}.${fieldName} Expected a boolean or Error, saw ${authResult}`)); }, (err) => { ensureError(root, args, ctx, info)(err); }); }; }, }); }; //# sourceMappingURL=fieldAuthorizePlugin.js.map