-
Notifications
You must be signed in to change notification settings - Fork 6
/
plugin.ts
107 lines (93 loc) · 2.98 KB
/
plugin.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
import { plugin } from 'nexus';
import { printedGenTyping, printedGenTypingImport } from 'nexus/dist/utils';
import * as hash from 'object-hash';
import { allow } from './builders';
import { ShieldPluginSettings } from './config';
import { ShieldContext, ShieldRule } from './rules';
import { isShieldRule } from './utils';
const FieldShieldImport = printedGenTypingImport({
module: 'nexus-shield',
bindings: ['FieldShieldResolver'],
});
const FieldShieldType = printedGenTyping({
optional: true,
name: 'shield',
description: `
Authorization rule to execute for this field
`,
type: 'FieldShieldResolver<TypeName, FieldName>',
imports: [FieldShieldImport],
});
export type FieldShieldResolver<
TypeName extends string,
FieldName extends string
> = ShieldRule<TypeName, FieldName>;
const ObjectTypeShieldImport = printedGenTypingImport({
module: 'nexus-shield',
bindings: ['ObjectTypeShieldResolver'],
});
const ObjectTypeFieldShieldType = printedGenTyping({
optional: true,
name: 'shield',
description: `
Default authorization rule to execute on all fields of this object
`,
type: 'ObjectTypeShieldResolver<TypeName>',
imports: [ObjectTypeShieldImport],
});
export type ObjectTypeShieldResolver<TypeName extends string> = ShieldRule<
TypeName,
never
>;
export const nexusShield = (settings: ShieldPluginSettings) => {
const options = {
defaultRule: settings.defaultRule || allow,
defaultError: settings.defaultError || new Error('Not Authorised!'),
hashFunction: settings.hashFunction || hash,
};
return plugin({
name: 'Nexus Shield Plugin',
description: 'Ease the creation of the authorization layer',
fieldDefTypes: FieldShieldType,
objectTypeDefTypes: ObjectTypeFieldShieldType,
onCreateFieldResolver(config) {
// Find the field rule
const objectRule =
config.parentTypeConfig.extensions?.nexus?.config.shield;
const fieldRule = config.fieldConfig.extensions?.nexus?.config.shield;
let rule: ShieldRule<any, any> | undefined;
if (isShieldRule(fieldRule)) {
rule = fieldRule;
} else if (isShieldRule(objectRule)) {
rule = objectRule;
} else if (options.defaultRule) {
rule = options.defaultRule;
}
return async (root, args, ctx, info, next) => {
// Cache
const shieldCtx = ctx as ShieldContext | undefined;
if (!shieldCtx) {
throw new Error('Missing resolver context, aborting!');
}
if (!shieldCtx._shield) {
shieldCtx._shield = {
cache: {},
};
}
// Rule
const allowed = rule
? await rule.resolve(root, args, ctx, info, options)
: true;
if (!allowed) {
let error = options.defaultError;
if (typeof error === 'function') {
error = await error(root, args, ctx, info);
}
throw error;
}
// Resolver
return next(root, args, ctx, info);
};
},
});
};