Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
@aws-amplify/data-schema
Advanced tools
@aws-amplify/data-schema - npm Package Compare versions
Comparing version 0.13.10 to 0.13.11
@@ -1,2 +0,2 @@ | ||
| import type { UnionToIntersection } from '@aws-amplify/data-schema-types'; | ||
| import type { UnionToIntersection, FunctionSchemaAccess } from '@aws-amplify/data-schema-types'; | ||
| declare const __data: unique symbol; | ||
@@ -44,2 +44,20 @@ /** | ||
| export type Operation = (typeof Operations)[number]; | ||
| /** | ||
| * The operations that can be performed against an API by a Lambda function. | ||
| */ | ||
| export declare const ResourceOperations: readonly ["query", "mutate", "listen"]; | ||
| export type ResourceOperation = (typeof ResourceOperations)[number]; | ||
| /** | ||
| * Super-set of regular auth type; includes schema-level resource access configuration | ||
| */ | ||
| export type SchemaAuthorization<AuthStrategy extends Strategy, AuthField extends string | undefined, AuthFieldPlurality extends boolean> = Authorization<AuthStrategy, AuthField, AuthFieldPlurality> | ResourceAuthorization; | ||
| export type ResourceAuthorization = { | ||
| [__data]: ResourceAuthorizationData; | ||
| }; | ||
| type DefineFunction = FunctionSchemaAccess['resourceProvider']; | ||
| export type ResourceAuthorizationData = { | ||
| strategy: 'resource'; | ||
| resource: DefineFunction; | ||
| operations?: ResourceOperation[]; | ||
| }; | ||
| export type Authorization<AuthStrategy extends Strategy, AuthField extends string | undefined, AuthFieldPlurality extends boolean> = { | ||
@@ -204,3 +222,7 @@ [__data]: { | ||
| }; | ||
| readonly resource: (fn: DefineFunction) => ResourceAuthorization & { | ||
| to: typeof resourceTo; | ||
| }; | ||
| }; | ||
| declare function resourceTo<SELF extends ResourceAuthorization>(this: SELF, operations: ResourceOperation[]): Omit<SELF, "to">; | ||
| /** | ||
@@ -266,2 +288,3 @@ * Turns the type from a list of `Authorization` rules like this: | ||
| }; | ||
| export declare const accessSchemaData: <T extends SchemaAuthorization<any, any, any>>(authorization: T) => T[typeof __data]; | ||
| export {}; |
| "use strict"; | ||
| Object.defineProperty(exports, "__esModule", { value: true }); | ||
| exports.accessData = exports.allow = exports.Operations = exports.Strategies = exports.CustomProviders = exports.GroupProviders = exports.OwnerProviders = exports.PrivateProviders = exports.PublicProviders = exports.Providers = void 0; | ||
| exports.accessSchemaData = exports.accessData = exports.allow = exports.ResourceOperations = exports.Operations = exports.Strategies = exports.CustomProviders = exports.GroupProviders = exports.OwnerProviders = exports.PrivateProviders = exports.PublicProviders = exports.Providers = void 0; | ||
| const __data = Symbol('data'); | ||
@@ -61,2 +61,6 @@ /** | ||
| /** | ||
| * The operations that can be performed against an API by a Lambda function. | ||
| */ | ||
| exports.ResourceOperations = ['query', 'mutate', 'listen']; | ||
| /** | ||
| * Creates a shallow copy of an object with an individual field pruned away. | ||
@@ -306,4 +310,25 @@ * | ||
| }, | ||
| resource(fn) { | ||
| return resourceAuthData(fn, { | ||
| to: resourceTo, | ||
| }); | ||
| }, | ||
| }; | ||
| function resourceTo(operations) { | ||
| this[__data].operations = operations; | ||
| return omit(this, 'to'); | ||
| } | ||
| function resourceAuthData(resource, builderMethods) { | ||
| return { | ||
| [__data]: { | ||
| strategy: 'resource', | ||
| resource, | ||
| }, | ||
| ...builderMethods, | ||
| }; | ||
| } | ||
| const accessData = (authorization) => authorization[__data]; | ||
| exports.accessData = accessData; | ||
| // TODO: delete when we make resource auth available at each level in the schema (model, field) | ||
| const accessSchemaData = (authorization) => authorization[__data]; | ||
| exports.accessSchemaData = accessSchemaData; |
@@ -6,3 +6,3 @@ import type { DerivedApiDefinition, SetTypeSubArg } from '@aws-amplify/data-schema-types'; | ||
| import type { CustomOperation, CustomOperationParamShape, InternalCustom, MutationCustomOperation, QueryCustomOperation, SubscriptionCustomOperation } from './CustomOperation'; | ||
| import { Authorization } from './Authorization'; | ||
| import { SchemaAuthorization } from './Authorization'; | ||
| type SchemaContent = ModelType<ModelTypeParamShape, any> | CustomType<CustomTypeParamShape> | EnumType<EnumTypeParamShape> | CustomOperation<CustomOperationParamShape, any>; | ||
@@ -39,3 +39,3 @@ type ModelSchemaContents = Record<string, SchemaContent>; | ||
| types: ModelSchemaContents; | ||
| authorization: Authorization<any, any, any>[]; | ||
| authorization: SchemaAuthorization<any, any, any>[]; | ||
| configuration: SchemaConfig<any, any>; | ||
@@ -49,7 +49,7 @@ }; | ||
| types: InternalSchemaModels; | ||
| authorization: Authorization<any, any, any>[]; | ||
| authorization: SchemaAuthorization<any, any, any>[]; | ||
| }; | ||
| }; | ||
| export type ModelSchema<T extends ModelSchemaParamShape, UsedMethods extends 'authorization' = never> = Omit<{ | ||
| authorization: <AuthRules extends Authorization<any, any, any>>(auth: AuthRules[]) => ModelSchema<SetTypeSubArg<T, 'authorization', AuthRules[]>, UsedMethods | 'authorization'>; | ||
| authorization: <AuthRules extends SchemaAuthorization<any, any, any>>(auth: AuthRules[]) => ModelSchema<SetTypeSubArg<T, 'authorization', AuthRules[]>, UsedMethods | 'authorization'>; | ||
| }, UsedMethods> & { | ||
@@ -56,0 +56,0 @@ data: T; |
@@ -247,2 +247,14 @@ "use strict"; | ||
| /** | ||
| * Throws if resource/lambda auth is configured at the model or field level | ||
| * | ||
| * @param authorization A list of authorization rules. | ||
| */ | ||
| function validateAuth(authorization = []) { | ||
| for (const entry of authorization) { | ||
| if (ruleIsResourceAuth(entry)) { | ||
| throw new Error('Lambda resource authorization is only confiugrable at the schema level'); | ||
| } | ||
| } | ||
| } | ||
| /** | ||
| * Given a list of authorization rules, produces a set of the implied owner and/or | ||
@@ -534,3 +546,5 @@ * group fields, along with the associated graphql `@auth` string directive. | ||
| for (const [fieldName, fieldDef] of Object.entries(fields)) { | ||
| const { authString, authFields: fieldAuthField } = calculateAuth(fieldDef?.data?.authorization || []); | ||
| const fieldAuth = fieldDef?.data?.authorization || []; | ||
| validateAuth(fieldAuth); | ||
| const { authString, authFields: fieldAuthField } = calculateAuth(fieldAuth); | ||
| if (authString) | ||
@@ -626,2 +640,34 @@ fieldLevelAuthRules[fieldName] = authString; | ||
| }; | ||
| const ruleIsResourceAuth = (authRule) => { | ||
| const data = (0, Authorization_1.accessSchemaData)(authRule); | ||
| return data.strategy === 'resource'; | ||
| }; | ||
| /** | ||
| * Separates out lambda resource auth rules from remaining schema rules. | ||
| * | ||
| * @param authRules schema auth rules | ||
| */ | ||
| const extractFunctionSchemaAccess = (authRules) => { | ||
| const schemaAuth = []; | ||
| const functionSchemaAccess = []; | ||
| const defaultActions = [ | ||
| 'query', | ||
| 'mutate', | ||
| 'listen', | ||
| ]; | ||
| for (const rule of authRules) { | ||
| if (ruleIsResourceAuth(rule)) { | ||
| const ruleData = (0, Authorization_1.accessSchemaData)(rule); | ||
| const fnAccess = { | ||
| resourceProvider: ruleData.resource, | ||
| actions: ruleData.operations || defaultActions, | ||
| }; | ||
| functionSchemaAccess.push(fnAccess); | ||
| } | ||
| else { | ||
| schemaAuth.push(rule); | ||
| } | ||
| } | ||
| return { schemaAuth, functionSchemaAccess }; | ||
| }; | ||
| const schemaPreprocessor = (schema) => { | ||
@@ -635,6 +681,8 @@ const gqlModels = []; | ||
| const topLevelTypes = Object.entries(schema.data.types); | ||
| const { schemaAuth, functionSchemaAccess } = extractFunctionSchemaAccess(schema.data.authorization); | ||
| for (const [typeName, typeDef] of topLevelTypes) { | ||
| validateAuth(typeDef.data?.authorization); | ||
| const mostRelevantAuthRules = typeDef.data?.authorization?.length > 0 | ||
| ? typeDef.data.authorization | ||
| : schema.data.authorization; | ||
| : schemaAuth; | ||
| if (!isInternalModel(typeDef)) { | ||
@@ -713,3 +761,3 @@ if (isEnumType(typeDef)) { | ||
| const processedSchema = gqlModels.join('\n\n'); | ||
| return { schema: processedSchema, jsFunctions }; | ||
| return { schema: processedSchema, jsFunctions, functionSchemaAccess }; | ||
| }; | ||
@@ -827,5 +875,5 @@ function validateCustomOperations(typeDef, typeName, authRules) { | ||
| function processSchema(arg) { | ||
| const { schema, jsFunctions } = schemaPreprocessor(arg.schema); | ||
| return { schema, functionSlots: [], jsFunctions }; | ||
| const { schema, jsFunctions, functionSchemaAccess } = schemaPreprocessor(arg.schema); | ||
| return { schema, functionSlots: [], jsFunctions, functionSchemaAccess }; | ||
| } | ||
| exports.processSchema = processSchema; |
| { | ||
| "name": "@aws-amplify/data-schema", | ||
| "version": "0.13.10", | ||
| "version": "0.13.11", | ||
| "license": "Apache-2.0", | ||
@@ -5,0 +5,0 @@ "repository": { |
Sorry, the diff of this file is not supported yet
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by152.01%
619384
- Lines of code
- increased by2.74%
3631
No dependency changes