Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
@aws-amplify/graphql-auth-transformer
Advanced tools
@aws-amplify/graphql-auth-transformer - npm Package Compare versions
Comparing version 0.4.4-beta.0 to 0.5.0-gql-ext1.0
@@ -6,9 +6,8 @@ # Change Log | ||
| ## [0.4.4-beta.0](https://github.com/aws-amplify/amplify-cli/compare/@aws-amplify/graphql-auth-transformer@0.4.1...@aws-amplify/graphql-auth-transformer@0.4.4-beta.0) (2021-11-17) | ||
| # [0.5.0-gql-ext1.0](https://github.com/aws-amplify/amplify-cli/compare/@aws-amplify/graphql-auth-transformer@0.4.2...@aws-amplify/graphql-auth-transformer@0.5.0-gql-ext1.0) (2021-11-18) | ||
| ### Bug Fixes | ||
| ### Features | ||
| * append apiKey if global auth is enabled and its not default auth ([#8843](https://github.com/aws-amplify/amplify-cli/issues/8843)) ([3aadcde](https://github.com/aws-amplify/amplify-cli/commit/3aadcde2225f0ede5c5d94c2a4cd9d1afece5288)) | ||
| * update error message for auth on non null fields ([#8863](https://github.com/aws-amplify/amplify-cli/issues/8863)) ([bffb4d2](https://github.com/aws-amplify/amplify-cli/commit/bffb4d290e33dfd4362733c4344dd1a7e584234c)) | ||
| * add unit tests and e2e ([4b81d1b](https://github.com/aws-amplify/amplify-cli/commit/4b81d1b1abd6662908638bb102ce37411042766b)) | ||
@@ -19,3 +18,3 @@ | ||
| ## [0.4.3-beta.0](https://github.com/aws-amplify/amplify-cli/compare/@aws-amplify/graphql-auth-transformer@0.4.1...@aws-amplify/graphql-auth-transformer@0.4.3-beta.0) (2021-11-17) | ||
| ## [0.4.2](https://github.com/aws-amplify/amplify-cli/compare/@aws-amplify/graphql-auth-transformer@0.4.1...@aws-amplify/graphql-auth-transformer@0.4.2) (2021-11-17) | ||
@@ -32,14 +31,2 @@ | ||
| ## [0.4.2-beta.0](https://github.com/aws-amplify/amplify-cli/compare/@aws-amplify/graphql-auth-transformer@0.4.1...@aws-amplify/graphql-auth-transformer@0.4.2-beta.0) (2021-11-17) | ||
| ### Bug Fixes | ||
| * append apiKey if global auth is enabled and its not default auth ([#8843](https://github.com/aws-amplify/amplify-cli/issues/8843)) ([3aadcde](https://github.com/aws-amplify/amplify-cli/commit/3aadcde2225f0ede5c5d94c2a4cd9d1afece5288)) | ||
| * update error message for auth on non null fields ([#8863](https://github.com/aws-amplify/amplify-cli/issues/8863)) ([bffb4d2](https://github.com/aws-amplify/amplify-cli/commit/bffb4d290e33dfd4362733c4344dd1a7e584234c)) | ||
| ## [0.4.1](https://github.com/aws-amplify/amplify-cli/compare/@aws-amplify/graphql-auth-transformer@0.2.0...@aws-amplify/graphql-auth-transformer@0.4.1) (2021-11-15) | ||
@@ -46,0 +33,0 @@ |
@@ -25,3 +25,3 @@ "use strict"; | ||
| this.matrix.push(allowedVector); | ||
| assert_1.default(this.roles.length === this.matrix.length, 'Roles are not aligned with Roles added in Matrix'); | ||
| (0, assert_1.default)(this.roles.length === this.matrix.length, 'Roles are not aligned with Roles added in Matrix'); | ||
| } | ||
@@ -28,0 +28,0 @@ else if (this.roles.includes(role) && (resource || allowRoleOverwrite)) { |
@@ -43,3 +43,3 @@ "use strict"; | ||
| this.config.authConfig = (_a = this.config.authConfig) !== null && _a !== void 0 ? _a : context.authConfig; | ||
| this.configuredAuthProviders = utils_1.getConfiguredAuthProviders(this.config); | ||
| this.configuredAuthProviders = (0, utils_1.getConfiguredAuthProviders)(this.config); | ||
| }; | ||
@@ -59,8 +59,8 @@ this.object = (def, directive, context) => { | ||
| const rules = authDir.getArguments({ rules: [] }).rules; | ||
| utils_1.ensureAuthRuleDefaults(rules); | ||
| utils_1.validateRules(rules, this.configuredAuthProviders, def.name.value); | ||
| (0, utils_1.ensureAuthRuleDefaults)(rules); | ||
| (0, utils_1.validateRules)(rules, this.configuredAuthProviders, def.name.value); | ||
| const acm = new accesscontrol_1.AccessControlMatrix({ | ||
| name: def.name.value, | ||
| operations: utils_1.MODEL_OPERATIONS, | ||
| resources: utils_1.collectFieldNames(def), | ||
| resources: (0, utils_1.collectFieldNames)(def), | ||
| }); | ||
@@ -71,3 +71,3 @@ this.setAuthPolicyFlag(rules); | ||
| this.convertRulesToRoles(acm, rules, isJoinType); | ||
| this.modelDirectiveConfig.set(typeName, utils_1.getModelConfig(modelDirective, typeName, context.isProjectUsingDataStore())); | ||
| this.modelDirectiveConfig.set(typeName, (0, utils_1.getModelConfig)(modelDirective, typeName, context.isProjectUsingDataStore())); | ||
| this.authModelConfig.set(typeName, acm); | ||
@@ -93,4 +93,4 @@ }; | ||
| const rules = authDir.getArguments({ rules: [] }).rules; | ||
| utils_1.ensureAuthRuleDefaults(rules); | ||
| utils_1.validateFieldRules(rules, isParentTypeBuiltinType, modelDirective !== undefined, this.configuredAuthProviders, field.name.value); | ||
| (0, utils_1.ensureAuthRuleDefaults)(rules); | ||
| (0, utils_1.validateFieldRules)(rules, isParentTypeBuiltinType, modelDirective !== undefined, this.configuredAuthProviders, field.name.value); | ||
| this.setAuthPolicyFlag(rules); | ||
@@ -102,7 +102,7 @@ this.setUnauthPolicyFlag(rules); | ||
| if (!this.modelDirectiveConfig.has(typeName)) { | ||
| this.modelDirectiveConfig.set(typeName, utils_1.getModelConfig(modelDirective, typeName, context.isProjectUsingDataStore())); | ||
| this.modelDirectiveConfig.set(typeName, (0, utils_1.getModelConfig)(modelDirective, typeName, context.isProjectUsingDataStore())); | ||
| acm = new accesscontrol_1.AccessControlMatrix({ | ||
| name: parent.name.value, | ||
| operations: utils_1.MODEL_OPERATIONS, | ||
| resources: utils_1.collectFieldNames(parent), | ||
| resources: (0, utils_1.collectFieldNames)(parent), | ||
| }); | ||
@@ -148,3 +148,3 @@ } | ||
| if (directives.length > 0) { | ||
| utils_1.extendTypeWithDirectives(context, modelName, directives); | ||
| (0, utils_1.extendTypeWithDirectives)(context, modelName, directives); | ||
| } | ||
@@ -159,3 +159,3 @@ this.protectSchemaOperations(context, def, acm); | ||
| if (directives.length > 0) { | ||
| utils_1.addDirectivesToField(context, typeName, fieldName, directives); | ||
| (0, utils_1.addDirectivesToField)(context, typeName, fieldName, directives); | ||
| } | ||
@@ -166,3 +166,3 @@ } | ||
| for (let aggType of utils_1.SEARCHABLE_AGGREGATE_TYPES) { | ||
| utils_1.extendTypeWithDirectives(context, aggType, serviceDirectives); | ||
| (0, utils_1.extendTypeWithDirectives)(context, aggType, serviceDirectives); | ||
| } | ||
@@ -178,3 +178,3 @@ } | ||
| const searchableDirective = def.directives.find(dir => dir.name.value === 'searchable'); | ||
| const queryFields = utils_1.getQueryFieldNames(this.modelDirectiveConfig.get(modelName)); | ||
| const queryFields = (0, utils_1.getQueryFieldNames)(this.modelDirectiveConfig.get(modelName)); | ||
| for (let query of queryFields.values()) { | ||
@@ -202,3 +202,3 @@ switch (query.type) { | ||
| if (searchableDirective) { | ||
| const config = utils_1.getSearchableConfig(searchableDirective, modelName); | ||
| const config = (0, utils_1.getSearchableConfig)(searchableDirective, modelName); | ||
| this.protectSearchResolver(context, def, context.output.getQueryTypeName(), config.queries.search, acm); | ||
@@ -215,3 +215,3 @@ } | ||
| } | ||
| else if (utils_1.hasRelationalDirective(field)) { | ||
| else if ((0, utils_1.hasRelationalDirective)(field)) { | ||
| this.protectRelationalResolver(context, def, modelName, field, needsFieldResolver ? allowedRoles : null); | ||
@@ -227,3 +227,3 @@ } | ||
| } | ||
| const mutationFields = utils_1.getMutationFieldNames(this.modelDirectiveConfig.get(modelName)); | ||
| const mutationFields = (0, utils_1.getMutationFieldNames)(this.modelDirectiveConfig.get(modelName)); | ||
| for (let mutation of mutationFields.values()) { | ||
@@ -244,7 +244,7 @@ switch (mutation.type) { | ||
| } | ||
| const subscriptionFieldNames = utils_1.getSubscriptionFieldNames(this.modelDirectiveConfig.get(modelName)); | ||
| const subscriptionFieldNames = (0, utils_1.getSubscriptionFieldNames)(this.modelDirectiveConfig.get(modelName)); | ||
| const subscriptionRoles = acm | ||
| .getRolesPerOperation('read') | ||
| .map(role => this.roleMap.get(role)) | ||
| .filter(roleDef => { var _a; return (roleDef.strategy === 'owner' && !utils_1.fieldIsList((_a = def.fields) !== null && _a !== void 0 ? _a : [], roleDef.entity)) || roleDef.static; }); | ||
| .filter(roleDef => { var _a; return (roleDef.strategy === 'owner' && !(0, utils_1.fieldIsList)((_a = def.fields) !== null && _a !== void 0 ? _a : [], roleDef.entity)) || roleDef.static; }); | ||
| for (let subscription of subscriptionFieldNames) { | ||
@@ -271,3 +271,3 @@ this.protectSubscriptionResolver(context, subscription.typeName, subscription.fieldName, subscriptionRoles); | ||
| if (operationDirectives.length > 0) { | ||
| utils_1.addDirectivesToOperation(ctx, typeName, operationName, operationDirectives); | ||
| (0, utils_1.addDirectivesToOperation)(ctx, typeName, operationName, operationDirectives); | ||
| } | ||
@@ -289,3 +289,3 @@ this.addOperationToResourceReferences(typeName, operationName, acm.getRoles()); | ||
| if (searchableDirective) { | ||
| const config = utils_1.getSearchableConfig(searchableDirective, def.name.value); | ||
| const config = (0, utils_1.getSearchableConfig)(searchableDirective, def.name.value); | ||
| addServiceDirective(ctx.output.getQueryTypeName(), 'read', config.queries.search); | ||
@@ -298,7 +298,7 @@ } | ||
| .map(role => this.roleMap.get(role)) | ||
| .filter(roleDef => { var _a; return roleDef.strategy === 'owner' && !utils_1.fieldIsList((_a = def.fields) !== null && _a !== void 0 ? _a : [], roleDef.entity); }); | ||
| .filter(roleDef => { var _a; return roleDef.strategy === 'owner' && !(0, utils_1.fieldIsList)((_a = def.fields) !== null && _a !== void 0 ? _a : [], roleDef.entity); }); | ||
| if (subscriptions.onCreate && ((_g = modelConfig === null || modelConfig === void 0 ? void 0 : modelConfig.mutations) === null || _g === void 0 ? void 0 : _g.create)) { | ||
| for (let onCreateSub of subscriptions.onCreate) { | ||
| addServiceDirective(ctx.output.getSubscriptionTypeName(), 'read', onCreateSub); | ||
| utils_1.addSubscriptionArguments(ctx, onCreateSub, subscriptionArguments); | ||
| (0, utils_1.addSubscriptionArguments)(ctx, onCreateSub, subscriptionArguments); | ||
| } | ||
@@ -309,3 +309,3 @@ } | ||
| addServiceDirective(ctx.output.getSubscriptionTypeName(), 'read', onUpdateSub); | ||
| utils_1.addSubscriptionArguments(ctx, onUpdateSub, subscriptionArguments); | ||
| (0, utils_1.addSubscriptionArguments)(ctx, onUpdateSub, subscriptionArguments); | ||
| } | ||
@@ -316,3 +316,3 @@ } | ||
| addServiceDirective(ctx.output.getSubscriptionTypeName(), 'read', onDeleteSub); | ||
| utils_1.addSubscriptionArguments(ctx, onDeleteSub, subscriptionArguments); | ||
| (0, utils_1.addSubscriptionArguments)(ctx, onDeleteSub, subscriptionArguments); | ||
| } | ||
@@ -326,4 +326,4 @@ } | ||
| const roleDefinitions = acm.getRolesPerOperation('read').map(r => this.roleMap.get(r)); | ||
| const primaryFields = utils_1.getTable(ctx, def).keySchema.map(att => att.attributeName); | ||
| const authExpression = resolvers_1.generateAuthExpressionForQueries(this.configuredAuthProviders, roleDefinitions, (_a = def.fields) !== null && _a !== void 0 ? _a : [], primaryFields); | ||
| const primaryFields = (0, utils_1.getTable)(ctx, def).keySchema.map(att => att.attributeName); | ||
| const authExpression = (0, resolvers_1.generateAuthExpressionForQueries)(this.configuredAuthProviders, roleDefinitions, (_a = def.fields) !== null && _a !== void 0 ? _a : [], primaryFields); | ||
| resolver.addToSlot('auth', graphql_transformer_core_1.MappingTemplate.s3MappingTemplateFromString(authExpression, `${typeName}.${fieldName}.{slotName}.{slotIndex}.req.vtl`)); | ||
@@ -336,3 +336,3 @@ }; | ||
| let primaryFields; | ||
| const table = utils_1.getTable(ctx, def); | ||
| const table = (0, utils_1.getTable)(ctx, def); | ||
| try { | ||
@@ -351,3 +351,3 @@ if (indexName) { | ||
| } | ||
| const authExpression = resolvers_1.generateAuthExpressionForQueries(this.configuredAuthProviders, roleDefinitions, (_a = def.fields) !== null && _a !== void 0 ? _a : [], primaryFields, !!indexName); | ||
| const authExpression = (0, resolvers_1.generateAuthExpressionForQueries)(this.configuredAuthProviders, roleDefinitions, (_a = def.fields) !== null && _a !== void 0 ? _a : [], primaryFields, !!indexName); | ||
| resolver.addToSlot('auth', graphql_transformer_core_1.MappingTemplate.s3MappingTemplateFromString(authExpression, `${typeName}.${fieldName}.{slotName}.{slotIndex}.req.vtl`)); | ||
@@ -359,11 +359,11 @@ }; | ||
| let relatedAuthExpression; | ||
| const relatedModelObject = this.getRelatedModelObject(ctx, graphql_transformer_common_1.getBaseType(field.type)); | ||
| const relatedModelObject = this.getRelatedModelObject(ctx, (0, graphql_transformer_common_1.getBaseType)(field.type)); | ||
| if (this.authModelConfig.has(relatedModelObject.name.value)) { | ||
| const acm = this.authModelConfig.get(relatedModelObject.name.value); | ||
| const roleDefinitions = acm.getRolesPerOperation('read').map(r => this.roleMap.get(r)); | ||
| const relationalPrimaryMap = utils_1.getRelationalPrimaryMap(ctx, def, field, relatedModelObject); | ||
| relatedAuthExpression = resolvers_1.generateAuthExpressionForRelationQuery(this.configuredAuthProviders, roleDefinitions, (_a = relatedModelObject.fields) !== null && _a !== void 0 ? _a : [], relationalPrimaryMap); | ||
| const relationalPrimaryMap = (0, utils_1.getRelationalPrimaryMap)(ctx, def, field, relatedModelObject); | ||
| relatedAuthExpression = (0, resolvers_1.generateAuthExpressionForRelationQuery)(this.configuredAuthProviders, roleDefinitions, (_a = relatedModelObject.fields) !== null && _a !== void 0 ? _a : [], relationalPrimaryMap); | ||
| } | ||
| else { | ||
| relatedAuthExpression = field_1.generateSandboxExpressionForField(ctx.sandboxModeEnabled); | ||
| relatedAuthExpression = (0, field_1.generateSandboxExpressionForField)(ctx.sandboxModeEnabled); | ||
| } | ||
@@ -373,4 +373,4 @@ if (fieldRoles) { | ||
| const hasSubsEnabled = this.modelDirectiveConfig.get(typeName).subscriptions.level === 'on'; | ||
| relatedAuthExpression = resolvers_1.setDeniedFieldFlag('Mutation', hasSubsEnabled) + '\n' + relatedAuthExpression; | ||
| fieldAuthExpression = resolvers_1.generateAuthExpressionForField(this.configuredAuthProviders, roleDefinitions, (_b = def.fields) !== null && _b !== void 0 ? _b : []); | ||
| relatedAuthExpression = (0, resolvers_1.setDeniedFieldFlag)('Mutation', hasSubsEnabled) + '\n' + relatedAuthExpression; | ||
| fieldAuthExpression = (0, resolvers_1.generateAuthExpressionForField)(this.configuredAuthProviders, roleDefinitions, (_b = def.fields) !== null && _b !== void 0 ? _b : []); | ||
| } | ||
@@ -390,4 +390,4 @@ const resolver = ctx.resolvers.getResolver(typeName, field.name.value); | ||
| const roleDefinitions = acm.getRolesPerOperation('read').map(r => this.roleMap.get(r)); | ||
| const primaryFields = utils_1.getTable(ctx, def).keySchema.map(att => att.attributeName); | ||
| const authExpression = resolvers_1.generateAuthExpressionForQueries(this.configuredAuthProviders, roleDefinitions, (_a = def.fields) !== null && _a !== void 0 ? _a : [], primaryFields); | ||
| const primaryFields = (0, utils_1.getTable)(ctx, def).keySchema.map(att => att.attributeName); | ||
| const authExpression = (0, resolvers_1.generateAuthExpressionForQueries)(this.configuredAuthProviders, roleDefinitions, (_a = def.fields) !== null && _a !== void 0 ? _a : [], primaryFields); | ||
| resolver.addToSlot('auth', graphql_transformer_core_1.MappingTemplate.s3MappingTemplateFromString(authExpression, `${typeName}.${fieldName}.{slotName}.{slotIndex}.req.vtl`)); | ||
@@ -403,3 +403,3 @@ } | ||
| let leastAllowedFields = acmFields; | ||
| const resolver = ctx.resolvers.getResolver('Search', graphql_transformer_common_2.toUpper(name)); | ||
| const resolver = ctx.resolvers.getResolver('Search', (0, graphql_transformer_common_2.toUpper)(name)); | ||
| const readRoleDefinitions = acm.getRolesPerOperation('read').map(role => { | ||
@@ -418,3 +418,3 @@ const allowedFields = acmFields.filter(resource => acm.isAllowed(role, resource, 'read')); | ||
| allowedAggFields.push(...leastAllowedFields); | ||
| const authExpression = resolvers_1.generateAuthExpressionForSearchQueries(this.configuredAuthProviders, readRoleDefinitions, modelFields, allowedAggFields); | ||
| const authExpression = (0, resolvers_1.generateAuthExpressionForSearchQueries)(this.configuredAuthProviders, readRoleDefinitions, modelFields, allowedAggFields); | ||
| resolver.addToSlot('auth', graphql_transformer_core_1.MappingTemplate.s3MappingTemplateFromString(authExpression, `${typeName}.${fieldName}.{slotName}.{slotIndex}.req.vtl`)); | ||
@@ -426,16 +426,16 @@ }; | ||
| const hasModelDirective = def.directives.some(dir => dir.name.value === 'model'); | ||
| const stack = utils_1.getStackForField(ctx, def, fieldName, hasModelDirective); | ||
| const stack = (0, utils_1.getStackForField)(ctx, def, fieldName, hasModelDirective); | ||
| if (ctx.api.host.hasResolver(typeName, fieldName)) { | ||
| const fieldResolver = ctx.api.host.getResolver(typeName, fieldName); | ||
| const fieldAuthExpression = resolvers_1.generateAuthExpressionForField(this.configuredAuthProviders, roleDefinitions, []); | ||
| const fieldAuthExpression = (0, resolvers_1.generateAuthExpressionForField)(this.configuredAuthProviders, roleDefinitions, []); | ||
| if (!ctx.api.host.hasDataSource(utils_1.NONE_DS)) { | ||
| ctx.api.host.addNoneDataSource(utils_1.NONE_DS); | ||
| } | ||
| const authFunction = ctx.api.host.addAppSyncFunction(`${graphql_transformer_common_2.toUpper(typeName)}${graphql_transformer_common_2.toUpper(fieldName)}AuthFN`, graphql_transformer_core_1.MappingTemplate.s3MappingTemplateFromString(fieldAuthExpression, `${typeName}.${fieldName}.auth.req.vtl`), graphql_transformer_core_1.MappingTemplate.inlineTemplateFromString('$util.toJson({})'), utils_1.NONE_DS, stack); | ||
| const authFunction = ctx.api.host.addAppSyncFunction(`${(0, graphql_transformer_common_2.toUpper)(typeName)}${(0, graphql_transformer_common_2.toUpper)(fieldName)}AuthFN`, graphql_transformer_core_1.MappingTemplate.s3MappingTemplateFromString(fieldAuthExpression, `${typeName}.${fieldName}.auth.req.vtl`), graphql_transformer_core_1.MappingTemplate.inlineTemplateFromString('$util.toJson({})'), utils_1.NONE_DS, stack); | ||
| fieldResolver.pipelineConfig.functions.unshift(authFunction.functionId); | ||
| } | ||
| else { | ||
| const fieldAuthExpression = resolvers_1.generateAuthExpressionForField(this.configuredAuthProviders, roleDefinitions, (_a = def.fields) !== null && _a !== void 0 ? _a : []); | ||
| const fieldAuthExpression = (0, resolvers_1.generateAuthExpressionForField)(this.configuredAuthProviders, roleDefinitions, (_a = def.fields) !== null && _a !== void 0 ? _a : []); | ||
| const subsEnabled = hasModelDirective ? this.modelDirectiveConfig.get(typeName).subscriptions.level === 'on' : false; | ||
| const fieldResponse = resolvers_1.generateFieldAuthResponse('Mutation', fieldName, subsEnabled); | ||
| const fieldResponse = (0, resolvers_1.generateFieldAuthResponse)('Mutation', fieldName, subsEnabled); | ||
| const resolver = ctx.resolvers.addResolver(typeName, fieldName, new graphql_transformer_core_1.TransformerResolver(typeName, fieldName, graphql_transformer_common_1.ResolverResourceIDs.ResolverResourceID(typeName, fieldName), graphql_transformer_core_1.MappingTemplate.s3MappingTemplateFromString(fieldAuthExpression, `${typeName}.${fieldName}.req.vtl`), graphql_transformer_core_1.MappingTemplate.s3MappingTemplateFromString(fieldResponse, `${typeName}.${fieldName}.res.vtl`), ['init'], ['finish'])); | ||
@@ -455,3 +455,3 @@ resolver.mapToStack(stack); | ||
| }); | ||
| const authExpression = resolvers_1.generateAuthExpressionForCreate(this.configuredAuthProviders, createRoles, (_a = def.fields) !== null && _a !== void 0 ? _a : []); | ||
| const authExpression = (0, resolvers_1.generateAuthExpressionForCreate)(this.configuredAuthProviders, createRoles, (_a = def.fields) !== null && _a !== void 0 ? _a : []); | ||
| resolver.addToSlot('auth', graphql_transformer_core_1.MappingTemplate.s3MappingTemplateFromString(authExpression, `${typeName}.${fieldName}.{slotName}.{slotIndex}.req.vtl`)); | ||
@@ -473,4 +473,4 @@ }; | ||
| const datasource = ctx.api.host.getDataSource(`${def.name.value}Table`); | ||
| const requestExpression = resolvers_1.generateAuthRequestExpression(); | ||
| const authExpression = resolvers_1.generateAuthExpressionForUpdate(this.configuredAuthProviders, totalRoles, (_a = def.fields) !== null && _a !== void 0 ? _a : []); | ||
| const requestExpression = (0, resolvers_1.generateAuthRequestExpression)(); | ||
| const authExpression = (0, resolvers_1.generateAuthExpressionForUpdate)(this.configuredAuthProviders, totalRoles, (_a = def.fields) !== null && _a !== void 0 ? _a : []); | ||
| resolver.addToSlot('auth', graphql_transformer_core_1.MappingTemplate.s3MappingTemplateFromString(requestExpression, `${typeName}.${fieldName}.{slotName}.{slotIndex}.req.vtl`), graphql_transformer_core_1.MappingTemplate.s3MappingTemplateFromString(authExpression, `${typeName}.${fieldName}.{slotName}.{slotIndex}.res.vtl`), datasource); | ||
@@ -483,4 +483,4 @@ }; | ||
| const datasource = ctx.api.host.getDataSource(`${def.name.value}Table`); | ||
| const requestExpression = resolvers_1.generateAuthRequestExpression(); | ||
| const authExpression = resolvers_1.geneateAuthExpressionForDelete(this.configuredAuthProviders, deleteRoles, (_a = def.fields) !== null && _a !== void 0 ? _a : []); | ||
| const requestExpression = (0, resolvers_1.generateAuthRequestExpression)(); | ||
| const authExpression = (0, resolvers_1.geneateAuthExpressionForDelete)(this.configuredAuthProviders, deleteRoles, (_a = def.fields) !== null && _a !== void 0 ? _a : []); | ||
| resolver.addToSlot('auth', graphql_transformer_core_1.MappingTemplate.s3MappingTemplateFromString(requestExpression, `${typeName}.${fieldName}.{slotName}.{slotIndex}.req.vtl`), graphql_transformer_core_1.MappingTemplate.s3MappingTemplateFromString(authExpression, `${typeName}.${fieldName}.{slotName}.{slotIndex}.res.vtl`), datasource); | ||
@@ -490,3 +490,3 @@ }; | ||
| const resolver = ctx.resolvers.getResolver(typeName, fieldName); | ||
| const authExpression = resolvers_1.generateAuthExpressionForSubscriptions(this.configuredAuthProviders, subscriptionRoles); | ||
| const authExpression = (0, resolvers_1.generateAuthExpressionForSubscriptions)(this.configuredAuthProviders, subscriptionRoles); | ||
| resolver.addToSlot('auth', graphql_transformer_core_1.MappingTemplate.s3MappingTemplateFromString(authExpression, `${typeName}.${fieldName}.{slotName}.{slotIndex}.req.vtl`)); | ||
@@ -621,6 +621,6 @@ }; | ||
| const modelObject = ctx.output.getObject(modelName); | ||
| const existingFields = utils_1.collectFieldNames(modelObject); | ||
| const existingFields = (0, utils_1.collectFieldNames)(modelObject); | ||
| const ownerFieldsToAdd = ownerFields.filter(field => !existingFields.includes(field)); | ||
| for (let ownerField of ownerFieldsToAdd) { | ||
| modelObject.fields.push(graphql_transformer_common_1.makeField(ownerField, [], graphql_transformer_common_1.makeNamedType('String'))); | ||
| modelObject.fields.push((0, graphql_transformer_common_1.makeField)(ownerField, [], (0, graphql_transformer_common_1.makeNamedType)('String'))); | ||
| } | ||
@@ -641,3 +641,3 @@ ctx.output.putType(modelObject); | ||
| const nonModelFieldTypes = def | ||
| .fields.map(f => ctx.output.getType(graphql_transformer_common_1.getBaseType(f.type))) | ||
| .fields.map(f => ctx.output.getType((0, graphql_transformer_common_1.getBaseType)(f.type))) | ||
| .filter(nonModelTypePredicate); | ||
@@ -662,3 +662,3 @@ for (const nonModelFieldType of nonModelFieldTypes) { | ||
| if (directives.length > 0 || !hasSeenType) { | ||
| utils_1.extendTypeWithDirectives(ctx, nonModelFieldType.name.value, directives); | ||
| (0, utils_1.extendTypeWithDirectives)(ctx, nonModelFieldType.name.value, directives); | ||
| this.propagateAuthDirectivesToNestedTypes(ctx, nonModelFieldType, providers); | ||
@@ -676,3 +676,3 @@ } | ||
| (this.configuredAuthProviders.default === provider && providers.some(p => p !== provider && addDefaultIfNeeded === true))) { | ||
| directives.push(graphql_transformer_common_1.makeDirective(directiveName, [])); | ||
| directives.push((0, graphql_transformer_common_1.makeDirective)(directiveName, [])); | ||
| } | ||
@@ -686,3 +686,3 @@ }; | ||
| !directives.some(d => d.name.value === utils_1.AUTH_PROVIDER_DIRECTIVE_MAP.get(this.configuredAuthProviders.default))) { | ||
| directives.push(graphql_transformer_common_1.makeDirective(utils_1.AUTH_PROVIDER_DIRECTIVE_MAP.get(this.configuredAuthProviders.default), [])); | ||
| directives.push((0, graphql_transformer_common_1.makeDirective)(utils_1.AUTH_PROVIDER_DIRECTIVE_MAP.get(this.configuredAuthProviders.default), [])); | ||
| } | ||
@@ -703,3 +703,3 @@ return directives; | ||
| const authRoleParameter = ctx.stackManager.getParameter(graphql_transformer_core_1.IAM_AUTH_ROLE_PARAMETER).valueAsString; | ||
| const authPolicyDocuments = utils_1.createPolicyDocumentForManagedPolicy(this.authPolicyResources); | ||
| const authPolicyDocuments = (0, utils_1.createPolicyDocumentForManagedPolicy)(this.authPolicyResources); | ||
| const rootStack = ctx.stackManager.rootStack; | ||
@@ -722,3 +722,3 @@ const iamAuthRoleArn = iam.Role.fromRoleArn(rootStack, 'auth-role-name', `arn:aws:iam::${cdk.Stack.of(rootStack).account}:role/${authRoleParameter}`); | ||
| const unauthRoleParameter = ctx.stackManager.getParameter(graphql_transformer_core_1.IAM_UNAUTH_ROLE_PARAMETER).valueAsString; | ||
| const unauthPolicyDocuments = utils_1.createPolicyDocumentForManagedPolicy(this.unauthPolicyResources); | ||
| const unauthPolicyDocuments = (0, utils_1.createPolicyDocumentForManagedPolicy)(this.unauthPolicyResources); | ||
| const rootStack = ctx.stackManager.rootStack; | ||
@@ -725,0 +725,0 @@ const iamUnauthRoleArn = iam.Role.fromRoleArn(rootStack, 'unauth-role-name', `arn:aws:iam::${cdk.Stack.of(rootStack).account}:role/${unauthRoleParameter}`); |
@@ -12,25 +12,25 @@ "use strict"; | ||
| roles.forEach((role, idx) => { | ||
| const entityIsList = utils_1.fieldIsList(fields, role.entity); | ||
| const entityIsList = (0, utils_1.fieldIsList)(fields, role.entity); | ||
| if (role.strategy === 'owner') { | ||
| ownerExpressions.push(graphql_mapping_template_1.iff(graphql_mapping_template_1.not(graphql_mapping_template_1.ref(utils_1.IS_AUTHORIZED_FLAG)), graphql_mapping_template_1.compoundExpression([ | ||
| graphql_mapping_template_1.set(graphql_mapping_template_1.ref(`ownerEntity${idx}`), graphql_mapping_template_1.methodCall(graphql_mapping_template_1.ref('util.defaultIfNull'), graphql_mapping_template_1.ref(`ctx.source.${role.entity}`), graphql_mapping_template_1.nul())), | ||
| graphql_mapping_template_1.set(graphql_mapping_template_1.ref(`ownerClaim${idx}`), helpers_1.getOwnerClaim(role.claim)), | ||
| ownerExpressions.push((0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.not)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG)), (0, graphql_mapping_template_1.compoundExpression)([ | ||
| (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(`ownerEntity${idx}`), (0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)('util.defaultIfNull'), (0, graphql_mapping_template_1.ref)(`ctx.source.${role.entity}`), (0, graphql_mapping_template_1.nul)())), | ||
| (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(`ownerClaim${idx}`), (0, helpers_1.getOwnerClaim)(role.claim)), | ||
| ...(entityIsList | ||
| ? [ | ||
| graphql_mapping_template_1.forEach(graphql_mapping_template_1.ref('allowedOwner'), graphql_mapping_template_1.ref(`ownerEntity${idx}`), [ | ||
| graphql_mapping_template_1.iff(graphql_mapping_template_1.equals(graphql_mapping_template_1.ref('allowedOwner'), graphql_mapping_template_1.ref(`ownerClaim${idx}`)), graphql_mapping_template_1.compoundExpression([graphql_mapping_template_1.set(graphql_mapping_template_1.ref(utils_1.IS_AUTHORIZED_FLAG), graphql_mapping_template_1.bool(true)), graphql_mapping_template_1.raw('#break')])), | ||
| (0, graphql_mapping_template_1.forEach)((0, graphql_mapping_template_1.ref)('allowedOwner'), (0, graphql_mapping_template_1.ref)(`ownerEntity${idx}`), [ | ||
| (0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.equals)((0, graphql_mapping_template_1.ref)('allowedOwner'), (0, graphql_mapping_template_1.ref)(`ownerClaim${idx}`)), (0, graphql_mapping_template_1.compoundExpression)([(0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG), (0, graphql_mapping_template_1.bool)(true)), (0, graphql_mapping_template_1.raw)('#break')])), | ||
| ]), | ||
| ] | ||
| : [graphql_mapping_template_1.iff(graphql_mapping_template_1.equals(graphql_mapping_template_1.ref(`ownerEntity${idx}`), graphql_mapping_template_1.ref(`ownerClaim${idx}`)), graphql_mapping_template_1.set(graphql_mapping_template_1.ref(utils_1.IS_AUTHORIZED_FLAG), graphql_mapping_template_1.bool(true)))]), | ||
| : [(0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.equals)((0, graphql_mapping_template_1.ref)(`ownerEntity${idx}`), (0, graphql_mapping_template_1.ref)(`ownerClaim${idx}`)), (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG), (0, graphql_mapping_template_1.bool)(true)))]), | ||
| ]))); | ||
| } | ||
| if (role.strategy === 'groups') { | ||
| dynamicGroupExpressions.push(graphql_mapping_template_1.iff(graphql_mapping_template_1.not(graphql_mapping_template_1.ref(utils_1.IS_AUTHORIZED_FLAG)), graphql_mapping_template_1.compoundExpression([ | ||
| graphql_mapping_template_1.set(graphql_mapping_template_1.ref(`groupEntity${idx}`), graphql_mapping_template_1.methodCall(graphql_mapping_template_1.ref('util.defaultIfNull'), graphql_mapping_template_1.ref(`ctx.source.${role.entity}`), graphql_mapping_template_1.nul())), | ||
| graphql_mapping_template_1.set(graphql_mapping_template_1.ref(`groupClaim${idx}`), helpers_1.getIdentityClaimExp(graphql_mapping_template_1.str(role.claim), graphql_mapping_template_1.list([]))), | ||
| dynamicGroupExpressions.push((0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.not)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG)), (0, graphql_mapping_template_1.compoundExpression)([ | ||
| (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(`groupEntity${idx}`), (0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)('util.defaultIfNull'), (0, graphql_mapping_template_1.ref)(`ctx.source.${role.entity}`), (0, graphql_mapping_template_1.nul)())), | ||
| (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(`groupClaim${idx}`), (0, helpers_1.getIdentityClaimExp)((0, graphql_mapping_template_1.str)(role.claim), (0, graphql_mapping_template_1.list)([]))), | ||
| entityIsList | ||
| ? graphql_mapping_template_1.forEach(graphql_mapping_template_1.ref('userGroup'), graphql_mapping_template_1.ref(`groupClaim${idx}`), [ | ||
| graphql_mapping_template_1.iff(graphql_mapping_template_1.methodCall(graphql_mapping_template_1.ref(`groupEntity${idx}.contains`), graphql_mapping_template_1.ref('userGroup')), graphql_mapping_template_1.compoundExpression([graphql_mapping_template_1.set(graphql_mapping_template_1.ref(utils_1.IS_AUTHORIZED_FLAG), graphql_mapping_template_1.bool(true)), graphql_mapping_template_1.raw('#break')])), | ||
| ? (0, graphql_mapping_template_1.forEach)((0, graphql_mapping_template_1.ref)('userGroup'), (0, graphql_mapping_template_1.ref)(`groupClaim${idx}`), [ | ||
| (0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)(`groupEntity${idx}.contains`), (0, graphql_mapping_template_1.ref)('userGroup')), (0, graphql_mapping_template_1.compoundExpression)([(0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG), (0, graphql_mapping_template_1.bool)(true)), (0, graphql_mapping_template_1.raw)('#break')])), | ||
| ]) | ||
| : graphql_mapping_template_1.iff(graphql_mapping_template_1.ref(`groupClaim${idx}.contains($groupEntity${idx})`), graphql_mapping_template_1.set(graphql_mapping_template_1.ref(utils_1.IS_AUTHORIZED_FLAG), graphql_mapping_template_1.bool(true))), | ||
| : (0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.ref)(`groupClaim${idx}.contains($groupEntity${idx})`), (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG), (0, graphql_mapping_template_1.bool)(true))), | ||
| ]))); | ||
@@ -42,16 +42,16 @@ } | ||
| const generateAuthExpressionForField = (providers, roles, fields) => { | ||
| const { cognitoStaticRoles, cognitoDynamicRoles, oidcStaticRoles, oidcDynamicRoles, iamRoles, apiKeyRoles, lambdaRoles } = utils_1.splitRoles(roles); | ||
| const totalAuthExpressions = [graphql_mapping_template_1.set(graphql_mapping_template_1.ref(utils_1.IS_AUTHORIZED_FLAG), graphql_mapping_template_1.bool(false))]; | ||
| const { cognitoStaticRoles, cognitoDynamicRoles, oidcStaticRoles, oidcDynamicRoles, iamRoles, apiKeyRoles, lambdaRoles } = (0, utils_1.splitRoles)(roles); | ||
| const totalAuthExpressions = [(0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG), (0, graphql_mapping_template_1.bool)(false))]; | ||
| if (providers.hasApiKey) { | ||
| totalAuthExpressions.push(helpers_1.apiKeyExpression(apiKeyRoles)); | ||
| totalAuthExpressions.push((0, helpers_1.apiKeyExpression)(apiKeyRoles)); | ||
| } | ||
| if (providers.hasLambda) { | ||
| totalAuthExpressions.push(helpers_1.lambdaExpression(lambdaRoles)); | ||
| totalAuthExpressions.push((0, helpers_1.lambdaExpression)(lambdaRoles)); | ||
| } | ||
| if (providers.hasIAM) { | ||
| totalAuthExpressions.push(helpers_1.iamExpression(iamRoles, providers.hasAdminRolesEnabled, providers.adminRoles, providers.identityPoolId)); | ||
| totalAuthExpressions.push((0, helpers_1.iamExpression)(iamRoles, providers.hasAdminRolesEnabled, providers.adminRoles, providers.identityPoolId)); | ||
| } | ||
| if (providers.hasUserPools) { | ||
| totalAuthExpressions.push(graphql_mapping_template_1.iff(graphql_mapping_template_1.equals(graphql_mapping_template_1.ref('util.authType()'), graphql_mapping_template_1.str(utils_1.COGNITO_AUTH_TYPE)), graphql_mapping_template_1.compoundExpression([ | ||
| ...helpers_1.generateStaticRoleExpression(cognitoStaticRoles), | ||
| totalAuthExpressions.push((0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.equals)((0, graphql_mapping_template_1.ref)('util.authType()'), (0, graphql_mapping_template_1.str)(utils_1.COGNITO_AUTH_TYPE)), (0, graphql_mapping_template_1.compoundExpression)([ | ||
| ...(0, helpers_1.generateStaticRoleExpression)(cognitoStaticRoles), | ||
| ...generateDynamicAuthReadExpression(cognitoDynamicRoles, fields), | ||
@@ -61,9 +61,9 @@ ]))); | ||
| if (providers.hasOIDC) { | ||
| totalAuthExpressions.push(graphql_mapping_template_1.iff(graphql_mapping_template_1.equals(graphql_mapping_template_1.ref('util.authType()'), graphql_mapping_template_1.str(utils_1.OIDC_AUTH_TYPE)), graphql_mapping_template_1.compoundExpression([ | ||
| ...helpers_1.generateStaticRoleExpression(oidcStaticRoles), | ||
| totalAuthExpressions.push((0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.equals)((0, graphql_mapping_template_1.ref)('util.authType()'), (0, graphql_mapping_template_1.str)(utils_1.OIDC_AUTH_TYPE)), (0, graphql_mapping_template_1.compoundExpression)([ | ||
| ...(0, helpers_1.generateStaticRoleExpression)(oidcStaticRoles), | ||
| ...generateDynamicAuthReadExpression(oidcDynamicRoles, fields), | ||
| ]))); | ||
| } | ||
| totalAuthExpressions.push(graphql_mapping_template_1.iff(graphql_mapping_template_1.not(graphql_mapping_template_1.ref(utils_1.IS_AUTHORIZED_FLAG)), graphql_mapping_template_1.ref('util.unauthorized()'))); | ||
| return graphql_mapping_template_1.printBlock('Field Authorization Steps')(graphql_mapping_template_1.compoundExpression([...totalAuthExpressions, helpers_1.emptyPayload])); | ||
| totalAuthExpressions.push((0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.not)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG)), (0, graphql_mapping_template_1.ref)('util.unauthorized()'))); | ||
| return (0, graphql_mapping_template_1.printBlock)('Field Authorization Steps')((0, graphql_mapping_template_1.compoundExpression)([...totalAuthExpressions, helpers_1.emptyPayload])); | ||
| }; | ||
@@ -73,8 +73,8 @@ exports.generateAuthExpressionForField = generateAuthExpressionForField; | ||
| if (subscriptionsEnabled) { | ||
| return graphql_mapping_template_1.printBlock('Checking for allowed operations which can return this field')(graphql_mapping_template_1.compoundExpression([ | ||
| graphql_mapping_template_1.set(graphql_mapping_template_1.ref('operation'), graphql_mapping_template_1.methodCall(graphql_mapping_template_1.ref('util.defaultIfNull'), graphql_mapping_template_1.methodCall(graphql_mapping_template_1.ref('ctx.source.get'), graphql_mapping_template_1.str(graphql_model_transformer_1.OPERATION_KEY)), graphql_mapping_template_1.nul())), | ||
| graphql_mapping_template_1.ifElse(graphql_mapping_template_1.equals(graphql_mapping_template_1.ref('operation'), graphql_mapping_template_1.str(operation)), graphql_mapping_template_1.toJson(graphql_mapping_template_1.nul()), graphql_mapping_template_1.toJson(graphql_mapping_template_1.ref(`context.source.${fieldName}`))), | ||
| return (0, graphql_mapping_template_1.printBlock)('Checking for allowed operations which can return this field')((0, graphql_mapping_template_1.compoundExpression)([ | ||
| (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)('operation'), (0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)('util.defaultIfNull'), (0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)('ctx.source.get'), (0, graphql_mapping_template_1.str)(graphql_model_transformer_1.OPERATION_KEY)), (0, graphql_mapping_template_1.nul)())), | ||
| (0, graphql_mapping_template_1.ifElse)((0, graphql_mapping_template_1.equals)((0, graphql_mapping_template_1.ref)('operation'), (0, graphql_mapping_template_1.str)(operation)), (0, graphql_mapping_template_1.toJson)((0, graphql_mapping_template_1.nul)()), (0, graphql_mapping_template_1.toJson)((0, graphql_mapping_template_1.ref)(`context.source.${fieldName}`))), | ||
| ])); | ||
| } | ||
| return graphql_mapping_template_1.printBlock('Return Source Field')(graphql_mapping_template_1.toJson(graphql_mapping_template_1.ref(`context.source.${fieldName}`))); | ||
| return (0, graphql_mapping_template_1.printBlock)('Return Source Field')((0, graphql_mapping_template_1.toJson)((0, graphql_mapping_template_1.ref)(`context.source.${fieldName}`))); | ||
| }; | ||
@@ -84,4 +84,4 @@ exports.generateFieldAuthResponse = generateFieldAuthResponse; | ||
| if (subscriptionsEnabled) { | ||
| return graphql_mapping_template_1.printBlock('Check if subscriptions is protected')(graphql_mapping_template_1.compoundExpression([ | ||
| graphql_mapping_template_1.iff(graphql_mapping_template_1.equals(graphql_mapping_template_1.methodCall(graphql_mapping_template_1.ref('util.defaultIfNull'), graphql_mapping_template_1.methodCall(graphql_mapping_template_1.ref('ctx.source.get'), graphql_mapping_template_1.str(graphql_model_transformer_1.OPERATION_KEY)), graphql_mapping_template_1.nul()), graphql_mapping_template_1.str(operation)), graphql_mapping_template_1.qref(graphql_mapping_template_1.methodCall(graphql_mapping_template_1.ref('ctx.result.put'), graphql_mapping_template_1.str('deniedField'), graphql_mapping_template_1.bool(true)))), | ||
| return (0, graphql_mapping_template_1.printBlock)('Check if subscriptions is protected')((0, graphql_mapping_template_1.compoundExpression)([ | ||
| (0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.equals)((0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)('util.defaultIfNull'), (0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)('ctx.source.get'), (0, graphql_mapping_template_1.str)(graphql_model_transformer_1.OPERATION_KEY)), (0, graphql_mapping_template_1.nul)()), (0, graphql_mapping_template_1.str)(operation)), (0, graphql_mapping_template_1.qref)((0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)('ctx.result.put'), (0, graphql_mapping_template_1.str)('deniedField'), (0, graphql_mapping_template_1.bool)(true)))), | ||
| ])); | ||
@@ -95,8 +95,8 @@ } | ||
| if (sandboxEnabled) | ||
| exp = graphql_mapping_template_1.iff(graphql_mapping_template_1.notEquals(graphql_mapping_template_1.methodCall(graphql_mapping_template_1.ref('util.authType')), graphql_mapping_template_1.str(utils_1.API_KEY_AUTH_TYPE)), graphql_mapping_template_1.methodCall(graphql_mapping_template_1.ref('util.unauthorized'))); | ||
| exp = (0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.notEquals)((0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)('util.authType')), (0, graphql_mapping_template_1.str)(utils_1.API_KEY_AUTH_TYPE)), (0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)('util.unauthorized'))); | ||
| else | ||
| exp = graphql_mapping_template_1.methodCall(graphql_mapping_template_1.ref('util.unauthorized')); | ||
| return graphql_mapping_template_1.printBlock(`Sandbox Mode ${sandboxEnabled ? 'Enabled' : 'Disabled'}`)(graphql_mapping_template_1.compoundExpression([exp, graphql_mapping_template_1.toJson(graphql_mapping_template_1.obj({}))])); | ||
| exp = (0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)('util.unauthorized')); | ||
| return (0, graphql_mapping_template_1.printBlock)(`Sandbox Mode ${sandboxEnabled ? 'Enabled' : 'Disabled'}`)((0, graphql_mapping_template_1.compoundExpression)([exp, (0, graphql_mapping_template_1.toJson)((0, graphql_mapping_template_1.obj)({}))])); | ||
| }; | ||
| exports.generateSandboxExpressionForField = generateSandboxExpressionForField; | ||
| //# sourceMappingURL=field.js.map |
@@ -7,27 +7,27 @@ "use strict"; | ||
| const utils_1 = require("../utils"); | ||
| exports.setHasAuthExpression = graphql_mapping_template_1.qref(graphql_mapping_template_1.methodCall(graphql_mapping_template_1.ref('ctx.stash.put'), graphql_mapping_template_1.str('hasAuth'), graphql_mapping_template_1.bool(true))); | ||
| exports.setHasAuthExpression = (0, graphql_mapping_template_1.qref)((0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)('ctx.stash.put'), (0, graphql_mapping_template_1.str)('hasAuth'), (0, graphql_mapping_template_1.bool)(true))); | ||
| const getInputFields = () => { | ||
| return graphql_mapping_template_1.set(graphql_mapping_template_1.ref('inputFields'), graphql_mapping_template_1.methodCall(graphql_mapping_template_1.ref('util.parseJson'), graphql_mapping_template_1.methodCall(graphql_mapping_template_1.ref('util.toJson'), graphql_mapping_template_1.ref('ctx.args.input.keySet()')))); | ||
| return (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)('inputFields'), (0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)('util.parseJson'), (0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)('util.toJson'), (0, graphql_mapping_template_1.ref)('ctx.args.input.keySet()')))); | ||
| }; | ||
| exports.getInputFields = getInputFields; | ||
| const getIdentityClaimExp = (value, defaultValueExp) => { | ||
| return graphql_mapping_template_1.methodCall(graphql_mapping_template_1.ref('util.defaultIfNull'), graphql_mapping_template_1.methodCall(graphql_mapping_template_1.ref('ctx.identity.claims.get'), value), defaultValueExp); | ||
| return (0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)('util.defaultIfNull'), (0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)('ctx.identity.claims.get'), value), defaultValueExp); | ||
| }; | ||
| exports.getIdentityClaimExp = getIdentityClaimExp; | ||
| const addAllowedFieldsIfElse = (fieldKey, breakLoop = false) => { | ||
| return graphql_mapping_template_1.ifElse(graphql_mapping_template_1.not(graphql_mapping_template_1.ref(`${fieldKey}.isEmpty()`)), graphql_mapping_template_1.qref(graphql_mapping_template_1.methodCall(graphql_mapping_template_1.ref(`${utils_1.ALLOWED_FIELDS}.addAll`), graphql_mapping_template_1.ref(fieldKey))), graphql_mapping_template_1.compoundExpression([graphql_mapping_template_1.set(graphql_mapping_template_1.ref(utils_1.IS_AUTHORIZED_FLAG), graphql_mapping_template_1.bool(true)), ...(breakLoop ? [graphql_mapping_template_1.raw('#break')] : [])])); | ||
| return (0, graphql_mapping_template_1.ifElse)((0, graphql_mapping_template_1.not)((0, graphql_mapping_template_1.ref)(`${fieldKey}.isEmpty()`)), (0, graphql_mapping_template_1.qref)((0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)(`${utils_1.ALLOWED_FIELDS}.addAll`), (0, graphql_mapping_template_1.ref)(fieldKey))), (0, graphql_mapping_template_1.compoundExpression)([(0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG), (0, graphql_mapping_template_1.bool)(true)), ...(breakLoop ? [(0, graphql_mapping_template_1.raw)('#break')] : [])])); | ||
| }; | ||
| exports.addAllowedFieldsIfElse = addAllowedFieldsIfElse; | ||
| const iamCheck = (claim, exp, identityPoolId) => { | ||
| let iamExp = graphql_mapping_template_1.equals(graphql_mapping_template_1.ref('ctx.identity.userArn'), graphql_mapping_template_1.ref(`ctx.stash.${claim}`)); | ||
| let iamExp = (0, graphql_mapping_template_1.equals)((0, graphql_mapping_template_1.ref)('ctx.identity.userArn'), (0, graphql_mapping_template_1.ref)(`ctx.stash.${claim}`)); | ||
| if (identityPoolId && claim === 'authRole') { | ||
| iamExp = graphql_mapping_template_1.or([ | ||
| graphql_mapping_template_1.parens(iamExp), | ||
| graphql_mapping_template_1.parens(graphql_mapping_template_1.and([ | ||
| graphql_mapping_template_1.equals(graphql_mapping_template_1.ref('ctx.identity.cognitoIdentityPoolId'), graphql_mapping_template_1.str(identityPoolId)), | ||
| graphql_mapping_template_1.equals(graphql_mapping_template_1.ref('ctx.identity.cognitoIdentityAuthType'), graphql_mapping_template_1.str('authenticated')), | ||
| iamExp = (0, graphql_mapping_template_1.or)([ | ||
| (0, graphql_mapping_template_1.parens)(iamExp), | ||
| (0, graphql_mapping_template_1.parens)((0, graphql_mapping_template_1.and)([ | ||
| (0, graphql_mapping_template_1.equals)((0, graphql_mapping_template_1.ref)('ctx.identity.cognitoIdentityPoolId'), (0, graphql_mapping_template_1.str)(identityPoolId)), | ||
| (0, graphql_mapping_template_1.equals)((0, graphql_mapping_template_1.ref)('ctx.identity.cognitoIdentityAuthType'), (0, graphql_mapping_template_1.str)('authenticated')), | ||
| ])), | ||
| ]); | ||
| } | ||
| return graphql_mapping_template_1.iff(iamExp, exp); | ||
| return (0, graphql_mapping_template_1.iff)(iamExp, exp); | ||
| }; | ||
@@ -37,8 +37,8 @@ exports.iamCheck = iamCheck; | ||
| if (ownerClaim === 'username') { | ||
| return exports.getIdentityClaimExp(graphql_mapping_template_1.str(ownerClaim), exports.getIdentityClaimExp(graphql_mapping_template_1.str(utils_1.DEFAULT_COGNITO_IDENTITY_CLAIM), graphql_mapping_template_1.str(graphql_transformer_common_1.NONE_VALUE))); | ||
| return (0, exports.getIdentityClaimExp)((0, graphql_mapping_template_1.str)(ownerClaim), (0, exports.getIdentityClaimExp)((0, graphql_mapping_template_1.str)(utils_1.DEFAULT_COGNITO_IDENTITY_CLAIM), (0, graphql_mapping_template_1.str)(graphql_transformer_common_1.NONE_VALUE))); | ||
| } | ||
| return exports.getIdentityClaimExp(graphql_mapping_template_1.str(ownerClaim), graphql_mapping_template_1.str(graphql_transformer_common_1.NONE_VALUE)); | ||
| return (0, exports.getIdentityClaimExp)((0, graphql_mapping_template_1.str)(ownerClaim), (0, graphql_mapping_template_1.str)(graphql_transformer_common_1.NONE_VALUE)); | ||
| }; | ||
| exports.getOwnerClaim = getOwnerClaim; | ||
| const responseCheckForErrors = () => graphql_mapping_template_1.iff(graphql_mapping_template_1.ref('ctx.error'), graphql_mapping_template_1.methodCall(graphql_mapping_template_1.ref('util.error'), graphql_mapping_template_1.ref('ctx.error.message'), graphql_mapping_template_1.ref('ctx.error.type'))); | ||
| const responseCheckForErrors = () => (0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.ref)('ctx.error'), (0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)('util.error'), (0, graphql_mapping_template_1.ref)('ctx.error.message'), (0, graphql_mapping_template_1.ref)('ctx.error.type'))); | ||
| exports.responseCheckForErrors = responseCheckForErrors; | ||
@@ -49,11 +49,11 @@ const generateStaticRoleExpression = (roles) => { | ||
| if (privateRoleIdx > -1) { | ||
| staticRoleExpression.push(graphql_mapping_template_1.set(graphql_mapping_template_1.ref(utils_1.IS_AUTHORIZED_FLAG), graphql_mapping_template_1.bool(true))); | ||
| staticRoleExpression.push((0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG), (0, graphql_mapping_template_1.bool)(true))); | ||
| roles.splice(privateRoleIdx, 1); | ||
| } | ||
| if (roles.length > 0) { | ||
| staticRoleExpression.push(graphql_mapping_template_1.iff(graphql_mapping_template_1.not(graphql_mapping_template_1.ref(utils_1.IS_AUTHORIZED_FLAG)), graphql_mapping_template_1.compoundExpression([ | ||
| graphql_mapping_template_1.set(graphql_mapping_template_1.ref('staticGroupRoles'), graphql_mapping_template_1.raw(JSON.stringify(roles.map(r => ({ claim: r.claim, entity: r.entity }))))), | ||
| graphql_mapping_template_1.forEach(graphql_mapping_template_1.ref('groupRole'), graphql_mapping_template_1.ref('staticGroupRoles'), [ | ||
| graphql_mapping_template_1.set(graphql_mapping_template_1.ref('groupsInToken'), exports.getIdentityClaimExp(graphql_mapping_template_1.ref('groupRole.claim'), graphql_mapping_template_1.list([]))), | ||
| graphql_mapping_template_1.iff(graphql_mapping_template_1.methodCall(graphql_mapping_template_1.ref('groupsInToken.contains'), graphql_mapping_template_1.ref('groupRole.entity')), graphql_mapping_template_1.compoundExpression([graphql_mapping_template_1.set(graphql_mapping_template_1.ref(utils_1.IS_AUTHORIZED_FLAG), graphql_mapping_template_1.bool(true)), graphql_mapping_template_1.raw(`#break`)])), | ||
| staticRoleExpression.push((0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.not)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG)), (0, graphql_mapping_template_1.compoundExpression)([ | ||
| (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)('staticGroupRoles'), (0, graphql_mapping_template_1.raw)(JSON.stringify(roles.map(r => ({ claim: r.claim, entity: r.entity }))))), | ||
| (0, graphql_mapping_template_1.forEach)((0, graphql_mapping_template_1.ref)('groupRole'), (0, graphql_mapping_template_1.ref)('staticGroupRoles'), [ | ||
| (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)('groupsInToken'), (0, exports.getIdentityClaimExp)((0, graphql_mapping_template_1.ref)('groupRole.claim'), (0, graphql_mapping_template_1.list)([]))), | ||
| (0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)('groupsInToken.contains'), (0, graphql_mapping_template_1.ref)('groupRole.entity')), (0, graphql_mapping_template_1.compoundExpression)([(0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG), (0, graphql_mapping_template_1.bool)(true)), (0, graphql_mapping_template_1.raw)(`#break`)])), | ||
| ]), | ||
@@ -66,7 +66,7 @@ ]))); | ||
| const apiKeyExpression = (roles) => { | ||
| return graphql_mapping_template_1.iff(graphql_mapping_template_1.equals(graphql_mapping_template_1.ref('util.authType()'), graphql_mapping_template_1.str(utils_1.API_KEY_AUTH_TYPE)), graphql_mapping_template_1.compoundExpression([...(roles.length > 0 ? [graphql_mapping_template_1.set(graphql_mapping_template_1.ref(utils_1.IS_AUTHORIZED_FLAG), graphql_mapping_template_1.bool(true))] : [])])); | ||
| return (0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.equals)((0, graphql_mapping_template_1.ref)('util.authType()'), (0, graphql_mapping_template_1.str)(utils_1.API_KEY_AUTH_TYPE)), (0, graphql_mapping_template_1.compoundExpression)([...(roles.length > 0 ? [(0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG), (0, graphql_mapping_template_1.bool)(true))] : [])])); | ||
| }; | ||
| exports.apiKeyExpression = apiKeyExpression; | ||
| const lambdaExpression = (roles) => { | ||
| return graphql_mapping_template_1.iff(graphql_mapping_template_1.equals(graphql_mapping_template_1.ref('util.authType()'), graphql_mapping_template_1.str(utils_1.LAMBDA_AUTH_TYPE)), graphql_mapping_template_1.compoundExpression([...(roles.length > 0 ? [graphql_mapping_template_1.set(graphql_mapping_template_1.ref(utils_1.IS_AUTHORIZED_FLAG), graphql_mapping_template_1.bool(true))] : [])])); | ||
| return (0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.equals)((0, graphql_mapping_template_1.ref)('util.authType()'), (0, graphql_mapping_template_1.str)(utils_1.LAMBDA_AUTH_TYPE)), (0, graphql_mapping_template_1.compoundExpression)([...(roles.length > 0 ? [(0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG), (0, graphql_mapping_template_1.bool)(true))] : [])])); | ||
| }; | ||
@@ -77,20 +77,20 @@ exports.lambdaExpression = lambdaExpression; | ||
| if (adminRolesEnabled) { | ||
| expression.push(exports.iamAdminRoleCheckExpression(adminRoles)); | ||
| expression.push((0, exports.iamAdminRoleCheckExpression)(adminRoles)); | ||
| } | ||
| if (roles.length > 0) { | ||
| for (let role of roles) { | ||
| expression.push(graphql_mapping_template_1.iff(graphql_mapping_template_1.not(graphql_mapping_template_1.ref(utils_1.IS_AUTHORIZED_FLAG)), exports.iamCheck(role.claim, graphql_mapping_template_1.set(graphql_mapping_template_1.ref(utils_1.IS_AUTHORIZED_FLAG), graphql_mapping_template_1.bool(true)), identityPoolId))); | ||
| expression.push((0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.not)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG)), (0, exports.iamCheck)(role.claim, (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG), (0, graphql_mapping_template_1.bool)(true)), identityPoolId))); | ||
| } | ||
| } | ||
| else { | ||
| expression.push(graphql_mapping_template_1.ref('util.unauthorized()')); | ||
| expression.push((0, graphql_mapping_template_1.ref)('util.unauthorized()')); | ||
| } | ||
| return graphql_mapping_template_1.iff(graphql_mapping_template_1.equals(graphql_mapping_template_1.ref('util.authType()'), graphql_mapping_template_1.str(utils_1.IAM_AUTH_TYPE)), graphql_mapping_template_1.compoundExpression(expression)); | ||
| return (0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.equals)((0, graphql_mapping_template_1.ref)('util.authType()'), (0, graphql_mapping_template_1.str)(utils_1.IAM_AUTH_TYPE)), (0, graphql_mapping_template_1.compoundExpression)(expression)); | ||
| }; | ||
| exports.iamExpression = iamExpression; | ||
| const iamAdminRoleCheckExpression = (adminRoles) => { | ||
| return graphql_mapping_template_1.compoundExpression([ | ||
| graphql_mapping_template_1.set(graphql_mapping_template_1.ref('adminRoles'), graphql_mapping_template_1.raw(JSON.stringify(adminRoles))), | ||
| graphql_mapping_template_1.forEach(graphql_mapping_template_1.ref('adminRole'), graphql_mapping_template_1.ref('adminRoles'), [ | ||
| graphql_mapping_template_1.iff(graphql_mapping_template_1.methodCall(graphql_mapping_template_1.ref('ctx.identity.userArn.contains'), graphql_mapping_template_1.ref('adminRole')), graphql_mapping_template_1.raw('#return($util.toJson({}))')), | ||
| return (0, graphql_mapping_template_1.compoundExpression)([ | ||
| (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)('adminRoles'), (0, graphql_mapping_template_1.raw)(JSON.stringify(adminRoles))), | ||
| (0, graphql_mapping_template_1.forEach)((0, graphql_mapping_template_1.ref)('adminRole'), (0, graphql_mapping_template_1.ref)('adminRoles'), [ | ||
| (0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)('ctx.identity.userArn.contains'), (0, graphql_mapping_template_1.ref)('adminRole')), (0, graphql_mapping_template_1.raw)('#return($util.toJson({}))')), | ||
| ]), | ||
@@ -102,11 +102,11 @@ ]); | ||
| const statements = [ | ||
| graphql_mapping_template_1.set(graphql_mapping_template_1.ref('GetRequest'), graphql_mapping_template_1.obj({ version: graphql_mapping_template_1.str('2018-05-29'), operation: graphql_mapping_template_1.str('GetItem') })), | ||
| graphql_mapping_template_1.ifElse(graphql_mapping_template_1.ref('ctx.stash.metadata.modelObjectKey'), graphql_mapping_template_1.set(graphql_mapping_template_1.ref('key'), graphql_mapping_template_1.ref('ctx.stash.metadata.modelObjectKey')), graphql_mapping_template_1.compoundExpression([graphql_mapping_template_1.set(graphql_mapping_template_1.ref('key'), graphql_mapping_template_1.obj({ id: graphql_mapping_template_1.methodCall(graphql_mapping_template_1.ref('util.dynamodb.toDynamoDB'), graphql_mapping_template_1.ref('ctx.args.input.id')) }))])), | ||
| graphql_mapping_template_1.qref(graphql_mapping_template_1.methodCall(graphql_mapping_template_1.ref('GetRequest.put'), graphql_mapping_template_1.str('key'), graphql_mapping_template_1.ref('key'))), | ||
| graphql_mapping_template_1.toJson(graphql_mapping_template_1.ref('GetRequest')), | ||
| (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)('GetRequest'), (0, graphql_mapping_template_1.obj)({ version: (0, graphql_mapping_template_1.str)('2018-05-29'), operation: (0, graphql_mapping_template_1.str)('GetItem') })), | ||
| (0, graphql_mapping_template_1.ifElse)((0, graphql_mapping_template_1.ref)('ctx.stash.metadata.modelObjectKey'), (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)('key'), (0, graphql_mapping_template_1.ref)('ctx.stash.metadata.modelObjectKey')), (0, graphql_mapping_template_1.compoundExpression)([(0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)('key'), (0, graphql_mapping_template_1.obj)({ id: (0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)('util.dynamodb.toDynamoDB'), (0, graphql_mapping_template_1.ref)('ctx.args.input.id')) }))])), | ||
| (0, graphql_mapping_template_1.qref)((0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)('GetRequest.put'), (0, graphql_mapping_template_1.str)('key'), (0, graphql_mapping_template_1.ref)('key'))), | ||
| (0, graphql_mapping_template_1.toJson)((0, graphql_mapping_template_1.ref)('GetRequest')), | ||
| ]; | ||
| return graphql_mapping_template_1.printBlock('Get Request template')(graphql_mapping_template_1.compoundExpression(statements)); | ||
| return (0, graphql_mapping_template_1.printBlock)('Get Request template')((0, graphql_mapping_template_1.compoundExpression)(statements)); | ||
| }; | ||
| exports.generateAuthRequestExpression = generateAuthRequestExpression; | ||
| exports.emptyPayload = graphql_mapping_template_1.toJson(graphql_mapping_template_1.raw(JSON.stringify({ version: '2018-05-29', payload: {} }))); | ||
| exports.emptyPayload = (0, graphql_mapping_template_1.toJson)((0, graphql_mapping_template_1.raw)(JSON.stringify({ version: '2018-05-29', payload: {} }))); | ||
| //# sourceMappingURL=helpers.js.map |
@@ -10,11 +10,11 @@ "use strict"; | ||
| if (roles.length === 0) { | ||
| return graphql_mapping_template_1.iff(graphql_mapping_template_1.equals(graphql_mapping_template_1.ref('util.authType()'), graphql_mapping_template_1.str(utils_1.API_KEY_AUTH_TYPE)), graphql_mapping_template_1.ref('util.unauthorized()')); | ||
| return (0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.equals)((0, graphql_mapping_template_1.ref)('util.authType()'), (0, graphql_mapping_template_1.str)(utils_1.API_KEY_AUTH_TYPE)), (0, graphql_mapping_template_1.ref)('util.unauthorized()')); | ||
| } | ||
| if (roles[0].allowedFields.length > 0) { | ||
| expression.push(graphql_mapping_template_1.set(graphql_mapping_template_1.ref(`${utils_1.ALLOWED_FIELDS}`), graphql_mapping_template_1.raw(JSON.stringify(roles[0].allowedFields)))); | ||
| expression.push((0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(`${utils_1.ALLOWED_FIELDS}`), (0, graphql_mapping_template_1.raw)(JSON.stringify(roles[0].allowedFields)))); | ||
| } | ||
| else { | ||
| expression.push(graphql_mapping_template_1.set(graphql_mapping_template_1.ref(utils_1.IS_AUTHORIZED_FLAG), graphql_mapping_template_1.bool(true))); | ||
| expression.push((0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG), (0, graphql_mapping_template_1.bool)(true))); | ||
| } | ||
| return graphql_mapping_template_1.iff(graphql_mapping_template_1.equals(graphql_mapping_template_1.ref('util.authType()'), graphql_mapping_template_1.str(utils_1.API_KEY_AUTH_TYPE)), graphql_mapping_template_1.compoundExpression(expression)); | ||
| return (0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.equals)((0, graphql_mapping_template_1.ref)('util.authType()'), (0, graphql_mapping_template_1.str)(utils_1.API_KEY_AUTH_TYPE)), (0, graphql_mapping_template_1.compoundExpression)(expression)); | ||
| }; | ||
@@ -24,3 +24,3 @@ const iamExpression = (roles, hasAdminRolesEnabled = false, adminRoles = [], identityPoolId) => { | ||
| if (hasAdminRolesEnabled) { | ||
| expression.push(helpers_1.iamAdminRoleCheckExpression(adminRoles)); | ||
| expression.push((0, helpers_1.iamAdminRoleCheckExpression)(adminRoles)); | ||
| } | ||
@@ -30,6 +30,6 @@ if (roles.length > 0) { | ||
| if (role.allowedFields.length > 0) { | ||
| expression.push(helpers_1.iamCheck(role.claim, graphql_mapping_template_1.compoundExpression([graphql_mapping_template_1.set(graphql_mapping_template_1.ref(`${utils_1.ALLOWED_FIELDS}`), graphql_mapping_template_1.raw(JSON.stringify(role.allowedFields)))]))); | ||
| expression.push((0, helpers_1.iamCheck)(role.claim, (0, graphql_mapping_template_1.compoundExpression)([(0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(`${utils_1.ALLOWED_FIELDS}`), (0, graphql_mapping_template_1.raw)(JSON.stringify(role.allowedFields)))]))); | ||
| } | ||
| else { | ||
| expression.push(helpers_1.iamCheck(role.claim, graphql_mapping_template_1.set(graphql_mapping_template_1.ref(utils_1.IS_AUTHORIZED_FLAG), graphql_mapping_template_1.bool(true)), identityPoolId)); | ||
| expression.push((0, helpers_1.iamCheck)(role.claim, (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG), (0, graphql_mapping_template_1.bool)(true)), identityPoolId)); | ||
| } | ||
@@ -39,5 +39,5 @@ } | ||
| else { | ||
| expression.push(graphql_mapping_template_1.ref('util.unauthorized()')); | ||
| expression.push((0, graphql_mapping_template_1.ref)('util.unauthorized()')); | ||
| } | ||
| return graphql_mapping_template_1.iff(graphql_mapping_template_1.equals(graphql_mapping_template_1.ref('util.authType()'), graphql_mapping_template_1.str(utils_1.IAM_AUTH_TYPE)), graphql_mapping_template_1.compoundExpression(expression)); | ||
| return (0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.equals)((0, graphql_mapping_template_1.ref)('util.authType()'), (0, graphql_mapping_template_1.str)(utils_1.IAM_AUTH_TYPE)), (0, graphql_mapping_template_1.compoundExpression)(expression)); | ||
| }; | ||
@@ -47,11 +47,11 @@ const lambdaExpression = (roles) => { | ||
| if (roles.length === 0) { | ||
| return graphql_mapping_template_1.iff(graphql_mapping_template_1.equals(graphql_mapping_template_1.ref('util.authType()'), graphql_mapping_template_1.str(utils_1.LAMBDA_AUTH_TYPE)), graphql_mapping_template_1.ref('util.unauthorized()')); | ||
| return (0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.equals)((0, graphql_mapping_template_1.ref)('util.authType()'), (0, graphql_mapping_template_1.str)(utils_1.LAMBDA_AUTH_TYPE)), (0, graphql_mapping_template_1.ref)('util.unauthorized()')); | ||
| } | ||
| if (roles[0].allowedFields.length > 0) { | ||
| expression.push(graphql_mapping_template_1.set(graphql_mapping_template_1.ref(`${utils_1.ALLOWED_FIELDS}`), graphql_mapping_template_1.raw(JSON.stringify(roles[0].allowedFields)))); | ||
| expression.push((0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(`${utils_1.ALLOWED_FIELDS}`), (0, graphql_mapping_template_1.raw)(JSON.stringify(roles[0].allowedFields)))); | ||
| } | ||
| else { | ||
| expression.push(graphql_mapping_template_1.set(graphql_mapping_template_1.ref(utils_1.IS_AUTHORIZED_FLAG), graphql_mapping_template_1.bool(true))); | ||
| expression.push((0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG), (0, graphql_mapping_template_1.bool)(true))); | ||
| } | ||
| return graphql_mapping_template_1.iff(graphql_mapping_template_1.equals(graphql_mapping_template_1.ref('util.authType()'), graphql_mapping_template_1.str(utils_1.LAMBDA_AUTH_TYPE)), graphql_mapping_template_1.compoundExpression(expression)); | ||
| return (0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.equals)((0, graphql_mapping_template_1.ref)('util.authType()'), (0, graphql_mapping_template_1.str)(utils_1.LAMBDA_AUTH_TYPE)), (0, graphql_mapping_template_1.compoundExpression)(expression)); | ||
| }; | ||
@@ -64,6 +64,6 @@ const generateStaticRoleExpression = (roles) => { | ||
| if (privateRole.allowedFields.length > 0) { | ||
| staticRoleExpression.push(graphql_mapping_template_1.qref(graphql_mapping_template_1.methodCall(graphql_mapping_template_1.ref(`${utils_1.ALLOWED_FIELDS}.addAll`), graphql_mapping_template_1.raw(JSON.stringify(privateRole.allowedFields))))); | ||
| staticRoleExpression.push((0, graphql_mapping_template_1.qref)((0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)(`${utils_1.ALLOWED_FIELDS}.addAll`), (0, graphql_mapping_template_1.raw)(JSON.stringify(privateRole.allowedFields))))); | ||
| } | ||
| else { | ||
| staticRoleExpression.push(graphql_mapping_template_1.set(graphql_mapping_template_1.ref(utils_1.IS_AUTHORIZED_FLAG), graphql_mapping_template_1.bool(true))); | ||
| staticRoleExpression.push((0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG), (0, graphql_mapping_template_1.bool)(true))); | ||
| } | ||
@@ -73,7 +73,7 @@ roles.splice(privateRoleIdx, 1); | ||
| if (roles.length > 0) { | ||
| staticRoleExpression.push(graphql_mapping_template_1.iff(graphql_mapping_template_1.not(graphql_mapping_template_1.ref(utils_1.IS_AUTHORIZED_FLAG)), graphql_mapping_template_1.compoundExpression([ | ||
| graphql_mapping_template_1.set(graphql_mapping_template_1.ref('staticGroupRoles'), graphql_mapping_template_1.raw(JSON.stringify(roles.map(r => { var _a; return ({ claim: r.claim, entity: r.entity, allowedFields: (_a = r.allowedFields) !== null && _a !== void 0 ? _a : [] }); })))), | ||
| graphql_mapping_template_1.forEach(graphql_mapping_template_1.ref('groupRole'), graphql_mapping_template_1.ref('staticGroupRoles'), [ | ||
| graphql_mapping_template_1.set(graphql_mapping_template_1.ref('groupsInToken'), helpers_1.getIdentityClaimExp(graphql_mapping_template_1.ref('groupRole.claim'), graphql_mapping_template_1.list([]))), | ||
| graphql_mapping_template_1.iff(graphql_mapping_template_1.methodCall(graphql_mapping_template_1.ref('groupsInToken.contains'), graphql_mapping_template_1.ref('groupRole.entity')), helpers_1.addAllowedFieldsIfElse('groupRole.allowedFields', true)), | ||
| staticRoleExpression.push((0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.not)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG)), (0, graphql_mapping_template_1.compoundExpression)([ | ||
| (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)('staticGroupRoles'), (0, graphql_mapping_template_1.raw)(JSON.stringify(roles.map(r => { var _a; return ({ claim: r.claim, entity: r.entity, allowedFields: (_a = r.allowedFields) !== null && _a !== void 0 ? _a : [] }); })))), | ||
| (0, graphql_mapping_template_1.forEach)((0, graphql_mapping_template_1.ref)('groupRole'), (0, graphql_mapping_template_1.ref)('staticGroupRoles'), [ | ||
| (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)('groupsInToken'), (0, helpers_1.getIdentityClaimExp)((0, graphql_mapping_template_1.ref)('groupRole.claim'), (0, graphql_mapping_template_1.list)([]))), | ||
| (0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)('groupsInToken.contains'), (0, graphql_mapping_template_1.ref)('groupRole.entity')), (0, helpers_1.addAllowedFieldsIfElse)('groupRole.allowedFields', true)), | ||
| ]), | ||
@@ -88,18 +88,18 @@ ]))); | ||
| roles.forEach((role, idx) => { | ||
| const entityIsList = utils_1.fieldIsList(fields, role.entity); | ||
| const entityIsList = (0, utils_1.fieldIsList)(fields, role.entity); | ||
| if (role.strategy === 'owner') { | ||
| ownerExpression.push(graphql_mapping_template_1.iff(graphql_mapping_template_1.not(graphql_mapping_template_1.ref(utils_1.IS_AUTHORIZED_FLAG)), graphql_mapping_template_1.compoundExpression([ | ||
| graphql_mapping_template_1.set(graphql_mapping_template_1.ref(`ownerEntity${idx}`), graphql_mapping_template_1.methodCall(graphql_mapping_template_1.ref('util.defaultIfNull'), graphql_mapping_template_1.ref(`ctx.args.input.${role.entity}`), graphql_mapping_template_1.nul())), | ||
| graphql_mapping_template_1.set(graphql_mapping_template_1.ref(`ownerClaim${idx}`), helpers_1.getOwnerClaim(role.claim)), | ||
| graphql_mapping_template_1.set(graphql_mapping_template_1.ref(`ownerAllowedFields${idx}`), graphql_mapping_template_1.raw(JSON.stringify(role.allowedFields))), | ||
| ownerExpression.push((0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.not)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG)), (0, graphql_mapping_template_1.compoundExpression)([ | ||
| (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(`ownerEntity${idx}`), (0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)('util.defaultIfNull'), (0, graphql_mapping_template_1.ref)(`ctx.args.input.${role.entity}`), (0, graphql_mapping_template_1.nul)())), | ||
| (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(`ownerClaim${idx}`), (0, helpers_1.getOwnerClaim)(role.claim)), | ||
| (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(`ownerAllowedFields${idx}`), (0, graphql_mapping_template_1.raw)(JSON.stringify(role.allowedFields))), | ||
| ...(entityIsList | ||
| ? [ | ||
| graphql_mapping_template_1.forEach(graphql_mapping_template_1.ref('allowedOwner'), graphql_mapping_template_1.ref(`ownerEntity${idx}`), [ | ||
| graphql_mapping_template_1.iff(graphql_mapping_template_1.equals(graphql_mapping_template_1.ref('allowedOwner'), graphql_mapping_template_1.ref(`ownerClaim${idx}`)), helpers_1.addAllowedFieldsIfElse(`ownerAllowedFields${idx}`, true)), | ||
| (0, graphql_mapping_template_1.forEach)((0, graphql_mapping_template_1.ref)('allowedOwner'), (0, graphql_mapping_template_1.ref)(`ownerEntity${idx}`), [ | ||
| (0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.equals)((0, graphql_mapping_template_1.ref)('allowedOwner'), (0, graphql_mapping_template_1.ref)(`ownerClaim${idx}`)), (0, helpers_1.addAllowedFieldsIfElse)(`ownerAllowedFields${idx}`, true)), | ||
| ]), | ||
| ] | ||
| : [graphql_mapping_template_1.iff(graphql_mapping_template_1.equals(graphql_mapping_template_1.ref(`ownerClaim${idx}`), graphql_mapping_template_1.ref(`ownerEntity${idx}`)), helpers_1.addAllowedFieldsIfElse(`ownerAllowedFields${idx}`))]), | ||
| graphql_mapping_template_1.iff(graphql_mapping_template_1.and([graphql_mapping_template_1.ref(`util.isNull($ownerEntity${idx})`), graphql_mapping_template_1.not(graphql_mapping_template_1.methodCall(graphql_mapping_template_1.ref('ctx.args.input.containsKey'), graphql_mapping_template_1.str(role.entity)))]), graphql_mapping_template_1.compoundExpression([ | ||
| graphql_mapping_template_1.qref(graphql_mapping_template_1.methodCall(graphql_mapping_template_1.ref('ctx.args.input.put'), graphql_mapping_template_1.str(role.entity), entityIsList ? graphql_mapping_template_1.list([graphql_mapping_template_1.ref(`ownerClaim${idx}`)]) : graphql_mapping_template_1.ref(`ownerClaim${idx}`))), | ||
| helpers_1.addAllowedFieldsIfElse(`ownerAllowedFields${idx}`), | ||
| : [(0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.equals)((0, graphql_mapping_template_1.ref)(`ownerClaim${idx}`), (0, graphql_mapping_template_1.ref)(`ownerEntity${idx}`)), (0, helpers_1.addAllowedFieldsIfElse)(`ownerAllowedFields${idx}`))]), | ||
| (0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.and)([(0, graphql_mapping_template_1.ref)(`util.isNull($ownerEntity${idx})`), (0, graphql_mapping_template_1.not)((0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)('ctx.args.input.containsKey'), (0, graphql_mapping_template_1.str)(role.entity)))]), (0, graphql_mapping_template_1.compoundExpression)([ | ||
| (0, graphql_mapping_template_1.qref)((0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)('ctx.args.input.put'), (0, graphql_mapping_template_1.str)(role.entity), entityIsList ? (0, graphql_mapping_template_1.list)([(0, graphql_mapping_template_1.ref)(`ownerClaim${idx}`)]) : (0, graphql_mapping_template_1.ref)(`ownerClaim${idx}`))), | ||
| (0, helpers_1.addAllowedFieldsIfElse)(`ownerAllowedFields${idx}`), | ||
| ])), | ||
@@ -109,10 +109,10 @@ ]))); | ||
| if (role.strategy === 'groups') { | ||
| dynamicGroupExpression.push(graphql_mapping_template_1.iff(graphql_mapping_template_1.not(graphql_mapping_template_1.ref(utils_1.IS_AUTHORIZED_FLAG)), graphql_mapping_template_1.compoundExpression([ | ||
| graphql_mapping_template_1.set(graphql_mapping_template_1.ref(`groupEntity${idx}`), graphql_mapping_template_1.methodCall(graphql_mapping_template_1.ref('util.defaultIfNull'), graphql_mapping_template_1.ref(`ctx.args.input.${role.entity}`), entityIsList ? graphql_mapping_template_1.list([]) : graphql_mapping_template_1.nul())), | ||
| graphql_mapping_template_1.set(graphql_mapping_template_1.ref(`groupClaim${idx}`), helpers_1.getIdentityClaimExp(graphql_mapping_template_1.str(role.claim), graphql_mapping_template_1.list([]))), | ||
| graphql_mapping_template_1.set(graphql_mapping_template_1.ref(`groupAllowedFields${idx}`), graphql_mapping_template_1.raw(JSON.stringify(role.allowedFields))), | ||
| graphql_mapping_template_1.forEach(graphql_mapping_template_1.ref('userGroup'), graphql_mapping_template_1.ref(`groupClaim${idx}`), [ | ||
| graphql_mapping_template_1.iff(entityIsList | ||
| ? graphql_mapping_template_1.methodCall(graphql_mapping_template_1.ref(`groupEntity${idx}.contains`), graphql_mapping_template_1.ref('userGroup')) | ||
| : graphql_mapping_template_1.equals(graphql_mapping_template_1.ref(`groupEntity${idx}`), graphql_mapping_template_1.ref('userGroup')), helpers_1.addAllowedFieldsIfElse(`groupAllowedFields${idx}`, true)), | ||
| dynamicGroupExpression.push((0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.not)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG)), (0, graphql_mapping_template_1.compoundExpression)([ | ||
| (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(`groupEntity${idx}`), (0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)('util.defaultIfNull'), (0, graphql_mapping_template_1.ref)(`ctx.args.input.${role.entity}`), entityIsList ? (0, graphql_mapping_template_1.list)([]) : (0, graphql_mapping_template_1.nul)())), | ||
| (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(`groupClaim${idx}`), (0, helpers_1.getIdentityClaimExp)((0, graphql_mapping_template_1.str)(role.claim), (0, graphql_mapping_template_1.list)([]))), | ||
| (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(`groupAllowedFields${idx}`), (0, graphql_mapping_template_1.raw)(JSON.stringify(role.allowedFields))), | ||
| (0, graphql_mapping_template_1.forEach)((0, graphql_mapping_template_1.ref)('userGroup'), (0, graphql_mapping_template_1.ref)(`groupClaim${idx}`), [ | ||
| (0, graphql_mapping_template_1.iff)(entityIsList | ||
| ? (0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)(`groupEntity${idx}.contains`), (0, graphql_mapping_template_1.ref)('userGroup')) | ||
| : (0, graphql_mapping_template_1.equals)((0, graphql_mapping_template_1.ref)(`groupEntity${idx}`), (0, graphql_mapping_template_1.ref)('userGroup')), (0, helpers_1.addAllowedFieldsIfElse)(`groupAllowedFields${idx}`, true)), | ||
| ]), | ||
@@ -125,8 +125,8 @@ ]))); | ||
| const generateAuthExpressionForCreate = (providers, roles, fields) => { | ||
| const { cognitoStaticRoles, cognitoDynamicRoles, oidcStaticRoles, oidcDynamicRoles, apiKeyRoles, iamRoles, lambdaRoles } = utils_1.splitRoles(roles); | ||
| const { cognitoStaticRoles, cognitoDynamicRoles, oidcStaticRoles, oidcDynamicRoles, apiKeyRoles, iamRoles, lambdaRoles } = (0, utils_1.splitRoles)(roles); | ||
| const totalAuthExpressions = [ | ||
| helpers_1.setHasAuthExpression, | ||
| helpers_1.getInputFields(), | ||
| graphql_mapping_template_1.set(graphql_mapping_template_1.ref(utils_1.IS_AUTHORIZED_FLAG), graphql_mapping_template_1.bool(false)), | ||
| graphql_mapping_template_1.set(graphql_mapping_template_1.ref(utils_1.ALLOWED_FIELDS), graphql_mapping_template_1.list([])), | ||
| (0, helpers_1.getInputFields)(), | ||
| (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG), (0, graphql_mapping_template_1.bool)(false)), | ||
| (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(utils_1.ALLOWED_FIELDS), (0, graphql_mapping_template_1.list)([])), | ||
| ]; | ||
@@ -143,14 +143,14 @@ if (providers.hasApiKey) { | ||
| if (providers.hasUserPools) { | ||
| totalAuthExpressions.push(graphql_mapping_template_1.iff(graphql_mapping_template_1.equals(graphql_mapping_template_1.ref('util.authType()'), graphql_mapping_template_1.str(utils_1.COGNITO_AUTH_TYPE)), graphql_mapping_template_1.compoundExpression([...generateStaticRoleExpression(cognitoStaticRoles), ...dynamicRoleExpression(cognitoDynamicRoles, fields)]))); | ||
| totalAuthExpressions.push((0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.equals)((0, graphql_mapping_template_1.ref)('util.authType()'), (0, graphql_mapping_template_1.str)(utils_1.COGNITO_AUTH_TYPE)), (0, graphql_mapping_template_1.compoundExpression)([...generateStaticRoleExpression(cognitoStaticRoles), ...dynamicRoleExpression(cognitoDynamicRoles, fields)]))); | ||
| } | ||
| if (providers.hasOIDC) { | ||
| totalAuthExpressions.push(graphql_mapping_template_1.iff(graphql_mapping_template_1.equals(graphql_mapping_template_1.ref('util.authType()'), graphql_mapping_template_1.str(utils_1.OIDC_AUTH_TYPE)), graphql_mapping_template_1.compoundExpression([...generateStaticRoleExpression(oidcStaticRoles), ...dynamicRoleExpression(oidcDynamicRoles, fields)]))); | ||
| totalAuthExpressions.push((0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.equals)((0, graphql_mapping_template_1.ref)('util.authType()'), (0, graphql_mapping_template_1.str)(utils_1.OIDC_AUTH_TYPE)), (0, graphql_mapping_template_1.compoundExpression)([...generateStaticRoleExpression(oidcStaticRoles), ...dynamicRoleExpression(oidcDynamicRoles, fields)]))); | ||
| } | ||
| totalAuthExpressions.push(graphql_mapping_template_1.iff(graphql_mapping_template_1.and([graphql_mapping_template_1.not(graphql_mapping_template_1.ref(utils_1.IS_AUTHORIZED_FLAG)), graphql_mapping_template_1.ref(`${utils_1.ALLOWED_FIELDS}.isEmpty()`)]), graphql_mapping_template_1.ref('util.unauthorized()')), graphql_mapping_template_1.iff(graphql_mapping_template_1.not(graphql_mapping_template_1.ref(utils_1.IS_AUTHORIZED_FLAG)), graphql_mapping_template_1.compoundExpression([ | ||
| graphql_mapping_template_1.set(graphql_mapping_template_1.ref(utils_1.DENIED_FIELDS), graphql_mapping_template_1.methodCall(graphql_mapping_template_1.ref('util.list.copyAndRemoveAll'), graphql_mapping_template_1.ref('inputFields'), graphql_mapping_template_1.ref(utils_1.ALLOWED_FIELDS))), | ||
| graphql_mapping_template_1.iff(graphql_mapping_template_1.ref(`${utils_1.DENIED_FIELDS}.size() > 0`), graphql_mapping_template_1.methodCall(graphql_mapping_template_1.ref('util.error'), graphql_mapping_template_1.str(`Unauthorized on \${${utils_1.DENIED_FIELDS}}`), graphql_mapping_template_1.str('Unauthorized'))), | ||
| totalAuthExpressions.push((0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.and)([(0, graphql_mapping_template_1.not)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG)), (0, graphql_mapping_template_1.ref)(`${utils_1.ALLOWED_FIELDS}.isEmpty()`)]), (0, graphql_mapping_template_1.ref)('util.unauthorized()')), (0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.not)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG)), (0, graphql_mapping_template_1.compoundExpression)([ | ||
| (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(utils_1.DENIED_FIELDS), (0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)('util.list.copyAndRemoveAll'), (0, graphql_mapping_template_1.ref)('inputFields'), (0, graphql_mapping_template_1.ref)(utils_1.ALLOWED_FIELDS))), | ||
| (0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.ref)(`${utils_1.DENIED_FIELDS}.size() > 0`), (0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)('util.error'), (0, graphql_mapping_template_1.str)(`Unauthorized on \${${utils_1.DENIED_FIELDS}}`), (0, graphql_mapping_template_1.str)('Unauthorized'))), | ||
| ]))); | ||
| return graphql_mapping_template_1.printBlock('Authorization Steps')(graphql_mapping_template_1.compoundExpression([...totalAuthExpressions, helpers_1.emptyPayload])); | ||
| return (0, graphql_mapping_template_1.printBlock)('Authorization Steps')((0, graphql_mapping_template_1.compoundExpression)([...totalAuthExpressions, helpers_1.emptyPayload])); | ||
| }; | ||
| exports.generateAuthExpressionForCreate = generateAuthExpressionForCreate; | ||
| //# sourceMappingURL=mutation.create.js.map |
@@ -10,8 +10,8 @@ "use strict"; | ||
| if (roles.length === 0) { | ||
| return graphql_mapping_template_1.iff(graphql_mapping_template_1.equals(graphql_mapping_template_1.ref('util.authType()'), graphql_mapping_template_1.str(utils_1.API_KEY_AUTH_TYPE)), graphql_mapping_template_1.ref('util.unauthorized()')); | ||
| return (0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.equals)((0, graphql_mapping_template_1.ref)('util.authType()'), (0, graphql_mapping_template_1.str)(utils_1.API_KEY_AUTH_TYPE)), (0, graphql_mapping_template_1.ref)('util.unauthorized()')); | ||
| } | ||
| else { | ||
| expression.push(graphql_mapping_template_1.set(graphql_mapping_template_1.ref(utils_1.IS_AUTHORIZED_FLAG), graphql_mapping_template_1.bool(true))); | ||
| expression.push((0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG), (0, graphql_mapping_template_1.bool)(true))); | ||
| } | ||
| return graphql_mapping_template_1.iff(graphql_mapping_template_1.equals(graphql_mapping_template_1.ref('util.authType()'), graphql_mapping_template_1.str(utils_1.API_KEY_AUTH_TYPE)), graphql_mapping_template_1.compoundExpression(expression)); | ||
| return (0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.equals)((0, graphql_mapping_template_1.ref)('util.authType()'), (0, graphql_mapping_template_1.str)(utils_1.API_KEY_AUTH_TYPE)), (0, graphql_mapping_template_1.compoundExpression)(expression)); | ||
| }; | ||
@@ -21,13 +21,13 @@ const iamExpression = (roles, hasAdminRolesEnabled = false, adminRoles = [], identityPoolId) => { | ||
| if (hasAdminRolesEnabled) { | ||
| expression.push(helpers_1.iamAdminRoleCheckExpression(adminRoles)); | ||
| expression.push((0, helpers_1.iamAdminRoleCheckExpression)(adminRoles)); | ||
| } | ||
| if (roles.length > 0) { | ||
| for (let role of roles) { | ||
| expression.push(helpers_1.iamCheck(role.claim, graphql_mapping_template_1.set(graphql_mapping_template_1.ref(utils_1.IS_AUTHORIZED_FLAG), graphql_mapping_template_1.bool(true)), identityPoolId)); | ||
| expression.push((0, helpers_1.iamCheck)(role.claim, (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG), (0, graphql_mapping_template_1.bool)(true)), identityPoolId)); | ||
| } | ||
| } | ||
| else { | ||
| expression.push(graphql_mapping_template_1.ref('util.unauthorized()')); | ||
| expression.push((0, graphql_mapping_template_1.ref)('util.unauthorized()')); | ||
| } | ||
| return graphql_mapping_template_1.iff(graphql_mapping_template_1.equals(graphql_mapping_template_1.ref('util.authType()'), graphql_mapping_template_1.str(utils_1.IAM_AUTH_TYPE)), graphql_mapping_template_1.compoundExpression(expression)); | ||
| return (0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.equals)((0, graphql_mapping_template_1.ref)('util.authType()'), (0, graphql_mapping_template_1.str)(utils_1.IAM_AUTH_TYPE)), (0, graphql_mapping_template_1.compoundExpression)(expression)); | ||
| }; | ||
@@ -37,8 +37,8 @@ const lambdaExpression = (roles) => { | ||
| if (roles.length === 0) { | ||
| return graphql_mapping_template_1.iff(graphql_mapping_template_1.equals(graphql_mapping_template_1.ref('util.authType()'), graphql_mapping_template_1.str(utils_1.LAMBDA_AUTH_TYPE)), graphql_mapping_template_1.ref('util.unauthorized()')); | ||
| return (0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.equals)((0, graphql_mapping_template_1.ref)('util.authType()'), (0, graphql_mapping_template_1.str)(utils_1.LAMBDA_AUTH_TYPE)), (0, graphql_mapping_template_1.ref)('util.unauthorized()')); | ||
| } | ||
| else { | ||
| expression.push(graphql_mapping_template_1.set(graphql_mapping_template_1.ref(utils_1.IS_AUTHORIZED_FLAG), graphql_mapping_template_1.bool(true))); | ||
| expression.push((0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG), (0, graphql_mapping_template_1.bool)(true))); | ||
| } | ||
| return graphql_mapping_template_1.iff(graphql_mapping_template_1.equals(graphql_mapping_template_1.ref('util.authType()'), graphql_mapping_template_1.str(utils_1.LAMBDA_AUTH_TYPE)), graphql_mapping_template_1.compoundExpression(expression)); | ||
| return (0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.equals)((0, graphql_mapping_template_1.ref)('util.authType()'), (0, graphql_mapping_template_1.str)(utils_1.LAMBDA_AUTH_TYPE)), (0, graphql_mapping_template_1.compoundExpression)(expression)); | ||
| }; | ||
@@ -49,11 +49,11 @@ const generateStaticRoleExpression = (roles) => { | ||
| if (privateRoleIdx > -1) { | ||
| staticRoleExpression.push(graphql_mapping_template_1.set(graphql_mapping_template_1.ref(utils_1.IS_AUTHORIZED_FLAG), graphql_mapping_template_1.bool(true))); | ||
| staticRoleExpression.push((0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG), (0, graphql_mapping_template_1.bool)(true))); | ||
| roles.splice(privateRoleIdx, -1); | ||
| } | ||
| if (roles.length > 0) { | ||
| staticRoleExpression.push(graphql_mapping_template_1.iff(graphql_mapping_template_1.not(graphql_mapping_template_1.ref(utils_1.IS_AUTHORIZED_FLAG)), graphql_mapping_template_1.compoundExpression([ | ||
| graphql_mapping_template_1.set(graphql_mapping_template_1.ref('staticGroupRoles'), graphql_mapping_template_1.raw(JSON.stringify(roles.map(r => ({ claim: r.claim, entity: r.entity }))))), | ||
| graphql_mapping_template_1.forEach(graphql_mapping_template_1.ref('groupRole'), graphql_mapping_template_1.ref('staticGroupRoles'), [ | ||
| graphql_mapping_template_1.set(graphql_mapping_template_1.ref('groupsInToken'), helpers_1.getIdentityClaimExp(graphql_mapping_template_1.ref('groupRole.claim'), graphql_mapping_template_1.list([]))), | ||
| graphql_mapping_template_1.iff(graphql_mapping_template_1.methodCall(graphql_mapping_template_1.ref('groupsInToken.contains'), graphql_mapping_template_1.ref('groupRole.entity')), graphql_mapping_template_1.compoundExpression([graphql_mapping_template_1.set(graphql_mapping_template_1.ref(utils_1.IS_AUTHORIZED_FLAG), graphql_mapping_template_1.bool(true)), graphql_mapping_template_1.raw('#break')])), | ||
| staticRoleExpression.push((0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.not)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG)), (0, graphql_mapping_template_1.compoundExpression)([ | ||
| (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)('staticGroupRoles'), (0, graphql_mapping_template_1.raw)(JSON.stringify(roles.map(r => ({ claim: r.claim, entity: r.entity }))))), | ||
| (0, graphql_mapping_template_1.forEach)((0, graphql_mapping_template_1.ref)('groupRole'), (0, graphql_mapping_template_1.ref)('staticGroupRoles'), [ | ||
| (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)('groupsInToken'), (0, helpers_1.getIdentityClaimExp)((0, graphql_mapping_template_1.ref)('groupRole.claim'), (0, graphql_mapping_template_1.list)([]))), | ||
| (0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)('groupsInToken.contains'), (0, graphql_mapping_template_1.ref)('groupRole.entity')), (0, graphql_mapping_template_1.compoundExpression)([(0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG), (0, graphql_mapping_template_1.bool)(true)), (0, graphql_mapping_template_1.raw)('#break')])), | ||
| ]), | ||
@@ -68,24 +68,24 @@ ]))); | ||
| roles.forEach((role, idx) => { | ||
| const entityIsList = utils_1.fieldIsList(fields, role.entity); | ||
| const entityIsList = (0, utils_1.fieldIsList)(fields, role.entity); | ||
| if (role.strategy === 'owner') { | ||
| ownerExpression.push(graphql_mapping_template_1.iff(graphql_mapping_template_1.not(graphql_mapping_template_1.ref(utils_1.IS_AUTHORIZED_FLAG)), graphql_mapping_template_1.compoundExpression([ | ||
| graphql_mapping_template_1.set(graphql_mapping_template_1.ref(`ownerEntity${idx}`), graphql_mapping_template_1.methodCall(graphql_mapping_template_1.ref('util.defaultIfNull'), graphql_mapping_template_1.ref(`ctx.result.${role.entity}`), graphql_mapping_template_1.nul())), | ||
| graphql_mapping_template_1.set(graphql_mapping_template_1.ref(`ownerClaim${idx}`), helpers_1.getOwnerClaim(role.claim)), | ||
| ownerExpression.push((0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.not)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG)), (0, graphql_mapping_template_1.compoundExpression)([ | ||
| (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(`ownerEntity${idx}`), (0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)('util.defaultIfNull'), (0, graphql_mapping_template_1.ref)(`ctx.result.${role.entity}`), (0, graphql_mapping_template_1.nul)())), | ||
| (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(`ownerClaim${idx}`), (0, helpers_1.getOwnerClaim)(role.claim)), | ||
| ...(entityIsList | ||
| ? [ | ||
| graphql_mapping_template_1.forEach(graphql_mapping_template_1.ref('allowedOwner'), graphql_mapping_template_1.ref(`ownerEntity${idx}`), [ | ||
| graphql_mapping_template_1.iff(graphql_mapping_template_1.equals(graphql_mapping_template_1.ref('allowedOwner'), graphql_mapping_template_1.ref(`ownerClaim${idx}`)), graphql_mapping_template_1.set(graphql_mapping_template_1.ref(utils_1.IS_AUTHORIZED_FLAG), graphql_mapping_template_1.bool(true))), | ||
| (0, graphql_mapping_template_1.forEach)((0, graphql_mapping_template_1.ref)('allowedOwner'), (0, graphql_mapping_template_1.ref)(`ownerEntity${idx}`), [ | ||
| (0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.equals)((0, graphql_mapping_template_1.ref)('allowedOwner'), (0, graphql_mapping_template_1.ref)(`ownerClaim${idx}`)), (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG), (0, graphql_mapping_template_1.bool)(true))), | ||
| ]), | ||
| ] | ||
| : [graphql_mapping_template_1.iff(graphql_mapping_template_1.equals(graphql_mapping_template_1.ref(`ownerEntity${idx}`), graphql_mapping_template_1.ref(`ownerClaim${idx}`)), graphql_mapping_template_1.set(graphql_mapping_template_1.ref(utils_1.IS_AUTHORIZED_FLAG), graphql_mapping_template_1.bool(true)))]), | ||
| : [(0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.equals)((0, graphql_mapping_template_1.ref)(`ownerEntity${idx}`), (0, graphql_mapping_template_1.ref)(`ownerClaim${idx}`)), (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG), (0, graphql_mapping_template_1.bool)(true)))]), | ||
| ]))); | ||
| } | ||
| if (role.strategy === 'groups') { | ||
| dynamicGroupExpression.push(graphql_mapping_template_1.iff(graphql_mapping_template_1.not(graphql_mapping_template_1.ref(utils_1.IS_AUTHORIZED_FLAG)), graphql_mapping_template_1.compoundExpression([ | ||
| graphql_mapping_template_1.set(graphql_mapping_template_1.ref(`groupEntity${idx}`), graphql_mapping_template_1.methodCall(graphql_mapping_template_1.ref('util.defaultIfNull'), graphql_mapping_template_1.ref(`ctx.result.${role.entity}`), entityIsList ? graphql_mapping_template_1.list([]) : graphql_mapping_template_1.nul())), | ||
| graphql_mapping_template_1.set(graphql_mapping_template_1.ref(`groupClaim${idx}`), helpers_1.getIdentityClaimExp(graphql_mapping_template_1.str(role.claim), graphql_mapping_template_1.list([]))), | ||
| graphql_mapping_template_1.forEach(graphql_mapping_template_1.ref('userGroup'), graphql_mapping_template_1.ref(`groupClaim${idx}`), [ | ||
| graphql_mapping_template_1.iff(entityIsList | ||
| ? graphql_mapping_template_1.methodCall(graphql_mapping_template_1.ref(`groupEntity${idx}.contains`), graphql_mapping_template_1.ref('userGroup')) | ||
| : graphql_mapping_template_1.equals(graphql_mapping_template_1.ref(`groupEntity${idx}`), graphql_mapping_template_1.ref('userGroup')), graphql_mapping_template_1.set(graphql_mapping_template_1.ref(utils_1.IS_AUTHORIZED_FLAG), graphql_mapping_template_1.bool(true))), | ||
| dynamicGroupExpression.push((0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.not)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG)), (0, graphql_mapping_template_1.compoundExpression)([ | ||
| (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(`groupEntity${idx}`), (0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)('util.defaultIfNull'), (0, graphql_mapping_template_1.ref)(`ctx.result.${role.entity}`), entityIsList ? (0, graphql_mapping_template_1.list)([]) : (0, graphql_mapping_template_1.nul)())), | ||
| (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(`groupClaim${idx}`), (0, helpers_1.getIdentityClaimExp)((0, graphql_mapping_template_1.str)(role.claim), (0, graphql_mapping_template_1.list)([]))), | ||
| (0, graphql_mapping_template_1.forEach)((0, graphql_mapping_template_1.ref)('userGroup'), (0, graphql_mapping_template_1.ref)(`groupClaim${idx}`), [ | ||
| (0, graphql_mapping_template_1.iff)(entityIsList | ||
| ? (0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)(`groupEntity${idx}.contains`), (0, graphql_mapping_template_1.ref)('userGroup')) | ||
| : (0, graphql_mapping_template_1.equals)((0, graphql_mapping_template_1.ref)(`groupEntity${idx}`), (0, graphql_mapping_template_1.ref)('userGroup')), (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG), (0, graphql_mapping_template_1.bool)(true))), | ||
| ]), | ||
@@ -98,4 +98,4 @@ ]))); | ||
| const geneateAuthExpressionForDelete = (providers, roles, fields) => { | ||
| const { cognitoStaticRoles, cognitoDynamicRoles, oidcStaticRoles, oidcDynamicRoles, apiKeyRoles, iamRoles, lambdaRoles } = utils_1.splitRoles(roles); | ||
| const totalAuthExpressions = [helpers_1.setHasAuthExpression, graphql_mapping_template_1.set(graphql_mapping_template_1.ref(utils_1.IS_AUTHORIZED_FLAG), graphql_mapping_template_1.bool(false))]; | ||
| const { cognitoStaticRoles, cognitoDynamicRoles, oidcStaticRoles, oidcDynamicRoles, apiKeyRoles, iamRoles, lambdaRoles } = (0, utils_1.splitRoles)(roles); | ||
| const totalAuthExpressions = [helpers_1.setHasAuthExpression, (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG), (0, graphql_mapping_template_1.bool)(false))]; | ||
| if (providers.hasApiKey) { | ||
@@ -111,3 +111,3 @@ totalAuthExpressions.push(apiKeyExpression(apiKeyRoles)); | ||
| if (providers.hasUserPools) { | ||
| totalAuthExpressions.push(graphql_mapping_template_1.iff(graphql_mapping_template_1.equals(graphql_mapping_template_1.ref('util.authType()'), graphql_mapping_template_1.str(utils_1.COGNITO_AUTH_TYPE)), graphql_mapping_template_1.compoundExpression([ | ||
| totalAuthExpressions.push((0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.equals)((0, graphql_mapping_template_1.ref)('util.authType()'), (0, graphql_mapping_template_1.str)(utils_1.COGNITO_AUTH_TYPE)), (0, graphql_mapping_template_1.compoundExpression)([ | ||
| ...generateStaticRoleExpression(cognitoStaticRoles), | ||
@@ -118,8 +118,8 @@ ...dynamicGroupRoleExpression(cognitoDynamicRoles, fields), | ||
| if (providers.hasOIDC) { | ||
| totalAuthExpressions.push(graphql_mapping_template_1.iff(graphql_mapping_template_1.equals(graphql_mapping_template_1.ref('util.authType()'), graphql_mapping_template_1.str(utils_1.OIDC_AUTH_TYPE)), graphql_mapping_template_1.compoundExpression([...generateStaticRoleExpression(oidcStaticRoles), ...dynamicGroupRoleExpression(oidcDynamicRoles, fields)]))); | ||
| totalAuthExpressions.push((0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.equals)((0, graphql_mapping_template_1.ref)('util.authType()'), (0, graphql_mapping_template_1.str)(utils_1.OIDC_AUTH_TYPE)), (0, graphql_mapping_template_1.compoundExpression)([...generateStaticRoleExpression(oidcStaticRoles), ...dynamicGroupRoleExpression(oidcDynamicRoles, fields)]))); | ||
| } | ||
| totalAuthExpressions.push(graphql_mapping_template_1.iff(graphql_mapping_template_1.not(graphql_mapping_template_1.ref(utils_1.IS_AUTHORIZED_FLAG)), graphql_mapping_template_1.ref('util.unauthorized()'))); | ||
| return graphql_mapping_template_1.printBlock('Authorization Steps')(graphql_mapping_template_1.compoundExpression([...totalAuthExpressions, helpers_1.emptyPayload])); | ||
| totalAuthExpressions.push((0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.not)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG)), (0, graphql_mapping_template_1.ref)('util.unauthorized()'))); | ||
| return (0, graphql_mapping_template_1.printBlock)('Authorization Steps')((0, graphql_mapping_template_1.compoundExpression)([...totalAuthExpressions, helpers_1.emptyPayload])); | ||
| }; | ||
| exports.geneateAuthExpressionForDelete = geneateAuthExpressionForDelete; | ||
| //# sourceMappingURL=mutation.delete.js.map |
@@ -10,11 +10,11 @@ "use strict"; | ||
| if (roles.length === 0) { | ||
| return graphql_mapping_template_1.iff(graphql_mapping_template_1.equals(graphql_mapping_template_1.ref('util.authType()'), graphql_mapping_template_1.str(utils_1.API_KEY_AUTH_TYPE)), graphql_mapping_template_1.ref('util.unauthorized()')); | ||
| return (0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.equals)((0, graphql_mapping_template_1.ref)('util.authType()'), (0, graphql_mapping_template_1.str)(utils_1.API_KEY_AUTH_TYPE)), (0, graphql_mapping_template_1.ref)('util.unauthorized()')); | ||
| } | ||
| if (roles[0].allowedFields.length > 0 || roles[0].nullAllowedFields.length > 0) { | ||
| expression.push(graphql_mapping_template_1.set(graphql_mapping_template_1.ref(`${utils_1.ALLOWED_FIELDS}`), graphql_mapping_template_1.raw(JSON.stringify(roles[0].allowedFields))), graphql_mapping_template_1.set(graphql_mapping_template_1.ref(`${utils_1.NULL_ALLOWED_FIELDS}`), graphql_mapping_template_1.raw(JSON.stringify(roles[0].nullAllowedFields)))); | ||
| expression.push((0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(`${utils_1.ALLOWED_FIELDS}`), (0, graphql_mapping_template_1.raw)(JSON.stringify(roles[0].allowedFields))), (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(`${utils_1.NULL_ALLOWED_FIELDS}`), (0, graphql_mapping_template_1.raw)(JSON.stringify(roles[0].nullAllowedFields)))); | ||
| } | ||
| else { | ||
| expression.push(graphql_mapping_template_1.set(graphql_mapping_template_1.ref(utils_1.IS_AUTHORIZED_FLAG), graphql_mapping_template_1.bool(true))); | ||
| expression.push((0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG), (0, graphql_mapping_template_1.bool)(true))); | ||
| } | ||
| return graphql_mapping_template_1.iff(graphql_mapping_template_1.equals(graphql_mapping_template_1.ref('util.authType()'), graphql_mapping_template_1.str(utils_1.API_KEY_AUTH_TYPE)), graphql_mapping_template_1.compoundExpression(expression)); | ||
| return (0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.equals)((0, graphql_mapping_template_1.ref)('util.authType()'), (0, graphql_mapping_template_1.str)(utils_1.API_KEY_AUTH_TYPE)), (0, graphql_mapping_template_1.compoundExpression)(expression)); | ||
| }; | ||
@@ -24,11 +24,11 @@ const lambdaExpression = (roles) => { | ||
| if (roles.length === 0) { | ||
| return graphql_mapping_template_1.iff(graphql_mapping_template_1.equals(graphql_mapping_template_1.ref('util.authType()'), graphql_mapping_template_1.str(utils_1.LAMBDA_AUTH_TYPE)), graphql_mapping_template_1.ref('util.unauthorized()')); | ||
| return (0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.equals)((0, graphql_mapping_template_1.ref)('util.authType()'), (0, graphql_mapping_template_1.str)(utils_1.LAMBDA_AUTH_TYPE)), (0, graphql_mapping_template_1.ref)('util.unauthorized()')); | ||
| } | ||
| if (roles[0].allowedFields.length > 0 || roles[0].nullAllowedFields.length > 0) { | ||
| expression.push(graphql_mapping_template_1.set(graphql_mapping_template_1.ref(`${utils_1.ALLOWED_FIELDS}`), graphql_mapping_template_1.raw(JSON.stringify(roles[0].allowedFields))), graphql_mapping_template_1.set(graphql_mapping_template_1.ref(`${utils_1.NULL_ALLOWED_FIELDS}`), graphql_mapping_template_1.raw(JSON.stringify(roles[0].nullAllowedFields)))); | ||
| expression.push((0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(`${utils_1.ALLOWED_FIELDS}`), (0, graphql_mapping_template_1.raw)(JSON.stringify(roles[0].allowedFields))), (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(`${utils_1.NULL_ALLOWED_FIELDS}`), (0, graphql_mapping_template_1.raw)(JSON.stringify(roles[0].nullAllowedFields)))); | ||
| } | ||
| else { | ||
| expression.push(graphql_mapping_template_1.set(graphql_mapping_template_1.ref(utils_1.IS_AUTHORIZED_FLAG), graphql_mapping_template_1.bool(true))); | ||
| expression.push((0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG), (0, graphql_mapping_template_1.bool)(true))); | ||
| } | ||
| return graphql_mapping_template_1.iff(graphql_mapping_template_1.equals(graphql_mapping_template_1.ref('util.authType()'), graphql_mapping_template_1.str(utils_1.LAMBDA_AUTH_TYPE)), graphql_mapping_template_1.compoundExpression(expression)); | ||
| return (0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.equals)((0, graphql_mapping_template_1.ref)('util.authType()'), (0, graphql_mapping_template_1.str)(utils_1.LAMBDA_AUTH_TYPE)), (0, graphql_mapping_template_1.compoundExpression)(expression)); | ||
| }; | ||
@@ -38,3 +38,3 @@ const iamExpression = (roles, hasAdminRolesEnabled = false, adminRoles = [], identityPoolId) => { | ||
| if (hasAdminRolesEnabled) { | ||
| expression.push(helpers_1.iamAdminRoleCheckExpression(adminRoles)); | ||
| expression.push((0, helpers_1.iamAdminRoleCheckExpression)(adminRoles)); | ||
| } | ||
@@ -44,9 +44,9 @@ if (roles.length > 0) { | ||
| if (role.allowedFields.length > 0 || role.nullAllowedFields.length > 0) { | ||
| expression.push(helpers_1.iamCheck(role.claim, graphql_mapping_template_1.compoundExpression([ | ||
| graphql_mapping_template_1.set(graphql_mapping_template_1.ref(`${utils_1.ALLOWED_FIELDS}`), graphql_mapping_template_1.raw(JSON.stringify(role.allowedFields))), | ||
| graphql_mapping_template_1.set(graphql_mapping_template_1.ref(`${utils_1.NULL_ALLOWED_FIELDS}`), graphql_mapping_template_1.raw(JSON.stringify(role.nullAllowedFields))), | ||
| expression.push((0, helpers_1.iamCheck)(role.claim, (0, graphql_mapping_template_1.compoundExpression)([ | ||
| (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(`${utils_1.ALLOWED_FIELDS}`), (0, graphql_mapping_template_1.raw)(JSON.stringify(role.allowedFields))), | ||
| (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(`${utils_1.NULL_ALLOWED_FIELDS}`), (0, graphql_mapping_template_1.raw)(JSON.stringify(role.nullAllowedFields))), | ||
| ]), identityPoolId)); | ||
| } | ||
| else { | ||
| expression.push(helpers_1.iamCheck(role.claim, graphql_mapping_template_1.set(graphql_mapping_template_1.ref(utils_1.IS_AUTHORIZED_FLAG), graphql_mapping_template_1.bool(true)))); | ||
| expression.push((0, helpers_1.iamCheck)(role.claim, (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG), (0, graphql_mapping_template_1.bool)(true)))); | ||
| } | ||
@@ -56,5 +56,5 @@ } | ||
| else { | ||
| expression.push(graphql_mapping_template_1.ref('util.unauthorized()')); | ||
| expression.push((0, graphql_mapping_template_1.ref)('util.unauthorized()')); | ||
| } | ||
| return graphql_mapping_template_1.iff(graphql_mapping_template_1.equals(graphql_mapping_template_1.ref('util.authType()'), graphql_mapping_template_1.str(utils_1.IAM_AUTH_TYPE)), graphql_mapping_template_1.compoundExpression(expression)); | ||
| return (0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.equals)((0, graphql_mapping_template_1.ref)('util.authType()'), (0, graphql_mapping_template_1.str)(utils_1.IAM_AUTH_TYPE)), (0, graphql_mapping_template_1.compoundExpression)(expression)); | ||
| }; | ||
@@ -67,6 +67,6 @@ const generateStaticRoleExpression = (roles) => { | ||
| if (privateRole.allowedFields.length > 0 || privateRole.nullAllowedFields.length > 0) { | ||
| staticRoleExpression.push(graphql_mapping_template_1.qref(graphql_mapping_template_1.methodCall(graphql_mapping_template_1.ref(`${utils_1.ALLOWED_FIELDS}.addAll`), graphql_mapping_template_1.raw(JSON.stringify(privateRole.allowedFields)))), graphql_mapping_template_1.qref(graphql_mapping_template_1.methodCall(graphql_mapping_template_1.ref(`${utils_1.NULL_ALLOWED_FIELDS}.addAll`), graphql_mapping_template_1.raw(JSON.stringify(privateRole.nullAllowedFields))))); | ||
| staticRoleExpression.push((0, graphql_mapping_template_1.qref)((0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)(`${utils_1.ALLOWED_FIELDS}.addAll`), (0, graphql_mapping_template_1.raw)(JSON.stringify(privateRole.allowedFields)))), (0, graphql_mapping_template_1.qref)((0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)(`${utils_1.NULL_ALLOWED_FIELDS}.addAll`), (0, graphql_mapping_template_1.raw)(JSON.stringify(privateRole.nullAllowedFields))))); | ||
| } | ||
| else { | ||
| staticRoleExpression.push(graphql_mapping_template_1.set(graphql_mapping_template_1.ref(utils_1.IS_AUTHORIZED_FLAG), graphql_mapping_template_1.bool(true))); | ||
| staticRoleExpression.push((0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG), (0, graphql_mapping_template_1.bool)(true))); | ||
| } | ||
@@ -76,4 +76,4 @@ roles.splice(privateRoleIdx, 1); | ||
| if (roles.length > 0) { | ||
| staticRoleExpression.push(graphql_mapping_template_1.iff(graphql_mapping_template_1.not(graphql_mapping_template_1.ref(utils_1.IS_AUTHORIZED_FLAG)), graphql_mapping_template_1.compoundExpression([ | ||
| graphql_mapping_template_1.set(graphql_mapping_template_1.ref('staticGroupRoles'), graphql_mapping_template_1.raw(JSON.stringify(roles.map(r => ({ | ||
| staticRoleExpression.push((0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.not)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG)), (0, graphql_mapping_template_1.compoundExpression)([ | ||
| (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)('staticGroupRoles'), (0, graphql_mapping_template_1.raw)(JSON.stringify(roles.map(r => ({ | ||
| claim: r.claim, | ||
@@ -84,9 +84,9 @@ entity: r.entity, | ||
| }))))), | ||
| graphql_mapping_template_1.forEach(graphql_mapping_template_1.ref('groupRole'), graphql_mapping_template_1.ref('staticGroupRoles'), [ | ||
| graphql_mapping_template_1.set(graphql_mapping_template_1.ref('groupsInToken'), helpers_1.getIdentityClaimExp(graphql_mapping_template_1.ref('groupRole.claim'), graphql_mapping_template_1.list([]))), | ||
| graphql_mapping_template_1.iff(graphql_mapping_template_1.methodCall(graphql_mapping_template_1.ref('groupsInToken.contains'), graphql_mapping_template_1.ref('groupRole.entity')), graphql_mapping_template_1.compoundExpression([ | ||
| graphql_mapping_template_1.ifElse(graphql_mapping_template_1.or([graphql_mapping_template_1.not(graphql_mapping_template_1.ref(`groupRole.allowedFields.isEmpty()`)), graphql_mapping_template_1.not(graphql_mapping_template_1.ref('groupRole.nullAllowedFields.isEmpty()'))]), graphql_mapping_template_1.compoundExpression([ | ||
| graphql_mapping_template_1.qref(graphql_mapping_template_1.methodCall(graphql_mapping_template_1.ref(`${utils_1.ALLOWED_FIELDS}.addAll`), graphql_mapping_template_1.ref('groupRole.allowedFields'))), | ||
| graphql_mapping_template_1.qref(graphql_mapping_template_1.methodCall(graphql_mapping_template_1.ref(`${utils_1.NULL_ALLOWED_FIELDS}.addAll`), graphql_mapping_template_1.ref('groupRole.nullAllowedFields'))), | ||
| ]), graphql_mapping_template_1.compoundExpression([graphql_mapping_template_1.set(graphql_mapping_template_1.ref(utils_1.IS_AUTHORIZED_FLAG), graphql_mapping_template_1.bool(true)), graphql_mapping_template_1.raw('#break')])), | ||
| (0, graphql_mapping_template_1.forEach)((0, graphql_mapping_template_1.ref)('groupRole'), (0, graphql_mapping_template_1.ref)('staticGroupRoles'), [ | ||
| (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)('groupsInToken'), (0, helpers_1.getIdentityClaimExp)((0, graphql_mapping_template_1.ref)('groupRole.claim'), (0, graphql_mapping_template_1.list)([]))), | ||
| (0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)('groupsInToken.contains'), (0, graphql_mapping_template_1.ref)('groupRole.entity')), (0, graphql_mapping_template_1.compoundExpression)([ | ||
| (0, graphql_mapping_template_1.ifElse)((0, graphql_mapping_template_1.or)([(0, graphql_mapping_template_1.not)((0, graphql_mapping_template_1.ref)(`groupRole.allowedFields.isEmpty()`)), (0, graphql_mapping_template_1.not)((0, graphql_mapping_template_1.ref)('groupRole.nullAllowedFields.isEmpty()'))]), (0, graphql_mapping_template_1.compoundExpression)([ | ||
| (0, graphql_mapping_template_1.qref)((0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)(`${utils_1.ALLOWED_FIELDS}.addAll`), (0, graphql_mapping_template_1.ref)('groupRole.allowedFields'))), | ||
| (0, graphql_mapping_template_1.qref)((0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)(`${utils_1.NULL_ALLOWED_FIELDS}.addAll`), (0, graphql_mapping_template_1.ref)('groupRole.nullAllowedFields'))), | ||
| ]), (0, graphql_mapping_template_1.compoundExpression)([(0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG), (0, graphql_mapping_template_1.bool)(true)), (0, graphql_mapping_template_1.raw)('#break')])), | ||
| ])), | ||
@@ -102,23 +102,23 @@ ]), | ||
| roles.forEach((role, idx) => { | ||
| const entityIsList = utils_1.fieldIsList(fields, role.entity); | ||
| const entityIsList = (0, utils_1.fieldIsList)(fields, role.entity); | ||
| if (role.strategy === 'owner') { | ||
| ownerExpression.push(graphql_mapping_template_1.iff(graphql_mapping_template_1.not(graphql_mapping_template_1.ref(utils_1.IS_AUTHORIZED_FLAG)), graphql_mapping_template_1.compoundExpression([ | ||
| graphql_mapping_template_1.set(graphql_mapping_template_1.ref(`ownerEntity${idx}`), graphql_mapping_template_1.methodCall(graphql_mapping_template_1.ref('util.defaultIfNull'), graphql_mapping_template_1.ref(`ctx.result.${role.entity}`), entityIsList ? graphql_mapping_template_1.list([]) : graphql_mapping_template_1.nul())), | ||
| graphql_mapping_template_1.set(graphql_mapping_template_1.ref(`ownerClaim${idx}`), helpers_1.getOwnerClaim(role.claim)), | ||
| graphql_mapping_template_1.set(graphql_mapping_template_1.ref(`ownerAllowedFields${idx}`), graphql_mapping_template_1.raw(JSON.stringify(role.allowedFields))), | ||
| graphql_mapping_template_1.set(graphql_mapping_template_1.ref(`ownerNullAllowedFields${idx}`), graphql_mapping_template_1.raw(JSON.stringify(role.nullAllowedFields))), | ||
| ownerExpression.push((0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.not)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG)), (0, graphql_mapping_template_1.compoundExpression)([ | ||
| (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(`ownerEntity${idx}`), (0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)('util.defaultIfNull'), (0, graphql_mapping_template_1.ref)(`ctx.result.${role.entity}`), entityIsList ? (0, graphql_mapping_template_1.list)([]) : (0, graphql_mapping_template_1.nul)())), | ||
| (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(`ownerClaim${idx}`), (0, helpers_1.getOwnerClaim)(role.claim)), | ||
| (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(`ownerAllowedFields${idx}`), (0, graphql_mapping_template_1.raw)(JSON.stringify(role.allowedFields))), | ||
| (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(`ownerNullAllowedFields${idx}`), (0, graphql_mapping_template_1.raw)(JSON.stringify(role.nullAllowedFields))), | ||
| ...(entityIsList | ||
| ? [ | ||
| graphql_mapping_template_1.forEach(graphql_mapping_template_1.ref('allowedOwner'), graphql_mapping_template_1.ref(`ownerEntity${idx}`), [ | ||
| graphql_mapping_template_1.iff(graphql_mapping_template_1.equals(graphql_mapping_template_1.ref('allowedOwner'), graphql_mapping_template_1.ref(`ownerClaim${idx}`)), graphql_mapping_template_1.ifElse(graphql_mapping_template_1.or([graphql_mapping_template_1.not(graphql_mapping_template_1.ref(`ownerAllowedFields${idx}.isEmpty()`)), graphql_mapping_template_1.not(graphql_mapping_template_1.ref(`ownerNullAllowedFields${idx}.isEmpty()`))]), graphql_mapping_template_1.compoundExpression([ | ||
| graphql_mapping_template_1.qref(graphql_mapping_template_1.methodCall(graphql_mapping_template_1.ref(`${utils_1.ALLOWED_FIELDS}.addAll`), graphql_mapping_template_1.ref(`ownerAllowedFields${idx}`))), | ||
| graphql_mapping_template_1.qref(graphql_mapping_template_1.methodCall(graphql_mapping_template_1.ref(`${utils_1.NULL_ALLOWED_FIELDS}.addAll`), graphql_mapping_template_1.ref(`ownerNullAllowedFields${idx}`))), | ||
| ]), graphql_mapping_template_1.compoundExpression([graphql_mapping_template_1.set(graphql_mapping_template_1.ref(utils_1.IS_AUTHORIZED_FLAG), graphql_mapping_template_1.bool(true)), graphql_mapping_template_1.raw('#break')]))), | ||
| (0, graphql_mapping_template_1.forEach)((0, graphql_mapping_template_1.ref)('allowedOwner'), (0, graphql_mapping_template_1.ref)(`ownerEntity${idx}`), [ | ||
| (0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.equals)((0, graphql_mapping_template_1.ref)('allowedOwner'), (0, graphql_mapping_template_1.ref)(`ownerClaim${idx}`)), (0, graphql_mapping_template_1.ifElse)((0, graphql_mapping_template_1.or)([(0, graphql_mapping_template_1.not)((0, graphql_mapping_template_1.ref)(`ownerAllowedFields${idx}.isEmpty()`)), (0, graphql_mapping_template_1.not)((0, graphql_mapping_template_1.ref)(`ownerNullAllowedFields${idx}.isEmpty()`))]), (0, graphql_mapping_template_1.compoundExpression)([ | ||
| (0, graphql_mapping_template_1.qref)((0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)(`${utils_1.ALLOWED_FIELDS}.addAll`), (0, graphql_mapping_template_1.ref)(`ownerAllowedFields${idx}`))), | ||
| (0, graphql_mapping_template_1.qref)((0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)(`${utils_1.NULL_ALLOWED_FIELDS}.addAll`), (0, graphql_mapping_template_1.ref)(`ownerNullAllowedFields${idx}`))), | ||
| ]), (0, graphql_mapping_template_1.compoundExpression)([(0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG), (0, graphql_mapping_template_1.bool)(true)), (0, graphql_mapping_template_1.raw)('#break')]))), | ||
| ]), | ||
| ] | ||
| : [ | ||
| graphql_mapping_template_1.iff(graphql_mapping_template_1.equals(graphql_mapping_template_1.ref(`ownerEntity${idx}`), graphql_mapping_template_1.ref(`ownerClaim${idx}`)), graphql_mapping_template_1.ifElse(graphql_mapping_template_1.or([graphql_mapping_template_1.not(graphql_mapping_template_1.ref(`ownerAllowedFields${idx}.isEmpty()`)), graphql_mapping_template_1.not(graphql_mapping_template_1.ref(`ownerNullAllowedFields${idx}.isEmpty()`))]), graphql_mapping_template_1.compoundExpression([ | ||
| graphql_mapping_template_1.qref(graphql_mapping_template_1.methodCall(graphql_mapping_template_1.ref(`${utils_1.ALLOWED_FIELDS}.addAll`), graphql_mapping_template_1.ref(`ownerAllowedFields${idx}`))), | ||
| graphql_mapping_template_1.qref(graphql_mapping_template_1.methodCall(graphql_mapping_template_1.ref(`${utils_1.NULL_ALLOWED_FIELDS}.addAll`), graphql_mapping_template_1.ref(`ownerNullAllowedFields${idx}`))), | ||
| ]), graphql_mapping_template_1.compoundExpression([graphql_mapping_template_1.set(graphql_mapping_template_1.ref(utils_1.IS_AUTHORIZED_FLAG), graphql_mapping_template_1.bool(true))]))), | ||
| (0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.equals)((0, graphql_mapping_template_1.ref)(`ownerEntity${idx}`), (0, graphql_mapping_template_1.ref)(`ownerClaim${idx}`)), (0, graphql_mapping_template_1.ifElse)((0, graphql_mapping_template_1.or)([(0, graphql_mapping_template_1.not)((0, graphql_mapping_template_1.ref)(`ownerAllowedFields${idx}.isEmpty()`)), (0, graphql_mapping_template_1.not)((0, graphql_mapping_template_1.ref)(`ownerNullAllowedFields${idx}.isEmpty()`))]), (0, graphql_mapping_template_1.compoundExpression)([ | ||
| (0, graphql_mapping_template_1.qref)((0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)(`${utils_1.ALLOWED_FIELDS}.addAll`), (0, graphql_mapping_template_1.ref)(`ownerAllowedFields${idx}`))), | ||
| (0, graphql_mapping_template_1.qref)((0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)(`${utils_1.NULL_ALLOWED_FIELDS}.addAll`), (0, graphql_mapping_template_1.ref)(`ownerNullAllowedFields${idx}`))), | ||
| ]), (0, graphql_mapping_template_1.compoundExpression)([(0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG), (0, graphql_mapping_template_1.bool)(true))]))), | ||
| ]), | ||
@@ -128,14 +128,14 @@ ]))); | ||
| if (role.strategy === 'groups') { | ||
| dynamicGroupExpression.push(graphql_mapping_template_1.iff(graphql_mapping_template_1.not(graphql_mapping_template_1.ref(utils_1.IS_AUTHORIZED_FLAG)), graphql_mapping_template_1.compoundExpression([ | ||
| graphql_mapping_template_1.set(graphql_mapping_template_1.ref(`groupEntity${idx}`), graphql_mapping_template_1.methodCall(graphql_mapping_template_1.ref('util.defaultIfNull'), graphql_mapping_template_1.ref(`ctx.result.${role.entity}`), entityIsList ? graphql_mapping_template_1.list([]) : graphql_mapping_template_1.nul())), | ||
| graphql_mapping_template_1.set(graphql_mapping_template_1.ref(`groupClaim${idx}`), helpers_1.getIdentityClaimExp(graphql_mapping_template_1.str(role.claim), graphql_mapping_template_1.list([]))), | ||
| graphql_mapping_template_1.set(graphql_mapping_template_1.ref(`groupAllowedFields${idx}`), graphql_mapping_template_1.raw(JSON.stringify(role.allowedFields))), | ||
| graphql_mapping_template_1.set(graphql_mapping_template_1.ref(`groupNullAllowedFields${idx}`), graphql_mapping_template_1.raw(JSON.stringify(role.nullAllowedFields))), | ||
| graphql_mapping_template_1.forEach(graphql_mapping_template_1.ref('userGroup'), graphql_mapping_template_1.ref(`groupClaim${idx}`), [ | ||
| graphql_mapping_template_1.iff(entityIsList | ||
| ? graphql_mapping_template_1.methodCall(graphql_mapping_template_1.ref(`groupEntity${idx}.contains`), graphql_mapping_template_1.ref('userGroup')) | ||
| : graphql_mapping_template_1.equals(graphql_mapping_template_1.ref(`groupEntity${idx}`), graphql_mapping_template_1.ref('userGroup')), graphql_mapping_template_1.ifElse(graphql_mapping_template_1.or([graphql_mapping_template_1.not(graphql_mapping_template_1.ref(`groupAllowedFields${idx}.isEmpty()`)), graphql_mapping_template_1.not(graphql_mapping_template_1.ref(`groupNullAllowedFields${idx}.isEmpty()`))]), graphql_mapping_template_1.compoundExpression([ | ||
| graphql_mapping_template_1.qref(graphql_mapping_template_1.methodCall(graphql_mapping_template_1.ref(`${utils_1.ALLOWED_FIELDS}.addAll`), graphql_mapping_template_1.ref('groupRole.allowedFields'))), | ||
| graphql_mapping_template_1.qref(graphql_mapping_template_1.methodCall(graphql_mapping_template_1.ref(`${utils_1.NULL_ALLOWED_FIELDS}.addAll`), graphql_mapping_template_1.ref('groupRole.nullAllowedFields'))), | ||
| ]), graphql_mapping_template_1.compoundExpression([graphql_mapping_template_1.set(graphql_mapping_template_1.ref(utils_1.IS_AUTHORIZED_FLAG), graphql_mapping_template_1.bool(true)), graphql_mapping_template_1.raw('#break')]))), | ||
| dynamicGroupExpression.push((0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.not)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG)), (0, graphql_mapping_template_1.compoundExpression)([ | ||
| (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(`groupEntity${idx}`), (0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)('util.defaultIfNull'), (0, graphql_mapping_template_1.ref)(`ctx.result.${role.entity}`), entityIsList ? (0, graphql_mapping_template_1.list)([]) : (0, graphql_mapping_template_1.nul)())), | ||
| (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(`groupClaim${idx}`), (0, helpers_1.getIdentityClaimExp)((0, graphql_mapping_template_1.str)(role.claim), (0, graphql_mapping_template_1.list)([]))), | ||
| (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(`groupAllowedFields${idx}`), (0, graphql_mapping_template_1.raw)(JSON.stringify(role.allowedFields))), | ||
| (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(`groupNullAllowedFields${idx}`), (0, graphql_mapping_template_1.raw)(JSON.stringify(role.nullAllowedFields))), | ||
| (0, graphql_mapping_template_1.forEach)((0, graphql_mapping_template_1.ref)('userGroup'), (0, graphql_mapping_template_1.ref)(`groupClaim${idx}`), [ | ||
| (0, graphql_mapping_template_1.iff)(entityIsList | ||
| ? (0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)(`groupEntity${idx}.contains`), (0, graphql_mapping_template_1.ref)('userGroup')) | ||
| : (0, graphql_mapping_template_1.equals)((0, graphql_mapping_template_1.ref)(`groupEntity${idx}`), (0, graphql_mapping_template_1.ref)('userGroup')), (0, graphql_mapping_template_1.ifElse)((0, graphql_mapping_template_1.or)([(0, graphql_mapping_template_1.not)((0, graphql_mapping_template_1.ref)(`groupAllowedFields${idx}.isEmpty()`)), (0, graphql_mapping_template_1.not)((0, graphql_mapping_template_1.ref)(`groupNullAllowedFields${idx}.isEmpty()`))]), (0, graphql_mapping_template_1.compoundExpression)([ | ||
| (0, graphql_mapping_template_1.qref)((0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)(`${utils_1.ALLOWED_FIELDS}.addAll`), (0, graphql_mapping_template_1.ref)('groupRole.allowedFields'))), | ||
| (0, graphql_mapping_template_1.qref)((0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)(`${utils_1.NULL_ALLOWED_FIELDS}.addAll`), (0, graphql_mapping_template_1.ref)('groupRole.nullAllowedFields'))), | ||
| ]), (0, graphql_mapping_template_1.compoundExpression)([(0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG), (0, graphql_mapping_template_1.bool)(true)), (0, graphql_mapping_template_1.raw)('#break')]))), | ||
| ]), | ||
@@ -148,11 +148,11 @@ ]))); | ||
| const generateAuthExpressionForUpdate = (providers, roles, fields) => { | ||
| const { cognitoStaticRoles, cognitoDynamicRoles, oidcStaticRoles, oidcDynamicRoles, apiKeyRoles, iamRoles, lambdaRoles } = utils_1.splitRoles(roles); | ||
| const { cognitoStaticRoles, cognitoDynamicRoles, oidcStaticRoles, oidcDynamicRoles, apiKeyRoles, iamRoles, lambdaRoles } = (0, utils_1.splitRoles)(roles); | ||
| const totalAuthExpressions = [ | ||
| helpers_1.setHasAuthExpression, | ||
| helpers_1.responseCheckForErrors(), | ||
| helpers_1.getInputFields(), | ||
| graphql_mapping_template_1.set(graphql_mapping_template_1.ref(utils_1.IS_AUTHORIZED_FLAG), graphql_mapping_template_1.bool(false)), | ||
| graphql_mapping_template_1.set(graphql_mapping_template_1.ref(`${utils_1.ALLOWED_FIELDS}`), graphql_mapping_template_1.list([])), | ||
| graphql_mapping_template_1.set(graphql_mapping_template_1.ref(`${utils_1.NULL_ALLOWED_FIELDS}`), graphql_mapping_template_1.list([])), | ||
| graphql_mapping_template_1.set(graphql_mapping_template_1.ref(`${utils_1.DENIED_FIELDS}`), graphql_mapping_template_1.obj({})), | ||
| (0, helpers_1.responseCheckForErrors)(), | ||
| (0, helpers_1.getInputFields)(), | ||
| (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG), (0, graphql_mapping_template_1.bool)(false)), | ||
| (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(`${utils_1.ALLOWED_FIELDS}`), (0, graphql_mapping_template_1.list)([])), | ||
| (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(`${utils_1.NULL_ALLOWED_FIELDS}`), (0, graphql_mapping_template_1.list)([])), | ||
| (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(`${utils_1.DENIED_FIELDS}`), (0, graphql_mapping_template_1.obj)({})), | ||
| ]; | ||
@@ -169,3 +169,3 @@ if (providers.hasApiKey) { | ||
| if (providers.hasUserPools) { | ||
| totalAuthExpressions.push(graphql_mapping_template_1.iff(graphql_mapping_template_1.equals(graphql_mapping_template_1.ref('util.authType()'), graphql_mapping_template_1.str(utils_1.COGNITO_AUTH_TYPE)), graphql_mapping_template_1.compoundExpression([ | ||
| totalAuthExpressions.push((0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.equals)((0, graphql_mapping_template_1.ref)('util.authType()'), (0, graphql_mapping_template_1.str)(utils_1.COGNITO_AUTH_TYPE)), (0, graphql_mapping_template_1.compoundExpression)([ | ||
| ...generateStaticRoleExpression(cognitoStaticRoles), | ||
@@ -176,15 +176,15 @@ ...dynamicGroupRoleExpression(cognitoDynamicRoles, fields), | ||
| if (providers.hasOIDC) { | ||
| totalAuthExpressions.push(graphql_mapping_template_1.iff(graphql_mapping_template_1.equals(graphql_mapping_template_1.ref('util.authType()'), graphql_mapping_template_1.str(utils_1.OIDC_AUTH_TYPE)), graphql_mapping_template_1.compoundExpression([...generateStaticRoleExpression(oidcStaticRoles), ...dynamicGroupRoleExpression(oidcDynamicRoles, fields)]))); | ||
| totalAuthExpressions.push((0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.equals)((0, graphql_mapping_template_1.ref)('util.authType()'), (0, graphql_mapping_template_1.str)(utils_1.OIDC_AUTH_TYPE)), (0, graphql_mapping_template_1.compoundExpression)([...generateStaticRoleExpression(oidcStaticRoles), ...dynamicGroupRoleExpression(oidcDynamicRoles, fields)]))); | ||
| } | ||
| totalAuthExpressions.push(graphql_mapping_template_1.iff(graphql_mapping_template_1.and([graphql_mapping_template_1.not(graphql_mapping_template_1.ref(utils_1.IS_AUTHORIZED_FLAG)), graphql_mapping_template_1.ref(`${utils_1.ALLOWED_FIELDS}.isEmpty()`), graphql_mapping_template_1.ref(`${utils_1.NULL_ALLOWED_FIELDS}.isEmpty()`)]), graphql_mapping_template_1.ref('util.unauthorized()')), graphql_mapping_template_1.iff(graphql_mapping_template_1.not(graphql_mapping_template_1.ref(utils_1.IS_AUTHORIZED_FLAG)), graphql_mapping_template_1.compoundExpression([ | ||
| graphql_mapping_template_1.forEach(graphql_mapping_template_1.ref('entry'), graphql_mapping_template_1.ref('util.map.copyAndRetainAllKeys($ctx.args.input, $inputFields).entrySet()'), [ | ||
| graphql_mapping_template_1.iff(graphql_mapping_template_1.and([graphql_mapping_template_1.methodCall(graphql_mapping_template_1.ref('util.isNull'), graphql_mapping_template_1.ref('entry.value')), graphql_mapping_template_1.not(graphql_mapping_template_1.ref(`${utils_1.NULL_ALLOWED_FIELDS}.contains($entry.key)`))]), graphql_mapping_template_1.qref(graphql_mapping_template_1.methodCall(graphql_mapping_template_1.ref(`${utils_1.DENIED_FIELDS}.put`), graphql_mapping_template_1.ref('entry.key'), graphql_mapping_template_1.str('')))), | ||
| totalAuthExpressions.push((0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.and)([(0, graphql_mapping_template_1.not)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG)), (0, graphql_mapping_template_1.ref)(`${utils_1.ALLOWED_FIELDS}.isEmpty()`), (0, graphql_mapping_template_1.ref)(`${utils_1.NULL_ALLOWED_FIELDS}.isEmpty()`)]), (0, graphql_mapping_template_1.ref)('util.unauthorized()')), (0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.not)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG)), (0, graphql_mapping_template_1.compoundExpression)([ | ||
| (0, graphql_mapping_template_1.forEach)((0, graphql_mapping_template_1.ref)('entry'), (0, graphql_mapping_template_1.ref)('util.map.copyAndRetainAllKeys($ctx.args.input, $inputFields).entrySet()'), [ | ||
| (0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.and)([(0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)('util.isNull'), (0, graphql_mapping_template_1.ref)('entry.value')), (0, graphql_mapping_template_1.not)((0, graphql_mapping_template_1.ref)(`${utils_1.NULL_ALLOWED_FIELDS}.contains($entry.key)`))]), (0, graphql_mapping_template_1.qref)((0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)(`${utils_1.DENIED_FIELDS}.put`), (0, graphql_mapping_template_1.ref)('entry.key'), (0, graphql_mapping_template_1.str)('')))), | ||
| ]), | ||
| graphql_mapping_template_1.forEach(graphql_mapping_template_1.ref('deniedField'), graphql_mapping_template_1.ref(`util.list.copyAndRemoveAll($inputFields, \$${utils_1.ALLOWED_FIELDS})`), [ | ||
| graphql_mapping_template_1.qref(graphql_mapping_template_1.methodCall(graphql_mapping_template_1.ref(`${utils_1.DENIED_FIELDS}.put`), graphql_mapping_template_1.ref('deniedField'), graphql_mapping_template_1.str(''))), | ||
| (0, graphql_mapping_template_1.forEach)((0, graphql_mapping_template_1.ref)('deniedField'), (0, graphql_mapping_template_1.ref)(`util.list.copyAndRemoveAll($inputFields, \$${utils_1.ALLOWED_FIELDS})`), [ | ||
| (0, graphql_mapping_template_1.qref)((0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)(`${utils_1.DENIED_FIELDS}.put`), (0, graphql_mapping_template_1.ref)('deniedField'), (0, graphql_mapping_template_1.str)(''))), | ||
| ]), | ||
| ])), graphql_mapping_template_1.iff(graphql_mapping_template_1.ref(`${utils_1.DENIED_FIELDS}.keySet().size() > 0`), graphql_mapping_template_1.methodCall(graphql_mapping_template_1.ref('util.error'), graphql_mapping_template_1.str(`Unauthorized on \${${utils_1.DENIED_FIELDS}.keySet()}`), graphql_mapping_template_1.str('Unauthorized')))); | ||
| return graphql_mapping_template_1.printBlock('Authorization Steps')(graphql_mapping_template_1.compoundExpression([...totalAuthExpressions, graphql_mapping_template_1.toJson(graphql_mapping_template_1.obj({}))])); | ||
| ])), (0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.ref)(`${utils_1.DENIED_FIELDS}.keySet().size() > 0`), (0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)('util.error'), (0, graphql_mapping_template_1.str)(`Unauthorized on \${${utils_1.DENIED_FIELDS}.keySet()}`), (0, graphql_mapping_template_1.str)('Unauthorized')))); | ||
| return (0, graphql_mapping_template_1.printBlock)('Authorization Steps')((0, graphql_mapping_template_1.compoundExpression)([...totalAuthExpressions, (0, graphql_mapping_template_1.toJson)((0, graphql_mapping_template_1.obj)({}))])); | ||
| }; | ||
| exports.generateAuthExpressionForUpdate = generateAuthExpressionForUpdate; | ||
| //# sourceMappingURL=mutation.update.js.map |
@@ -12,11 +12,11 @@ "use strict"; | ||
| if (privateRoleIdx > -1) { | ||
| staticRoleExpression.push(graphql_mapping_template_1.set(graphql_mapping_template_1.ref(utils_1.IS_AUTHORIZED_FLAG), graphql_mapping_template_1.bool(true))); | ||
| staticRoleExpression.push((0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG), (0, graphql_mapping_template_1.bool)(true))); | ||
| roles.splice(privateRoleIdx, 1); | ||
| } | ||
| if (roles.length > 0) { | ||
| staticRoleExpression.push(graphql_mapping_template_1.iff(graphql_mapping_template_1.not(graphql_mapping_template_1.ref(utils_1.IS_AUTHORIZED_FLAG)), graphql_mapping_template_1.compoundExpression([ | ||
| graphql_mapping_template_1.set(graphql_mapping_template_1.ref('staticGroupRoles'), graphql_mapping_template_1.raw(JSON.stringify(roles.map(r => ({ claim: r.claim, entity: r.entity }))))), | ||
| graphql_mapping_template_1.forEach(graphql_mapping_template_1.ref('groupRole'), graphql_mapping_template_1.ref('staticGroupRoles'), [ | ||
| graphql_mapping_template_1.set(graphql_mapping_template_1.ref('groupsInToken'), helpers_1.getIdentityClaimExp(graphql_mapping_template_1.ref('groupRole.claim'), graphql_mapping_template_1.list([]))), | ||
| graphql_mapping_template_1.iff(graphql_mapping_template_1.methodCall(graphql_mapping_template_1.ref('groupsInToken.contains'), graphql_mapping_template_1.ref('groupRole.entity')), graphql_mapping_template_1.compoundExpression([graphql_mapping_template_1.set(graphql_mapping_template_1.ref(utils_1.IS_AUTHORIZED_FLAG), graphql_mapping_template_1.bool(true)), graphql_mapping_template_1.raw(`#break`)])), | ||
| staticRoleExpression.push((0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.not)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG)), (0, graphql_mapping_template_1.compoundExpression)([ | ||
| (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)('staticGroupRoles'), (0, graphql_mapping_template_1.raw)(JSON.stringify(roles.map(r => ({ claim: r.claim, entity: r.entity }))))), | ||
| (0, graphql_mapping_template_1.forEach)((0, graphql_mapping_template_1.ref)('groupRole'), (0, graphql_mapping_template_1.ref)('staticGroupRoles'), [ | ||
| (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)('groupsInToken'), (0, helpers_1.getIdentityClaimExp)((0, graphql_mapping_template_1.ref)('groupRole.claim'), (0, graphql_mapping_template_1.list)([]))), | ||
| (0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)('groupsInToken.contains'), (0, graphql_mapping_template_1.ref)('groupRole.entity')), (0, graphql_mapping_template_1.compoundExpression)([(0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG), (0, graphql_mapping_template_1.bool)(true)), (0, graphql_mapping_template_1.raw)(`#break`)])), | ||
| ]), | ||
@@ -33,11 +33,11 @@ ]))); | ||
| const { claim, field } = primaryFieldMap.get(role.entity); | ||
| modelQueryExpression.push(graphql_mapping_template_1.set(graphql_mapping_template_1.ref(`primaryRole${idx}`), role.strategy === 'owner' ? helpers_1.getOwnerClaim(role.claim) : helpers_1.getIdentityClaimExp(graphql_mapping_template_1.str(role.claim), graphql_mapping_template_1.str(graphql_transformer_common_1.NONE_VALUE))), graphql_mapping_template_1.ifElse(graphql_mapping_template_1.and([ | ||
| graphql_mapping_template_1.parens(graphql_mapping_template_1.not(graphql_mapping_template_1.ref(`util.isNull($ctx.${claim}.${field})`))), | ||
| graphql_mapping_template_1.parens(graphql_mapping_template_1.equals(graphql_mapping_template_1.ref(`ctx.${claim}.${field}`), graphql_mapping_template_1.ref(`primaryRole${idx}`))), | ||
| ]), graphql_mapping_template_1.compoundExpression([graphql_mapping_template_1.set(graphql_mapping_template_1.ref(utils_1.IS_AUTHORIZED_FLAG), graphql_mapping_template_1.bool(true)), graphql_mapping_template_1.qref(graphql_mapping_template_1.methodCall(graphql_mapping_template_1.ref('ctx.stash.put'), graphql_mapping_template_1.str('authFilter'), graphql_mapping_template_1.nul()))]), graphql_mapping_template_1.iff(graphql_mapping_template_1.and([graphql_mapping_template_1.not(graphql_mapping_template_1.ref(utils_1.IS_AUTHORIZED_FLAG)), graphql_mapping_template_1.methodCall(graphql_mapping_template_1.ref('util.isNull'), graphql_mapping_template_1.ref('ctx.stash.authFilter'))]), graphql_mapping_template_1.compoundExpression([ | ||
| graphql_mapping_template_1.qref(graphql_mapping_template_1.methodCall(graphql_mapping_template_1.ref(`ctx.${claim}.put`), graphql_mapping_template_1.str(field), graphql_mapping_template_1.ref(`primaryRole${idx}`))), | ||
| graphql_mapping_template_1.set(graphql_mapping_template_1.ref(utils_1.IS_AUTHORIZED_FLAG), graphql_mapping_template_1.bool(true)), | ||
| modelQueryExpression.push((0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(`primaryRole${idx}`), role.strategy === 'owner' ? (0, helpers_1.getOwnerClaim)(role.claim) : (0, helpers_1.getIdentityClaimExp)((0, graphql_mapping_template_1.str)(role.claim), (0, graphql_mapping_template_1.str)(graphql_transformer_common_1.NONE_VALUE))), (0, graphql_mapping_template_1.ifElse)((0, graphql_mapping_template_1.and)([ | ||
| (0, graphql_mapping_template_1.parens)((0, graphql_mapping_template_1.not)((0, graphql_mapping_template_1.ref)(`util.isNull($ctx.${claim}.${field})`))), | ||
| (0, graphql_mapping_template_1.parens)((0, graphql_mapping_template_1.equals)((0, graphql_mapping_template_1.ref)(`ctx.${claim}.${field}`), (0, graphql_mapping_template_1.ref)(`primaryRole${idx}`))), | ||
| ]), (0, graphql_mapping_template_1.compoundExpression)([(0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG), (0, graphql_mapping_template_1.bool)(true)), (0, graphql_mapping_template_1.qref)((0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)('ctx.stash.put'), (0, graphql_mapping_template_1.str)('authFilter'), (0, graphql_mapping_template_1.nul)()))]), (0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.and)([(0, graphql_mapping_template_1.not)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG)), (0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)('util.isNull'), (0, graphql_mapping_template_1.ref)('ctx.stash.authFilter'))]), (0, graphql_mapping_template_1.compoundExpression)([ | ||
| (0, graphql_mapping_template_1.qref)((0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)(`ctx.${claim}.put`), (0, graphql_mapping_template_1.str)(field), (0, graphql_mapping_template_1.ref)(`primaryRole${idx}`))), | ||
| (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG), (0, graphql_mapping_template_1.bool)(true)), | ||
| ])))); | ||
| }); | ||
| return [graphql_mapping_template_1.iff(graphql_mapping_template_1.not(graphql_mapping_template_1.ref(utils_1.IS_AUTHORIZED_FLAG)), graphql_mapping_template_1.compoundExpression(modelQueryExpression))]; | ||
| return [(0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.not)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG)), (0, graphql_mapping_template_1.compoundExpression)(modelQueryExpression))]; | ||
| } | ||
@@ -52,20 +52,20 @@ return modelQueryExpression; | ||
| for (let role of primaryRoles) { | ||
| const claimExpression = role.strategy === 'owner' ? helpers_1.getOwnerClaim(role.claim) : helpers_1.getIdentityClaimExp(graphql_mapping_template_1.str(role.claim), graphql_mapping_template_1.str(graphql_transformer_common_1.NONE_VALUE)); | ||
| modelQueryExpression.push(graphql_mapping_template_1.ifElse(graphql_mapping_template_1.not(graphql_mapping_template_1.ref(`util.isNull($ctx.args.${role.entity})`)), graphql_mapping_template_1.compoundExpression([ | ||
| graphql_mapping_template_1.set(graphql_mapping_template_1.ref(`${role.entity}Claim`), claimExpression), | ||
| graphql_mapping_template_1.ifElse(graphql_mapping_template_1.ref(`util.isString($ctx.args.${role.entity})`), graphql_mapping_template_1.set(graphql_mapping_template_1.ref(`${role.entity}Condition`), graphql_mapping_template_1.parens(graphql_mapping_template_1.equals(graphql_mapping_template_1.ref(`${role.entity}Claim`), graphql_mapping_template_1.ref(`$ctx.args.${role.entity}`)))), graphql_mapping_template_1.set(graphql_mapping_template_1.ref(`${role.entity}Condition`), graphql_mapping_template_1.parens(graphql_mapping_template_1.equals(graphql_mapping_template_1.ref(`${role.entity}Claim`), graphql_mapping_template_1.methodCall(graphql_mapping_template_1.ref('util.defaultIfNull'), graphql_mapping_template_1.raw(`$ctx.args.${role.entity}.get("eq")`), graphql_mapping_template_1.str(graphql_transformer_common_1.NONE_VALUE)))))), | ||
| graphql_mapping_template_1.iff(graphql_mapping_template_1.ref(`${role.entity}Condition`), graphql_mapping_template_1.compoundExpression([ | ||
| graphql_mapping_template_1.set(graphql_mapping_template_1.ref(utils_1.IS_AUTHORIZED_FLAG), graphql_mapping_template_1.bool(true)), | ||
| graphql_mapping_template_1.qref(graphql_mapping_template_1.methodCall(graphql_mapping_template_1.ref('ctx.stash.put'), graphql_mapping_template_1.str('authFilter'), graphql_mapping_template_1.nul())), | ||
| const claimExpression = role.strategy === 'owner' ? (0, helpers_1.getOwnerClaim)(role.claim) : (0, helpers_1.getIdentityClaimExp)((0, graphql_mapping_template_1.str)(role.claim), (0, graphql_mapping_template_1.str)(graphql_transformer_common_1.NONE_VALUE)); | ||
| modelQueryExpression.push((0, graphql_mapping_template_1.ifElse)((0, graphql_mapping_template_1.not)((0, graphql_mapping_template_1.ref)(`util.isNull($ctx.args.${role.entity})`)), (0, graphql_mapping_template_1.compoundExpression)([ | ||
| (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(`${role.entity}Claim`), claimExpression), | ||
| (0, graphql_mapping_template_1.ifElse)((0, graphql_mapping_template_1.ref)(`util.isString($ctx.args.${role.entity})`), (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(`${role.entity}Condition`), (0, graphql_mapping_template_1.parens)((0, graphql_mapping_template_1.equals)((0, graphql_mapping_template_1.ref)(`${role.entity}Claim`), (0, graphql_mapping_template_1.ref)(`$ctx.args.${role.entity}`)))), (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(`${role.entity}Condition`), (0, graphql_mapping_template_1.parens)((0, graphql_mapping_template_1.equals)((0, graphql_mapping_template_1.ref)(`${role.entity}Claim`), (0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)('util.defaultIfNull'), (0, graphql_mapping_template_1.raw)(`$ctx.args.${role.entity}.get("eq")`), (0, graphql_mapping_template_1.str)(graphql_transformer_common_1.NONE_VALUE)))))), | ||
| (0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.ref)(`${role.entity}Condition`), (0, graphql_mapping_template_1.compoundExpression)([ | ||
| (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG), (0, graphql_mapping_template_1.bool)(true)), | ||
| (0, graphql_mapping_template_1.qref)((0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)('ctx.stash.put'), (0, graphql_mapping_template_1.str)('authFilter'), (0, graphql_mapping_template_1.nul)())), | ||
| ])), | ||
| ]), graphql_mapping_template_1.qref(graphql_mapping_template_1.methodCall(graphql_mapping_template_1.ref('primaryFieldMap.put'), graphql_mapping_template_1.str(role.entity), claimExpression)))); | ||
| ]), (0, graphql_mapping_template_1.qref)((0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)('primaryFieldMap.put'), (0, graphql_mapping_template_1.str)(role.entity), claimExpression)))); | ||
| } | ||
| modelQueryExpression.push(graphql_mapping_template_1.iff(graphql_mapping_template_1.and([ | ||
| graphql_mapping_template_1.not(graphql_mapping_template_1.ref(utils_1.IS_AUTHORIZED_FLAG)), | ||
| graphql_mapping_template_1.methodCall(graphql_mapping_template_1.ref('util.isNull'), graphql_mapping_template_1.ref('ctx.stash.authFilter')), | ||
| graphql_mapping_template_1.not(graphql_mapping_template_1.ref('primaryFieldMap.isEmpty()')), | ||
| ]), graphql_mapping_template_1.compoundExpression([ | ||
| graphql_mapping_template_1.forEach(graphql_mapping_template_1.ref('entry'), graphql_mapping_template_1.ref('primaryFieldMap.entrySet()'), [ | ||
| graphql_mapping_template_1.qref(graphql_mapping_template_1.methodCall(graphql_mapping_template_1.ref('ctx.args.put'), graphql_mapping_template_1.ref('entry.key'), graphql_mapping_template_1.ref('entry.value'))), | ||
| graphql_mapping_template_1.set(graphql_mapping_template_1.ref(utils_1.IS_AUTHORIZED_FLAG), graphql_mapping_template_1.bool(true)), | ||
| modelQueryExpression.push((0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.and)([ | ||
| (0, graphql_mapping_template_1.not)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG)), | ||
| (0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)('util.isNull'), (0, graphql_mapping_template_1.ref)('ctx.stash.authFilter')), | ||
| (0, graphql_mapping_template_1.not)((0, graphql_mapping_template_1.ref)('primaryFieldMap.isEmpty()')), | ||
| ]), (0, graphql_mapping_template_1.compoundExpression)([ | ||
| (0, graphql_mapping_template_1.forEach)((0, graphql_mapping_template_1.ref)('entry'), (0, graphql_mapping_template_1.ref)('primaryFieldMap.entrySet()'), [ | ||
| (0, graphql_mapping_template_1.qref)((0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)('ctx.args.put'), (0, graphql_mapping_template_1.ref)('entry.key'), (0, graphql_mapping_template_1.ref)('entry.value'))), | ||
| (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG), (0, graphql_mapping_template_1.bool)(true)), | ||
| ]), | ||
@@ -76,25 +76,25 @@ ]))); | ||
| for (let role of primaryRoles) { | ||
| const claimExpression = role.strategy === 'owner' ? helpers_1.getOwnerClaim(role.claim) : helpers_1.getIdentityClaimExp(graphql_mapping_template_1.str(role.claim), graphql_mapping_template_1.str(graphql_transformer_common_1.NONE_VALUE)); | ||
| modelQueryExpression.push(graphql_mapping_template_1.ifElse(graphql_mapping_template_1.not(graphql_mapping_template_1.ref(`util.isNull($ctx.args.${role.entity})`)), graphql_mapping_template_1.compoundExpression([ | ||
| graphql_mapping_template_1.set(graphql_mapping_template_1.ref(`${role.entity}Claim`), claimExpression), | ||
| graphql_mapping_template_1.ifElse(graphql_mapping_template_1.ref(`util.isString($ctx.args.${role.entity})`), graphql_mapping_template_1.set(graphql_mapping_template_1.ref(`${role.entity}Condition`), graphql_mapping_template_1.parens(graphql_mapping_template_1.equals(graphql_mapping_template_1.ref(`${role.entity}Claim`), graphql_mapping_template_1.ref(`ctx.args.${role.entity}`)))), graphql_mapping_template_1.set(graphql_mapping_template_1.ref(`${role.entity}Condition`), graphql_mapping_template_1.parens(graphql_mapping_template_1.equals(graphql_mapping_template_1.ref(`${role.entity}Claim`), graphql_mapping_template_1.methodCall(graphql_mapping_template_1.ref('util.defaultIfNull'), graphql_mapping_template_1.raw(`$ctx.args.${role.entity}.get("eq")`), graphql_mapping_template_1.str(graphql_transformer_common_1.NONE_VALUE)))))), | ||
| graphql_mapping_template_1.iff(graphql_mapping_template_1.ref(`${role.entity}Condition`), graphql_mapping_template_1.compoundExpression([ | ||
| graphql_mapping_template_1.set(graphql_mapping_template_1.ref(utils_1.IS_AUTHORIZED_FLAG), graphql_mapping_template_1.bool(true)), | ||
| graphql_mapping_template_1.qref(graphql_mapping_template_1.methodCall(graphql_mapping_template_1.ref('ctx.stash.put'), graphql_mapping_template_1.str('authFilter'), graphql_mapping_template_1.nul())), | ||
| const claimExpression = role.strategy === 'owner' ? (0, helpers_1.getOwnerClaim)(role.claim) : (0, helpers_1.getIdentityClaimExp)((0, graphql_mapping_template_1.str)(role.claim), (0, graphql_mapping_template_1.str)(graphql_transformer_common_1.NONE_VALUE)); | ||
| modelQueryExpression.push((0, graphql_mapping_template_1.ifElse)((0, graphql_mapping_template_1.not)((0, graphql_mapping_template_1.ref)(`util.isNull($ctx.args.${role.entity})`)), (0, graphql_mapping_template_1.compoundExpression)([ | ||
| (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(`${role.entity}Claim`), claimExpression), | ||
| (0, graphql_mapping_template_1.ifElse)((0, graphql_mapping_template_1.ref)(`util.isString($ctx.args.${role.entity})`), (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(`${role.entity}Condition`), (0, graphql_mapping_template_1.parens)((0, graphql_mapping_template_1.equals)((0, graphql_mapping_template_1.ref)(`${role.entity}Claim`), (0, graphql_mapping_template_1.ref)(`ctx.args.${role.entity}`)))), (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(`${role.entity}Condition`), (0, graphql_mapping_template_1.parens)((0, graphql_mapping_template_1.equals)((0, graphql_mapping_template_1.ref)(`${role.entity}Claim`), (0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)('util.defaultIfNull'), (0, graphql_mapping_template_1.raw)(`$ctx.args.${role.entity}.get("eq")`), (0, graphql_mapping_template_1.str)(graphql_transformer_common_1.NONE_VALUE)))))), | ||
| (0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.ref)(`${role.entity}Condition`), (0, graphql_mapping_template_1.compoundExpression)([ | ||
| (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG), (0, graphql_mapping_template_1.bool)(true)), | ||
| (0, graphql_mapping_template_1.qref)((0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)('ctx.stash.put'), (0, graphql_mapping_template_1.str)('authFilter'), (0, graphql_mapping_template_1.nul)())), | ||
| ])), | ||
| ]), graphql_mapping_template_1.qref(graphql_mapping_template_1.methodCall(graphql_mapping_template_1.ref('primaryFieldMap.put'), graphql_mapping_template_1.str(role.entity), claimExpression)))); | ||
| ]), (0, graphql_mapping_template_1.qref)((0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)('primaryFieldMap.put'), (0, graphql_mapping_template_1.str)(role.entity), claimExpression)))); | ||
| } | ||
| modelQueryExpression.push(graphql_mapping_template_1.iff(graphql_mapping_template_1.and([ | ||
| graphql_mapping_template_1.not(graphql_mapping_template_1.ref(utils_1.IS_AUTHORIZED_FLAG)), | ||
| graphql_mapping_template_1.methodCall(graphql_mapping_template_1.ref('util.isNull'), graphql_mapping_template_1.ref('ctx.stash.authFilter')), | ||
| graphql_mapping_template_1.not(graphql_mapping_template_1.ref('primaryFieldMap.isEmpty()')), | ||
| ]), graphql_mapping_template_1.compoundExpression([ | ||
| graphql_mapping_template_1.set(graphql_mapping_template_1.ref('modelQueryExpression'), graphql_mapping_template_1.ref('ctx.stash.modelQueryExpression')), | ||
| graphql_mapping_template_1.forEach(graphql_mapping_template_1.ref('entry'), graphql_mapping_template_1.ref('primaryFieldMap.entrySet()'), [ | ||
| graphql_mapping_template_1.set(graphql_mapping_template_1.ref('modelQueryExpression.expression'), graphql_mapping_template_1.str('${modelQueryExpression.expression} AND #${entry.key} = :${entry.value}')), | ||
| graphql_mapping_template_1.qref(graphql_mapping_template_1.ref('modelQueryExpression.expressionNames.put("#${entry.key}", $entry.key)')), | ||
| graphql_mapping_template_1.qref(graphql_mapping_template_1.ref('modelQueryExpression.expressionValues.put(":${entry.value}", $util.dynamodb.toDynamoDB($entry.value))')), | ||
| modelQueryExpression.push((0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.and)([ | ||
| (0, graphql_mapping_template_1.not)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG)), | ||
| (0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)('util.isNull'), (0, graphql_mapping_template_1.ref)('ctx.stash.authFilter')), | ||
| (0, graphql_mapping_template_1.not)((0, graphql_mapping_template_1.ref)('primaryFieldMap.isEmpty()')), | ||
| ]), (0, graphql_mapping_template_1.compoundExpression)([ | ||
| (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)('modelQueryExpression'), (0, graphql_mapping_template_1.ref)('ctx.stash.modelQueryExpression')), | ||
| (0, graphql_mapping_template_1.forEach)((0, graphql_mapping_template_1.ref)('entry'), (0, graphql_mapping_template_1.ref)('primaryFieldMap.entrySet()'), [ | ||
| (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)('modelQueryExpression.expression'), (0, graphql_mapping_template_1.str)('${modelQueryExpression.expression} AND #${entry.key} = :${entry.value}')), | ||
| (0, graphql_mapping_template_1.qref)((0, graphql_mapping_template_1.ref)('modelQueryExpression.expressionNames.put("#${entry.key}", $entry.key)')), | ||
| (0, graphql_mapping_template_1.qref)((0, graphql_mapping_template_1.ref)('modelQueryExpression.expressionValues.put(":${entry.value}", $util.dynamodb.toDynamoDB($entry.value))')), | ||
| ]), | ||
| graphql_mapping_template_1.qref(graphql_mapping_template_1.methodCall(graphql_mapping_template_1.ref('ctx.stash.put'), graphql_mapping_template_1.str('modelQueryExpression'), graphql_mapping_template_1.ref('modelQueryExpression'))), | ||
| graphql_mapping_template_1.set(graphql_mapping_template_1.ref(utils_1.IS_AUTHORIZED_FLAG), graphql_mapping_template_1.bool(true)), | ||
| (0, graphql_mapping_template_1.qref)((0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)('ctx.stash.put'), (0, graphql_mapping_template_1.str)('modelQueryExpression'), (0, graphql_mapping_template_1.ref)('modelQueryExpression'))), | ||
| (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG), (0, graphql_mapping_template_1.bool)(true)), | ||
| ]))); | ||
@@ -113,8 +113,8 @@ } | ||
| roles.forEach((role, idx) => { | ||
| const entityIsList = utils_1.fieldIsList(fields, role.entity); | ||
| const entityIsList = (0, utils_1.fieldIsList)(fields, role.entity); | ||
| if (role.strategy === 'owner') { | ||
| const ownerCondition = entityIsList ? 'contains' : 'eq'; | ||
| authCollectionExp.push(...[ | ||
| graphql_mapping_template_1.set(graphql_mapping_template_1.ref(`role${idx}`), helpers_1.getOwnerClaim(role.claim)), | ||
| graphql_mapping_template_1.iff(graphql_mapping_template_1.notEquals(graphql_mapping_template_1.ref(`role${idx}`), graphql_mapping_template_1.str(graphql_transformer_common_1.NONE_VALUE)), graphql_mapping_template_1.qref(graphql_mapping_template_1.methodCall(graphql_mapping_template_1.ref('authFilter.add'), graphql_mapping_template_1.raw(`{"${role.entity}": { "${ownerCondition}": $role${idx} }}`)))), | ||
| (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(`role${idx}`), (0, helpers_1.getOwnerClaim)(role.claim)), | ||
| (0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.notEquals)((0, graphql_mapping_template_1.ref)(`role${idx}`), (0, graphql_mapping_template_1.str)(graphql_transformer_common_1.NONE_VALUE)), (0, graphql_mapping_template_1.qref)((0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)('authFilter.add'), (0, graphql_mapping_template_1.raw)(`{"${role.entity}": { "${ownerCondition}": $role${idx} }}`)))), | ||
| ]); | ||
@@ -133,4 +133,4 @@ } | ||
| authCollectionExp.push(...[ | ||
| graphql_mapping_template_1.set(graphql_mapping_template_1.ref(`role${idx}`), helpers_1.getIdentityClaimExp(graphql_mapping_template_1.str(role.claim), graphql_mapping_template_1.list([]))), | ||
| graphql_mapping_template_1.iff(graphql_mapping_template_1.not(graphql_mapping_template_1.methodCall(graphql_mapping_template_1.ref(`role${idx}.isEmpty`))), graphql_mapping_template_1.qref(graphql_mapping_template_1.methodCall(graphql_mapping_template_1.ref('authFilter.add'), graphql_mapping_template_1.raw(`{ "${role.entity}": { "in": $role${idx} } }`)))), | ||
| (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(`role${idx}`), (0, helpers_1.getIdentityClaimExp)((0, graphql_mapping_template_1.str)(role.claim), (0, graphql_mapping_template_1.list)([]))), | ||
| (0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.not)((0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)(`role${idx}.isEmpty`))), (0, graphql_mapping_template_1.qref)((0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)('authFilter.add'), (0, graphql_mapping_template_1.raw)(`{ "${role.entity}": { "in": $role${idx} } }`)))), | ||
| ]); | ||
@@ -141,10 +141,10 @@ } | ||
| for (let [groupClaim, fieldList] of groupMap) { | ||
| groupContainsExpression.push(graphql_mapping_template_1.forEach(graphql_mapping_template_1.ref('group'), graphql_mapping_template_1.ref(`util.defaultIfNull($ctx.identity.claims.get("${groupClaim}"), [])`), fieldList.map(field => graphql_mapping_template_1.iff(graphql_mapping_template_1.not(graphql_mapping_template_1.methodCall(graphql_mapping_template_1.ref(`group.isEmpty`))), graphql_mapping_template_1.qref(graphql_mapping_template_1.methodCall(graphql_mapping_template_1.ref('authFilter.add'), graphql_mapping_template_1.raw(`{"${field}": { "contains": $group }}`))))))); | ||
| groupContainsExpression.push((0, graphql_mapping_template_1.forEach)((0, graphql_mapping_template_1.ref)('group'), (0, graphql_mapping_template_1.ref)(`util.defaultIfNull($ctx.identity.claims.get("${groupClaim}"), [])`), fieldList.map(field => (0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.not)((0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)(`group.isEmpty`))), (0, graphql_mapping_template_1.qref)((0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)('authFilter.add'), (0, graphql_mapping_template_1.raw)(`{"${field}": { "contains": $group }}`))))))); | ||
| } | ||
| return [ | ||
| graphql_mapping_template_1.iff(graphql_mapping_template_1.not(graphql_mapping_template_1.ref(utils_1.IS_AUTHORIZED_FLAG)), graphql_mapping_template_1.compoundExpression([ | ||
| graphql_mapping_template_1.set(graphql_mapping_template_1.ref('authFilter'), graphql_mapping_template_1.list([])), | ||
| (0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.not)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG)), (0, graphql_mapping_template_1.compoundExpression)([ | ||
| (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)('authFilter'), (0, graphql_mapping_template_1.list)([])), | ||
| ...authCollectionExp, | ||
| ...groupContainsExpression, | ||
| graphql_mapping_template_1.iff(graphql_mapping_template_1.not(graphql_mapping_template_1.methodCall(graphql_mapping_template_1.ref('authFilter.isEmpty'))), graphql_mapping_template_1.qref(graphql_mapping_template_1.methodCall(graphql_mapping_template_1.ref('ctx.stash.put'), graphql_mapping_template_1.str('authFilter'), graphql_mapping_template_1.raw('{ "or": $authFilter }')))), | ||
| (0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.not)((0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)('authFilter.isEmpty'))), (0, graphql_mapping_template_1.qref)((0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)('ctx.stash.put'), (0, graphql_mapping_template_1.str)('authFilter'), (0, graphql_mapping_template_1.raw)('{ "or": $authFilter }')))), | ||
| ])), | ||
@@ -154,20 +154,20 @@ ]; | ||
| const generateAuthExpressionForQueries = (providers, roles, fields, primaryFields, isIndexQuery = false) => { | ||
| const { cognitoStaticRoles, cognitoDynamicRoles, oidcStaticRoles, oidcDynamicRoles, apiKeyRoles, iamRoles, lambdaRoles } = utils_1.splitRoles(roles); | ||
| const { cognitoStaticRoles, cognitoDynamicRoles, oidcStaticRoles, oidcDynamicRoles, apiKeyRoles, iamRoles, lambdaRoles } = (0, utils_1.splitRoles)(roles); | ||
| const getNonPrimaryFieldRoles = (roles) => roles.filter(roles => !primaryFields.includes(roles.entity)); | ||
| const totalAuthExpressions = [ | ||
| helpers_1.setHasAuthExpression, | ||
| graphql_mapping_template_1.set(graphql_mapping_template_1.ref(utils_1.IS_AUTHORIZED_FLAG), graphql_mapping_template_1.bool(false)), | ||
| graphql_mapping_template_1.set(graphql_mapping_template_1.ref('primaryFieldMap'), graphql_mapping_template_1.obj({})), | ||
| (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG), (0, graphql_mapping_template_1.bool)(false)), | ||
| (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)('primaryFieldMap'), (0, graphql_mapping_template_1.obj)({})), | ||
| ]; | ||
| if (providers.hasApiKey) { | ||
| totalAuthExpressions.push(helpers_1.apiKeyExpression(apiKeyRoles)); | ||
| totalAuthExpressions.push((0, helpers_1.apiKeyExpression)(apiKeyRoles)); | ||
| } | ||
| if (providers.hasLambda) { | ||
| totalAuthExpressions.push(helpers_1.lambdaExpression(lambdaRoles)); | ||
| totalAuthExpressions.push((0, helpers_1.lambdaExpression)(lambdaRoles)); | ||
| } | ||
| if (providers.hasIAM) { | ||
| totalAuthExpressions.push(helpers_1.iamExpression(iamRoles, providers.hasAdminRolesEnabled, providers.adminRoles, providers.identityPoolId)); | ||
| totalAuthExpressions.push((0, helpers_1.iamExpression)(iamRoles, providers.hasAdminRolesEnabled, providers.adminRoles, providers.identityPoolId)); | ||
| } | ||
| if (providers.hasUserPools) { | ||
| totalAuthExpressions.push(graphql_mapping_template_1.iff(graphql_mapping_template_1.equals(graphql_mapping_template_1.ref('util.authType()'), graphql_mapping_template_1.str(utils_1.COGNITO_AUTH_TYPE)), graphql_mapping_template_1.compoundExpression([ | ||
| totalAuthExpressions.push((0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.equals)((0, graphql_mapping_template_1.ref)('util.authType()'), (0, graphql_mapping_template_1.str)(utils_1.COGNITO_AUTH_TYPE)), (0, graphql_mapping_template_1.compoundExpression)([ | ||
| ...generateStaticRoleExpression(cognitoStaticRoles), | ||
@@ -179,3 +179,3 @@ ...generateAuthFilter(getNonPrimaryFieldRoles(cognitoDynamicRoles), fields), | ||
| if (providers.hasOIDC) { | ||
| totalAuthExpressions.push(graphql_mapping_template_1.iff(graphql_mapping_template_1.equals(graphql_mapping_template_1.ref('util.authType()'), graphql_mapping_template_1.str(utils_1.OIDC_AUTH_TYPE)), graphql_mapping_template_1.compoundExpression([ | ||
| totalAuthExpressions.push((0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.equals)((0, graphql_mapping_template_1.ref)('util.authType()'), (0, graphql_mapping_template_1.str)(utils_1.OIDC_AUTH_TYPE)), (0, graphql_mapping_template_1.compoundExpression)([ | ||
| ...generateStaticRoleExpression(oidcStaticRoles), | ||
@@ -186,21 +186,21 @@ ...generateAuthFilter(getNonPrimaryFieldRoles(oidcDynamicRoles), fields), | ||
| } | ||
| totalAuthExpressions.push(graphql_mapping_template_1.iff(graphql_mapping_template_1.and([graphql_mapping_template_1.not(graphql_mapping_template_1.ref(utils_1.IS_AUTHORIZED_FLAG)), graphql_mapping_template_1.methodCall(graphql_mapping_template_1.ref('util.isNull'), graphql_mapping_template_1.ref('ctx.stash.authFilter'))]), graphql_mapping_template_1.ref('util.unauthorized()'))); | ||
| return graphql_mapping_template_1.printBlock('Authorization Steps')(graphql_mapping_template_1.compoundExpression([...totalAuthExpressions, helpers_1.emptyPayload])); | ||
| totalAuthExpressions.push((0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.and)([(0, graphql_mapping_template_1.not)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG)), (0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)('util.isNull'), (0, graphql_mapping_template_1.ref)('ctx.stash.authFilter'))]), (0, graphql_mapping_template_1.ref)('util.unauthorized()'))); | ||
| return (0, graphql_mapping_template_1.printBlock)('Authorization Steps')((0, graphql_mapping_template_1.compoundExpression)([...totalAuthExpressions, helpers_1.emptyPayload])); | ||
| }; | ||
| exports.generateAuthExpressionForQueries = generateAuthExpressionForQueries; | ||
| const generateAuthExpressionForRelationQuery = (providers, roles, fields, primaryFieldMap) => { | ||
| const { cognitoStaticRoles, cognitoDynamicRoles, oidcStaticRoles, oidcDynamicRoles, apiKeyRoles, iamRoles, lambdaRoles } = utils_1.splitRoles(roles); | ||
| const { cognitoStaticRoles, cognitoDynamicRoles, oidcStaticRoles, oidcDynamicRoles, apiKeyRoles, iamRoles, lambdaRoles } = (0, utils_1.splitRoles)(roles); | ||
| const getNonPrimaryFieldRoles = (roles) => roles.filter(roles => !primaryFieldMap.has(roles.entity)); | ||
| const totalAuthExpressions = [helpers_1.setHasAuthExpression, graphql_mapping_template_1.set(graphql_mapping_template_1.ref(utils_1.IS_AUTHORIZED_FLAG), graphql_mapping_template_1.bool(false))]; | ||
| const totalAuthExpressions = [helpers_1.setHasAuthExpression, (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG), (0, graphql_mapping_template_1.bool)(false))]; | ||
| if (providers.hasApiKey) { | ||
| totalAuthExpressions.push(helpers_1.apiKeyExpression(apiKeyRoles)); | ||
| totalAuthExpressions.push((0, helpers_1.apiKeyExpression)(apiKeyRoles)); | ||
| } | ||
| if (providers.hasLambda) { | ||
| totalAuthExpressions.push(helpers_1.lambdaExpression(lambdaRoles)); | ||
| totalAuthExpressions.push((0, helpers_1.lambdaExpression)(lambdaRoles)); | ||
| } | ||
| if (providers.hasIAM) { | ||
| totalAuthExpressions.push(helpers_1.iamExpression(iamRoles, providers.hasAdminRolesEnabled, providers.adminRoles, providers.identityPoolId)); | ||
| totalAuthExpressions.push((0, helpers_1.iamExpression)(iamRoles, providers.hasAdminRolesEnabled, providers.adminRoles, providers.identityPoolId)); | ||
| } | ||
| if (providers.hasUserPools) { | ||
| totalAuthExpressions.push(graphql_mapping_template_1.iff(graphql_mapping_template_1.equals(graphql_mapping_template_1.ref('util.authType()'), graphql_mapping_template_1.str(utils_1.COGNITO_AUTH_TYPE)), graphql_mapping_template_1.compoundExpression([ | ||
| totalAuthExpressions.push((0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.equals)((0, graphql_mapping_template_1.ref)('util.authType()'), (0, graphql_mapping_template_1.str)(utils_1.COGNITO_AUTH_TYPE)), (0, graphql_mapping_template_1.compoundExpression)([ | ||
| ...generateStaticRoleExpression(cognitoStaticRoles), | ||
@@ -212,3 +212,3 @@ ...generateAuthFilter(getNonPrimaryFieldRoles(cognitoDynamicRoles), fields), | ||
| if (providers.hasOIDC) { | ||
| totalAuthExpressions.push(graphql_mapping_template_1.iff(graphql_mapping_template_1.equals(graphql_mapping_template_1.ref('util.authType()'), graphql_mapping_template_1.str(utils_1.OIDC_AUTH_TYPE)), graphql_mapping_template_1.compoundExpression([ | ||
| totalAuthExpressions.push((0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.equals)((0, graphql_mapping_template_1.ref)('util.authType()'), (0, graphql_mapping_template_1.str)(utils_1.OIDC_AUTH_TYPE)), (0, graphql_mapping_template_1.compoundExpression)([ | ||
| ...generateStaticRoleExpression(oidcStaticRoles), | ||
@@ -219,6 +219,6 @@ ...generateAuthFilter(getNonPrimaryFieldRoles(oidcDynamicRoles), fields), | ||
| } | ||
| totalAuthExpressions.push(graphql_mapping_template_1.iff(graphql_mapping_template_1.and([graphql_mapping_template_1.not(graphql_mapping_template_1.ref(utils_1.IS_AUTHORIZED_FLAG)), graphql_mapping_template_1.methodCall(graphql_mapping_template_1.ref('util.isNull'), graphql_mapping_template_1.ref('ctx.stash.authFilter'))]), graphql_mapping_template_1.ref('util.unauthorized()'))); | ||
| return graphql_mapping_template_1.printBlock('Authorization Steps')(graphql_mapping_template_1.compoundExpression([...totalAuthExpressions, helpers_1.emptyPayload])); | ||
| totalAuthExpressions.push((0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.and)([(0, graphql_mapping_template_1.not)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG)), (0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)('util.isNull'), (0, graphql_mapping_template_1.ref)('ctx.stash.authFilter'))]), (0, graphql_mapping_template_1.ref)('util.unauthorized()'))); | ||
| return (0, graphql_mapping_template_1.printBlock)('Authorization Steps')((0, graphql_mapping_template_1.compoundExpression)([...totalAuthExpressions, helpers_1.emptyPayload])); | ||
| }; | ||
| exports.generateAuthExpressionForRelationQuery = generateAuthExpressionForRelationQuery; | ||
| //# sourceMappingURL=query.js.map |
@@ -14,11 +14,11 @@ "use strict"; | ||
| if (roles.length === 0) { | ||
| expression.push(graphql_mapping_template_1.ref('util.unauthorized()')); | ||
| expression.push((0, graphql_mapping_template_1.ref)('util.unauthorized()')); | ||
| } | ||
| else if (roles[0].allowedFields) { | ||
| expression.push(graphql_mapping_template_1.set(graphql_mapping_template_1.ref(utils_1.IS_AUTHORIZED_FLAG), graphql_mapping_template_1.bool(true)), graphql_mapping_template_1.qref(graphql_mapping_template_1.methodCall(graphql_mapping_template_1.ref(`${allowedAggFieldsList}.addAll`), graphql_mapping_template_1.raw(JSON.stringify(roles[0].allowedFields))))); | ||
| expression.push((0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG), (0, graphql_mapping_template_1.bool)(true)), (0, graphql_mapping_template_1.qref)((0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)(`${allowedAggFieldsList}.addAll`), (0, graphql_mapping_template_1.raw)(JSON.stringify(roles[0].allowedFields))))); | ||
| } | ||
| else { | ||
| expression.push(graphql_mapping_template_1.set(graphql_mapping_template_1.ref(utils_1.IS_AUTHORIZED_FLAG), graphql_mapping_template_1.bool(true)), graphql_mapping_template_1.set(graphql_mapping_template_1.ref(allowedAggFieldsList), graphql_mapping_template_1.ref(totalFields))); | ||
| expression.push((0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG), (0, graphql_mapping_template_1.bool)(true)), (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(allowedAggFieldsList), (0, graphql_mapping_template_1.ref)(totalFields))); | ||
| } | ||
| return graphql_mapping_template_1.iff(graphql_mapping_template_1.equals(graphql_mapping_template_1.ref('util.authType()'), graphql_mapping_template_1.str(utils_1.API_KEY_AUTH_TYPE)), graphql_mapping_template_1.compoundExpression(expression)); | ||
| return (0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.equals)((0, graphql_mapping_template_1.ref)('util.authType()'), (0, graphql_mapping_template_1.str)(utils_1.API_KEY_AUTH_TYPE)), (0, graphql_mapping_template_1.compoundExpression)(expression)); | ||
| }; | ||
@@ -28,11 +28,11 @@ const lambdaExpression = (roles) => { | ||
| if (roles.length === 0) { | ||
| expression.push(graphql_mapping_template_1.ref('util.unauthorized()')); | ||
| expression.push((0, graphql_mapping_template_1.ref)('util.unauthorized()')); | ||
| } | ||
| else if (roles[0].allowedFields) { | ||
| expression.push(graphql_mapping_template_1.set(graphql_mapping_template_1.ref(utils_1.IS_AUTHORIZED_FLAG), graphql_mapping_template_1.bool(true)), graphql_mapping_template_1.qref(graphql_mapping_template_1.methodCall(graphql_mapping_template_1.ref(`${allowedAggFieldsList}.addAll`), graphql_mapping_template_1.raw(JSON.stringify(roles[0].allowedFields))))); | ||
| expression.push((0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG), (0, graphql_mapping_template_1.bool)(true)), (0, graphql_mapping_template_1.qref)((0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)(`${allowedAggFieldsList}.addAll`), (0, graphql_mapping_template_1.raw)(JSON.stringify(roles[0].allowedFields))))); | ||
| } | ||
| else { | ||
| expression.push(graphql_mapping_template_1.set(graphql_mapping_template_1.ref(utils_1.IS_AUTHORIZED_FLAG), graphql_mapping_template_1.bool(true)), graphql_mapping_template_1.set(graphql_mapping_template_1.ref(allowedAggFieldsList), graphql_mapping_template_1.ref(totalFields))); | ||
| expression.push((0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG), (0, graphql_mapping_template_1.bool)(true)), (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(allowedAggFieldsList), (0, graphql_mapping_template_1.ref)(totalFields))); | ||
| } | ||
| return graphql_mapping_template_1.iff(graphql_mapping_template_1.equals(graphql_mapping_template_1.ref('util.authType()'), graphql_mapping_template_1.str(utils_1.LAMBDA_AUTH_TYPE)), graphql_mapping_template_1.compoundExpression(expression)); | ||
| return (0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.equals)((0, graphql_mapping_template_1.ref)('util.authType()'), (0, graphql_mapping_template_1.str)(utils_1.LAMBDA_AUTH_TYPE)), (0, graphql_mapping_template_1.compoundExpression)(expression)); | ||
| }; | ||
@@ -42,20 +42,20 @@ const iamExpression = (roles, hasAdminRolesEnabled = false, adminRoles = [], identityPoolId) => { | ||
| if (hasAdminRolesEnabled) { | ||
| expression.push(helpers_1.iamAdminRoleCheckExpression(adminRoles)); | ||
| expression.push((0, helpers_1.iamAdminRoleCheckExpression)(adminRoles)); | ||
| } | ||
| if (roles.length === 0) { | ||
| expression.push(graphql_mapping_template_1.ref('util.unauthorized()')); | ||
| expression.push((0, graphql_mapping_template_1.ref)('util.unauthorized()')); | ||
| } | ||
| else { | ||
| for (let role of roles) { | ||
| const exp = [graphql_mapping_template_1.set(graphql_mapping_template_1.ref(utils_1.IS_AUTHORIZED_FLAG), graphql_mapping_template_1.bool(true))]; | ||
| const exp = [(0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG), (0, graphql_mapping_template_1.bool)(true))]; | ||
| if (role.allowedFields) { | ||
| exp.push(graphql_mapping_template_1.qref(graphql_mapping_template_1.methodCall(graphql_mapping_template_1.ref(`${allowedAggFieldsList}.addAll`), graphql_mapping_template_1.raw(JSON.stringify(role.allowedFields))))); | ||
| exp.push((0, graphql_mapping_template_1.qref)((0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)(`${allowedAggFieldsList}.addAll`), (0, graphql_mapping_template_1.raw)(JSON.stringify(role.allowedFields))))); | ||
| } | ||
| else { | ||
| exp.push(graphql_mapping_template_1.set(graphql_mapping_template_1.ref(allowedAggFieldsList), graphql_mapping_template_1.ref(totalFields))); | ||
| exp.push((0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(allowedAggFieldsList), (0, graphql_mapping_template_1.ref)(totalFields))); | ||
| } | ||
| expression.push(graphql_mapping_template_1.iff(graphql_mapping_template_1.not(graphql_mapping_template_1.ref(utils_1.IS_AUTHORIZED_FLAG)), helpers_1.iamCheck(role.claim, graphql_mapping_template_1.compoundExpression(exp), identityPoolId))); | ||
| expression.push((0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.not)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG)), (0, helpers_1.iamCheck)(role.claim, (0, graphql_mapping_template_1.compoundExpression)(exp), identityPoolId))); | ||
| } | ||
| } | ||
| return graphql_mapping_template_1.iff(graphql_mapping_template_1.equals(graphql_mapping_template_1.ref('util.authType()'), graphql_mapping_template_1.str(utils_1.IAM_AUTH_TYPE)), graphql_mapping_template_1.compoundExpression(expression)); | ||
| return (0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.equals)((0, graphql_mapping_template_1.ref)('util.authType()'), (0, graphql_mapping_template_1.str)(utils_1.IAM_AUTH_TYPE)), (0, graphql_mapping_template_1.compoundExpression)(expression)); | ||
| }; | ||
@@ -67,18 +67,18 @@ const generateStaticRoleExpression = (roles) => { | ||
| if (roles[privateRoleIdx].allowedFields) { | ||
| staticRoleExpression.push(graphql_mapping_template_1.qref(graphql_mapping_template_1.methodCall(graphql_mapping_template_1.ref(`${allowedAggFieldsList}.addAll`), graphql_mapping_template_1.raw(JSON.stringify(roles[privateRoleIdx].allowedFields))))); | ||
| staticRoleExpression.push((0, graphql_mapping_template_1.qref)((0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)(`${allowedAggFieldsList}.addAll`), (0, graphql_mapping_template_1.raw)(JSON.stringify(roles[privateRoleIdx].allowedFields))))); | ||
| } | ||
| else { | ||
| staticRoleExpression.push(graphql_mapping_template_1.set(graphql_mapping_template_1.ref(allowedAggFieldsList), graphql_mapping_template_1.ref(totalFields))); | ||
| staticRoleExpression.push((0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(allowedAggFieldsList), (0, graphql_mapping_template_1.ref)(totalFields))); | ||
| } | ||
| staticRoleExpression.push(graphql_mapping_template_1.set(graphql_mapping_template_1.ref(utils_1.IS_AUTHORIZED_FLAG), graphql_mapping_template_1.bool(true))); | ||
| staticRoleExpression.push((0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG), (0, graphql_mapping_template_1.bool)(true))); | ||
| roles.splice(privateRoleIdx, 1); | ||
| } | ||
| if (roles.length > 0) { | ||
| staticRoleExpression.push(graphql_mapping_template_1.iff(graphql_mapping_template_1.not(graphql_mapping_template_1.ref(utils_1.IS_AUTHORIZED_FLAG)), graphql_mapping_template_1.compoundExpression([ | ||
| graphql_mapping_template_1.set(graphql_mapping_template_1.ref('staticGroupRoles'), graphql_mapping_template_1.raw(JSON.stringify(roles.map(r => ({ claim: r.claim, entity: r.entity, ...(r.allowedFields ? { allowedFields: r.allowedFields } : {}) }))))), | ||
| graphql_mapping_template_1.forEach(graphql_mapping_template_1.ref('groupRole'), graphql_mapping_template_1.ref('staticGroupRoles'), [ | ||
| graphql_mapping_template_1.set(graphql_mapping_template_1.ref('groupsInToken'), helpers_1.getIdentityClaimExp(graphql_mapping_template_1.ref('groupRole.claim'), graphql_mapping_template_1.list([]))), | ||
| graphql_mapping_template_1.iff(graphql_mapping_template_1.methodCall(graphql_mapping_template_1.ref('groupsInToken.contains'), graphql_mapping_template_1.ref('groupRole.entity')), graphql_mapping_template_1.compoundExpression([ | ||
| graphql_mapping_template_1.set(graphql_mapping_template_1.ref(utils_1.IS_AUTHORIZED_FLAG), graphql_mapping_template_1.bool(true)), | ||
| graphql_mapping_template_1.ifElse(graphql_mapping_template_1.methodCall(graphql_mapping_template_1.ref('util.isNull'), graphql_mapping_template_1.ref('groupRole.allowedFields')), graphql_mapping_template_1.compoundExpression([graphql_mapping_template_1.set(graphql_mapping_template_1.ref(allowedAggFieldsList), graphql_mapping_template_1.ref(totalFields)), graphql_mapping_template_1.raw(`#break`)]), graphql_mapping_template_1.qref(graphql_mapping_template_1.methodCall(graphql_mapping_template_1.ref(`${allowedAggFieldsList}.addAll`), graphql_mapping_template_1.ref('groupRole.allowedFields')))), | ||
| staticRoleExpression.push((0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.not)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG)), (0, graphql_mapping_template_1.compoundExpression)([ | ||
| (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)('staticGroupRoles'), (0, graphql_mapping_template_1.raw)(JSON.stringify(roles.map(r => ({ claim: r.claim, entity: r.entity, ...(r.allowedFields ? { allowedFields: r.allowedFields } : {}) }))))), | ||
| (0, graphql_mapping_template_1.forEach)((0, graphql_mapping_template_1.ref)('groupRole'), (0, graphql_mapping_template_1.ref)('staticGroupRoles'), [ | ||
| (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)('groupsInToken'), (0, helpers_1.getIdentityClaimExp)((0, graphql_mapping_template_1.ref)('groupRole.claim'), (0, graphql_mapping_template_1.list)([]))), | ||
| (0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)('groupsInToken.contains'), (0, graphql_mapping_template_1.ref)('groupRole.entity')), (0, graphql_mapping_template_1.compoundExpression)([ | ||
| (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG), (0, graphql_mapping_template_1.bool)(true)), | ||
| (0, graphql_mapping_template_1.ifElse)((0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)('util.isNull'), (0, graphql_mapping_template_1.ref)('groupRole.allowedFields')), (0, graphql_mapping_template_1.compoundExpression)([(0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(allowedAggFieldsList), (0, graphql_mapping_template_1.ref)(totalFields)), (0, graphql_mapping_template_1.raw)(`#break`)]), (0, graphql_mapping_template_1.qref)((0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)(`${allowedAggFieldsList}.addAll`), (0, graphql_mapping_template_1.ref)('groupRole.allowedFields')))), | ||
| ])), | ||
@@ -97,14 +97,14 @@ ]), | ||
| roles.forEach((role, idx) => { | ||
| const entityIsList = utils_1.fieldIsList(fields, role.entity); | ||
| const entityIsList = (0, utils_1.fieldIsList)(fields, role.entity); | ||
| const roleKey = entityIsList ? role.entity : `${role.entity}.keyword`; | ||
| if (role.strategy === 'owner') { | ||
| filterExpression.push(graphql_mapping_template_1.set(graphql_mapping_template_1.ref(`owner${idx}`), graphql_mapping_template_1.obj({ | ||
| terms_set: graphql_mapping_template_1.obj({ | ||
| [roleKey]: graphql_mapping_template_1.obj({ | ||
| terms: graphql_mapping_template_1.list([helpers_1.getOwnerClaim(role.claim)]), | ||
| minimum_should_match_script: graphql_mapping_template_1.obj({ source: graphql_mapping_template_1.str('1') }), | ||
| filterExpression.push((0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(`owner${idx}`), (0, graphql_mapping_template_1.obj)({ | ||
| terms_set: (0, graphql_mapping_template_1.obj)({ | ||
| [roleKey]: (0, graphql_mapping_template_1.obj)({ | ||
| terms: (0, graphql_mapping_template_1.list)([(0, helpers_1.getOwnerClaim)(role.claim)]), | ||
| minimum_should_match_script: (0, graphql_mapping_template_1.obj)({ source: (0, graphql_mapping_template_1.str)('1') }), | ||
| }), | ||
| }), | ||
| }))); | ||
| authFilter.push(graphql_mapping_template_1.ref(`owner${idx}`)); | ||
| authFilter.push((0, graphql_mapping_template_1.ref)(`owner${idx}`)); | ||
| if (role.allowedFields) { | ||
@@ -120,11 +120,11 @@ role.allowedFields.forEach(field => { | ||
| else if (role.strategy === 'groups') { | ||
| filterExpression.push(graphql_mapping_template_1.set(graphql_mapping_template_1.ref(`group${idx}`), graphql_mapping_template_1.obj({ | ||
| terms_set: graphql_mapping_template_1.obj({ | ||
| [roleKey]: graphql_mapping_template_1.obj({ | ||
| terms: helpers_1.getIdentityClaimExp(graphql_mapping_template_1.str(role.claim), graphql_mapping_template_1.list([graphql_mapping_template_1.str(graphql_transformer_common_1.NONE_VALUE)])), | ||
| minimum_should_match_script: graphql_mapping_template_1.obj({ source: graphql_mapping_template_1.str('1') }), | ||
| filterExpression.push((0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(`group${idx}`), (0, graphql_mapping_template_1.obj)({ | ||
| terms_set: (0, graphql_mapping_template_1.obj)({ | ||
| [roleKey]: (0, graphql_mapping_template_1.obj)({ | ||
| terms: (0, helpers_1.getIdentityClaimExp)((0, graphql_mapping_template_1.str)(role.claim), (0, graphql_mapping_template_1.list)([(0, graphql_mapping_template_1.str)(graphql_transformer_common_1.NONE_VALUE)])), | ||
| minimum_should_match_script: (0, graphql_mapping_template_1.obj)({ source: (0, graphql_mapping_template_1.str)('1') }), | ||
| }), | ||
| }), | ||
| }))); | ||
| authFilter.push(graphql_mapping_template_1.ref(`group${idx}`)); | ||
| authFilter.push((0, graphql_mapping_template_1.ref)(`group${idx}`)); | ||
| if (role.allowedFields) { | ||
@@ -140,5 +140,5 @@ role.allowedFields.forEach(field => { | ||
| }); | ||
| filterExpression.push(graphql_mapping_template_1.iff(graphql_mapping_template_1.not(graphql_mapping_template_1.ref(utils_1.IS_AUTHORIZED_FLAG)), graphql_mapping_template_1.qref(graphql_mapping_template_1.methodCall(graphql_mapping_template_1.ref('ctx.stash.put'), graphql_mapping_template_1.str('authFilter'), graphql_mapping_template_1.obj({ bool: graphql_mapping_template_1.obj({ should: graphql_mapping_template_1.list(authFilter) }) }))))); | ||
| filterExpression.push((0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.not)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG)), (0, graphql_mapping_template_1.qref)((0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)('ctx.stash.put'), (0, graphql_mapping_template_1.str)('authFilter'), (0, graphql_mapping_template_1.obj)({ bool: (0, graphql_mapping_template_1.obj)({ should: (0, graphql_mapping_template_1.list)(authFilter) }) }))))); | ||
| if (Object.keys(aggFieldMap).length > 0) { | ||
| filterExpression.push(graphql_mapping_template_1.iff(graphql_mapping_template_1.notEquals(graphql_mapping_template_1.ref(`${allowedAggFieldsList}.size()`), graphql_mapping_template_1.ref(`${totalFields}.size()`)), graphql_mapping_template_1.qref(graphql_mapping_template_1.methodCall(graphql_mapping_template_1.ref('ctx.stash.put'), graphql_mapping_template_1.str(aggFieldsFilterMap), graphql_mapping_template_1.raw(JSON.stringify(aggFieldMap).replace(/"\$(.*?)"/g, '$$$1')))))); | ||
| filterExpression.push((0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.notEquals)((0, graphql_mapping_template_1.ref)(`${allowedAggFieldsList}.size()`), (0, graphql_mapping_template_1.ref)(`${totalFields}.size()`)), (0, graphql_mapping_template_1.qref)((0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)('ctx.stash.put'), (0, graphql_mapping_template_1.str)(aggFieldsFilterMap), (0, graphql_mapping_template_1.raw)(JSON.stringify(aggFieldMap).replace(/"\$(.*?)"/g, '$$$1')))))); | ||
| } | ||
@@ -148,8 +148,8 @@ return filterExpression; | ||
| const generateAuthExpressionForSearchQueries = (providers, roles, fields, allowedAggFields) => { | ||
| const { cognitoStaticRoles, cognitoDynamicRoles, oidcStaticRoles, oidcDynamicRoles, apiKeyRoles, iamRoles, lambdaRoles } = utils_1.splitRoles(roles); | ||
| const { cognitoStaticRoles, cognitoDynamicRoles, oidcStaticRoles, oidcDynamicRoles, apiKeyRoles, iamRoles, lambdaRoles } = (0, utils_1.splitRoles)(roles); | ||
| const totalAuthExpressions = [ | ||
| helpers_1.setHasAuthExpression, | ||
| graphql_mapping_template_1.set(graphql_mapping_template_1.ref(utils_1.IS_AUTHORIZED_FLAG), graphql_mapping_template_1.bool(false)), | ||
| graphql_mapping_template_1.set(graphql_mapping_template_1.ref(totalFields), graphql_mapping_template_1.raw(JSON.stringify(fields.map(f => f.name.value)))), | ||
| graphql_mapping_template_1.set(graphql_mapping_template_1.ref(allowedAggFieldsList), graphql_mapping_template_1.raw(JSON.stringify(allowedAggFields))), | ||
| (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG), (0, graphql_mapping_template_1.bool)(false)), | ||
| (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(totalFields), (0, graphql_mapping_template_1.raw)(JSON.stringify(fields.map(f => f.name.value)))), | ||
| (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(allowedAggFieldsList), (0, graphql_mapping_template_1.raw)(JSON.stringify(allowedAggFields))), | ||
| ]; | ||
@@ -166,3 +166,3 @@ if (providers.hasApiKey) { | ||
| if (providers.hasUserPools) { | ||
| totalAuthExpressions.push(graphql_mapping_template_1.iff(graphql_mapping_template_1.equals(graphql_mapping_template_1.ref('util.authType()'), graphql_mapping_template_1.str(utils_1.COGNITO_AUTH_TYPE)), graphql_mapping_template_1.compoundExpression([ | ||
| totalAuthExpressions.push((0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.equals)((0, graphql_mapping_template_1.ref)('util.authType()'), (0, graphql_mapping_template_1.str)(utils_1.COGNITO_AUTH_TYPE)), (0, graphql_mapping_template_1.compoundExpression)([ | ||
| ...generateStaticRoleExpression(cognitoStaticRoles), | ||
@@ -173,3 +173,3 @@ ...generateAuthFilter(cognitoDynamicRoles, fields, allowedAggFields), | ||
| if (providers.hasOIDC) { | ||
| totalAuthExpressions.push(graphql_mapping_template_1.iff(graphql_mapping_template_1.equals(graphql_mapping_template_1.ref('util.authType()'), graphql_mapping_template_1.str(utils_1.OIDC_AUTH_TYPE)), graphql_mapping_template_1.compoundExpression([ | ||
| totalAuthExpressions.push((0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.equals)((0, graphql_mapping_template_1.ref)('util.authType()'), (0, graphql_mapping_template_1.str)(utils_1.OIDC_AUTH_TYPE)), (0, graphql_mapping_template_1.compoundExpression)([ | ||
| ...generateStaticRoleExpression(oidcStaticRoles), | ||
@@ -179,6 +179,6 @@ ...generateAuthFilter(oidcDynamicRoles, fields, allowedAggFields), | ||
| } | ||
| totalAuthExpressions.push(graphql_mapping_template_1.qref(graphql_mapping_template_1.methodCall(graphql_mapping_template_1.ref('ctx.stash.put'), graphql_mapping_template_1.str(allowedAggFieldsList), graphql_mapping_template_1.ref(allowedAggFieldsList))), graphql_mapping_template_1.iff(graphql_mapping_template_1.and([graphql_mapping_template_1.not(graphql_mapping_template_1.ref(utils_1.IS_AUTHORIZED_FLAG)), graphql_mapping_template_1.methodCall(graphql_mapping_template_1.ref('util.isNull'), graphql_mapping_template_1.ref('ctx.stash.authFilter'))]), graphql_mapping_template_1.ref('util.unauthorized()'))); | ||
| return graphql_mapping_template_1.printBlock('Authorization Steps')(graphql_mapping_template_1.compoundExpression([...totalAuthExpressions, helpers_1.emptyPayload])); | ||
| totalAuthExpressions.push((0, graphql_mapping_template_1.qref)((0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)('ctx.stash.put'), (0, graphql_mapping_template_1.str)(allowedAggFieldsList), (0, graphql_mapping_template_1.ref)(allowedAggFieldsList))), (0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.and)([(0, graphql_mapping_template_1.not)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG)), (0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)('util.isNull'), (0, graphql_mapping_template_1.ref)('ctx.stash.authFilter'))]), (0, graphql_mapping_template_1.ref)('util.unauthorized()'))); | ||
| return (0, graphql_mapping_template_1.printBlock)('Authorization Steps')((0, graphql_mapping_template_1.compoundExpression)([...totalAuthExpressions, helpers_1.emptyPayload])); | ||
| }; | ||
| exports.generateAuthExpressionForSearchQueries = generateAuthExpressionForSearchQueries; | ||
| //# sourceMappingURL=search.js.map |
@@ -11,6 +11,6 @@ "use strict"; | ||
| if (role.strategy === 'owner') { | ||
| ownerExpression.push(graphql_mapping_template_1.iff(graphql_mapping_template_1.not(graphql_mapping_template_1.ref(utils_1.IS_AUTHORIZED_FLAG)), graphql_mapping_template_1.compoundExpression([ | ||
| graphql_mapping_template_1.set(graphql_mapping_template_1.ref(`ownerEntity${idx}`), graphql_mapping_template_1.methodCall(graphql_mapping_template_1.ref('util.defaultIfNull'), graphql_mapping_template_1.ref(`ctx.args.${role.entity}`), graphql_mapping_template_1.nul())), | ||
| graphql_mapping_template_1.set(graphql_mapping_template_1.ref(`ownerClaim${idx}`), helpers_1.getOwnerClaim(role.claim)), | ||
| graphql_mapping_template_1.iff(graphql_mapping_template_1.equals(graphql_mapping_template_1.ref(`ownerEntity${idx}`), graphql_mapping_template_1.ref(`ownerClaim${idx}`)), graphql_mapping_template_1.set(graphql_mapping_template_1.ref(utils_1.IS_AUTHORIZED_FLAG), graphql_mapping_template_1.bool(true))), | ||
| ownerExpression.push((0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.not)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG)), (0, graphql_mapping_template_1.compoundExpression)([ | ||
| (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(`ownerEntity${idx}`), (0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)('util.defaultIfNull'), (0, graphql_mapping_template_1.ref)(`ctx.args.${role.entity}`), (0, graphql_mapping_template_1.nul)())), | ||
| (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(`ownerClaim${idx}`), (0, helpers_1.getOwnerClaim)(role.claim)), | ||
| (0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.equals)((0, graphql_mapping_template_1.ref)(`ownerEntity${idx}`), (0, graphql_mapping_template_1.ref)(`ownerClaim${idx}`)), (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG), (0, graphql_mapping_template_1.bool)(true))), | ||
| ]))); | ||
@@ -22,21 +22,21 @@ } | ||
| const generateAuthExpressionForSubscriptions = (providers, roles) => { | ||
| const { cognitoStaticRoles, cognitoDynamicRoles, oidcStaticRoles, oidcDynamicRoles, iamRoles, apiKeyRoles, lambdaRoles } = utils_1.splitRoles(roles); | ||
| const totalAuthExpressions = [helpers_1.setHasAuthExpression, graphql_mapping_template_1.set(graphql_mapping_template_1.ref(utils_1.IS_AUTHORIZED_FLAG), graphql_mapping_template_1.bool(false))]; | ||
| const { cognitoStaticRoles, cognitoDynamicRoles, oidcStaticRoles, oidcDynamicRoles, iamRoles, apiKeyRoles, lambdaRoles } = (0, utils_1.splitRoles)(roles); | ||
| const totalAuthExpressions = [helpers_1.setHasAuthExpression, (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG), (0, graphql_mapping_template_1.bool)(false))]; | ||
| if (providers.hasApiKey) { | ||
| totalAuthExpressions.push(helpers_1.apiKeyExpression(apiKeyRoles)); | ||
| totalAuthExpressions.push((0, helpers_1.apiKeyExpression)(apiKeyRoles)); | ||
| } | ||
| if (providers.hasLambda) { | ||
| totalAuthExpressions.push(helpers_1.lambdaExpression(lambdaRoles)); | ||
| totalAuthExpressions.push((0, helpers_1.lambdaExpression)(lambdaRoles)); | ||
| } | ||
| if (providers.hasIAM) { | ||
| totalAuthExpressions.push(helpers_1.iamExpression(iamRoles, providers.hasAdminRolesEnabled, providers.adminRoles, providers.identityPoolId)); | ||
| totalAuthExpressions.push((0, helpers_1.iamExpression)(iamRoles, providers.hasAdminRolesEnabled, providers.adminRoles, providers.identityPoolId)); | ||
| } | ||
| if (providers.hasUserPools) | ||
| totalAuthExpressions.push(graphql_mapping_template_1.iff(graphql_mapping_template_1.equals(graphql_mapping_template_1.ref('util.authType()'), graphql_mapping_template_1.str(utils_1.COGNITO_AUTH_TYPE)), graphql_mapping_template_1.compoundExpression([...helpers_1.generateStaticRoleExpression(cognitoStaticRoles), ...dynamicRoleExpression(cognitoDynamicRoles)]))); | ||
| totalAuthExpressions.push((0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.equals)((0, graphql_mapping_template_1.ref)('util.authType()'), (0, graphql_mapping_template_1.str)(utils_1.COGNITO_AUTH_TYPE)), (0, graphql_mapping_template_1.compoundExpression)([...(0, helpers_1.generateStaticRoleExpression)(cognitoStaticRoles), ...dynamicRoleExpression(cognitoDynamicRoles)]))); | ||
| if (providers.hasOIDC) | ||
| totalAuthExpressions.push(graphql_mapping_template_1.iff(graphql_mapping_template_1.equals(graphql_mapping_template_1.ref('util.authType()'), graphql_mapping_template_1.str(utils_1.OIDC_AUTH_TYPE)), graphql_mapping_template_1.compoundExpression([...helpers_1.generateStaticRoleExpression(oidcStaticRoles), ...dynamicRoleExpression(oidcDynamicRoles)]))); | ||
| totalAuthExpressions.push(graphql_mapping_template_1.iff(graphql_mapping_template_1.not(graphql_mapping_template_1.ref(utils_1.IS_AUTHORIZED_FLAG)), graphql_mapping_template_1.ref('util.unauthorized()'))); | ||
| return graphql_mapping_template_1.printBlock('Authorization Steps')(graphql_mapping_template_1.compoundExpression([...totalAuthExpressions, helpers_1.emptyPayload])); | ||
| totalAuthExpressions.push((0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.equals)((0, graphql_mapping_template_1.ref)('util.authType()'), (0, graphql_mapping_template_1.str)(utils_1.OIDC_AUTH_TYPE)), (0, graphql_mapping_template_1.compoundExpression)([...(0, helpers_1.generateStaticRoleExpression)(oidcStaticRoles), ...dynamicRoleExpression(oidcDynamicRoles)]))); | ||
| totalAuthExpressions.push((0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.not)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG)), (0, graphql_mapping_template_1.ref)('util.unauthorized()'))); | ||
| return (0, graphql_mapping_template_1.printBlock)('Authorization Steps')((0, graphql_mapping_template_1.compoundExpression)([...totalAuthExpressions, helpers_1.emptyPayload])); | ||
| }; | ||
| exports.generateAuthExpressionForSubscriptions = generateAuthExpressionForSubscriptions; | ||
| //# sourceMappingURL=subscriptions.js.map |
@@ -18,3 +18,3 @@ "use strict"; | ||
| const fieldIsList = (fields, fieldName) => { | ||
| return fields.some(field => field.name.value === fieldName && graphql_transformer_common_1.isListType(field.type)); | ||
| return fields.some(field => field.name.value === fieldName && (0, graphql_transformer_common_1.isListType)(field.type)); | ||
| }; | ||
@@ -26,16 +26,16 @@ exports.fieldIsList = fieldIsList; | ||
| queries: { | ||
| get: graphql_transformer_common_1.toCamelCase(['get', typeName]), | ||
| list: graphql_transformer_common_1.toCamelCase(['list', graphql_transformer_common_1.plurality(typeName, true)]), | ||
| ...(isDataStoreEnabled ? { sync: graphql_transformer_common_1.toCamelCase(['sync', graphql_transformer_common_1.plurality(typeName, true)]) } : undefined), | ||
| get: (0, graphql_transformer_common_1.toCamelCase)(['get', typeName]), | ||
| list: (0, graphql_transformer_common_1.toCamelCase)(['list', (0, graphql_transformer_common_1.plurality)(typeName, true)]), | ||
| ...(isDataStoreEnabled ? { sync: (0, graphql_transformer_common_1.toCamelCase)(['sync', (0, graphql_transformer_common_1.plurality)(typeName, true)]) } : undefined), | ||
| }, | ||
| mutations: { | ||
| create: graphql_transformer_common_1.toCamelCase(['create', typeName]), | ||
| update: graphql_transformer_common_1.toCamelCase(['update', typeName]), | ||
| delete: graphql_transformer_common_1.toCamelCase(['delete', typeName]), | ||
| create: (0, graphql_transformer_common_1.toCamelCase)(['create', typeName]), | ||
| update: (0, graphql_transformer_common_1.toCamelCase)(['update', typeName]), | ||
| delete: (0, graphql_transformer_common_1.toCamelCase)(['delete', typeName]), | ||
| }, | ||
| subscriptions: { | ||
| level: graphql_model_transformer_1.SubscriptionLevel.on, | ||
| onCreate: [ensureValidSubscriptionName(graphql_transformer_common_1.toCamelCase(['onCreate', typeName]))], | ||
| onDelete: [ensureValidSubscriptionName(graphql_transformer_common_1.toCamelCase(['onDelete', typeName]))], | ||
| onUpdate: [ensureValidSubscriptionName(graphql_transformer_common_1.toCamelCase(['onUpdate', typeName]))], | ||
| onCreate: [ensureValidSubscriptionName((0, graphql_transformer_common_1.toCamelCase)(['onCreate', typeName]))], | ||
| onDelete: [ensureValidSubscriptionName((0, graphql_transformer_common_1.toCamelCase)(['onDelete', typeName]))], | ||
| onUpdate: [ensureValidSubscriptionName((0, graphql_transformer_common_1.toCamelCase)(['onUpdate', typeName]))], | ||
| }, | ||
@@ -54,3 +54,3 @@ timestamps: { | ||
| queries: { | ||
| search: graphql_transformer_common_1.graphqlName(`search${graphql_transformer_common_1.plurality(graphql_transformer_common_1.toUpper(typeName), true)}`), | ||
| search: (0, graphql_transformer_common_1.graphqlName)(`search${(0, graphql_transformer_common_1.plurality)((0, graphql_transformer_common_1.toUpper)(typeName), true)}`), | ||
| }, | ||
@@ -71,8 +71,8 @@ }); | ||
| if (args.indexName || args.fields) { | ||
| const fields = args.fields ? args.fields : [exports.getTable(ctx, def).keySchema.find((att) => att.keyType === 'HASH').attributeName]; | ||
| const fields = args.fields ? args.fields : [(0, exports.getTable)(ctx, def).keySchema.find((att) => att.keyType === 'HASH').attributeName]; | ||
| const relatedTable = args.indexName | ||
| ? exports.getTable(ctx, relatedModel) | ||
| ? (0, exports.getTable)(ctx, relatedModel) | ||
| .globalSecondaryIndexes.find((gsi) => gsi.indexName === args.indexName) | ||
| .keySchema.map((att) => att.attributeName) | ||
| : exports.getTable(ctx, relatedModel).keySchema.map((att) => att.attributeName); | ||
| : (0, exports.getTable)(ctx, relatedModel).keySchema.map((att) => att.attributeName); | ||
| relatedTable.forEach((att, idx) => { | ||
@@ -89,5 +89,5 @@ var _a; | ||
| const args = directiveWrapped.getArguments({ | ||
| fields: [graphql_transformer_common_1.toCamelCase([def.name.value, field.name.value, 'id'])], | ||
| fields: [(0, graphql_transformer_common_1.toCamelCase)([def.name.value, field.name.value, 'id'])], | ||
| }); | ||
| const relatedPrimaryFields = exports.getTable(ctx, relatedModel).keySchema.map((att) => att.attributeName); | ||
| const relatedPrimaryFields = (0, exports.getTable)(ctx, relatedModel).keySchema.map((att) => att.attributeName); | ||
| if (args.fields.length !== relatedPrimaryFields.length) { | ||
@@ -122,4 +122,4 @@ throw new graphql_transformer_core_1.InvalidDirectiveError(`Invalid @${relationalDirective.name.value} on ${def.name.value}:${field.name.value}. Provided fields do not match the size of primary key(s) for ${relatedModel.name.value}`); | ||
| const extendTypeWithDirectives = (ctx, typeName, directives) => { | ||
| let objectTypeExtension = graphql_transformer_common_1.blankObjectExtension(typeName); | ||
| objectTypeExtension = graphql_transformer_common_1.extensionWithDirectives(objectTypeExtension, directives); | ||
| let objectTypeExtension = (0, graphql_transformer_common_1.blankObjectExtension)(typeName); | ||
| objectTypeExtension = (0, graphql_transformer_common_1.extensionWithDirectives)(objectTypeExtension, directives); | ||
| ctx.output.addObjectExtension(objectTypeExtension); | ||
@@ -134,3 +134,3 @@ }; | ||
| if (field) { | ||
| const newFields = [...type.fields.filter(f => f.name.value !== field.name.value), graphql_transformer_common_1.extendFieldWithDirectives(field, directives)]; | ||
| const newFields = [...type.fields.filter(f => f.name.value !== field.name.value), (0, graphql_transformer_common_1.extendFieldWithDirectives)(field, directives)]; | ||
| const newType = { | ||
@@ -149,3 +149,3 @@ ...type, | ||
| const subcriptionArgumentList = subscriptionRoles.map(role => { | ||
| return graphql_transformer_common_1.makeInputValueDefinition(role.entity, graphql_transformer_common_1.makeNamedType('String')); | ||
| return (0, graphql_transformer_common_1.makeInputValueDefinition)(role.entity, (0, graphql_transformer_common_1.makeNamedType)('String')); | ||
| }); | ||
@@ -164,3 +164,3 @@ createField = { | ||
| const addDirectivesToOperation = (ctx, typeName, operationName, directives) => { | ||
| exports.addDirectivesToField(ctx, typeName, operationName, directives); | ||
| (0, exports.addDirectivesToField)(ctx, typeName, operationName, directives); | ||
| const type = ctx.output.getType(typeName); | ||
@@ -173,3 +173,3 @@ if (type) { | ||
| const returnTypeName = returnFieldType.name.value; | ||
| exports.extendTypeWithDirectives(ctx, returnTypeName, directives); | ||
| (0, exports.extendTypeWithDirectives)(ctx, returnTypeName, directives); | ||
| } | ||
@@ -268,4 +268,4 @@ } | ||
| return name; | ||
| return name.slice(0, 45) + md5_1.default(name).slice(0, 5); | ||
| return name.slice(0, 45) + (0, md5_1.default)(name).slice(0, 5); | ||
| }; | ||
| //# sourceMappingURL=schema.js.map |
@@ -58,4 +58,4 @@ "use strict"; | ||
| for (const rule of rules) { | ||
| exports.validateRuleAuthStrategy(rule, configuredAuthProviders); | ||
| exports.commonRuleValidation(rule); | ||
| (0, exports.validateRuleAuthStrategy)(rule, configuredAuthProviders); | ||
| (0, exports.commonRuleValidation)(rule); | ||
| } | ||
@@ -69,3 +69,3 @@ }; | ||
| for (const rule of rules) { | ||
| exports.validateRuleAuthStrategy(rule, authProviderConfig); | ||
| (0, exports.validateRuleAuthStrategy)(rule, authProviderConfig); | ||
| if (isParentTypeBuiltinType && rule.operations && rule.operations.length > 0) { | ||
@@ -79,3 +79,3 @@ throw new graphql_transformer_core_1.InvalidDirectiveError(`@auth rules on fields within Query, Mutation, Subscription cannot specify 'operations' argument as these rules \ | ||
| } | ||
| exports.commonRuleValidation(rule); | ||
| (0, exports.commonRuleValidation)(rule); | ||
| } | ||
@@ -82,0 +82,0 @@ }; |
| { | ||
| "name": "@aws-amplify/graphql-auth-transformer", | ||
| "version": "0.4.4-beta.0", | ||
| "version": "0.5.0-gql-ext1.0", | ||
| "description": "Amplify GraphQL @auth Transformer", | ||
@@ -30,5 +30,5 @@ "repository": { | ||
| "dependencies": { | ||
| "@aws-amplify/graphql-model-transformer": "0.9.4-beta.0", | ||
| "@aws-amplify/graphql-transformer-core": "0.13.2-beta.0", | ||
| "@aws-amplify/graphql-transformer-interfaces": "1.12.4-beta.0", | ||
| "@aws-amplify/graphql-model-transformer": "0.10.0-gql-ext1.0", | ||
| "@aws-amplify/graphql-transformer-core": "0.14.0-gql-ext1.0", | ||
| "@aws-amplify/graphql-transformer-interfaces": "1.12.2", | ||
| "@aws-cdk/aws-appsync": "~1.124.0", | ||
@@ -41,8 +41,8 @@ "@aws-cdk/aws-dynamodb": "~1.124.0", | ||
| "graphql-mapping-template": "4.20.1", | ||
| "graphql-transformer-common": "4.22.4-beta.0", | ||
| "graphql-transformer-common": "4.22.2", | ||
| "lodash": "^4.17.21" | ||
| }, | ||
| "devDependencies": { | ||
| "@aws-amplify/graphql-index-transformer": "0.7.4-beta.0", | ||
| "@aws-amplify/graphql-searchable-transformer": "0.9.4-beta.0", | ||
| "@aws-amplify/graphql-index-transformer": "0.8.0-gql-ext1.0", | ||
| "@aws-amplify/graphql-searchable-transformer": "0.10.0-gql-ext1.0", | ||
| "@aws-cdk/assert": "~1.124.0", | ||
@@ -68,3 +68,3 @@ "@types/fs-extra": "^8.0.1", | ||
| }, | ||
| "gitHead": "c6a97a5a6512e8c723a500ae7288be6af6afe6d5" | ||
| "gitHead": "875f54abfcc326a70fe4ba6827f9bf42c1bb4912" | ||
| } |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by3.92%
388809
- Lines of code
- increased by1.01%
3015
Dependency changes
+ Added@aws-amplify/graphql-model-transformer@0.10.0-gql-ext1.0(transitive)
+ Added@aws-amplify/graphql-transformer-core@0.14.0-gql-ext1.0(transitive)
+ Added@aws-amplify/graphql-transformer-interfaces@1.12.2(transitive)
+ Addedacorn@8.14.0(transitive)
+ Addedacorn-walk@8.3.4(transitive)
+ Addedamplify-prompts@1.6.3(transitive)
+ Addedansi-colors@4.1.3(transitive)
+ Addedansi-regex@5.0.1(transitive)
+ Addedansi-styles@4.3.0(transitive)
+ Addedchalk@4.1.2(transitive)
+ Addedcolor-convert@2.0.1(transitive)
+ Addedcolor-name@1.1.4(transitive)
+ Addedenquirer@2.4.1(transitive)
+ Addedgraphql-transformer-common@4.22.2(transitive)
+ Addedhas-flag@4.0.0(transitive)
+ Addedstrip-ansi@6.0.1(transitive)
+ Addedsupports-color@7.2.0(transitive)
+ Addedvm2@3.9.19(transitive)
- Removed@aws-amplify/graphql-model-transformer@0.9.4-beta.0(transitive)
- Removed@aws-amplify/graphql-transformer-core@0.13.2-beta.0(transitive)
- Removed@aws-amplify/graphql-transformer-interfaces@1.12.4-beta.0(transitive)
- Removedgraphql-transformer-common@4.22.4-beta.0(transitive)
Updated@aws-amplify/graphql-model-transformer@0.10.0-gql-ext1.0
Updated@aws-amplify/graphql-transformer-core@0.14.0-gql-ext1.0