Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
@aws-amplify/graphql-auth-transformer
Advanced tools
@aws-amplify/graphql-auth-transformer - npm Package Compare versions
Comparing version 3.4.2 to 3.4.3-gen2-release.0
@@ -70,3 +70,3 @@ ## API Report File for "@aws-amplify/graphql-auth-transformer" | ||
| // @public (undocumented) | ||
| export type AuthProvider = 'apiKey' | 'iam' | 'oidc' | 'userPools' | 'function'; | ||
| export type AuthProvider = 'apiKey' | 'iam' | 'identityPool' | 'oidc' | 'userPools' | 'function'; | ||
@@ -169,2 +169,4 @@ // @public (undocumented) | ||
| // (undocumented) | ||
| genericIamAccessEnabled: boolean; | ||
| // (undocumented) | ||
| hasAdminRolesEnabled: boolean; | ||
@@ -171,0 +173,0 @@ // (undocumented) |
@@ -6,2 +6,6 @@ # Change Log | ||
| ## [3.4.3-gen2-release.0](https://github.com/aws-amplify/amplify-category-api/compare/@aws-amplify/graphql-auth-transformer@3.5.0-gen2-release.1...@aws-amplify/graphql-auth-transformer@3.4.3-gen2-release.0) (2024-03-29) | ||
| **Note:** Version bump only for package @aws-amplify/graphql-auth-transformer | ||
| ## [3.4.2](https://github.com/aws-amplify/amplify-category-api/compare/@aws-amplify/graphql-auth-transformer@3.4.1...@aws-amplify/graphql-auth-transformer@3.4.2) (2024-03-28) | ||
@@ -8,0 +12,0 @@ |
@@ -20,2 +20,3 @@ "use strict"; | ||
| ['iam', 'aws_iam'], | ||
| ['identityPool', 'aws_iam'], | ||
| ['oidc', 'aws_oidc'], | ||
@@ -22,0 +23,0 @@ ['userPools', 'aws_cognito_user_pools'], |
| import { GetArgumentsOptions } from '@aws-amplify/graphql-transformer-core'; | ||
| export type AuthStrategy = 'owner' | 'groups' | 'public' | 'private' | 'custom'; | ||
| export type AuthProvider = 'apiKey' | 'iam' | 'oidc' | 'userPools' | 'function'; | ||
| export type AuthProvider = 'apiKey' | 'iam' | 'identityPool' | 'oidc' | 'userPools' | 'function'; | ||
| export type ModelMutation = 'create' | 'update' | 'delete'; | ||
@@ -65,4 +65,5 @@ export type ModelOperation = 'create' | 'update' | 'delete' | 'get' | 'list' | 'sync' | 'search' | 'listen'; | ||
| shouldAddDefaultServiceDirective: boolean; | ||
| genericIamAccessEnabled: boolean; | ||
| } | ||
| export declare const authDirectiveDefinition: string; | ||
| //# sourceMappingURL=definitions.d.ts.map |
@@ -5,3 +5,3 @@ import { DirectiveWrapper } from '@aws-amplify/graphql-transformer-core'; | ||
| import { Construct } from 'constructs'; | ||
| import { AuthRule, ConfiguredAuthProviders, GetAuthRulesOptions, RoleDefinition, RolesByProvider } from './definitions'; | ||
| import { AuthProvider, AuthRule, ConfiguredAuthProviders, GetAuthRulesOptions, RoleDefinition, RolesByProvider } from './definitions'; | ||
| export * from './constants'; | ||
@@ -16,2 +16,3 @@ export * from './definitions'; | ||
| export declare const getConfiguredAuthProviders: (context: TransformerBeforeStepContextProvider) => ConfiguredAuthProviders; | ||
| export declare const isAuthProviderEqual: (provider: AuthProvider, otherProvider: AuthProvider) => boolean; | ||
| //# sourceMappingURL=index.d.ts.map |
@@ -17,3 +17,3 @@ "use strict"; | ||
| Object.defineProperty(exports, "__esModule", { value: true }); | ||
| exports.getConfiguredAuthProviders = exports.getScopeForField = exports.getAuthDirectiveRules = exports.splitRoles = void 0; | ||
| exports.isAuthProviderEqual = exports.getConfiguredAuthProviders = exports.getScopeForField = exports.getAuthDirectiveRules = exports.splitRoles = void 0; | ||
| const graphql_transformer_core_1 = require("@aws-amplify/graphql-transformer-core"); | ||
@@ -27,9 +27,9 @@ const constants_1 = require("./constants"); | ||
| const splitRoles = (roles) => ({ | ||
| cognitoStaticRoles: roles.filter((r) => r.static && r.provider === 'userPools'), | ||
| cognitoDynamicRoles: roles.filter((r) => !r.static && r.provider === 'userPools'), | ||
| oidcStaticRoles: roles.filter((r) => r.static && r.provider === 'oidc'), | ||
| oidcDynamicRoles: roles.filter((r) => !r.static && r.provider === 'oidc'), | ||
| iamRoles: roles.filter((r) => r.provider === 'iam'), | ||
| apiKeyRoles: roles.filter((r) => r.provider === 'apiKey'), | ||
| lambdaRoles: roles.filter((r) => r.provider === 'function'), | ||
| cognitoStaticRoles: roles.filter((r) => r.static && (0, exports.isAuthProviderEqual)(r.provider, 'userPools')), | ||
| cognitoDynamicRoles: roles.filter((r) => !r.static && (0, exports.isAuthProviderEqual)(r.provider, 'userPools')), | ||
| oidcStaticRoles: roles.filter((r) => r.static && (0, exports.isAuthProviderEqual)(r.provider, 'oidc')), | ||
| oidcDynamicRoles: roles.filter((r) => !r.static && (0, exports.isAuthProviderEqual)(r.provider, 'oidc')), | ||
| iamRoles: roles.filter((r) => (0, exports.isAuthProviderEqual)(r.provider, 'identityPool')), | ||
| apiKeyRoles: roles.filter((r) => (0, exports.isAuthProviderEqual)(r.provider, 'apiKey')), | ||
| lambdaRoles: roles.filter((r) => (0, exports.isAuthProviderEqual)(r.provider, 'function')), | ||
| }); | ||
@@ -90,3 +90,3 @@ exports.splitRoles = splitRoles; | ||
| } | ||
| if (rule.provider === 'iam') { | ||
| if ((0, exports.isAuthProviderEqual)(rule.provider, 'identityPool')) { | ||
| rule.generateIAMPolicy = true; | ||
@@ -131,3 +131,3 @@ } | ||
| case 'AWS_IAM': | ||
| return 'iam'; | ||
| return 'identityPool'; | ||
| case 'OPENID_CONNECT': | ||
@@ -143,3 +143,3 @@ return 'oidc'; | ||
| const hasAdminRolesEnabled = hasIAM && (adminRoles === null || adminRoles === void 0 ? void 0 : adminRoles.length) > 0; | ||
| const shouldAddDefaultServiceDirective = hasAdminRolesEnabled && authConfig.defaultAuthentication.authenticationType !== 'AWS_IAM'; | ||
| const shouldAddDefaultServiceDirective = (hasAdminRolesEnabled || context.synthParameters.enableIamAccess) && authConfig.defaultAuthentication.authenticationType !== 'AWS_IAM'; | ||
| const configuredProviders = { | ||
@@ -156,2 +156,3 @@ default: getAuthProvider(authConfig.defaultAuthentication.authenticationType), | ||
| shouldAddDefaultServiceDirective, | ||
| genericIamAccessEnabled: synthParameters.enableIamAccess, | ||
| }; | ||
@@ -161,2 +162,12 @@ return configuredProviders; | ||
| exports.getConfiguredAuthProviders = getConfiguredAuthProviders; | ||
| const isAuthProviderEqual = (provider, otherProvider) => { | ||
| if (provider === otherProvider) { | ||
| return true; | ||
| } | ||
| if ((provider === 'iam' || provider === 'identityPool') && (otherProvider === 'iam' || otherProvider === 'identityPool')) { | ||
| return true; | ||
| } | ||
| return false; | ||
| }; | ||
| exports.isAuthProviderEqual = isAuthProviderEqual; | ||
| //# sourceMappingURL=index.js.map |
@@ -5,2 +5,3 @@ "use strict"; | ||
| const graphql_transformer_core_1 = require("@aws-amplify/graphql-transformer-core"); | ||
| const index_1 = require("./index"); | ||
| const validateRuleAuthStrategy = (rule, configuredAuthProviders) => { | ||
@@ -20,4 +21,4 @@ if (rule.allow === 'groups' && rule.provider !== 'userPools' && rule.provider !== 'oidc') { | ||
| if (rule.allow === 'public') { | ||
| if (rule.provider && rule.provider !== 'apiKey' && rule.provider !== 'iam') { | ||
| throw new graphql_transformer_core_1.InvalidDirectiveError(`@auth directive with 'public' strategy only supports 'apiKey' (default) and 'iam' providers, but \ | ||
| if (rule.provider && !(0, index_1.isAuthProviderEqual)(rule.provider, 'apiKey') && !(0, index_1.isAuthProviderEqual)(rule.provider, 'identityPool')) { | ||
| throw new graphql_transformer_core_1.InvalidDirectiveError(`@auth directive with 'public' strategy only supports 'apiKey' (default) and 'identityPool' providers, but \ | ||
| found '${rule.provider}' assigned.`); | ||
@@ -27,4 +28,7 @@ } | ||
| if (rule.allow === 'private') { | ||
| if (rule.provider && rule.provider !== 'userPools' && rule.provider !== 'iam' && rule.provider !== 'oidc') { | ||
| throw new graphql_transformer_core_1.InvalidDirectiveError(`@auth directive with 'private' strategy only supports 'userPools' (default) and 'iam' providers, but \ | ||
| if (rule.provider && | ||
| !(0, index_1.isAuthProviderEqual)(rule.provider, 'userPools') && | ||
| !(0, index_1.isAuthProviderEqual)(rule.provider, 'identityPool') && | ||
| !(0, index_1.isAuthProviderEqual)(rule.provider, 'oidc')) { | ||
| throw new graphql_transformer_core_1.InvalidDirectiveError(`@auth directive with 'private' strategy only supports 'userPools' (default) and 'identityPool' providers, but \ | ||
| found '${rule.provider}' assigned.`); | ||
@@ -51,2 +55,5 @@ } | ||
| } | ||
| else if (rule.provider === 'identityPool' && configuredAuthProviders.hasIAM === false) { | ||
| throw new graphql_transformer_core_1.InvalidDirectiveError(`@auth directive with 'identityPool' provider found, but the project has no IAM authentication provider configured.`); | ||
| } | ||
| else if (rule.provider === 'function' && configuredAuthProviders.hasLambda === false) { | ||
@@ -53,0 +60,0 @@ throw new graphql_transformer_core_1.InvalidDirectiveError(`@auth directive with 'function' provider found, but the project has no Lambda authentication provider configured.`); |
@@ -5,4 +5,5 @@ import { TransformerContextProvider, TransformerLog } from '@aws-amplify/graphql-transformer-interfaces'; | ||
| export declare const defaultIdentityClaimWarning: (context: TransformerContextProvider, optionRules?: AuthRule[]) => string | undefined; | ||
| export declare const deprecatedIAMProviderWarning: (rules: AuthRule[]) => string | undefined; | ||
| export declare const ownerCanReassignWarning: (authModelConfig: Map<string, AccessControlMatrix>) => TransformerLog | undefined; | ||
| export declare const ownerFieldCaseWarning: (ownerField: string, warningField: string, modelName: string) => string; | ||
| //# sourceMappingURL=warnings.d.ts.map |
| "use strict"; | ||
| Object.defineProperty(exports, "__esModule", { value: true }); | ||
| exports.ownerFieldCaseWarning = exports.ownerCanReassignWarning = exports.defaultIdentityClaimWarning = void 0; | ||
| exports.ownerFieldCaseWarning = exports.ownerCanReassignWarning = exports.deprecatedIAMProviderWarning = exports.defaultIdentityClaimWarning = void 0; | ||
| const graphql_transformer_interfaces_1 = require("@aws-amplify/graphql-transformer-interfaces"); | ||
@@ -18,2 +18,11 @@ const defaultIdentityClaimWarning = (context, optionRules) => { | ||
| exports.defaultIdentityClaimWarning = defaultIdentityClaimWarning; | ||
| const deprecatedIAMProviderWarning = (rules) => { | ||
| const hasDeprecatedIAMProvider = rules.some((rule) => rule.provider === 'iam'); | ||
| if (hasDeprecatedIAMProvider) { | ||
| return ("WARNING: Schema is using an @auth directive with deprecated provider 'iam'." + | ||
| " Replace 'iam' provider with 'identityPool' provider."); | ||
| } | ||
| return undefined; | ||
| }; | ||
| exports.deprecatedIAMProviderWarning = deprecatedIAMProviderWarning; | ||
| const ownerCanReassignWarning = (authModelConfig) => { | ||
@@ -20,0 +29,0 @@ try { |
@@ -18,4 +18,4 @@ import { TransformerContextProvider } from '@aws-amplify/graphql-transformer-interfaces'; | ||
| generateFieldResolverForOwner: (entity: string) => string; | ||
| generateSandboxExpressionForField: (sandboxEnabled: boolean) => string; | ||
| generatePostAuthExpressionForField: (sandboxEnabled: boolean, genericIamAccessEnabled: boolean) => string; | ||
| } | ||
| //# sourceMappingURL=ddb-vtl-generator.d.ts.map |
@@ -20,3 +20,3 @@ "use strict"; | ||
| this.generateFieldResolverForOwner = (entity) => (0, resolvers_1.generateFieldResolverForOwner)(entity); | ||
| this.generateSandboxExpressionForField = (sandboxEnabled) => (0, field_1.generateSandboxExpressionForField)(sandboxEnabled); | ||
| this.generatePostAuthExpressionForField = (sandboxEnabled, genericIamAccessEnabled) => (0, field_1.generatePostAuthExpressionForField)(sandboxEnabled, genericIamAccessEnabled); | ||
| } | ||
@@ -23,0 +23,0 @@ } |
@@ -6,3 +6,3 @@ import { FieldDefinitionNode } from 'graphql'; | ||
| export declare const setDeniedFieldFlag: (operation: string, subscriptionsEnabled: boolean) => string; | ||
| export declare const generateSandboxExpressionForField: (sandboxEnabled: boolean) => string; | ||
| export declare const generatePostAuthExpressionForField: (sandboxEnabled: boolean, genericIamAccessEnabled: boolean) => string; | ||
| //# sourceMappingURL=field.d.ts.map |
| "use strict"; | ||
| Object.defineProperty(exports, "__esModule", { value: true }); | ||
| exports.generateSandboxExpressionForField = exports.setDeniedFieldFlag = exports.generateFieldAuthResponse = exports.generateAuthExpressionForField = void 0; | ||
| exports.generatePostAuthExpressionForField = exports.setDeniedFieldFlag = exports.generateFieldAuthResponse = exports.generateAuthExpressionForField = void 0; | ||
| const graphql_model_transformer_1 = require("@aws-amplify/graphql-model-transformer"); | ||
@@ -8,2 +8,3 @@ const graphql_mapping_template_1 = require("graphql-mapping-template"); | ||
| const helpers_1 = require("./helpers"); | ||
| const common_1 = require("../../common"); | ||
| const generateDynamicAuthReadExpression = (roles, fields) => { | ||
@@ -64,3 +65,9 @@ const ownerExpressions = new Array(); | ||
| if (providers.hasIAM) { | ||
| totalAuthExpressions.push((0, helpers_1.iamExpression)(iamRoles, providers.hasAdminRolesEnabled, providers.hasIdentityPoolId, fieldName)); | ||
| totalAuthExpressions.push((0, helpers_1.iamExpression)({ | ||
| roles: iamRoles, | ||
| adminRolesEnabled: providers.hasAdminRolesEnabled, | ||
| hasIdentityPoolId: providers.hasIdentityPoolId, | ||
| genericIamAccessEnabled: providers.genericIamAccessEnabled, | ||
| fieldName, | ||
| })); | ||
| } | ||
@@ -102,11 +109,14 @@ if (providers.hasUserPools) { | ||
| exports.setDeniedFieldFlag = setDeniedFieldFlag; | ||
| const generateSandboxExpressionForField = (sandboxEnabled) => { | ||
| let exp; | ||
| if (sandboxEnabled) | ||
| exp = (0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.notEquals)((0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)('util.authType')), (0, graphql_mapping_template_1.str)(utils_1.API_KEY_AUTH_TYPE)), (0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)('util.unauthorized'))); | ||
| else | ||
| exp = (0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)('util.unauthorized')); | ||
| return (0, graphql_mapping_template_1.printBlock)(`Sandbox Mode ${sandboxEnabled ? 'Enabled' : 'Disabled'}`)((0, graphql_mapping_template_1.compoundExpression)([exp, (0, graphql_mapping_template_1.toJson)((0, graphql_mapping_template_1.obj)({}))])); | ||
| const generatePostAuthExpressionForField = (sandboxEnabled, genericIamAccessEnabled) => { | ||
| const expressions = []; | ||
| if (sandboxEnabled) { | ||
| expressions.push((0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.equals)((0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)('util.authType')), (0, graphql_mapping_template_1.str)(utils_1.API_KEY_AUTH_TYPE)), (0, graphql_mapping_template_1.ret)((0, graphql_mapping_template_1.toJson)((0, graphql_mapping_template_1.obj)({}))))); | ||
| } | ||
| if (genericIamAccessEnabled) { | ||
| expressions.push((0, graphql_mapping_template_1.iff)(common_1.isNonCognitoIAMPrincipal, (0, graphql_mapping_template_1.ret)((0, graphql_mapping_template_1.toJson)((0, graphql_mapping_template_1.obj)({}))))); | ||
| } | ||
| expressions.push((0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)('util.unauthorized'))); | ||
| return (0, graphql_mapping_template_1.printBlock)(`Sandbox Mode ${sandboxEnabled ? 'Enabled' : 'Disabled'}, IAM Access ${genericIamAccessEnabled ? 'Enabled' : 'Disabled'}`)((0, graphql_mapping_template_1.compoundExpression)(expressions)); | ||
| }; | ||
| exports.generateSandboxExpressionForField = generateSandboxExpressionForField; | ||
| exports.generatePostAuthExpressionForField = generatePostAuthExpressionForField; | ||
| //# sourceMappingURL=field.js.map |
| import { Expression } from 'graphql-mapping-template'; | ||
| import { RoleDefinition } from '../../../utils'; | ||
| export declare const setHasAuthExpression: Expression; | ||
| export declare const getInputFields: () => Expression; | ||
@@ -12,3 +11,11 @@ export declare const getIdentityClaimExp: (value: Expression, defaultValueExp: Expression) => Expression; | ||
| export declare const lambdaExpression: (roles: Array<RoleDefinition>) => Expression; | ||
| export declare const iamExpression: (roles: Array<RoleDefinition>, adminRolesEnabled: boolean, hasIdentityPoolId: boolean, fieldName?: string) => Expression; | ||
| export type IamExpressionOptions = { | ||
| roles: Array<RoleDefinition>; | ||
| adminRolesEnabled: boolean; | ||
| hasIdentityPoolId: boolean; | ||
| genericIamAccessEnabled: boolean; | ||
| fieldName?: string; | ||
| }; | ||
| export declare const iamExpression: (options: IamExpressionOptions) => Expression; | ||
| export declare const generateIAMAccessCheck: (enableIamAccess: boolean, expression: Expression) => Expression; | ||
| export declare const iamAdminRoleCheckExpression: (fieldName?: string, adminCheckExpression?: Expression) => Expression; | ||
@@ -15,0 +22,0 @@ export declare const generateAuthRequestExpression: () => string; |
| "use strict"; | ||
| Object.defineProperty(exports, "__esModule", { value: true }); | ||
| exports.generateFieldResolverForOwner = exports.getOwnerClaimReference = exports.addAllowedFieldsIfElse = exports.generatePopulateOwnerField = exports.generateInvalidClaimsCondition = exports.generateOwnerMultiClaimExpression = exports.generateOwnerClaimExpression = exports.generateOwnerClaimListExpression = exports.emptyPayload = exports.generateAuthRequestExpression = exports.iamAdminRoleCheckExpression = exports.iamExpression = exports.lambdaExpression = exports.apiKeyExpression = exports.generateStaticRoleExpression = exports.responseCheckForErrors = exports.getOwnerClaim = exports.iamCheck = exports.getIdentityClaimExp = exports.getInputFields = exports.setHasAuthExpression = void 0; | ||
| exports.generateFieldResolverForOwner = exports.getOwnerClaimReference = exports.addAllowedFieldsIfElse = exports.generatePopulateOwnerField = exports.generateInvalidClaimsCondition = exports.generateOwnerMultiClaimExpression = exports.generateOwnerClaimExpression = exports.generateOwnerClaimListExpression = exports.emptyPayload = exports.generateAuthRequestExpression = exports.iamAdminRoleCheckExpression = exports.generateIAMAccessCheck = exports.iamExpression = exports.lambdaExpression = exports.apiKeyExpression = exports.generateStaticRoleExpression = exports.responseCheckForErrors = exports.getOwnerClaim = exports.iamCheck = exports.getIdentityClaimExp = exports.getInputFields = void 0; | ||
| const graphql_mapping_template_1 = require("graphql-mapping-template"); | ||
| const utils_1 = require("../../../utils"); | ||
| exports.setHasAuthExpression = (0, graphql_mapping_template_1.qref)((0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)('ctx.stash.put'), (0, graphql_mapping_template_1.str)('hasAuth'), (0, graphql_mapping_template_1.bool)(true))); | ||
| const common_1 = require("../../common"); | ||
| const getInputFields = () => (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)('inputFields'), (0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)('util.parseJson'), (0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)('util.toJson'), (0, graphql_mapping_template_1.ref)('ctx.args.input.keySet()')))); | ||
@@ -57,10 +57,10 @@ exports.getInputFields = getInputFields; | ||
| exports.lambdaExpression = lambdaExpression; | ||
| const iamExpression = (roles, adminRolesEnabled, hasIdentityPoolId, fieldName = undefined) => { | ||
| const iamExpression = (options) => { | ||
| const expression = new Array(); | ||
| if (adminRolesEnabled) { | ||
| expression.push((0, exports.iamAdminRoleCheckExpression)(fieldName)); | ||
| if (options.adminRolesEnabled) { | ||
| expression.push((0, exports.iamAdminRoleCheckExpression)(options.fieldName)); | ||
| } | ||
| if (roles.length > 0) { | ||
| roles.forEach((role) => { | ||
| expression.push((0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.not)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG)), (0, exports.iamCheck)(role.claim, (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG), (0, graphql_mapping_template_1.bool)(true)), hasIdentityPoolId))); | ||
| if (options.roles.length > 0) { | ||
| options.roles.forEach((role) => { | ||
| expression.push((0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.not)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG)), (0, exports.iamCheck)(role.claim, (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG), (0, graphql_mapping_template_1.bool)(true)), options.hasIdentityPoolId))); | ||
| }); | ||
@@ -71,5 +71,12 @@ } | ||
| } | ||
| return (0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.equals)((0, graphql_mapping_template_1.ref)('util.authType()'), (0, graphql_mapping_template_1.str)(utils_1.IAM_AUTH_TYPE)), (0, graphql_mapping_template_1.compoundExpression)(expression)); | ||
| return (0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.equals)((0, graphql_mapping_template_1.ref)('util.authType()'), (0, graphql_mapping_template_1.str)(utils_1.IAM_AUTH_TYPE)), (0, exports.generateIAMAccessCheck)(options.genericIamAccessEnabled, (0, graphql_mapping_template_1.compoundExpression)(expression))); | ||
| }; | ||
| exports.iamExpression = iamExpression; | ||
| const generateIAMAccessCheck = (enableIamAccess, expression) => { | ||
| if (!enableIamAccess) { | ||
| return expression; | ||
| } | ||
| return (0, graphql_mapping_template_1.ifElse)(common_1.isNonCognitoIAMPrincipal, (0, graphql_mapping_template_1.compoundExpression)([common_1.setHasAuthExpression, (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG), (0, graphql_mapping_template_1.bool)(true))]), expression); | ||
| }; | ||
| exports.generateIAMAccessCheck = generateIAMAccessCheck; | ||
| const iamAdminRoleCheckExpression = (fieldName, adminCheckExpression) => { | ||
@@ -76,0 +83,0 @@ const returnStatement = fieldName ? (0, graphql_mapping_template_1.raw)(`#return($context.source.${fieldName})`) : (0, graphql_mapping_template_1.raw)('#return($util.toJson({}))'); |
@@ -6,5 +6,5 @@ export { generateAuthExpressionForQueries, generateAuthExpressionForRelationQuery } from './query'; | ||
| export { generateAuthExpressionForDelete } from './mutation.delete'; | ||
| export { generateAuthExpressionForField, generateFieldAuthResponse, setDeniedFieldFlag, generateSandboxExpressionForField } from './field'; | ||
| export { generateAuthExpressionForField, generateFieldAuthResponse, setDeniedFieldFlag, generatePostAuthExpressionForField } from './field'; | ||
| export { generateAuthExpressionForSubscriptions } from './subscriptions'; | ||
| export { generateAuthRequestExpression, generateFieldResolverForOwner } from './helpers'; | ||
| //# sourceMappingURL=index.d.ts.map |
| "use strict"; | ||
| Object.defineProperty(exports, "__esModule", { value: true }); | ||
| exports.generateFieldResolverForOwner = exports.generateAuthRequestExpression = exports.generateAuthExpressionForSubscriptions = exports.generateSandboxExpressionForField = exports.setDeniedFieldFlag = exports.generateFieldAuthResponse = exports.generateAuthExpressionForField = exports.generateAuthExpressionForDelete = exports.generateAuthExpressionForUpdate = exports.generateAuthExpressionForCreate = exports.generateAuthExpressionForSearchQueries = exports.generateAuthExpressionForRelationQuery = exports.generateAuthExpressionForQueries = void 0; | ||
| exports.generateFieldResolverForOwner = exports.generateAuthRequestExpression = exports.generateAuthExpressionForSubscriptions = exports.generatePostAuthExpressionForField = exports.setDeniedFieldFlag = exports.generateFieldAuthResponse = exports.generateAuthExpressionForField = exports.generateAuthExpressionForDelete = exports.generateAuthExpressionForUpdate = exports.generateAuthExpressionForCreate = exports.generateAuthExpressionForSearchQueries = exports.generateAuthExpressionForRelationQuery = exports.generateAuthExpressionForQueries = void 0; | ||
| var query_1 = require("./query"); | ||
@@ -19,3 +19,3 @@ Object.defineProperty(exports, "generateAuthExpressionForQueries", { enumerable: true, get: function () { return query_1.generateAuthExpressionForQueries; } }); | ||
| Object.defineProperty(exports, "setDeniedFieldFlag", { enumerable: true, get: function () { return field_1.setDeniedFieldFlag; } }); | ||
| Object.defineProperty(exports, "generateSandboxExpressionForField", { enumerable: true, get: function () { return field_1.generateSandboxExpressionForField; } }); | ||
| Object.defineProperty(exports, "generatePostAuthExpressionForField", { enumerable: true, get: function () { return field_1.generatePostAuthExpressionForField; } }); | ||
| var subscriptions_1 = require("./subscriptions"); | ||
@@ -22,0 +22,0 @@ Object.defineProperty(exports, "generateAuthExpressionForSubscriptions", { enumerable: true, get: function () { return subscriptions_1.generateAuthExpressionForSubscriptions; } }); |
@@ -6,2 +6,3 @@ "use strict"; | ||
| const utils_1 = require("../../../utils"); | ||
| const common_1 = require("../../common"); | ||
| const helpers_1 = require("./helpers"); | ||
@@ -21,3 +22,3 @@ const apiKeyExpression = (roles) => { | ||
| }; | ||
| const iamExpression = (roles, hasAdminRolesEnabled = false, hasIdentityPoolId) => { | ||
| const iamExpression = (roles, hasAdminRolesEnabled = false, hasIdentityPoolId, genericIamAccessEnabled) => { | ||
| const expression = new Array(); | ||
@@ -40,3 +41,3 @@ if (hasAdminRolesEnabled) { | ||
| } | ||
| return (0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.equals)((0, graphql_mapping_template_1.ref)('util.authType()'), (0, graphql_mapping_template_1.str)(utils_1.IAM_AUTH_TYPE)), (0, graphql_mapping_template_1.compoundExpression)(expression)); | ||
| return (0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.equals)((0, graphql_mapping_template_1.ref)('util.authType()'), (0, graphql_mapping_template_1.str)(utils_1.IAM_AUTH_TYPE)), (0, helpers_1.generateIAMAccessCheck)(genericIamAccessEnabled, (0, graphql_mapping_template_1.compoundExpression)(expression))); | ||
| }; | ||
@@ -145,3 +146,3 @@ const lambdaExpression = (roles) => { | ||
| const totalAuthExpressions = [ | ||
| helpers_1.setHasAuthExpression, | ||
| common_1.setHasAuthExpression, | ||
| (0, helpers_1.getInputFields)(), | ||
@@ -155,3 +156,3 @@ (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG), (0, graphql_mapping_template_1.bool)(false)), | ||
| if (providers.hasIAM) { | ||
| totalAuthExpressions.push(iamExpression(iamRoles, providers.hasAdminRolesEnabled, providers.hasIdentityPoolId)); | ||
| totalAuthExpressions.push(iamExpression(iamRoles, providers.hasAdminRolesEnabled, providers.hasIdentityPoolId, providers.genericIamAccessEnabled)); | ||
| } | ||
@@ -158,0 +159,0 @@ if (providers.hasLambda) { |
@@ -6,2 +6,3 @@ "use strict"; | ||
| const utils_1 = require("../../../utils"); | ||
| const common_1 = require("../../common"); | ||
| const helpers_1 = require("./helpers"); | ||
@@ -16,3 +17,3 @@ const apiKeyExpression = (roles) => { | ||
| }; | ||
| const iamExpression = (roles, hasAdminRolesEnabled = false, hasIdentityPoolId) => { | ||
| const iamExpression = (roles, hasAdminRolesEnabled = false, hasIdentityPoolId, genericIamAccessEnabled) => { | ||
| const expression = new Array(); | ||
@@ -30,3 +31,3 @@ if (hasAdminRolesEnabled) { | ||
| } | ||
| return (0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.equals)((0, graphql_mapping_template_1.ref)('util.authType()'), (0, graphql_mapping_template_1.str)(utils_1.IAM_AUTH_TYPE)), (0, graphql_mapping_template_1.compoundExpression)(expression)); | ||
| return (0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.equals)((0, graphql_mapping_template_1.ref)('util.authType()'), (0, graphql_mapping_template_1.str)(utils_1.IAM_AUTH_TYPE)), (0, helpers_1.generateIAMAccessCheck)(genericIamAccessEnabled, (0, graphql_mapping_template_1.compoundExpression)(expression))); | ||
| }; | ||
@@ -106,3 +107,3 @@ const lambdaExpression = (roles) => { | ||
| const { cognitoStaticRoles, cognitoDynamicRoles, oidcStaticRoles, oidcDynamicRoles, apiKeyRoles, iamRoles, lambdaRoles } = (0, utils_1.splitRoles)(roles); | ||
| const totalAuthExpressions = [helpers_1.setHasAuthExpression, (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG), (0, graphql_mapping_template_1.bool)(false))]; | ||
| const totalAuthExpressions = [common_1.setHasAuthExpression, (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG), (0, graphql_mapping_template_1.bool)(false))]; | ||
| if (providers.hasApiKey) { | ||
@@ -112,3 +113,3 @@ totalAuthExpressions.push(apiKeyExpression(apiKeyRoles)); | ||
| if (providers.hasIAM) { | ||
| totalAuthExpressions.push(iamExpression(iamRoles, providers.hasAdminRolesEnabled, providers.hasIdentityPoolId)); | ||
| totalAuthExpressions.push(iamExpression(iamRoles, providers.hasAdminRolesEnabled, providers.hasIdentityPoolId, providers.genericIamAccessEnabled)); | ||
| } | ||
@@ -115,0 +116,0 @@ if (providers.hasLambda) { |
@@ -6,2 +6,3 @@ "use strict"; | ||
| const utils_1 = require("../../../utils"); | ||
| const common_1 = require("../../common"); | ||
| const helpers_1 = require("./helpers"); | ||
@@ -34,3 +35,3 @@ const apiKeyExpression = (roles) => { | ||
| }; | ||
| const iamExpression = (roles, hasAdminRolesEnabled = false, hasIdentityPoolId) => { | ||
| const iamExpression = (roles, hasAdminRolesEnabled = false, hasIdentityPoolId, genericIamAccessEnabled) => { | ||
| const expression = new Array(); | ||
@@ -56,3 +57,3 @@ if (hasAdminRolesEnabled) { | ||
| } | ||
| return (0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.equals)((0, graphql_mapping_template_1.ref)('util.authType()'), (0, graphql_mapping_template_1.str)(utils_1.IAM_AUTH_TYPE)), (0, graphql_mapping_template_1.compoundExpression)(expression)); | ||
| return (0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.equals)((0, graphql_mapping_template_1.ref)('util.authType()'), (0, graphql_mapping_template_1.str)(utils_1.IAM_AUTH_TYPE)), (0, helpers_1.generateIAMAccessCheck)(genericIamAccessEnabled, (0, graphql_mapping_template_1.compoundExpression)(expression))); | ||
| }; | ||
@@ -143,3 +144,3 @@ const generateStaticRoleExpression = (roles) => { | ||
| const totalAuthExpressions = [ | ||
| helpers_1.setHasAuthExpression, | ||
| common_1.setHasAuthExpression, | ||
| (0, helpers_1.responseCheckForErrors)(), | ||
@@ -159,3 +160,3 @@ (0, helpers_1.getInputFields)(), | ||
| if (providers.hasIAM) { | ||
| totalAuthExpressions.push(iamExpression(iamRoles, providers.hasAdminRolesEnabled, providers.hasIdentityPoolId)); | ||
| totalAuthExpressions.push(iamExpression(iamRoles, providers.hasAdminRolesEnabled, providers.hasIdentityPoolId, providers.genericIamAccessEnabled)); | ||
| } | ||
@@ -162,0 +163,0 @@ if (providers.hasUserPools) { |
@@ -6,2 +6,3 @@ "use strict"; | ||
| const utils_1 = require("../../../utils"); | ||
| const common_1 = require("../../common"); | ||
| const helpers_1 = require("./helpers"); | ||
@@ -244,3 +245,3 @@ const graphql_transformer_core_1 = require("@aws-amplify/graphql-transformer-core"); | ||
| const totalAuthExpressions = [ | ||
| helpers_1.setHasAuthExpression, | ||
| common_1.setHasAuthExpression, | ||
| (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG), (0, graphql_mapping_template_1.bool)(false)), | ||
@@ -256,3 +257,8 @@ (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)('primaryFieldMap'), (0, graphql_mapping_template_1.obj)({})), | ||
| if (providers.hasIAM) { | ||
| totalAuthExpressions.push((0, helpers_1.iamExpression)(iamRoles, providers.hasAdminRolesEnabled, providers.hasIdentityPoolId)); | ||
| totalAuthExpressions.push((0, helpers_1.iamExpression)({ | ||
| roles: iamRoles, | ||
| adminRolesEnabled: providers.hasAdminRolesEnabled, | ||
| hasIdentityPoolId: providers.hasIdentityPoolId, | ||
| genericIamAccessEnabled: providers.genericIamAccessEnabled, | ||
| })); | ||
| } | ||
@@ -302,3 +308,3 @@ if (providers.hasUserPools) { | ||
| const getNonPrimaryFieldRoles = (rolesToFilter) => rolesToFilter.filter((role) => !primaryFieldMap.has(role.entity)); | ||
| const totalAuthExpressions = [helpers_1.setHasAuthExpression, (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG), (0, graphql_mapping_template_1.bool)(false))]; | ||
| const totalAuthExpressions = [common_1.setHasAuthExpression, (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG), (0, graphql_mapping_template_1.bool)(false))]; | ||
| if (providers.hasApiKey) { | ||
@@ -311,3 +317,8 @@ totalAuthExpressions.push((0, helpers_1.apiKeyExpression)(apiKeyRoles)); | ||
| if (providers.hasIAM) { | ||
| totalAuthExpressions.push((0, helpers_1.iamExpression)(iamRoles, providers.hasAdminRolesEnabled, providers.hasIdentityPoolId)); | ||
| totalAuthExpressions.push((0, helpers_1.iamExpression)({ | ||
| roles: iamRoles, | ||
| adminRolesEnabled: providers.hasAdminRolesEnabled, | ||
| hasIdentityPoolId: providers.hasIdentityPoolId, | ||
| genericIamAccessEnabled: providers.genericIamAccessEnabled, | ||
| })); | ||
| } | ||
@@ -314,0 +325,0 @@ if (providers.hasUserPools) { |
@@ -6,2 +6,3 @@ "use strict"; | ||
| const utils_1 = require("../../../utils"); | ||
| const common_1 = require("../../common"); | ||
| const helpers_1 = require("./helpers"); | ||
@@ -37,3 +38,3 @@ const allowedAggFieldsList = 'allowedAggFields'; | ||
| }; | ||
| const iamExpression = (roles, hasAdminRolesEnabled = false, hasIdentityPoolId) => { | ||
| const iamExpression = (roles, hasAdminRolesEnabled = false, hasIdentityPoolId, genericIamAccessEnabled) => { | ||
| const expression = new Array(); | ||
@@ -62,3 +63,3 @@ if (hasAdminRolesEnabled) { | ||
| } | ||
| return (0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.equals)((0, graphql_mapping_template_1.ref)('util.authType()'), (0, graphql_mapping_template_1.str)(utils_1.IAM_AUTH_TYPE)), (0, graphql_mapping_template_1.compoundExpression)(expression)); | ||
| return (0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.equals)((0, graphql_mapping_template_1.ref)('util.authType()'), (0, graphql_mapping_template_1.str)(utils_1.IAM_AUTH_TYPE)), (0, helpers_1.generateIAMAccessCheck)(genericIamAccessEnabled, (0, graphql_mapping_template_1.compoundExpression)(expression))); | ||
| }; | ||
@@ -157,3 +158,3 @@ const generateStaticRoleExpression = (roles) => { | ||
| const totalAuthExpressions = [ | ||
| helpers_1.setHasAuthExpression, | ||
| common_1.setHasAuthExpression, | ||
| (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG), (0, graphql_mapping_template_1.bool)(false)), | ||
@@ -170,3 +171,3 @@ (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(totalFields), (0, graphql_mapping_template_1.raw)(JSON.stringify(fields.map((f) => f.name.value)))), | ||
| if (providers.hasIAM) { | ||
| totalAuthExpressions.push(iamExpression(iamRoles, providers.hasAdminRolesEnabled, providers.hasIdentityPoolId)); | ||
| totalAuthExpressions.push(iamExpression(iamRoles, providers.hasAdminRolesEnabled, providers.hasIdentityPoolId, providers.genericIamAccessEnabled)); | ||
| } | ||
@@ -173,0 +174,0 @@ if (providers.hasUserPools) { |
@@ -6,2 +6,3 @@ "use strict"; | ||
| const utils_1 = require("../../../utils"); | ||
| const common_1 = require("../../common"); | ||
| const helpers_1 = require("./helpers"); | ||
@@ -64,3 +65,3 @@ const HAS_VALID_OWNER_ARGUMENT_FLAG = 'hasValidOwnerArgument'; | ||
| const { cognitoStaticRoles, cognitoDynamicRoles, oidcStaticRoles, oidcDynamicRoles, iamRoles, apiKeyRoles, lambdaRoles } = (0, utils_1.splitRoles)(roles); | ||
| const totalAuthExpressions = [helpers_1.setHasAuthExpression, (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG), (0, graphql_mapping_template_1.bool)(false))]; | ||
| const totalAuthExpressions = [common_1.setHasAuthExpression, (0, graphql_mapping_template_1.set)((0, graphql_mapping_template_1.ref)(utils_1.IS_AUTHORIZED_FLAG), (0, graphql_mapping_template_1.bool)(false))]; | ||
| if (providers.hasApiKey) { | ||
@@ -73,3 +74,8 @@ totalAuthExpressions.push((0, helpers_1.apiKeyExpression)(apiKeyRoles)); | ||
| if (providers.hasIAM) { | ||
| totalAuthExpressions.push((0, helpers_1.iamExpression)(iamRoles, providers.hasAdminRolesEnabled, providers.hasIdentityPoolId)); | ||
| totalAuthExpressions.push((0, helpers_1.iamExpression)({ | ||
| roles: iamRoles, | ||
| adminRolesEnabled: providers.hasAdminRolesEnabled, | ||
| hasIdentityPoolId: providers.hasIdentityPoolId, | ||
| genericIamAccessEnabled: providers.genericIamAccessEnabled, | ||
| })); | ||
| } | ||
@@ -76,0 +82,0 @@ if (providers.hasUserPools) { |
@@ -18,4 +18,4 @@ import { TransformerContextProvider } from '@aws-amplify/graphql-transformer-interfaces'; | ||
| generateFieldResolverForOwner: (entity: string) => string; | ||
| generateSandboxExpressionForField: (sandboxEnabled: boolean) => string; | ||
| generatePostAuthExpressionForField: (sandboxEnabled: boolean, genericIamAccessEnabled: boolean) => string; | ||
| } | ||
| //# sourceMappingURL=rds-vtl-generator.d.ts.map |
@@ -15,3 +15,3 @@ "use strict"; | ||
| this.generateAuthExpressionForQueries = (ctx, providers, roles, fields, def, indexName) => (0, resolvers_1.generateAuthExpressionForQueries)(ctx, providers, roles, fields, def, indexName); | ||
| this.generateAuthExpressionForSearchQueries = (providers, roles, fields, allowedAggFields) => (0, resolvers_1.generateDefaultRDSExpression)(); | ||
| this.generateAuthExpressionForSearchQueries = (providers, roles, fields, allowedAggFields) => (0, resolvers_1.generateDefaultRDSExpression)(providers.genericIamAccessEnabled); | ||
| this.generateAuthExpressionForSubscriptions = (providers, roles) => (0, subscription_1.generateAuthExpressionForSubscriptions)(providers, roles); | ||
@@ -21,3 +21,3 @@ this.setDeniedFieldFlag = (operation, subscriptionsEnabled) => (0, resolvers_1.setDeniedFieldFlag)(operation, subscriptionsEnabled); | ||
| this.generateFieldResolverForOwner = (entity) => (0, resolvers_1.generateFieldResolverForOwner)(entity); | ||
| this.generateSandboxExpressionForField = (sandboxEnabled) => (0, resolvers_1.generateSandboxExpressionForField)(sandboxEnabled); | ||
| this.generatePostAuthExpressionForField = (sandboxEnabled, genericIamAccessEnabled) => (0, resolvers_1.generatePostAuthExpressionForField)(sandboxEnabled, genericIamAccessEnabled); | ||
| } | ||
@@ -24,0 +24,0 @@ } |
| import { Expression } from 'graphql-mapping-template'; | ||
| import { FieldDefinitionNode } from 'graphql'; | ||
| import { RoleDefinition } from '../../../utils'; | ||
| export declare const generateDefaultRDSExpression: () => string; | ||
| export declare const generateDefaultRDSExpression: (iamAccessEnabled: boolean) => string; | ||
| export declare const generateAuthRulesFromRoles: (roles: Array<RoleDefinition>, fields: Readonly<FieldDefinitionNode[]>, hasIdentityPoolId: boolean, hideAllowedFields?: boolean) => Expression[]; | ||
@@ -9,6 +9,7 @@ export declare const validateAuthResult: () => Expression; | ||
| export declare const constructAuthorizedInputStatement: (keyName: string) => Expression; | ||
| export declare const generateSandboxExpressionForField: (sandboxEnabled: boolean) => string; | ||
| export declare const generatePostAuthExpressionForField: (sandboxEnabled: boolean, genericIamAccessEnabled: boolean) => string; | ||
| export declare const emptyPayload: import("graphql-mapping-template").ToJsonNode; | ||
| export declare const setDeniedFieldFlag: (operation: string, subscriptionsEnabled: boolean) => string; | ||
| export declare const generateFieldResolverForOwner: (entity: string) => string; | ||
| export declare const generateIAMAccessCheck: (enableIamAccess: boolean, expression: Expression) => Expression; | ||
| //# sourceMappingURL=common.d.ts.map |
| "use strict"; | ||
| Object.defineProperty(exports, "__esModule", { value: true }); | ||
| exports.generateFieldResolverForOwner = exports.setDeniedFieldFlag = exports.emptyPayload = exports.generateSandboxExpressionForField = exports.constructAuthorizedInputStatement = exports.constructAuthFilter = exports.validateAuthResult = exports.generateAuthRulesFromRoles = exports.generateDefaultRDSExpression = void 0; | ||
| exports.generateIAMAccessCheck = exports.generateFieldResolverForOwner = exports.setDeniedFieldFlag = exports.emptyPayload = exports.generatePostAuthExpressionForField = exports.constructAuthorizedInputStatement = exports.constructAuthFilter = exports.validateAuthResult = exports.generateAuthRulesFromRoles = exports.generateDefaultRDSExpression = void 0; | ||
| const graphql_mapping_template_1 = require("graphql-mapping-template"); | ||
| const graphql_model_transformer_1 = require("@aws-amplify/graphql-model-transformer"); | ||
| const utils_1 = require("../../../utils"); | ||
| const generateDefaultRDSExpression = () => { | ||
| const common_1 = require("../../common"); | ||
| const generateDefaultRDSExpression = (iamAccessEnabled) => { | ||
| const exp = (0, graphql_mapping_template_1.ref)('util.unauthorized()'); | ||
| return (0, graphql_mapping_template_1.printBlock)('Default RDS Auth Resolver')((0, graphql_mapping_template_1.compoundExpression)([exp, (0, graphql_mapping_template_1.toJson)((0, graphql_mapping_template_1.obj)({}))])); | ||
| return (0, graphql_mapping_template_1.printBlock)('Default RDS Auth Resolver')((0, exports.generateIAMAccessCheck)(iamAccessEnabled, (0, graphql_mapping_template_1.compoundExpression)([exp, (0, graphql_mapping_template_1.toJson)((0, graphql_mapping_template_1.obj)({}))]))); | ||
| }; | ||
@@ -32,3 +33,3 @@ exports.generateDefaultRDSExpression = generateDefaultRDSExpression; | ||
| const showAllowedFields = allowedFields && !hideAllowedFields && allowedFields.length > 0; | ||
| if (role.provider === 'apiKey') { | ||
| if ((0, utils_1.isAuthProviderEqual)(role.provider, 'apiKey')) { | ||
| return (0, graphql_mapping_template_1.qref)((0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)('authRules.add'), (0, graphql_mapping_template_1.obj)({ | ||
@@ -40,3 +41,3 @@ type: (0, graphql_mapping_template_1.str)('public'), | ||
| } | ||
| else if (role.provider === 'function') { | ||
| else if ((0, utils_1.isAuthProviderEqual)(role.provider, 'function')) { | ||
| return (0, graphql_mapping_template_1.qref)((0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)('authRules.add'), (0, graphql_mapping_template_1.obj)({ | ||
@@ -48,3 +49,3 @@ type: (0, graphql_mapping_template_1.str)('custom'), | ||
| } | ||
| else if (role.provider === 'iam') { | ||
| else if ((0, utils_1.isAuthProviderEqual)(role.provider, 'identityPool')) { | ||
| return (0, graphql_mapping_template_1.qref)((0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)('authRules.add'), (0, graphql_mapping_template_1.obj)({ | ||
@@ -58,3 +59,3 @@ type: (0, graphql_mapping_template_1.str)(role.strategy), | ||
| } | ||
| else if (role.provider === 'userPools' || role.provider === 'oidc') { | ||
| else if ((0, utils_1.isAuthProviderEqual)(role.provider, 'userPools') || (0, utils_1.isAuthProviderEqual)(role.provider, 'oidc')) { | ||
| if (role.strategy === 'private') { | ||
@@ -77,3 +78,3 @@ return (0, graphql_mapping_template_1.qref)((0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)('authRules.add'), (0, graphql_mapping_template_1.obj)({ | ||
| else if (role.strategy === 'owner') { | ||
| const usingCognitoDefaultClaim = role.claim === utils_1.DEFAULT_UNIQUE_IDENTITY_CLAIM && role.provider === 'userPools'; | ||
| const usingCognitoDefaultClaim = role.claim === utils_1.DEFAULT_UNIQUE_IDENTITY_CLAIM && (0, utils_1.isAuthProviderEqual)(role.provider, 'userPools'); | ||
| return (0, graphql_mapping_template_1.qref)((0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)('authRules.add'), (0, graphql_mapping_template_1.obj)({ | ||
@@ -119,11 +120,14 @@ type: (0, graphql_mapping_template_1.str)(role.strategy), | ||
| exports.constructAuthorizedInputStatement = constructAuthorizedInputStatement; | ||
| const generateSandboxExpressionForField = (sandboxEnabled) => { | ||
| let exp; | ||
| if (sandboxEnabled) | ||
| exp = (0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.notEquals)((0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)('util.authType')), (0, graphql_mapping_template_1.str)(utils_1.API_KEY_AUTH_TYPE)), (0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)('util.unauthorized'))); | ||
| else | ||
| exp = (0, graphql_mapping_template_1.ref)('util.unauthorized()'); | ||
| return (0, graphql_mapping_template_1.printBlock)(`Sandbox Mode ${sandboxEnabled ? 'Enabled' : 'Disabled'}`)((0, graphql_mapping_template_1.compoundExpression)([exp, (0, graphql_mapping_template_1.toJson)((0, graphql_mapping_template_1.obj)({}))])); | ||
| const generatePostAuthExpressionForField = (sandboxEnabled, genericIamAccessEnabled) => { | ||
| const expressions = []; | ||
| if (sandboxEnabled) { | ||
| expressions.push((0, graphql_mapping_template_1.iff)((0, graphql_mapping_template_1.equals)((0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)('util.authType')), (0, graphql_mapping_template_1.str)(utils_1.API_KEY_AUTH_TYPE)), (0, graphql_mapping_template_1.ret)((0, graphql_mapping_template_1.toJson)((0, graphql_mapping_template_1.obj)({}))))); | ||
| } | ||
| if (genericIamAccessEnabled) { | ||
| expressions.push((0, graphql_mapping_template_1.iff)(common_1.isNonCognitoIAMPrincipal, (0, graphql_mapping_template_1.ret)((0, graphql_mapping_template_1.toJson)((0, graphql_mapping_template_1.obj)({}))))); | ||
| } | ||
| expressions.push((0, graphql_mapping_template_1.methodCall)((0, graphql_mapping_template_1.ref)('util.unauthorized'))); | ||
| return (0, graphql_mapping_template_1.printBlock)(`Sandbox Mode ${sandboxEnabled ? 'Enabled' : 'Disabled'}, IAM Access ${genericIamAccessEnabled ? 'Enabled' : 'Disabled'}`)((0, graphql_mapping_template_1.compoundExpression)(expressions)); | ||
| }; | ||
| exports.generateSandboxExpressionForField = generateSandboxExpressionForField; | ||
| exports.generatePostAuthExpressionForField = generatePostAuthExpressionForField; | ||
| exports.emptyPayload = (0, graphql_mapping_template_1.toJson)((0, graphql_mapping_template_1.raw)(JSON.stringify({ version: '2018-05-29', payload: {} }))); | ||
@@ -163,2 +167,9 @@ const setDeniedFieldFlag = (operation, subscriptionsEnabled) => { | ||
| exports.generateFieldResolverForOwner = generateFieldResolverForOwner; | ||
| const generateIAMAccessCheck = (enableIamAccess, expression) => { | ||
| if (!enableIamAccess) { | ||
| return expression; | ||
| } | ||
| return (0, graphql_mapping_template_1.ifElse)(common_1.isNonCognitoIAMPrincipal, (0, graphql_mapping_template_1.compoundExpression)([common_1.setHasAuthExpression, exports.emptyPayload]), expression); | ||
| }; | ||
| exports.generateIAMAccessCheck = generateIAMAccessCheck; | ||
| //# sourceMappingURL=common.js.map |
@@ -7,14 +7,14 @@ "use strict"; | ||
| const generateAuthExpressionForCreate = (ctx, providers, roles, fields) => { | ||
| return generateMutationExpression(roles, fields, 'create', providers.hasIdentityPoolId, false); | ||
| return generateMutationExpression(roles, fields, 'create', providers.hasIdentityPoolId, providers.genericIamAccessEnabled, false); | ||
| }; | ||
| exports.generateAuthExpressionForCreate = generateAuthExpressionForCreate; | ||
| const generateAuthExpressionForUpdate = (providers, roles, fields) => { | ||
| return generateMutationExpression(roles, fields, 'update', providers.hasIdentityPoolId, true); | ||
| return generateMutationExpression(roles, fields, 'update', providers.hasIdentityPoolId, providers.genericIamAccessEnabled, true); | ||
| }; | ||
| exports.generateAuthExpressionForUpdate = generateAuthExpressionForUpdate; | ||
| const generateAuthExpressionForDelete = (providers, roles, fields) => { | ||
| return generateMutationExpression(roles, fields, 'delete', providers.hasIdentityPoolId, true); | ||
| return generateMutationExpression(roles, fields, 'delete', providers.hasIdentityPoolId, providers.genericIamAccessEnabled, true); | ||
| }; | ||
| exports.generateAuthExpressionForDelete = generateAuthExpressionForDelete; | ||
| const generateMutationExpression = (roles, fields, operation, hasIdentityPoolId, includeExistingRecord = false) => { | ||
| const generateMutationExpression = (roles, fields, operation, hasIdentityPoolId, enableIamAccess, includeExistingRecord = false) => { | ||
| const expressions = []; | ||
@@ -26,3 +26,3 @@ expressions.push((0, graphql_mapping_template_1.compoundExpression)((0, common_1.generateAuthRulesFromRoles)(roles, fields, hasIdentityPoolId, false))); | ||
| expressions.push((0, common_1.validateAuthResult)(), (0, common_1.constructAuthorizedInputStatement)('ctx.args.input'), common_1.emptyPayload); | ||
| return (0, graphql_mapping_template_1.printBlock)('Authorization rules')((0, graphql_mapping_template_1.compoundExpression)(expressions)); | ||
| return (0, graphql_mapping_template_1.printBlock)('Authorization rules')((0, common_1.generateIAMAccessCheck)(enableIamAccess, (0, graphql_mapping_template_1.compoundExpression)(expressions))); | ||
| }; | ||
@@ -29,0 +29,0 @@ const generateAuthRequestExpression = (ctx, def) => { |
@@ -12,3 +12,3 @@ "use strict"; | ||
| expressions.push((0, common_1.validateAuthResult)(), (0, common_1.constructAuthFilter)(), common_1.emptyPayload); | ||
| return (0, graphql_mapping_template_1.printBlock)('Authorization rules')((0, graphql_mapping_template_1.compoundExpression)(expressions)); | ||
| return (0, graphql_mapping_template_1.printBlock)('Authorization rules')((0, common_1.generateIAMAccessCheck)(providers.genericIamAccessEnabled, (0, graphql_mapping_template_1.compoundExpression)(expressions))); | ||
| }; | ||
@@ -22,3 +22,3 @@ exports.generateAuthExpressionForQueries = generateAuthExpressionForQueries; | ||
| expressions.push(common_1.emptyPayload); | ||
| return (0, graphql_mapping_template_1.printBlock)('Authorization rules')((0, graphql_mapping_template_1.compoundExpression)(expressions)); | ||
| return (0, graphql_mapping_template_1.printBlock)('Authorization rules')((0, common_1.generateIAMAccessCheck)(providers.genericIamAccessEnabled, (0, graphql_mapping_template_1.compoundExpression)(expressions))); | ||
| }; | ||
@@ -41,5 +41,5 @@ exports.generateAuthExpressionForField = generateAuthExpressionForField; | ||
| expressions.push((0, common_1.validateAuthResult)(), (0, common_1.constructAuthFilter)(), common_1.emptyPayload); | ||
| return (0, graphql_mapping_template_1.printBlock)('Authorization rules')((0, graphql_mapping_template_1.compoundExpression)(expressions)); | ||
| return (0, graphql_mapping_template_1.printBlock)('Authorization rules')((0, common_1.generateIAMAccessCheck)(providers.genericIamAccessEnabled, (0, graphql_mapping_template_1.compoundExpression)(expressions))); | ||
| }; | ||
| exports.generateAuthExpressionForRelationQuery = generateAuthExpressionForRelationQuery; | ||
| //# sourceMappingURL=query.js.map |
@@ -15,5 +15,5 @@ "use strict"; | ||
| expressions.push(common_1.emptyPayload); | ||
| return (0, graphql_mapping_template_1.printBlock)('Authorization rules')((0, graphql_mapping_template_1.compoundExpression)(expressions)); | ||
| return (0, graphql_mapping_template_1.printBlock)('Authorization rules')((0, common_1.generateIAMAccessCheck)(providers.genericIamAccessEnabled, (0, graphql_mapping_template_1.compoundExpression)(expressions))); | ||
| }; | ||
| exports.generateAuthExpressionForSubscriptions = generateAuthExpressionForSubscriptions; | ||
| //# sourceMappingURL=subscription.js.map |
@@ -17,4 +17,4 @@ import { TransformerContextProvider } from '@aws-amplify/graphql-transformer-interfaces'; | ||
| generateFieldResolverForOwner: (entity: string) => string; | ||
| generateSandboxExpressionForField: (sandboxEnabled: boolean) => string; | ||
| generatePostAuthExpressionForField: (sandboxEnabled: boolean, genericIamAccessEnabled: boolean) => string; | ||
| } | ||
| //# sourceMappingURL=vtl-generator.d.ts.map |
| { | ||
| "name": "@aws-amplify/graphql-auth-transformer", | ||
| "version": "3.4.2", | ||
| "version": "3.4.3-gen2-release.0", | ||
| "description": "Amplify GraphQL @auth transformer", | ||
@@ -32,10 +32,10 @@ "repository": { | ||
| "dependencies": { | ||
| "@aws-amplify/graphql-directives": "1.0.1", | ||
| "@aws-amplify/graphql-model-transformer": "2.7.0", | ||
| "@aws-amplify/graphql-relational-transformer": "2.4.2", | ||
| "@aws-amplify/graphql-transformer-core": "2.5.1", | ||
| "@aws-amplify/graphql-transformer-interfaces": "3.5.0", | ||
| "@aws-amplify/graphql-directives": "1.1.0-gen2-release.0", | ||
| "@aws-amplify/graphql-model-transformer": "2.7.1-gen2-release.0", | ||
| "@aws-amplify/graphql-relational-transformer": "2.5.0-gen2-release.0", | ||
| "@aws-amplify/graphql-transformer-core": "2.5.2-gen2-release.0", | ||
| "@aws-amplify/graphql-transformer-interfaces": "3.5.1-gen2-release.0", | ||
| "graphql": "^15.5.0", | ||
| "graphql-mapping-template": "4.20.15", | ||
| "graphql-transformer-common": "4.29.0", | ||
| "graphql-transformer-common": "4.29.1-gen2-release.0", | ||
| "lodash": "^4.17.21", | ||
@@ -45,7 +45,7 @@ "md5": "^2.3.0" | ||
| "devDependencies": { | ||
| "@aws-amplify/graphql-function-transformer": "2.1.19", | ||
| "@aws-amplify/graphql-index-transformer": "2.3.8", | ||
| "@aws-amplify/graphql-searchable-transformer": "2.6.2", | ||
| "@aws-amplify/graphql-sql-transformer": "0.2.8", | ||
| "@aws-amplify/graphql-transformer-test-utils": "0.4.7", | ||
| "@aws-amplify/graphql-function-transformer": "2.1.20-gen2-release.0", | ||
| "@aws-amplify/graphql-index-transformer": "2.3.9-gen2-release.0", | ||
| "@aws-amplify/graphql-searchable-transformer": "2.6.3-gen2-release.0", | ||
| "@aws-amplify/graphql-sql-transformer": "0.2.9-gen2-release.0", | ||
| "@aws-amplify/graphql-transformer-test-utils": "0.4.8-gen2-release.0", | ||
| "@types/node": "^12.12.6" | ||
@@ -92,3 +92,3 @@ }, | ||
| }, | ||
| "gitHead": "ac8990dd06d7b6a29c079e84a7c1e23ec5708fc1" | ||
| "gitHead": "a550843921e81b923214a9038b0725ac5e6b2b67" | ||
| } |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is too big to display
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
No v1
QualityPackage is not semver >=1. This means it is not stable and does not support ^ ranges.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by2.34%
661716
- Number of package files
- increased by3.45%
120
- Lines of code
- increased by2.87%
4294
Worsened metrics
- Number of low quality alerts
- increased by100%
2
Dependency changes
+ Added@aws-amplify/graphql-directives@1.1.0-gen2-release.0(transitive)
+ Added@aws-amplify/graphql-index-transformer@2.3.9-gen2-release.0(transitive)
+ Added@aws-amplify/graphql-model-transformer@2.7.1-gen2-release.0(transitive)
+ Added@aws-amplify/graphql-relational-transformer@2.5.0-gen2-release.0(transitive)
+ Added@aws-amplify/graphql-transformer-core@2.5.2-gen2-release.0(transitive)
+ Added@aws-amplify/graphql-transformer-interfaces@3.5.1-gen2-release.0(transitive)
+ Addedgraphql-transformer-common@4.29.1-gen2-release.0(transitive)
- Removed@aws-amplify/graphql-directives@1.0.1(transitive)
- Removed@aws-amplify/graphql-index-transformer@2.3.8(transitive)
- Removed@aws-amplify/graphql-model-transformer@2.7.0(transitive)
- Removed@aws-amplify/graphql-relational-transformer@2.4.2(transitive)
- Removed@aws-amplify/graphql-transformer-core@2.5.1(transitive)
- Removed@aws-amplify/graphql-transformer-interfaces@3.5.0(transitive)
- Removedgraphql-transformer-common@4.29.0(transitive)
Updated@aws-amplify/graphql-model-transformer@2.7.1-gen2-release.0
Updated@aws-amplify/graphql-relational-transformer@2.5.0-gen2-release.0
Updated@aws-amplify/graphql-transformer-core@2.5.2-gen2-release.0
Updated@aws-amplify/graphql-transformer-interfaces@3.5.1-gen2-release.0