@exogee/graphweaver-auth
Advanced tools
@exogee/graphweaver-auth - npm Package Compare versions
Comparing version 0.1.17 to 0.1.18
@@ -97,3 +97,2 @@ "use strict"; | ||
| async function checkEntityPermission(entity, id, accessType) { | ||
| var _a; | ||
| const { name } = entity; | ||
@@ -128,4 +127,4 @@ if (!name) { | ||
| try { | ||
| const { provider } = (_a = import_graphweaver.EntityMetadataMap.get(name)) != null ? _a : {}; | ||
| const result = await (provider == null ? void 0 : provider.findOne(where)); | ||
| const { provider } = import_graphweaver.EntityMetadataMap.get(name) ?? {}; | ||
| const result = await provider?.findOne(where); | ||
| if (!result) { | ||
@@ -154,4 +153,4 @@ import_logger.logger.trace("Raising ForbiddenError: User is not allowed to access this record"); | ||
| } | ||
| const relationship = meta == null ? void 0 : meta.fields.find((field) => field.name === key); | ||
| const relatedEntity = relationship == null ? void 0 : relationship.getType(); | ||
| const relationship = meta?.fields.find((field) => field.name === key); | ||
| const relatedEntity = relationship?.getType(); | ||
| const isRelatedEntity = relatedEntity && relatedEntity.prototype instanceof import_graphweaver.GraphQLEntity; | ||
@@ -162,3 +161,3 @@ if (isRelatedEntity) { | ||
| for (const item of values) { | ||
| const relatedId = item == null ? void 0 : item.id; | ||
| const relatedId = item?.id; | ||
| if (relatedId) { | ||
@@ -165,0 +164,0 @@ relatedEntityAuthChecks.push( |
| import { Filter } from '@exogee/graphweaver'; | ||
| import { AccessControlList, AuthorizationContext, ConsolidatedAccessControlEntry, ConsolidatedAccessControlValue } from './types'; | ||
| export { ForbiddenError } from 'apollo-server-errors'; | ||
| export declare const AclMap: Map<string, Partial<AccessControlList<any, any>>>; | ||
@@ -4,0 +5,0 @@ export declare function setAdministratorRoleName(roleName: string): void; |
@@ -22,2 +22,3 @@ "use strict"; | ||
| AclMap: () => AclMap, | ||
| ForbiddenError: () => import_apollo_server_errors.ForbiddenError, | ||
| andFilters: () => andFilters, | ||
@@ -36,2 +37,3 @@ buildAccessControlEntryForUser: () => buildAccessControlEntryForUser, | ||
| var import_auth_utils = require("./auth-utils"); | ||
| var import_apollo_server_errors = require("apollo-server-errors"); | ||
| let authContext = void 0; | ||
@@ -74,6 +76,6 @@ let administratorRoleName = ""; | ||
| } | ||
| if (!Array.isArray(authContext.roles) || authContext.roles.length === 0) { | ||
| if (!authContext.user?.roles || !Array.isArray(authContext.user?.roles) || authContext.user?.roles.length === 0) { | ||
| throw new Error("Currently logged in user has no roles"); | ||
| } | ||
| return authContext.roles; | ||
| return authContext.user.roles; | ||
| } | ||
@@ -156,2 +158,3 @@ const consolidateAccessControlValue = (base, candidate) => { | ||
| AclMap, | ||
| ForbiddenError, | ||
| andFilters, | ||
@@ -158,0 +161,0 @@ buildAccessControlEntryForUser, |
@@ -38,8 +38,7 @@ "use strict"; | ||
| const afterCreateOrUpdate = async (params) => { | ||
| var _a; | ||
| const items = params.args.items; | ||
| const entities = (_a = params.entities) != null ? _a : []; | ||
| const entities = params.entities ?? []; | ||
| assertTransactional(params.transactional); | ||
| const authChecks = entities.map( | ||
| (entity, index) => (entity == null ? void 0 : entity.id) ? (0, import_auth_utils.checkAuthorization)( | ||
| (entity, index) => entity?.id ? (0, import_auth_utils.checkAuthorization)( | ||
| Object.getPrototypeOf(entity).constructor, | ||
@@ -71,5 +70,4 @@ entity.id, | ||
| return async (params) => { | ||
| var _a; | ||
| const items = params.args.items.filter(import_graphweaver.hasId); | ||
| const { entity } = (_a = import_graphweaver.EntityMetadataMap.get(gqlEntityTypeName)) != null ? _a : {}; | ||
| const { entity } = import_graphweaver.EntityMetadataMap.get(gqlEntityTypeName) ?? {}; | ||
| if (!entity) { | ||
@@ -76,0 +74,0 @@ throw new Error( |
| export * from './decorators'; | ||
| export * from './types'; | ||
| export * from './helper-functions'; | ||
| export * from './authentication'; |
@@ -21,2 +21,3 @@ "use strict"; | ||
| __reExport(src_exports, require("./helper-functions"), module.exports); | ||
| __reExport(src_exports, require("./authentication"), module.exports); | ||
| //# sourceMappingURL=index.js.map |
| import { BaseContext, Filter } from '@exogee/graphweaver'; | ||
| import { JwtPayload } from 'jsonwebtoken'; | ||
| import { UserProfile } from './user-profile'; | ||
| export interface AuthorizationContext extends BaseContext { | ||
| roles?: string[]; | ||
| token?: string | JwtPayload; | ||
| user?: UserProfile; | ||
| } | ||
@@ -5,0 +8,0 @@ export declare enum AccessType { |
| { | ||
| "name": "@exogee/graphweaver-auth", | ||
| "version": "0.1.17", | ||
| "version": "0.1.18", | ||
| "description": "Row-Level Security support for @exogee/graphweaver", | ||
@@ -15,2 +15,3 @@ "license": "MIT", | ||
| "dependencies": { | ||
| "@apollo/server": "4.2.2", | ||
| "apollo-server-errors": "3.3.1", | ||
@@ -20,7 +21,9 @@ "class-validator": "0.14.0", | ||
| "graphql": "16.6.0", | ||
| "jsonwebtoken": "9.0.0", | ||
| "type-graphql": "2.0.0-beta.2", | ||
| "@exogee/graphweaver": "0.1.17", | ||
| "@exogee/logger": "0.1.17" | ||
| "@exogee/logger": "0.1.18", | ||
| "@exogee/graphweaver": "0.1.18" | ||
| }, | ||
| "devDependencies": { | ||
| "@types/jsonwebtoken": "9.0.2", | ||
| "@types/node": "14.14.10", | ||
@@ -27,0 +30,0 @@ "esbuild": "0.15.5", |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 3 instances in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by55.26%
100462
- Number of package files
- increased by130.43%
53
- Lines of code
- increased by72.18%
1207
Worsened metrics
- Dependency count
- increased by28.57%
9
- Dev dependency count
- increased by16.67%
7
- Number of low supply chain risk alerts
- increased by500%
6
Dependency changes
+ Added@apollo/server@4.2.2
+ Addedjsonwebtoken@9.0.0
+ Added@apollo/cache-control-types@1.0.3(transitive)
+ Added@apollo/protobufjs@1.2.7(transitive)
+ Added@apollo/server@4.2.2(transitive)
+ Added@apollo/server-gateway-interface@1.1.1(transitive)
+ Added@apollo/usage-reporting-protobuf@4.1.1(transitive)
+ Added@apollo/utils.createhash@2.0.1(transitive)
+ Added@apollo/utils.dropunuseddefinitions@2.0.1(transitive)
+ Added@apollo/utils.fetcher@2.0.1(transitive)
+ Added@apollo/utils.isnodelike@2.0.1(transitive)
+ Added@apollo/utils.keyvaluecache@2.1.1(transitive)
+ Added@apollo/utils.logger@2.0.1(transitive)
+ Added@apollo/utils.printwithreducedwhitespace@2.0.1(transitive)
+ Added@apollo/utils.removealiases@2.0.1(transitive)
+ Added@apollo/utils.sortast@2.0.1(transitive)
+ Added@apollo/utils.stripsensitiveliterals@2.0.1(transitive)
+ Added@apollo/utils.usagereporting@2.1.0(transitive)
+ Added@apollo/utils.withrequired@2.0.1(transitive)
+ Added@exogee/graphweaver@0.1.18(transitive)
+ Added@exogee/logger@0.1.18(transitive)
+ Added@josephg/resolvable@1.0.1(transitive)
+ Added@protobufjs/aspromise@1.1.2(transitive)
+ Added@protobufjs/base64@1.1.2(transitive)
+ Added@protobufjs/codegen@2.0.4(transitive)
+ Added@protobufjs/eventemitter@1.1.0(transitive)
+ Added@protobufjs/fetch@1.1.0(transitive)
+ Added@protobufjs/float@1.0.2(transitive)
+ Added@protobufjs/inquire@1.1.0(transitive)
+ Added@protobufjs/path@1.1.2(transitive)
+ Added@protobufjs/pool@1.1.0(transitive)
+ Added@protobufjs/utf8@1.1.0(transitive)
+ Added@types/body-parser@1.19.5(transitive)
+ Added@types/connect@3.4.38(transitive)
+ Added@types/express@4.17.21(transitive)
+ Added@types/express-serve-static-core@4.19.6(transitive)
+ Added@types/http-errors@2.0.4(transitive)
+ Added@types/long@4.0.2(transitive)
+ Added@types/mime@1.3.5(transitive)
+ Added@types/node-fetch@2.6.12(transitive)
+ Added@types/qs@6.9.17(transitive)
+ Added@types/range-parser@1.2.7(transitive)
+ Added@types/send@0.17.4(transitive)
+ Added@types/serve-static@1.15.7(transitive)
+ Addedaccepts@1.3.8(transitive)
+ Addedarray-flatten@1.1.1(transitive)
+ Addedasync-retry@1.3.3(transitive)
+ Addedasynckit@0.4.0(transitive)
+ Addedbody-parser@1.20.3(transitive)
+ Addedbuffer-equal-constant-time@1.0.1(transitive)
+ Addedbytes@3.1.2(transitive)
+ Addedcall-bind@1.0.7(transitive)
+ Addedcombined-stream@1.0.8(transitive)
+ Addedcontent-disposition@0.5.4(transitive)
+ Addedcontent-type@1.0.5(transitive)
+ Addedcookie@0.7.1(transitive)
+ Addedcookie-signature@1.0.6(transitive)
+ Addedcors@2.8.5(transitive)
+ Addeddebug@2.6.9(transitive)
+ Addeddefine-data-property@1.1.4(transitive)
+ Addeddelayed-stream@1.0.0(transitive)
+ Addeddepd@2.0.0(transitive)
+ Addeddestroy@1.2.0(transitive)
+ Addedecdsa-sig-formatter@1.0.11(transitive)
+ Addedee-first@1.1.1(transitive)
+ Addedencodeurl@1.0.22.0.0(transitive)
+ Addedes-define-property@1.0.0(transitive)
+ Addedes-errors@1.3.0(transitive)
+ Addedescape-html@1.0.3(transitive)
+ Addedetag@1.8.1(transitive)
+ Addedexpress@4.21.1(transitive)
+ Addedfinalhandler@1.3.1(transitive)
+ Addedform-data@4.0.1(transitive)
+ Addedforwarded@0.2.0(transitive)
+ Addedfresh@0.5.2(transitive)
+ Addedfunction-bind@1.1.2(transitive)
+ Addedget-intrinsic@1.2.4(transitive)
+ Addedgopd@1.1.0(transitive)
+ Addedhas-property-descriptors@1.0.2(transitive)
+ Addedhas-proto@1.1.0(transitive)
+ Addedhas-symbols@1.1.0(transitive)
+ Addedhasown@2.0.2(transitive)
+ Addedhttp-errors@2.0.0(transitive)
+ Addediconv-lite@0.4.24(transitive)
+ Addedipaddr.js@1.9.1(transitive)
+ Addedjsonwebtoken@9.0.0(transitive)
+ Addedjwa@1.4.1(transitive)
+ Addedjws@3.2.2(transitive)
+ Addedlodash@4.17.21(transitive)
+ Addedlodash.sortby@4.7.0(transitive)
+ Addedloglevel@1.9.2(transitive)
+ Addedlong@4.0.0(transitive)
+ Addedlru-cache@7.18.3(transitive)
+ Addedmedia-typer@0.3.0(transitive)
+ Addedmerge-descriptors@1.0.3(transitive)
+ Addedmethods@1.1.2(transitive)
+ Addedmime@1.6.0(transitive)
+ Addedmime-db@1.52.0(transitive)
+ Addedmime-types@2.1.35(transitive)
+ Addedms@2.0.0(transitive)
+ Addednegotiator@0.6.30.6.4(transitive)
+ Addednode-abort-controller@3.1.1(transitive)
+ Addednode-fetch@2.7.0(transitive)
+ Addedobject-assign@4.1.1(transitive)
+ Addedobject-inspect@1.13.3(transitive)
+ Addedon-finished@2.4.1(transitive)
+ Addedparseurl@1.3.3(transitive)
+ Addedpath-to-regexp@0.1.10(transitive)
+ Addedproxy-addr@2.0.7(transitive)
+ Addedqs@6.13.0(transitive)
+ Addedrange-parser@1.2.1(transitive)
+ Addedraw-body@2.5.2(transitive)
+ Addedretry@0.13.1(transitive)
+ Addedsafe-buffer@5.2.1(transitive)
+ Addedsafer-buffer@2.1.2(transitive)
+ Addedsend@0.19.0(transitive)
+ Addedserve-static@1.16.2(transitive)
+ Addedset-function-length@1.2.2(transitive)
+ Addedsetprototypeof@1.2.0(transitive)
+ Addedsha.js@2.4.11(transitive)
+ Addedside-channel@1.0.6(transitive)
+ Addedstatuses@2.0.1(transitive)
+ Addedtoidentifier@1.0.1(transitive)
+ Addedtr46@0.0.3(transitive)
+ Addedtype-is@1.6.18(transitive)
+ Addedunpipe@1.0.0(transitive)
+ Addedutils-merge@1.0.1(transitive)
+ Addeduuid@9.0.1(transitive)
+ Addedvary@1.1.2(transitive)
+ Addedwebidl-conversions@3.0.1(transitive)
+ Addedwhatwg-mimetype@3.0.0(transitive)
+ Addedwhatwg-url@5.0.0(transitive)
- Removed@exogee/graphweaver@0.1.17(transitive)
- Removed@exogee/logger@0.1.17(transitive)
Updated@exogee/graphweaver@0.1.18
Updated@exogee/logger@0.1.18