graphql_authorizer

GraphQLAuthorizer

GraphqlAuthorizer is built to provide simple access authorization in Graphql Endpoints by encrypting Access Key and request Timestamp.

Installation

Add this line to your application's Gemfile:

gem 'graphql_authorizer'

# or with git source

gem "graphql_authorizer", git: "git@bitbucket.org:gorated/graphql-authorizer.git"

And then execute:

$ bundle

Or install it yourself as:

$ gem install graphql_authorizer

Usage

run generator:

$ rails g graphql_authorizer:install

This will generate initializer configuration files for:

• GraphQLAuthorizer

• Rack-Attack.

Add Rack Attack in application.rb:

# In config/application.rb

config.middleware.use Rack::Attack

note: Rack Attack initializer file contains basic configurations to allow, block and throttle client's access based on defined conditions.

For more configuration options please check rack-attack

note: you need to supply shared access key for client and application in initializers/graphql_authorizer.rb

GraphQLAuthorizer provides helper methods for validating if the request is valid, by initializing the GraphQLAuthorization::Request class and providing timestamp and signature as arguments.

  timestamp = Time.zone.now.to_i.to_s
  sig       = SecureRandom.hex(8)
  request_validator = GraphQLAuthorizer::Request.new(timestamp: timestamp, sig: sig)

  request_validator.valid? # returns boolean `true` or `false`
  request_validator.erros # returns array of error messages if request validator
  returns `false` otherwise returns `nil`

note:

• GraphQLAuthorizer use OpenSSL::Digest and OpenSSL::HMAC to validate request by encrypting timestamp and access_key.

• Client's must provide encrypted signature by encrypting access_key and timestamp upon request.

Sample Client Request Configuration with graphql-client

require "graphql/client"
require "graphql/client/http"

class Queries::SWAPI
  # Configure GraphQL endpoint using the basic HTTP network adapter.
  endpoint = ENV.fetch("APP_ENDPOINT")
  HTTP = GraphQL::Client::HTTP.new(endpoint) do
    def headers(context)
      # Optionally set any HTTP headers
      timestamp = Time.now.to_i.to_s
      token = generate_token(timestamp: timestamp)
      {
        "Request-Signature" => token, # Required for signature validation
        "Request-Timestamp" => timestamp, # Required for request timestamp
        validation
        "Authorization" => context
      }
    end

    def generate_token(timestamp:)
      access_key    = ENV.fetch("GRAPHQL_ACCESS_KEY")
      digest        = OpenSSL::Digest.new("sha256")
      OpenSSL::HMAC.hexdigest(digest, access_key, timestamp)
    end
  end

  Schema = GraphQL::Client.load_schema("schema.json")

  Client = GraphQL::Client.new(schema: Schema, execute: HTTP)
end

Development

After checking out the repo, run bin/setup to install dependencies. Then, run rake test to run the tests. You can also run bin/console for an interactive prompt that will allow you to experiment.

To install this gem onto your local machine, run bundle exec rake install. To release a new version, update the version number in version.rb, and then run bundle exec rake release, which will create a git tag for the version, push git commits and tags, and push the .gem file to rubygems.org.

Contributing

Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/GraphQL_Authorizer. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the Contributor Covenant code of conduct.

License

The gem is available as open source under the terms of the MIT License.

Code of Conduct

Everyone interacting in the GraphQLAuthorizer project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the code of conduct.