@axinom/mosaic-id-guard 0.26.0-rc.4 → 0.26.0-rc.5

package/dist/graphql/ax-guard-plugin.d.ts

@@ -1,10 +1,14 @@
+import { Plugin } from 'graphile-build';
 /**
- * AxGuard plugin is created by combining two plugins - `QueryMutationGuardPlugin`
- * and `SubscriptionGuardPlugin`.
+ * AxGuard plugin is created by combining three plugins - `QueryMutationGuardPlugin`,
+ * `SubscriptionGuardPlugin` and `PermissionDefinitionExporterPlugin`.
  *
  * This plugin handles authorization for GraphQL resources exposed by the APIs.
  * For Queries and Mutations an error is thrown if the authorization fails.
  *
+ * In addition, the `PermissionDefinitionExporterPlugin` exports the permission definition
+ * for the respective service to a file as given by the `permissionDefinitionExportPath` parameter.
+ *
  * For subscriptions, if the JWT token expires while subscription events are emitted,
  * the websocket connection is closed with `4403` code, allowing the client to automatically
  * re-establish the connection.
@@ -19,5 +23,5 @@
  *
  * @returns
  */
-export declare const AxGuardPlugin: import("graphile-build").Plugin;
+export declare const AxGuardPlugin: (permissionDefinitionExportPath?: string) => Plugin;
 //# sourceMappingURL=ax-guard-plugin.d.ts.map

package/dist/graphql/ax-guard-plugin.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"ax-guard-plugin.d.ts","sourceRoot":"","sources":["../../src/graphql/ax-guard-plugin.ts"],"names":[],"mappings":"AAIA;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,eAAO,MAAM,aAAa,iCAGzB,CAAC"}
+{"version":3,"file":"ax-guard-plugin.d.ts","sourceRoot":"","sources":["../../src/graphql/ax-guard-plugin.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,gBAAgB,CAAC;AAMxC;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,eAAO,MAAM,aAAa,oCACS,MAAM,KACtC,MAMF,CAAC"}

package/dist/graphql/ax-guard-plugin.js

@@ -2,15 +2,19 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.AxGuardPlugin = void 0;
 const graphile_utils_1 = require("graphile-utils");
+const generate_permissions_file_plugin_1 = require("./generate-permissions-file-plugin");
 const query_mutation_guard_plugin_1 = require("./query-mutation-guard-plugin");
 const subscription_guard_plugin_1 = require("./subscription-guard-plugin");
 /**
- * AxGuard plugin is created by combining two plugins - `QueryMutationGuardPlugin`
- * and `SubscriptionGuardPlugin`.
+ * AxGuard plugin is created by combining three plugins - `QueryMutationGuardPlugin`,
+ * `SubscriptionGuardPlugin` and `PermissionDefinitionExporterPlugin`.
  *
  * This plugin handles authorization for GraphQL resources exposed by the APIs.
  * For Queries and Mutations an error is thrown if the authorization fails.
  *
+ * In addition, the `PermissionDefinitionExporterPlugin` exports the permission definition
+ * for the respective service to a file as given by the `permissionDefinitionExportPath` parameter.
+ *
  * For subscriptions, if the JWT token expires while subscription events are emitted,
  * the websocket connection is closed with `4403` code, allowing the client to automatically
  * re-establish the connection.
@@ -25,5 +29,8 @@ const subscription_guard_plugin_1 = require("./subscription-guard-plugin");
  *
  * @returns
  */
-exports.AxGuardPlugin = (0, graphile_utils_1.makePluginByCombiningPlugins)(query_mutation_guard_plugin_1.QueryMutationGuardPlugin, subscription_guard_plugin_1.SubscriptionGuardPlugin);
+const AxGuardPlugin = (permissionDefinitionExportPath) => {
+    return (0, graphile_utils_1.makePluginByCombiningPlugins)((0, generate_permissions_file_plugin_1.PermissionDefinitionExporterPlugin)(permissionDefinitionExportPath), query_mutation_guard_plugin_1.QueryMutationGuardPlugin, subscription_guard_plugin_1.SubscriptionGuardPlugin);
+};
+exports.AxGuardPlugin = AxGuardPlugin;
 //# sourceMappingURL=ax-guard-plugin.js.map

package/dist/graphql/ax-guard-plugin.js.map

@@ -1 +1 @@
-{"version":3,"file":"ax-guard-plugin.js","sourceRoot":"","sources":["../../src/graphql/ax-guard-plugin.ts"],"names":[],"mappings":";;;AAAA,mDAA8D;AAC9D,+EAAyE;AACzE,2EAAsE;AAEtE;;;;;;;;;;;;;;;;;;;;GAoBG;AACU,QAAA,aAAa,GAAG,IAAA,6CAA4B,EACvD,sDAAwB,EACxB,mDAAuB,CACxB,CAAC"}
+{"version":3,"file":"ax-guard-plugin.js","sourceRoot":"","sources":["../../src/graphql/ax-guard-plugin.ts"],"names":[],"mappings":";;;AACA,mDAA8D;AAC9D,yFAAwF;AACxF,+EAAyE;AACzE,2EAAsE;AAEtE;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACI,MAAM,aAAa,GAAG,CAC3B,8BAAuC,EAC/B,EAAE;IACV,OAAO,IAAA,6CAA4B,EACjC,IAAA,qEAAkC,EAAC,8BAA8B,CAAC,EAClE,sDAAwB,EACxB,mDAAuB,CACxB,CAAC;AACJ,CAAC,CAAC;AARW,QAAA,aAAa,iBAQxB"}

package/dist/graphql/generate-permissions-file-plugin.d.ts

@@ -0,0 +1,8 @@
+import { Plugin } from 'postgraphile';
+/**
+ * Exports the permissions definition to a file.
+ * @param permissionDefinitionExportPath
+ * @returns
+ */
+export declare function PermissionDefinitionExporterPlugin(permissionDefinitionExportPath?: string): Plugin;
+//# sourceMappingURL=generate-permissions-file-plugin.d.ts.map

package/dist/graphql/generate-permissions-file-plugin.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"generate-permissions-file-plugin.d.ts","sourceRoot":"","sources":["../../src/graphql/generate-permissions-file-plugin.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,MAAM,EAAE,MAAM,cAAc,CAAC;AAEtC;;;;GAIG;AACH,wBAAgB,kCAAkC,CAChD,8BAA8B,CAAC,EAAE,MAAM,GACtC,MAAM,CAmBR"}

package/dist/graphql/generate-permissions-file-plugin.js

@@ -0,0 +1,47 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PermissionDefinitionExporterPlugin = void 0;
+const fs_1 = __importDefault(require("fs"));
+const path_1 = __importDefault(require("path"));
+/**
+ * Exports the permissions definition to a file.
+ * @param permissionDefinitionExportPath
+ * @returns
+ */
+function PermissionDefinitionExporterPlugin(permissionDefinitionExportPath) {
+    return (builder, options) => {
+        // Write permissions to file when the schema is built.
+        builder.hook('finalize', (schema, _build, _context) => {
+            if (permissionDefinitionExportPath !== undefined) {
+                if (options.permissionDefinition === undefined) {
+                    throw new Error('When a permissionDefinitionExportPath is provided to AxGuard Plugin, permissionDefinition must be defined in the Postgraphile options.');
+                }
+                writeSourceFile(permissionDefinitionExportPath, JSON.stringify(options.permissionDefinition, null, 2));
+            }
+            return schema;
+        });
+    };
+}
+exports.PermissionDefinitionExporterPlugin = PermissionDefinitionExporterPlugin;
+/**
+ * Writes generated source code to file but compares with the content of the existing file first to avoid triggering compilation in watch mode.
+ * @param outPath - Path where to write the source file.
+ * @param contents - Contents of the source file.
+ */
+function writeSourceFile(outPath, contents) {
+    if (!fs_1.default.existsSync(path_1.default.dirname(outPath))) {
+        fs_1.default.mkdirSync(path_1.default.dirname(outPath), { recursive: true });
+    }
+    // Don't write file if the contents are the same, avoid triggering a build in watch mode.
+    if (fs_1.default.existsSync(outPath)) {
+        const currentContents = fs_1.default.readFileSync(outPath, { encoding: 'utf-8' });
+        if (currentContents.toString() === contents) {
+            return;
+        }
+    }
+    fs_1.default.writeFileSync(outPath, contents, 'utf-8');
+}
+//# sourceMappingURL=generate-permissions-file-plugin.js.map

package/dist/graphql/generate-permissions-file-plugin.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"generate-permissions-file-plugin.js","sourceRoot":"","sources":["../../src/graphql/generate-permissions-file-plugin.ts"],"names":[],"mappings":";;;;;;AAAA,4CAAoB;AACpB,gDAAwB;AAGxB;;;;GAIG;AACH,SAAgB,kCAAkC,CAChD,8BAAuC;IAEvC,OAAO,CAAC,OAAO,EAAE,OAAO,EAAE,EAAE;QAC1B,sDAAsD;QACtD,OAAO,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,EAAE;YACpD,IAAI,8BAA8B,KAAK,SAAS,EAAE;gBAChD,IAAI,OAAO,CAAC,oBAAoB,KAAK,SAAS,EAAE;oBAC9C,MAAM,IAAI,KAAK,CACb,wIAAwI,CACzI,CAAC;iBACH;gBACD,eAAe,CACb,8BAA8B,EAC9B,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,oBAAoB,EAAE,IAAI,EAAE,CAAC,CAAC,CACtD,CAAC;aACH;YAED,OAAO,MAAM,CAAC;QAChB,CAAC,CAAC,CAAC;IACL,CAAC,CAAC;AACJ,CAAC;AArBD,gFAqBC;AAED;;;;GAIG;AACH,SAAS,eAAe,CAAC,OAAe,EAAE,QAAgB;IACxD,IAAI,CAAC,YAAE,CAAC,UAAU,CAAC,cAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,EAAE;QACzC,YAAE,CAAC,SAAS,CAAC,cAAI,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;KAC1D;IACD,yFAAyF;IACzF,IAAI,YAAE,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE;QAC1B,MAAM,eAAe,GAAG,YAAE,CAAC,YAAY,CAAC,OAAO,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAC;QACxE,IAAI,eAAe,CAAC,QAAQ,EAAE,KAAK,QAAQ,EAAE;YAC3C,OAAO;SACR;KACF;IACD,YAAE,CAAC,aAAa,CAAC,OAAO,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;AAC/C,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@axinom/mosaic-id-guard",
-  "version": "0.26.0-rc.4",
+  "version": "0.26.0-rc.5",
   "description": "Authentication and authorization helpers for Axinom Mosaic services",
   "author": "Axinom",
   "license": "PROPRIETARY",
@@ -28,10 +28,10 @@
     "lint": "eslint . --ext .ts,.tsx,.js --color --cache"
   },
   "dependencies": {
-    "@axinom/mosaic-id-utils": "^0.15.11-rc.4",
-    "@axinom/mosaic-message-bus": "^0.21.0-rc.4",
-    "@axinom/mosaic-service-common": "^0.43.0-rc.4",
-    "@axinom/mosaic-transactional-inbox-outbox": "^0.3.0-rc.4",
+    "@axinom/mosaic-id-utils": "^0.15.11-rc.5",
+    "@axinom/mosaic-message-bus": "^0.21.0-rc.5",
+    "@axinom/mosaic-service-common": "^0.43.0-rc.5",
+    "@axinom/mosaic-transactional-inbox-outbox": "^0.3.0-rc.5",
     "amqplib": "^0.10.3",
     "express": "^4.17.1",
     "express-bearer-token": "^2.4.0",
@@ -63,5 +63,5 @@
   "publishConfig": {
     "access": "public"
   },
-  "gitHead": "563e812a8bf5de5ec9afea24c1881dc954879203"
+  "gitHead": "6f103880206b41eb793b69a31c83e99dcf3b128d"
 }

package/src/graphql/ax-guard-plugin.ts

@@ -1,14 +1,19 @@
+import { Plugin } from 'graphile-build';
 import { makePluginByCombiningPlugins } from 'graphile-utils';
+import { PermissionDefinitionExporterPlugin } from './generate-permissions-file-plugin';
 import { QueryMutationGuardPlugin } from './query-mutation-guard-plugin';
 import { SubscriptionGuardPlugin } from './subscription-guard-plugin';
 
 /**
- * AxGuard plugin is created by combining two plugins - `QueryMutationGuardPlugin`
- * and `SubscriptionGuardPlugin`.
+ * AxGuard plugin is created by combining three plugins - `QueryMutationGuardPlugin`,
+ * `SubscriptionGuardPlugin` and `PermissionDefinitionExporterPlugin`.
  *
  * This plugin handles authorization for GraphQL resources exposed by the APIs.
  * For Queries and Mutations an error is thrown if the authorization fails.
  *
+ * In addition, the `PermissionDefinitionExporterPlugin` exports the permission definition
+ * for the respective service to a file as given by the `permissionDefinitionExportPath` parameter.
+ *
  * For subscriptions, if the JWT token expires while subscription events are emitted,
  * the websocket connection is closed with `4403` code, allowing the client to automatically
  * re-establish the connection.
@@ -23,7 +28,12 @@ import { SubscriptionGuardPlugin } from './subscription-guard-plugin';
  *
  * @returns
  */
-export const AxGuardPlugin = makePluginByCombiningPlugins(
-  QueryMutationGuardPlugin,
-  SubscriptionGuardPlugin,
-);
+export const AxGuardPlugin = (
+  permissionDefinitionExportPath?: string,
+): Plugin => {
+  return makePluginByCombiningPlugins(
+    PermissionDefinitionExporterPlugin(permissionDefinitionExportPath),
+    QueryMutationGuardPlugin,
+    SubscriptionGuardPlugin,
+  );
+};

package/src/graphql/generate-permissions-file-plugin.ts

@@ -0,0 +1,50 @@
+import fs from 'fs';
+import path from 'path';
+import { Plugin } from 'postgraphile';
+
+/**
+ * Exports the permissions definition to a file.
+ * @param permissionDefinitionExportPath
+ * @returns
+ */
+export function PermissionDefinitionExporterPlugin(
+  permissionDefinitionExportPath?: string,
+): Plugin {
+  return (builder, options) => {
+    // Write permissions to file when the schema is built.
+    builder.hook('finalize', (schema, _build, _context) => {
+      if (permissionDefinitionExportPath !== undefined) {
+        if (options.permissionDefinition === undefined) {
+          throw new Error(
+            'When a permissionDefinitionExportPath is provided to AxGuard Plugin, permissionDefinition must be defined in the Postgraphile options.',
+          );
+        }
+        writeSourceFile(
+          permissionDefinitionExportPath,
+          JSON.stringify(options.permissionDefinition, null, 2),
+        );
+      }
+
+      return schema;
+    });
+  };
+}
+
+/**
+ * Writes generated source code to file but compares with the content of the existing file first to avoid triggering compilation in watch mode.
+ * @param outPath - Path where to write the source file.
+ * @param contents - Contents of the source file.
+ */
+function writeSourceFile(outPath: string, contents: string): void {
+  if (!fs.existsSync(path.dirname(outPath))) {
+    fs.mkdirSync(path.dirname(outPath), { recursive: true });
+  }
+  // Don't write file if the contents are the same, avoid triggering a build in watch mode.
+  if (fs.existsSync(outPath)) {
+    const currentContents = fs.readFileSync(outPath, { encoding: 'utf-8' });
+    if (currentContents.toString() === contents) {
+      return;
+    }
+  }
+  fs.writeFileSync(outPath, contents, 'utf-8');
+}