@nhost/stripe-graphql-js 0.0.1 → 0.0.2

package/dist/server.js

@@ -0,0 +1,41 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.schema = exports.createStripeGraphQLServer = void 0;
+const node_1 = require("@graphql-yoga/node");
+const schema_1 = require("./schema");
+Object.defineProperty(exports, "schema", { enumerable: true, get: function () { return schema_1.schema; } });
+const utils_1 = require("./utils");
+const createStripeGraphQLServer = (params) => {
+    const cors = params === null || params === void 0 ? void 0 : params.cors;
+    const isAllowed = params === null || params === void 0 ? void 0 : params.isAllowed;
+    const context = (context) => {
+        const { request } = context;
+        // user id
+        const userClaims = (0, utils_1.getUserClaims)(request);
+        // check if using correct `x-hasura-admin-secret` header
+        const adminSecretFromHeader = request.headers.get('x-hasura-admin-secret');
+        const adminSecret = process.env.NHOST_ADMIN_SECRET;
+        // check if the request is from Hasura
+        const nhostWebhookSecretFromHeader = request.headers.get('x-nhost-webhook-secret');
+        const nhostWebhookSecret = process.env.NHOST_WEBHOOK_SECRET;
+        const role = request.headers.get('x-hasura-role');
+        // variables
+        const isAdmin = adminSecretFromHeader === adminSecret ||
+            (role === 'admin' && nhostWebhookSecretFromHeader === nhostWebhookSecret);
+        // if no isAllowed function is provided, we will allow admin requests
+        const isAllowedFunction = isAllowed ||
+            ((_stripeCustomerId, context) => {
+                return context.isAdmin;
+            });
+        // return
+        return Object.assign(Object.assign({}, context), { isAllowed: isAllowedFunction, userClaims,
+            isAdmin });
+    };
+    return (0, node_1.createServer)({
+        cors,
+        context,
+        schema: schema_1.schema
+    });
+};
+exports.createStripeGraphQLServer = createStripeGraphQLServer;
+//# sourceMappingURL=server.js.map

package/dist/server.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"server.js","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":";;;AAAA,6CAAqE;AAErE,qCAAiC;AAmDG,uFAnD3B,eAAM,OAmD2B;AAjD1C,mCAAuC;AAEvC,MAAM,yBAAyB,GAAG,CAAC,MAA0B,EAAE,EAAE;IAC/D,MAAM,IAAI,GAAG,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,IAAI,CAAA;IACzB,MAAM,SAAS,GAAG,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,SAAS,CAAA;IAEnC,MAAM,OAAO,GAAG,CAAC,OAA2B,EAAW,EAAE;QACvD,MAAM,EAAE,OAAO,EAAE,GAAG,OAAO,CAAA;QAE3B,UAAU;QACV,MAAM,UAAU,GAAG,IAAA,qBAAa,EAAC,OAAO,CAAC,CAAA;QAEzC,wDAAwD;QACxD,MAAM,qBAAqB,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC,CAAA;QAC1E,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAA;QAElD,sCAAsC;QACtC,MAAM,4BAA4B,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC,CAAA;QAClF,MAAM,kBAAkB,GAAG,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAA;QAC3D,MAAM,IAAI,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAA;QAEjD,YAAY;QACZ,MAAM,OAAO,GACX,qBAAqB,KAAK,WAAW;YACrC,CAAC,IAAI,KAAK,OAAO,IAAI,4BAA4B,KAAK,kBAAkB,CAAC,CAAA;QAE3E,qEAAqE;QACrE,MAAM,iBAAiB,GACrB,SAAS;YACT,CAAC,CAAC,iBAAyB,EAAE,OAAgB,EAAE,EAAE;gBAC/C,OAAO,OAAO,CAAC,OAAO,CAAA;YACxB,CAAC,CAAC,CAAA;QAEJ,SAAS;QACT,uCACK,OAAO,KACV,SAAS,EAAE,iBAAiB,EAC5B,UAAU;YACV,OAAO,IACR;IACH,CAAC,CAAA;IAED,OAAO,IAAA,mBAAY,EAAC;QAClB,IAAI;QACJ,OAAO;QACP,MAAM,EAAN,eAAM;KACP,CAAC,CAAA;AACJ,CAAC,CAAA;AAEQ,8DAAyB"}

package/dist/types.d.ts

@@ -0,0 +1,32 @@
+import type Stripe from 'stripe';
+import type { CORSOptions, YogaInitialContext } from '@graphql-yoga/node';
+export declare type StripeGraphQLContext = {
+    isAllowed: (stripeCustomerId: string, context: Context) => boolean;
+    userClaims?: UserHasuraClaims;
+    isAdmin: boolean;
+};
+export declare type Context = YogaInitialContext & StripeGraphQLContext;
+export declare type CreateServerProps = {
+    cors?: CORSOptions;
+    isAllowed?: (stripeCustomerId: string, context: Context) => boolean;
+};
+export declare type StripePaymentMethod = Stripe.PaymentMethod & {
+    customer: string | null;
+};
+export declare type StripeSubscription = Stripe.Subscription & {
+    customer: string;
+    test_clock: string | null;
+};
+export declare type StripeInvoice = Stripe.Invoice & {
+    id: string;
+    customer: string;
+    default_payment_method: StripePaymentMethod | null;
+};
+export declare type UserHasuraClaims = {
+    'x-hasura-user-id': string;
+    'x-hasura-default-role': string;
+    'x-hasura-allowed-roles': string[];
+} & {
+    [key: string]: string;
+};
+//# sourceMappingURL=types.d.ts.map

package/dist/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,MAAM,MAAM,QAAQ,CAAA;AAEhC,OAAO,KAAK,EAAE,WAAW,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAA;AAEzE,oBAAY,oBAAoB,GAAG;IACjC,SAAS,EAAE,CAAC,gBAAgB,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,KAAK,OAAO,CAAA;IAClE,UAAU,CAAC,EAAE,gBAAgB,CAAA;IAC7B,OAAO,EAAE,OAAO,CAAA;CACjB,CAAA;AAED,oBAAY,OAAO,GAAG,kBAAkB,GAAG,oBAAoB,CAAA;AAE/D,oBAAY,iBAAiB,GAAG;IAC9B,IAAI,CAAC,EAAE,WAAW,CAAA;IAClB,SAAS,CAAC,EAAE,CAAC,gBAAgB,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,KAAK,OAAO,CAAA;CACpE,CAAA;AAID,oBAAY,mBAAmB,GAAG,MAAM,CAAC,aAAa,GAAG;IACvD,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAA;CACxB,CAAA;AAED,oBAAY,kBAAkB,GAAG,MAAM,CAAC,YAAY,GAAG;IACrD,QAAQ,EAAE,MAAM,CAAA;IAChB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAA;CAC1B,CAAA;AAED,oBAAY,aAAa,GAAG,MAAM,CAAC,OAAO,GAAG;IAC3C,EAAE,EAAE,MAAM,CAAA;IACV,QAAQ,EAAE,MAAM,CAAA;IAChB,sBAAsB,EAAE,mBAAmB,GAAG,IAAI,CAAA;CACnD,CAAA;AAED,oBAAY,gBAAgB,GAAG;IAC7B,kBAAkB,EAAE,MAAM,CAAA;IAC1B,uBAAuB,EAAE,MAAM,CAAA;IAC/B,wBAAwB,EAAE,MAAM,EAAE,CAAA;CACnC,GAAG;IACF,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAA;CACtB,CAAA"}

package/dist/types.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=types.js.map

package/dist/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":""}

package/dist/utils.d.ts

@@ -0,0 +1,5 @@
+import Stripe from 'stripe';
+import { UserHasuraClaims } from './types';
+export declare const stripe: Stripe;
+export declare const getUserClaims: (req: Request) => UserHasuraClaims | undefined;
+//# sourceMappingURL=utils.d.ts.map

package/dist/utils.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../src/utils.ts"],"names":[],"mappings":"AACA,OAAO,MAAM,MAAM,QAAQ,CAAA;AAE3B,OAAO,EAAE,gBAAgB,EAAE,MAAM,SAAS,CAAA;AAM1C,eAAO,MAAM,MAAM,QAEjB,CAAA;AAEF,eAAO,MAAM,aAAa,QAAS,OAAO,KAAG,gBAAgB,GAAG,SAqB/D,CAAA"}

package/dist/utils.js

@@ -0,0 +1,34 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getUserClaims = exports.stripe = void 0;
+const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
+const stripe_1 = __importDefault(require("stripe"));
+if (!process.env.STRIPE_SECRET_KEY) {
+    throw new Error('STRIPE_SECRET_KEY env var is not set');
+}
+exports.stripe = new stripe_1.default(process.env.STRIPE_SECRET_KEY, {
+    apiVersion: '2022-08-01'
+});
+const getUserClaims = (req) => {
+    try {
+        const authorizationHeader = req.headers.get('authorization');
+        const accessToken = authorizationHeader === null || authorizationHeader === void 0 ? void 0 : authorizationHeader.split(' ')[1];
+        if (!accessToken) {
+            return undefined;
+        }
+        if (!process.env.NHOST_JWT_SECRET) {
+            throw new Error('NHOST_JWT_SECRET env var is not set');
+        }
+        const jwtSecret = JSON.parse(process.env.NHOST_JWT_SECRET);
+        const decodedToken = jsonwebtoken_1.default.verify(accessToken, jwtSecret.key);
+        return decodedToken['https://hasura.io/jwt/claims'];
+    }
+    catch (error) {
+        return undefined;
+    }
+};
+exports.getUserClaims = getUserClaims;
+//# sourceMappingURL=utils.js.map

package/dist/utils.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"utils.js","sourceRoot":"","sources":["../src/utils.ts"],"names":[],"mappings":";;;;;;AAAA,gEAA8B;AAC9B,oDAA2B;AAI3B,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,iBAAiB,EAAE;IAClC,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAA;CACxD;AAEY,QAAA,MAAM,GAAG,IAAI,gBAAM,CAAC,OAAO,CAAC,GAAG,CAAC,iBAAiB,EAAE;IAC9D,UAAU,EAAE,YAAY;CACzB,CAAC,CAAA;AAEK,MAAM,aAAa,GAAG,CAAC,GAAY,EAAgC,EAAE;IAC1E,IAAI;QACF,MAAM,mBAAmB,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAA;QAE5D,MAAM,WAAW,GAAG,mBAAmB,aAAnB,mBAAmB,uBAAnB,mBAAmB,CAAE,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,CAAA;QAEtD,IAAI,CAAC,WAAW,EAAE;YAChB,OAAO,SAAS,CAAA;SACjB;QAED,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,gBAAgB,EAAE;YACjC,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAA;SACvD;QAED,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAA;QAE1D,MAAM,YAAY,GAAG,sBAAG,CAAC,MAAM,CAAC,WAAW,EAAE,SAAS,CAAC,GAAG,CAAQ,CAAA;QAClE,OAAO,YAAY,CAAC,8BAA8B,CAAqB,CAAA;KACxE;IAAC,OAAO,KAAK,EAAE;QACd,OAAO,SAAS,CAAA;KACjB;AACH,CAAC,CAAA;AArBY,QAAA,aAAa,iBAqBzB"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nhost/stripe-graphql-js",
-  "version": "0.0.1",
+  "version": "0.0.2",
   "description": "Stripe GraphQL API",
   "license": "MIT",
   "keywords": [