@powerhousedao/reactor-api 1.13.0 → 1.14.0

package/src/subgraphs/auth/utils/session.ts

@@ -0,0 +1,149 @@
+/* eslint-disable @typescript-eslint/no-unsafe-return */
+/* eslint-disable @typescript-eslint/no-unsafe-member-access */
+/* eslint-disable @typescript-eslint/no-unsafe-assignment */
+/* eslint-disable @typescript-eslint/no-unsafe-call */
+/* eslint-disable @typescript-eslint/no-unsafe-argument */
+import { GraphQLError } from "graphql";
+import ms from "ms";
+import { SiweMessage } from "siwe";
+import { JWT_EXPIRATION_PERIOD } from "../env";
+import { Session } from "../types";
+import {
+  generateTokenAndSession,
+  validateOriginAgainstAllowed,
+  verifyToken,
+} from "./helpers";
+import { Db } from "../../../types";
+import { Context } from "src/subgraphs/types";
+
+export const createAuthenticationSession = async (
+  db: Db,
+  userId: string,
+  allowedOrigins = ["*"],
+) => {
+  return generateTokenAndSession(
+    db,
+    {
+      expiresAt: new Date(
+        new Date().getTime() + ms(JWT_EXPIRATION_PERIOD),
+      ).toISOString(),
+      name: "Sign in/Sign up",
+      allowedOrigins,
+    },
+    userId,
+    true,
+  );
+};
+
+export const createCustomSession = async (
+  db: Db,
+  userId: string,
+  session: {
+    expiryDurationSeconds?: number | null;
+    name: string;
+    allowedOrigins: string[];
+  },
+  isUserCreated = false,
+) => {
+  return generateTokenAndSession(db, session, userId, isUserCreated);
+};
+
+export const listSessions = async (db: Db, userId: string) => {
+  return db<Session>("Session").select().where("createdBy", userId);
+};
+
+export const revoke = async (db: Db, sessionId: string, userId: string) => {
+  const [session] = await db<Session>("Session").select().where({
+    id: sessionId,
+    userId,
+  });
+
+  if (!session) {
+    throw new GraphQLError("Session not found", {
+      extensions: { code: "SESSION_NOT_FOUND" },
+    });
+  }
+  if (session.revokedAt !== null) {
+    throw new GraphQLError("Session already revoked", {
+      extensions: { code: "SESSION_ALREADY_REVOKED" },
+    });
+  }
+  await db<Session>("Session")
+    .update({
+      revokedAt: new Date().toISOString(),
+    })
+    .where({
+      id: sessionId,
+      userId,
+    });
+};
+
+export const authenticate = async (context: Context) => {
+  const authorization = context.headers.authorization;
+  const db = context.db as Db;
+  if (!authorization) {
+    throw new GraphQLError("Not authenticated", {
+      extensions: { code: "NOT_AUTHENTICATED" },
+    });
+  }
+  const token = authorization.replace("Bearer ", "");
+  const origin = context.headers.origin;
+  const session = await getSessionByToken(db, origin, token);
+  return session;
+};
+
+export const getSessionByToken = async (
+  db: Db,
+  origin?: string,
+  token?: string,
+) => {
+  if (!token) {
+    throw new GraphQLError("Not authenticated", {
+      extensions: { code: "NOT_AUTHENTICATED" },
+    });
+  }
+  const verificationTokenResult = verifyToken(token);
+  if (!verificationTokenResult) {
+    throw new GraphQLError("Invalid token", {
+      extensions: { code: "INVALID_TOKEN" },
+    });
+  }
+  const { sessionId } = verificationTokenResult;
+  const [session] = await db<Session>("Session").select().where({
+    id: sessionId,
+  });
+  if (!session) {
+    throw new GraphQLError("Session not found", {
+      extensions: { code: "SESSION_NOT_FOUND" },
+    });
+  }
+  if (session.revokedAt) {
+    throw new GraphQLError("Session expired", {
+      extensions: { code: "SESSION_EXPIRED" },
+    });
+  }
+  if (
+    origin &&
+    (!session.allowedOrigins ||
+      session.allowedOrigins === "*" ||
+      session.allowedOrigins.includes(origin))
+  ) {
+    validateOriginAgainstAllowed(session.allowedOrigins, origin);
+  }
+  return session;
+};
+
+export const verifySignature = async (
+  parsedMessage: SiweMessage,
+  signature: string,
+) => {
+  try {
+    const response = await parsedMessage.verify({
+      time: new Date().toISOString(),
+      signature,
+    });
+    return response;
+  } catch (error) {
+    throw new GraphQLError("Invalid signature");
+  }
+};

package/src/subgraphs/auth/utils/user.ts

@@ -0,0 +1,40 @@
+import { GraphQLError } from "graphql";
+import { Db } from "../../../utils/db";
+
+interface User {
+  address: string;
+  createdAt?: string;
+  updatedAt?: string;
+  networkId: string;
+  chainId: number;
+}
+export const upsertUser = async (db: Db, user: User) => {
+  const { AUTH_SIGNUP_DISABLED } = process.env;
+  if (AUTH_SIGNUP_DISABLED) {
+    throw new GraphQLError("Sign up is disabled");
+  }
+
+  const [existingUser] = await db<User>("User")
+    .select()
+    .where("address", user.address);
+
+  if (existingUser) {
+    return existingUser;
+  }
+
+  const date = new Date().toISOString();
+  const [newUser] = await db<User>("User")
+    .insert({
+      address: user.address,
+      updatedAt: date,
+      createdAt: date,
+    })
+    .returning("*");
+
+  return newUser;
+};
+
+export const getUser = async (db: Db, address: string) => {
+  const [user] = await db<User>("User").select().where("address", address);
+  return user;
+};

package/src/subgraphs/base/index.ts

@@ -6,10 +6,11 @@ import { GraphQLResolverMap } from "@apollo/subgraph/dist/schema-helper";
 import { gql } from "graphql-tag";
 import { Context } from "../types";
 import { Db } from "src/types";
+import { SubgraphManager } from "../manager";
 
 export class Subgraph implements ISubgraph {
   name = "example";
-  resolvers: GraphQLResolverMap<Context> = {
+  resolvers: Record<string, any> = {
     Query: {
       hello: () => this.name,
     },
@@ -20,9 +21,11 @@ export class Subgraph implements ISubgraph {
     }
   `;
   reactor: IDocumentDriveServer;
+  subgraphManager: SubgraphManager;
   operationalStore: Db;
   constructor(args: SubgraphArgs) {
     this.reactor = args.reactor;
+    this.subgraphManager = args.subgraphManager;
     this.operationalStore = args.operationalStore;
   }
   async onSetup() {

package/src/subgraphs/index.ts

@@ -3,6 +3,7 @@ import { Subgraph } from "./base";
 export * as analyticsSubgraph from "./analytics";
 export * as driveSubgraph from "./drive";
 export * as systemSubgraph from "./system";
+export * as authSubgraph from "./auth";
 export * from "./types";
 export { Subgraph } from "./base";
 

package/src/subgraphs/manager.ts

@@ -7,12 +7,13 @@ import cors from "cors";
 import { IDocumentDriveServer } from "document-drive";
 import express, { IRouter, Router } from "express";
 import { Db } from "src/types";
-import { Context, SubgraphArgs, SubgraphClass } from ".";
+import { authSubgraph, Context, SubgraphArgs, SubgraphClass } from ".";
 import { createSchema } from "../utils/create-schema";
 import { AnalyticsSubgraph } from "./analytics";
 import { Subgraph } from "./base";
 import { DriveSubgraph } from "./drive";
 import { SystemSubgraph } from "./system";
+import { AuthSubgraph } from "./auth";
 
 export class SubgraphManager {
   private reactorRouter: IRouter = Router();
@@ -27,6 +28,7 @@ export class SubgraphManager {
     private readonly analyticsStore: IAnalyticsStore,
   ) {
     // Setup Default subgraphs
+    this.registerSubgraph(AuthSubgraph);
     this.registerSubgraph(SystemSubgraph);
     this.registerSubgraph(DriveSubgraph);
     this.registerSubgraph(AnalyticsSubgraph);
@@ -106,7 +108,7 @@ export class SubgraphManager {
     });
     await subgraphInstance.onSetup();
     this.subgraphs.unshift(subgraphInstance);
-    console.log(`> Registered ${subgraphInstance.name} subgraph.`);
+    console.log(`> Registered ${this.path.slice(-1) === "/" ? this.path : this.path+ "/"}${subgraphInstance.name} subgraph.`);
     await this.updateRouter();
   }
 

package/src/subgraphs/system/env/getters.ts

@@ -0,0 +1,7 @@
+export const getAdminUsers = (): string[] => {
+  return (
+    process.env.ADMIN_USERS?.split(",").map((user) =>
+      user.trim().toLocaleLowerCase(),
+    ) || []
+  );
+};

package/src/subgraphs/system/env/index.ts

@@ -0,0 +1,6 @@
+import dotenv from "dotenv";
+import { getAdminUsers } from "./getters";
+
+dotenv.config();
+
+export const ADMIN_USERS = getAdminUsers();

package/src/subgraphs/system/index.ts

@@ -1,9 +1,13 @@
 import { DriveInput } from "document-drive";
+import { GraphQLError } from "graphql";
 import { gql } from "graphql-tag";
 import { Subgraph } from "../base";
+import { ADMIN_USERS } from "./env";
+import { SystemContext } from "./types";
 
 export class SystemSubgraph extends Subgraph {
   name = "system";
+
   typeDefs = gql`
     type Query {
       drives: [String!]!
@@ -32,8 +36,16 @@ export class SystemSubgraph extends Subgraph {
       },
     },
     Mutation: {
-      addDrive: async (parent: unknown, args: DriveInput) => {
+      addDrive: async (
+        parent: unknown,
+        args: DriveInput,
+        ctx: SystemContext,
+      ) => {
         try {
+          const isAdmin = ctx.isAdmin(ctx);
+          if (!isAdmin) {
+            throw new GraphQLError("Unauthorized");
+          }
           const drive = await this.reactor.addDrive(args);
           return drive.state.global;
         } catch (e) {
@@ -43,4 +55,17 @@ export class SystemSubgraph extends Subgraph {
       },
     },
   };
+
+  async onSetup() {
+    await super.onSetup();
+    this.subgraphManager.setAdditionalContextFields({
+      isAdmin: (ctx: SystemContext) => {
+        return (
+          ADMIN_USERS.length === 0 ||
+          (ctx.session.address &&
+            ADMIN_USERS.includes(ctx.session.address.toLocaleLowerCase()))
+        );
+      },
+    });
+  }
 }

package/src/subgraphs/system/types.ts

@@ -0,0 +1,5 @@
+import { AuthContext } from "../auth/types";
+
+export type SystemContext = AuthContext & {
+  isAdmin: (ctx: AuthContext) => boolean;
+};

package/src/utils/db.ts

@@ -16,10 +16,11 @@ export function getDbClient(
 ): Db {
   const isPg = connectionString && isPG(connectionString);
   const client = isPg ? "pg" : (ClientPgLite as typeof knex.Client);
-
+  const connection = isPg
+    ? { connectionString }
+    : { pglite: new PGlite(connectionString) };
   return knex({
     client,
-    // @ts-expect-error
-    connection: { pglite: new PGlite(connectionString) },
+    connection,
   });
 }

package/tsconfig.json

@@ -3,7 +3,7 @@
     "module": "ESNext",
     "moduleResolution": "Bundler",
     "target": "esnext",
-    "types": ["node", "./types.d.ts"],
+    "types": ["@types/node", "./types.d.ts"],
     "declaration": true,
     "outDir": "./dist",
     "esModuleInterop": true,