@powerhousedao/reactor-api 6.2.0-dev.3 → 6.2.0-dev.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +0 -2
- package/dist/index.d.mts +37 -144
- package/dist/index.d.mts.map +1 -1
- package/dist/index.mjs +102 -278
- package/dist/index.mjs.map +1 -1
- package/dist/src/packages/vite-loader.mjs +1 -1
- package/dist/{utils-BFkbSO_H.mjs → utils-CtC8sjRo.mjs} +115 -34
- package/dist/utils-CtC8sjRo.mjs.map +1 -0
- package/package.json +13 -13
- package/dist/utils-BFkbSO_H.mjs.map +0 -1
package/dist/index.mjs
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
|
|
2
|
-
!function(){try{var e="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof globalThis?globalThis:"undefined"!=typeof self?self:{},n=(new e.Error).stack;n&&(e._sentryDebugIds=e._sentryDebugIds||{},e._sentryDebugIds[n]="
|
|
3
|
-
import { a as isSubgraphClass, c as loadDocumentModels, d as BaseSubgraph, i as buildGraphqlOperations, l as loadProcessors, n as buildGraphQlDriveDocument, o as debounce, r as buildGraphqlOperation, t as buildGraphQlDocument, u as loadSubgraphs } from "./utils-
|
|
2
|
+
!function(){try{var e="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof globalThis?globalThis:"undefined"!=typeof self?self:{},n=(new e.Error).stack;n&&(e._sentryDebugIds=e._sentryDebugIds||{},e._sentryDebugIds[n]="64b14acf-bb9d-528e-b2b6-b3fa2097026f")}catch(e){}}();
|
|
3
|
+
import { a as isSubgraphClass, c as loadDocumentModels, d as BaseSubgraph, f as AuthorizationPolicy, i as buildGraphqlOperations, l as loadProcessors, n as buildGraphQlDriveDocument, o as debounce, p as createAuthorizationService, r as buildGraphqlOperation, t as buildGraphQlDocument, u as loadSubgraphs } from "./utils-CtC8sjRo.mjs";
|
|
4
4
|
import { AnalyticsQueryEngine } from "@powerhousedao/analytics-engine-core";
|
|
5
5
|
import { AnalyticsModel, AnalyticsResolvers, typedefs } from "@powerhousedao/analytics-engine-graphql";
|
|
6
6
|
import { gql } from "graphql-tag";
|
|
@@ -85,18 +85,14 @@ async function documentAccess(service, args) {
|
|
|
85
85
|
async function userDocumentPermissions(service, userAddress) {
|
|
86
86
|
return service.getUserDocuments(userAddress);
|
|
87
87
|
}
|
|
88
|
-
async function grantDocumentPermission(service, args, grantedByAddress
|
|
88
|
+
async function grantDocumentPermission(service, authorizationService, args, grantedByAddress) {
|
|
89
89
|
if (!grantedByAddress) throw new GraphQLError("Authentication required");
|
|
90
|
-
if (!
|
|
91
|
-
if (!await service.canManageDocument(args.documentId, grantedByAddress)) throw new GraphQLError("Forbidden: You must be an admin of this document to grant permissions");
|
|
92
|
-
}
|
|
90
|
+
if (!await authorizationService.canManage(args.documentId, grantedByAddress)) throw new GraphQLError("Forbidden: You must be an admin of this document to grant permissions");
|
|
93
91
|
return service.grantPermission(args.documentId, args.userAddress, args.permission, grantedByAddress);
|
|
94
92
|
}
|
|
95
|
-
async function revokeDocumentPermission(service, args, revokedByAddress
|
|
93
|
+
async function revokeDocumentPermission(service, authorizationService, args, revokedByAddress) {
|
|
96
94
|
if (!revokedByAddress) throw new GraphQLError("Authentication required");
|
|
97
|
-
if (!
|
|
98
|
-
if (!await service.canManageDocument(args.documentId, revokedByAddress)) throw new GraphQLError("Forbidden: You must be an admin of this document to revoke permissions");
|
|
99
|
-
}
|
|
95
|
+
if (!await authorizationService.canManage(args.documentId, revokedByAddress)) throw new GraphQLError("Forbidden: You must be an admin of this document to revoke permissions");
|
|
100
96
|
await service.revokePermission(args.documentId, args.userAddress);
|
|
101
97
|
return true;
|
|
102
98
|
}
|
|
@@ -127,18 +123,14 @@ async function removeUserFromGroup(service, args) {
|
|
|
127
123
|
async function getGroupMembers(service, groupId) {
|
|
128
124
|
return service.getGroupMembers(groupId);
|
|
129
125
|
}
|
|
130
|
-
async function grantGroupPermission(service, args, grantedByAddress
|
|
126
|
+
async function grantGroupPermission(service, authorizationService, args, grantedByAddress) {
|
|
131
127
|
if (!grantedByAddress) throw new GraphQLError("Authentication required");
|
|
132
|
-
if (!
|
|
133
|
-
if (!await service.canManageDocument(args.documentId, grantedByAddress)) throw new GraphQLError("Forbidden: You must be an admin of this document to grant permissions");
|
|
134
|
-
}
|
|
128
|
+
if (!await authorizationService.canManage(args.documentId, grantedByAddress)) throw new GraphQLError("Forbidden: You must be an admin of this document to grant permissions");
|
|
135
129
|
return service.grantGroupPermission(args.documentId, args.groupId, args.permission, grantedByAddress);
|
|
136
130
|
}
|
|
137
|
-
async function revokeGroupPermission(service, args, revokedByAddress
|
|
131
|
+
async function revokeGroupPermission(service, authorizationService, args, revokedByAddress) {
|
|
138
132
|
if (!revokedByAddress) throw new GraphQLError("Authentication required");
|
|
139
|
-
if (!
|
|
140
|
-
if (!await service.canManageDocument(args.documentId, revokedByAddress)) throw new GraphQLError("Forbidden: You must be an admin of this document to revoke permissions");
|
|
141
|
-
}
|
|
133
|
+
if (!await authorizationService.canManage(args.documentId, revokedByAddress)) throw new GraphQLError("Forbidden: You must be an admin of this document to revoke permissions");
|
|
142
134
|
await service.revokeGroupPermission(args.documentId, args.groupId);
|
|
143
135
|
return true;
|
|
144
136
|
}
|
|
@@ -155,56 +147,40 @@ async function operationPermissions(service, args) {
|
|
|
155
147
|
async function canExecuteOperation(service, args, userAddress) {
|
|
156
148
|
return service.canExecuteOperation(args.documentId, args.operationType, userAddress);
|
|
157
149
|
}
|
|
158
|
-
async function grantOperationPermission(service, args, grantedByAddress
|
|
150
|
+
async function grantOperationPermission(service, authorizationService, args, grantedByAddress) {
|
|
159
151
|
if (!grantedByAddress) throw new GraphQLError("Authentication required");
|
|
160
|
-
if (!
|
|
161
|
-
if (!await service.canManageDocument(args.documentId, grantedByAddress)) throw new GraphQLError("Forbidden: You must be an admin of this document to grant operation permissions");
|
|
162
|
-
}
|
|
152
|
+
if (!await authorizationService.canManage(args.documentId, grantedByAddress)) throw new GraphQLError("Forbidden: You must be an admin of this document to grant operation permissions");
|
|
163
153
|
return service.grantOperationPermission(args.documentId, args.operationType, args.userAddress, grantedByAddress);
|
|
164
154
|
}
|
|
165
|
-
async function revokeOperationPermission(service, args, revokedByAddress
|
|
155
|
+
async function revokeOperationPermission(service, authorizationService, args, revokedByAddress) {
|
|
166
156
|
if (!revokedByAddress) throw new GraphQLError("Authentication required");
|
|
167
|
-
if (!
|
|
168
|
-
if (!await service.canManageDocument(args.documentId, revokedByAddress)) throw new GraphQLError("Forbidden: You must be an admin of this document to revoke operation permissions");
|
|
169
|
-
}
|
|
157
|
+
if (!await authorizationService.canManage(args.documentId, revokedByAddress)) throw new GraphQLError("Forbidden: You must be an admin of this document to revoke operation permissions");
|
|
170
158
|
await service.revokeOperationPermission(args.documentId, args.operationType, args.userAddress);
|
|
171
159
|
return true;
|
|
172
160
|
}
|
|
173
|
-
async function grantGroupOperationPermission(service, args, grantedByAddress
|
|
161
|
+
async function grantGroupOperationPermission(service, authorizationService, args, grantedByAddress) {
|
|
174
162
|
if (!grantedByAddress) throw new GraphQLError("Authentication required");
|
|
175
|
-
if (!
|
|
176
|
-
if (!await service.canManageDocument(args.documentId, grantedByAddress)) throw new GraphQLError("Forbidden: You must be an admin of this document to grant operation permissions");
|
|
177
|
-
}
|
|
163
|
+
if (!await authorizationService.canManage(args.documentId, grantedByAddress)) throw new GraphQLError("Forbidden: You must be an admin of this document to grant operation permissions");
|
|
178
164
|
return service.grantGroupOperationPermission(args.documentId, args.operationType, args.groupId, grantedByAddress);
|
|
179
165
|
}
|
|
180
|
-
async function revokeGroupOperationPermission(service, args, revokedByAddress
|
|
166
|
+
async function revokeGroupOperationPermission(service, authorizationService, args, revokedByAddress) {
|
|
181
167
|
if (!revokedByAddress) throw new GraphQLError("Authentication required");
|
|
182
|
-
if (!
|
|
183
|
-
if (!await service.canManageDocument(args.documentId, revokedByAddress)) throw new GraphQLError("Forbidden: You must be an admin of this document to revoke operation permissions");
|
|
184
|
-
}
|
|
168
|
+
if (!await authorizationService.canManage(args.documentId, revokedByAddress)) throw new GraphQLError("Forbidden: You must be an admin of this document to revoke operation permissions");
|
|
185
169
|
await service.revokeGroupOperationPermission(args.documentId, args.operationType, args.groupId);
|
|
186
170
|
return true;
|
|
187
171
|
}
|
|
188
172
|
async function documentProtection(service, args) {
|
|
189
173
|
return service.getDocumentProtection(args.documentId);
|
|
190
174
|
}
|
|
191
|
-
async function setDocumentProtection(service, authorizationService, args, userAddress
|
|
175
|
+
async function setDocumentProtection(service, authorizationService, args, userAddress) {
|
|
192
176
|
if (!userAddress) throw new GraphQLError("Authentication required");
|
|
193
|
-
if (!
|
|
194
|
-
if (authorizationService) {
|
|
195
|
-
if (!await authorizationService.canManage(args.documentId, userAddress)) throw new GraphQLError("Forbidden: You must be an admin of this document to change protection");
|
|
196
|
-
} else if (!await service.canManageDocument(args.documentId, userAddress)) throw new GraphQLError("Forbidden: You must be an admin of this document to change protection");
|
|
197
|
-
}
|
|
177
|
+
if (!await authorizationService.canManage(args.documentId, userAddress)) throw new GraphQLError("Forbidden: You must be an admin of this document to change protection");
|
|
198
178
|
await service.setDocumentProtection(args.documentId, args.protected);
|
|
199
179
|
return service.getDocumentProtection(args.documentId);
|
|
200
180
|
}
|
|
201
|
-
async function transferDocumentOwnership(service, authorizationService, args, userAddress
|
|
181
|
+
async function transferDocumentOwnership(service, authorizationService, args, userAddress) {
|
|
202
182
|
if (!userAddress) throw new GraphQLError("Authentication required");
|
|
203
|
-
if (!
|
|
204
|
-
if (authorizationService) {
|
|
205
|
-
if (!await authorizationService.canManage(args.documentId, userAddress)) throw new GraphQLError("Forbidden: You must be an admin of this document to transfer ownership");
|
|
206
|
-
} else if (!await service.canManageDocument(args.documentId, userAddress)) throw new GraphQLError("Forbidden: You must be an admin of this document to transfer ownership");
|
|
207
|
-
}
|
|
183
|
+
if (!await authorizationService.canManage(args.documentId, userAddress)) throw new GraphQLError("Forbidden: You must be an admin of this document to transfer ownership");
|
|
208
184
|
const previousOwner = await service.getDocumentOwner(args.documentId);
|
|
209
185
|
if (previousOwner) await service.revokePermission(args.documentId, previousOwner);
|
|
210
186
|
await service.setDocumentOwner(args.documentId, args.newOwnerAddress);
|
|
@@ -322,8 +298,7 @@ var AuthSubgraph = class extends BaseSubgraph {
|
|
|
322
298
|
this.logger.debug("setDocumentProtection(@args)", args);
|
|
323
299
|
if (!this.documentPermissionService) throw new GraphQLError("DocumentPermissionService not available");
|
|
324
300
|
try {
|
|
325
|
-
|
|
326
|
-
return await setDocumentProtection(this.documentPermissionService, this.authorizationService, args, ctx.user?.address, isGlobalAdmin);
|
|
301
|
+
return await setDocumentProtection(this.documentPermissionService, this.authorizationService, args, ctx.user?.address);
|
|
327
302
|
} catch (error) {
|
|
328
303
|
this.logger.error("Error in setDocumentProtection: @error", error);
|
|
329
304
|
throw error;
|
|
@@ -333,8 +308,7 @@ var AuthSubgraph = class extends BaseSubgraph {
|
|
|
333
308
|
this.logger.debug("transferDocumentOwnership(@args)", args);
|
|
334
309
|
if (!this.documentPermissionService) throw new GraphQLError("DocumentPermissionService not available");
|
|
335
310
|
try {
|
|
336
|
-
|
|
337
|
-
return await transferDocumentOwnership(this.documentPermissionService, this.authorizationService, args, ctx.user?.address, isGlobalAdmin);
|
|
311
|
+
return await transferDocumentOwnership(this.documentPermissionService, this.authorizationService, args, ctx.user?.address);
|
|
338
312
|
} catch (error) {
|
|
339
313
|
this.logger.error("Error in transferDocumentOwnership: @error", error);
|
|
340
314
|
throw error;
|
|
@@ -344,8 +318,7 @@ var AuthSubgraph = class extends BaseSubgraph {
|
|
|
344
318
|
this.logger.debug("grantDocumentPermission(@args)", args);
|
|
345
319
|
if (!this.documentPermissionService) throw new GraphQLError("DocumentPermissionService not available");
|
|
346
320
|
try {
|
|
347
|
-
|
|
348
|
-
return await grantDocumentPermission(this.documentPermissionService, args, ctx.user?.address, isGlobalAdmin);
|
|
321
|
+
return await grantDocumentPermission(this.documentPermissionService, this.authorizationService, args, ctx.user?.address);
|
|
349
322
|
} catch (error) {
|
|
350
323
|
this.logger.error("Error in grantDocumentPermission: @error", error);
|
|
351
324
|
throw error;
|
|
@@ -355,8 +328,7 @@ var AuthSubgraph = class extends BaseSubgraph {
|
|
|
355
328
|
this.logger.debug("revokeDocumentPermission(@args)", args);
|
|
356
329
|
if (!this.documentPermissionService) throw new GraphQLError("DocumentPermissionService not available");
|
|
357
330
|
try {
|
|
358
|
-
|
|
359
|
-
return await revokeDocumentPermission(this.documentPermissionService, args, ctx.user?.address, isGlobalAdmin);
|
|
331
|
+
return await revokeDocumentPermission(this.documentPermissionService, this.authorizationService, args, ctx.user?.address);
|
|
360
332
|
} catch (error) {
|
|
361
333
|
this.logger.error("Error in revokeDocumentPermission: @error", error);
|
|
362
334
|
throw error;
|
|
@@ -406,8 +378,7 @@ var AuthSubgraph = class extends BaseSubgraph {
|
|
|
406
378
|
this.logger.debug("grantGroupPermission(@args)", args);
|
|
407
379
|
if (!this.documentPermissionService) throw new GraphQLError("DocumentPermissionService not available");
|
|
408
380
|
try {
|
|
409
|
-
|
|
410
|
-
return await grantGroupPermission(this.documentPermissionService, args, ctx.user?.address, isGlobalAdmin);
|
|
381
|
+
return await grantGroupPermission(this.documentPermissionService, this.authorizationService, args, ctx.user?.address);
|
|
411
382
|
} catch (error) {
|
|
412
383
|
this.logger.error("Error in grantGroupPermission: @error", error);
|
|
413
384
|
throw error;
|
|
@@ -417,8 +388,7 @@ var AuthSubgraph = class extends BaseSubgraph {
|
|
|
417
388
|
this.logger.debug("revokeGroupPermission(@args)", args);
|
|
418
389
|
if (!this.documentPermissionService) throw new GraphQLError("DocumentPermissionService not available");
|
|
419
390
|
try {
|
|
420
|
-
|
|
421
|
-
return await revokeGroupPermission(this.documentPermissionService, args, ctx.user?.address, isGlobalAdmin);
|
|
391
|
+
return await revokeGroupPermission(this.documentPermissionService, this.authorizationService, args, ctx.user?.address);
|
|
422
392
|
} catch (error) {
|
|
423
393
|
this.logger.error("Error in revokeGroupPermission: @error", error);
|
|
424
394
|
throw error;
|
|
@@ -428,8 +398,7 @@ var AuthSubgraph = class extends BaseSubgraph {
|
|
|
428
398
|
this.logger.debug("grantOperationPermission(@args)", args);
|
|
429
399
|
if (!this.documentPermissionService) throw new GraphQLError("DocumentPermissionService not available");
|
|
430
400
|
try {
|
|
431
|
-
|
|
432
|
-
return await grantOperationPermission(this.documentPermissionService, args, ctx.user?.address, isGlobalAdmin);
|
|
401
|
+
return await grantOperationPermission(this.documentPermissionService, this.authorizationService, args, ctx.user?.address);
|
|
433
402
|
} catch (error) {
|
|
434
403
|
this.logger.error("Error in grantOperationPermission: @error", error);
|
|
435
404
|
throw error;
|
|
@@ -439,8 +408,7 @@ var AuthSubgraph = class extends BaseSubgraph {
|
|
|
439
408
|
this.logger.debug("revokeOperationPermission(@args)", args);
|
|
440
409
|
if (!this.documentPermissionService) throw new GraphQLError("DocumentPermissionService not available");
|
|
441
410
|
try {
|
|
442
|
-
|
|
443
|
-
return await revokeOperationPermission(this.documentPermissionService, args, ctx.user?.address, isGlobalAdmin);
|
|
411
|
+
return await revokeOperationPermission(this.documentPermissionService, this.authorizationService, args, ctx.user?.address);
|
|
444
412
|
} catch (error) {
|
|
445
413
|
this.logger.error("Error in revokeOperationPermission: @error", error);
|
|
446
414
|
throw error;
|
|
@@ -450,8 +418,7 @@ var AuthSubgraph = class extends BaseSubgraph {
|
|
|
450
418
|
this.logger.debug("grantGroupOperationPermission(@args)", args);
|
|
451
419
|
if (!this.documentPermissionService) throw new GraphQLError("DocumentPermissionService not available");
|
|
452
420
|
try {
|
|
453
|
-
|
|
454
|
-
return await grantGroupOperationPermission(this.documentPermissionService, args, ctx.user?.address, isGlobalAdmin);
|
|
421
|
+
return await grantGroupOperationPermission(this.documentPermissionService, this.authorizationService, args, ctx.user?.address);
|
|
455
422
|
} catch (error) {
|
|
456
423
|
this.logger.error("Error in grantGroupOperationPermission: @error", error);
|
|
457
424
|
throw error;
|
|
@@ -461,8 +428,7 @@ var AuthSubgraph = class extends BaseSubgraph {
|
|
|
461
428
|
this.logger.debug("revokeGroupOperationPermission(@args)", args);
|
|
462
429
|
if (!this.documentPermissionService) throw new GraphQLError("DocumentPermissionService not available");
|
|
463
430
|
try {
|
|
464
|
-
|
|
465
|
-
return await revokeGroupOperationPermission(this.documentPermissionService, args, ctx.user?.address, isGlobalAdmin);
|
|
431
|
+
return await revokeGroupOperationPermission(this.documentPermissionService, this.authorizationService, args, ctx.user?.address);
|
|
466
432
|
} catch (error) {
|
|
467
433
|
this.logger.error("Error in revokeGroupOperationPermission: @error", error);
|
|
468
434
|
throw error;
|
|
@@ -624,24 +590,6 @@ var AuthService = class {
|
|
|
624
590
|
}
|
|
625
591
|
}
|
|
626
592
|
/**
|
|
627
|
-
* Get additional context fields for GraphQL
|
|
628
|
-
*/
|
|
629
|
-
getAdditionalContextFields() {
|
|
630
|
-
if (!this.config.enabled) return { isAdmin: () => true };
|
|
631
|
-
return { isAdmin: (address) => this.config.enabled && this.config.admins?.includes(address.toLowerCase()) };
|
|
632
|
-
}
|
|
633
|
-
/**
|
|
634
|
-
* Get user context for GraphQL
|
|
635
|
-
*/
|
|
636
|
-
getUserContext(user) {
|
|
637
|
-
if (!user) return {};
|
|
638
|
-
return { user: {
|
|
639
|
-
address: user.address.toLowerCase(),
|
|
640
|
-
chainId: user.chainId,
|
|
641
|
-
networkId: user.networkId
|
|
642
|
-
} };
|
|
643
|
-
}
|
|
644
|
-
/**
|
|
645
593
|
* Verify that the credential still exists on the Renown API
|
|
646
594
|
*/
|
|
647
595
|
async verifyCredentialExists(address, chainId, appId) {
|
|
@@ -1246,7 +1194,6 @@ function ActionContextInputSchema() {
|
|
|
1246
1194
|
}
|
|
1247
1195
|
function ActionInputSchema() {
|
|
1248
1196
|
return z$1.object({
|
|
1249
|
-
attachments: z$1.array(z$1.lazy(() => AttachmentInputSchema())).nullish(),
|
|
1250
1197
|
context: z$1.lazy(() => ActionContextInputSchema().nullish()),
|
|
1251
1198
|
id: z$1.string(),
|
|
1252
1199
|
input: z$1.custom((v) => v != null),
|
|
@@ -1255,15 +1202,6 @@ function ActionInputSchema() {
|
|
|
1255
1202
|
type: z$1.string()
|
|
1256
1203
|
});
|
|
1257
1204
|
}
|
|
1258
|
-
function AttachmentInputSchema() {
|
|
1259
|
-
return z$1.object({
|
|
1260
|
-
data: z$1.string(),
|
|
1261
|
-
extension: z$1.string().nullish(),
|
|
1262
|
-
fileName: z$1.string().nullish(),
|
|
1263
|
-
hash: z$1.string(),
|
|
1264
|
-
mimeType: z$1.string()
|
|
1265
|
-
});
|
|
1266
|
-
}
|
|
1267
1205
|
function ChannelMetaInputSchema() {
|
|
1268
1206
|
return z$1.object({ id: z$1.string() });
|
|
1269
1207
|
}
|
|
@@ -1454,13 +1392,6 @@ const GetDocumentWithOperationsDocument = gql`
|
|
|
1454
1392
|
timestampUtcMs
|
|
1455
1393
|
input
|
|
1456
1394
|
scope
|
|
1457
|
-
attachments {
|
|
1458
|
-
data
|
|
1459
|
-
mimeType
|
|
1460
|
-
hash
|
|
1461
|
-
extension
|
|
1462
|
-
fileName
|
|
1463
|
-
}
|
|
1464
1395
|
context {
|
|
1465
1396
|
signer {
|
|
1466
1397
|
user {
|
|
@@ -1573,13 +1504,6 @@ const GetDocumentOperationsDocument = gql`
|
|
|
1573
1504
|
timestampUtcMs
|
|
1574
1505
|
input
|
|
1575
1506
|
scope
|
|
1576
|
-
attachments {
|
|
1577
|
-
data
|
|
1578
|
-
mimeType
|
|
1579
|
-
hash
|
|
1580
|
-
extension
|
|
1581
|
-
fileName
|
|
1582
|
-
}
|
|
1583
1507
|
context {
|
|
1584
1508
|
signer {
|
|
1585
1509
|
user {
|
|
@@ -1830,13 +1754,6 @@ const PollSyncEnvelopesDocument = gql`
|
|
|
1830
1754
|
timestampUtcMs
|
|
1831
1755
|
input
|
|
1832
1756
|
scope
|
|
1833
|
-
attachments {
|
|
1834
|
-
data
|
|
1835
|
-
mimeType
|
|
1836
|
-
hash
|
|
1837
|
-
extension
|
|
1838
|
-
fileName
|
|
1839
|
-
}
|
|
1840
1757
|
context {
|
|
1841
1758
|
signer {
|
|
1842
1759
|
user {
|
|
@@ -2878,7 +2795,7 @@ var DocumentModelSubgraph = class extends BaseSubgraph {
|
|
|
2878
2795
|
search: { type: documentType },
|
|
2879
2796
|
paging
|
|
2880
2797
|
});
|
|
2881
|
-
if (!this.
|
|
2798
|
+
if (!this.authorizationService.isSupremeAdmin(ctx.user?.address)) {
|
|
2882
2799
|
const filteredItems = [];
|
|
2883
2800
|
for (const item of result.items) if (await this.canReadDocument(item.id, ctx)) filteredItems.push(item);
|
|
2884
2801
|
return {
|
|
@@ -2899,7 +2816,7 @@ var DocumentModelSubgraph = class extends BaseSubgraph {
|
|
|
2899
2816
|
view,
|
|
2900
2817
|
paging
|
|
2901
2818
|
});
|
|
2902
|
-
if (!this.
|
|
2819
|
+
if (!this.authorizationService.isSupremeAdmin(ctx.user?.address)) {
|
|
2903
2820
|
const filteredItems = [];
|
|
2904
2821
|
for (const item of result.items) if (await this.canReadDocument(item.id, ctx)) filteredItems.push(item);
|
|
2905
2822
|
return {
|
|
@@ -2942,9 +2859,7 @@ var DocumentModelSubgraph = class extends BaseSubgraph {
|
|
|
2942
2859
|
createDocument: async (_, args, ctx) => {
|
|
2943
2860
|
const { parentIdentifier, name, slug, preferredEditor, initialState } = args;
|
|
2944
2861
|
if (parentIdentifier) await this.assertCanWrite(parentIdentifier, ctx);
|
|
2945
|
-
else
|
|
2946
|
-
if (!ctx.user?.address) throw new GraphQLError("Forbidden: authentication required to create documents");
|
|
2947
|
-
} else if (!this.hasGlobalAdminAccess(ctx)) throw new GraphQLError("Forbidden: insufficient permissions to create documents");
|
|
2862
|
+
else this.assertCanCreate(ctx);
|
|
2948
2863
|
let createdDoc;
|
|
2949
2864
|
if (initialState || preferredEditor) createdDoc = await createDocumentWithInitialState(this.reactorClient, {
|
|
2950
2865
|
documentType,
|
|
@@ -2959,27 +2874,24 @@ var DocumentModelSubgraph = class extends BaseSubgraph {
|
|
|
2959
2874
|
parentIdentifier,
|
|
2960
2875
|
name
|
|
2961
2876
|
}, this.graphqlManager.reactorDriveClient);
|
|
2962
|
-
if (
|
|
2877
|
+
if (ctx.user?.address && createdDoc?.id) await this.documentPermissionService?.initializeDocumentProtection(createdDoc.id, ctx.user.address, this.authorizationService.config.defaultProtection);
|
|
2963
2878
|
if (!initialState && !preferredEditor && name && createdDoc.name !== name) return toGqlPhDocument(await this.reactorClient.execute(createdDoc.id, "main", [setName(name)]));
|
|
2964
2879
|
return createdDoc;
|
|
2965
2880
|
},
|
|
2966
2881
|
createEmptyDocument: async (_, args, ctx) => {
|
|
2967
2882
|
const { parentIdentifier } = args;
|
|
2968
2883
|
if (parentIdentifier) await this.assertCanWrite(parentIdentifier, ctx);
|
|
2969
|
-
else
|
|
2970
|
-
if (!ctx.user?.address) throw new GraphQLError("Forbidden: authentication required to create documents");
|
|
2971
|
-
} else if (!this.hasGlobalAdminAccess(ctx)) throw new GraphQLError("Forbidden: insufficient permissions to create documents");
|
|
2884
|
+
else this.assertCanCreate(ctx);
|
|
2972
2885
|
const result = await createEmptyDocument(this.reactorClient, {
|
|
2973
2886
|
documentType,
|
|
2974
2887
|
parentIdentifier
|
|
2975
2888
|
}, this.graphqlManager.reactorDriveClient);
|
|
2976
|
-
if (
|
|
2889
|
+
if (ctx.user?.address && result?.id) await this.documentPermissionService?.initializeDocumentProtection(result.id, ctx.user.address, this.authorizationService.config.defaultProtection);
|
|
2977
2890
|
return result;
|
|
2978
2891
|
},
|
|
2979
2892
|
...operations.reduce((mutations, op) => {
|
|
2980
2893
|
mutations[camelCase(op.name)] = async (_, args, ctx) => {
|
|
2981
2894
|
const { docId, input } = args;
|
|
2982
|
-
if (!this.authorizationService) await this.assertCanWrite(docId, ctx);
|
|
2983
2895
|
await this.assertCanExecuteOperation(docId, op.name, ctx);
|
|
2984
2896
|
if ((await this.reactorClient.get(docId)).header.documentType !== documentType) throw new GraphQLError(`Document with id ${docId} is not of type ${documentType}`);
|
|
2985
2897
|
const action = this.documentModel.actions[camelCase(op.name)];
|
|
@@ -2992,7 +2904,6 @@ var DocumentModelSubgraph = class extends BaseSubgraph {
|
|
|
2992
2904
|
};
|
|
2993
2905
|
mutations[`${camelCase(op.name)}Async`] = async (_, args, ctx) => {
|
|
2994
2906
|
const { docId, input } = args;
|
|
2995
|
-
if (!this.authorizationService) await this.assertCanWrite(docId, ctx);
|
|
2996
2907
|
await this.assertCanExecuteOperation(docId, op.name, ctx);
|
|
2997
2908
|
if ((await this.reactorClient.get(docId)).header.documentType !== documentType) throw new GraphQLError(`Document with id ${docId} is not of type ${documentType}`);
|
|
2998
2909
|
const action = this.documentModel.actions[camelCase(op.name)];
|
|
@@ -3191,6 +3102,7 @@ var GraphQLManager = class {
|
|
|
3191
3102
|
* it for reactor-drive parents.
|
|
3192
3103
|
*/
|
|
3193
3104
|
reactorDriveClient;
|
|
3105
|
+
authorizationService;
|
|
3194
3106
|
constructor(path, httpServer, wsServer, reactorClient, relationalDb, analyticsStore, syncManager, logger, httpAdapter, gatewayAdapter, authConfig, documentPermissionService, featureFlags = DefaultFeatureFlags, port = 4001, authorizationService, reactorDriveClient) {
|
|
3195
3107
|
this.path = path;
|
|
3196
3108
|
this.httpServer = httpServer;
|
|
@@ -3206,6 +3118,7 @@ var GraphQLManager = class {
|
|
|
3206
3118
|
this.documentPermissionService = documentPermissionService;
|
|
3207
3119
|
this.featureFlags = featureFlags;
|
|
3208
3120
|
this.port = port;
|
|
3121
|
+
if (!authorizationService) throw new Error("GraphQLManager requires an authorizationService");
|
|
3209
3122
|
this.authorizationService = authorizationService;
|
|
3210
3123
|
this.reactorDriveClient = reactorDriveClient;
|
|
3211
3124
|
if (this.authConfig) this.authService = new AuthService(this.authConfig);
|
|
@@ -3328,6 +3241,14 @@ var GraphQLManager = class {
|
|
|
3328
3241
|
getBasePath() {
|
|
3329
3242
|
return this.path;
|
|
3330
3243
|
}
|
|
3244
|
+
/**
|
|
3245
|
+
* Get the authorization service shared with subgraphs. Use this when
|
|
3246
|
+
* constructing a subgraph instance externally for
|
|
3247
|
+
* {@link registerSubgraphInstance}.
|
|
3248
|
+
*/
|
|
3249
|
+
getAuthorizationService() {
|
|
3250
|
+
return this.authorizationService;
|
|
3251
|
+
}
|
|
3331
3252
|
async registerSubgraph(subgraph, supergraph = "", core = false) {
|
|
3332
3253
|
const subgraphInstance = new subgraph({
|
|
3333
3254
|
relationalDb: this.relationalDb,
|
|
@@ -3387,8 +3308,7 @@ var GraphQLManager = class {
|
|
|
3387
3308
|
db: this.relationalDb,
|
|
3388
3309
|
...this.getAdditionalContextFields(),
|
|
3389
3310
|
driveId,
|
|
3390
|
-
user: authCtx?.user
|
|
3391
|
-
isAdmin: authCtx ? (addr) => !authCtx.auth_enabled ? true : authCtx.admins.includes(addr.toLowerCase()) : () => true
|
|
3311
|
+
user: authCtx?.user
|
|
3392
3312
|
});
|
|
3393
3313
|
};
|
|
3394
3314
|
}
|
|
@@ -3532,8 +3452,8 @@ var GraphQLManager = class {
|
|
|
3532
3452
|
};
|
|
3533
3453
|
//#endregion
|
|
3534
3454
|
//#region src/graphql/packages/resolvers.ts
|
|
3535
|
-
function requireAdmin(ctx) {
|
|
3536
|
-
if (!
|
|
3455
|
+
function requireAdmin(authorizationService, ctx) {
|
|
3456
|
+
if (!authorizationService.isSupremeAdmin(ctx.user?.address)) throw new GraphQLError("Admin access required");
|
|
3537
3457
|
}
|
|
3538
3458
|
function formatPackageInfo(info) {
|
|
3539
3459
|
return {
|
|
@@ -3551,16 +3471,16 @@ async function installedPackage(service, args) {
|
|
|
3551
3471
|
const pkg = await service.getInstalledPackage(args.name);
|
|
3552
3472
|
return pkg ? formatPackageInfo(pkg) : null;
|
|
3553
3473
|
}
|
|
3554
|
-
async function installPackage(service, args, ctx) {
|
|
3555
|
-
requireAdmin(ctx);
|
|
3474
|
+
async function installPackage(service, authorizationService, args, ctx) {
|
|
3475
|
+
requireAdmin(authorizationService, ctx);
|
|
3556
3476
|
const result = await service.installPackage(args.name, args.registryUrl ?? void 0);
|
|
3557
3477
|
return {
|
|
3558
3478
|
package: formatPackageInfo(result.package),
|
|
3559
3479
|
documentModelsLoaded: result.documentModelsLoaded
|
|
3560
3480
|
};
|
|
3561
3481
|
}
|
|
3562
|
-
async function uninstallPackage(service, args, ctx) {
|
|
3563
|
-
requireAdmin(ctx);
|
|
3482
|
+
async function uninstallPackage(service, authorizationService, args, ctx) {
|
|
3483
|
+
requireAdmin(authorizationService, ctx);
|
|
3564
3484
|
return service.uninstallPackage(args.name);
|
|
3565
3485
|
}
|
|
3566
3486
|
//#endregion
|
|
@@ -3606,7 +3526,7 @@ var PackagesSubgraph = class extends BaseSubgraph {
|
|
|
3606
3526
|
installPackage: async (_parent, args, ctx) => {
|
|
3607
3527
|
this.logger.debug("installPackage(@args)", args);
|
|
3608
3528
|
try {
|
|
3609
|
-
return await installPackage(this.packageManagementService, args, ctx);
|
|
3529
|
+
return await installPackage(this.packageManagementService, this.authorizationService, args, ctx);
|
|
3610
3530
|
} catch (error) {
|
|
3611
3531
|
this.logger.error("Error in installPackage: @error", error);
|
|
3612
3532
|
throw error;
|
|
@@ -3615,7 +3535,7 @@ var PackagesSubgraph = class extends BaseSubgraph {
|
|
|
3615
3535
|
uninstallPackage: async (_parent, args, ctx) => {
|
|
3616
3536
|
this.logger.debug("uninstallPackage(@args)", args);
|
|
3617
3537
|
try {
|
|
3618
|
-
return await uninstallPackage(this.packageManagementService, args, ctx);
|
|
3538
|
+
return await uninstallPackage(this.packageManagementService, this.authorizationService, args, ctx);
|
|
3619
3539
|
} catch (error) {
|
|
3620
3540
|
this.logger.error("Error in uninstallPackage: @error", error);
|
|
3621
3541
|
throw error;
|
|
@@ -3801,20 +3721,12 @@ const ActionSignerDTO = z.object({
|
|
|
3801
3721
|
app: ActionSignerAppDTO.nullable().optional()
|
|
3802
3722
|
}).strip();
|
|
3803
3723
|
const ActionContextDTO = z.object({ signer: ActionSignerDTO.nullable().optional() }).strip();
|
|
3804
|
-
const AttachmentDTO = z.object({
|
|
3805
|
-
data: z.string(),
|
|
3806
|
-
mimeType: z.string(),
|
|
3807
|
-
hash: z.string(),
|
|
3808
|
-
extension: z.string().nullable().optional(),
|
|
3809
|
-
fileName: z.string().nullable().optional()
|
|
3810
|
-
}).strip();
|
|
3811
3724
|
const OperationActionDTO = z.object({
|
|
3812
3725
|
id: z.string(),
|
|
3813
3726
|
type: z.string(),
|
|
3814
3727
|
timestampUtcMs: z.string(),
|
|
3815
3728
|
input: z.unknown(),
|
|
3816
3729
|
scope: z.string(),
|
|
3817
|
-
attachments: z.array(AttachmentDTO).nullable().optional(),
|
|
3818
3730
|
context: ActionContextDTO.nullable().optional()
|
|
3819
3731
|
}).strip();
|
|
3820
3732
|
const OperationDTO = z.object({
|
|
@@ -3941,7 +3853,7 @@ function createReactorGraphQLClient(url, fetchImpl = fetch, headers) {
|
|
|
3941
3853
|
}
|
|
3942
3854
|
//#endregion
|
|
3943
3855
|
//#region src/graphql/reactor/schema.graphql
|
|
3944
|
-
var schema_default = "# Scalar types (for codegen - also defined in create-schema.ts)\nscalar JSONObject\nscalar DateTime\n\n# Input types\ninput PagingInput {\n limit: Int\n offset: Int\n cursor: String\n}\n\ninput ViewFilterInput {\n branch: String\n scopes: [String!]\n}\n\ninput SearchFilterInput {\n type: String\n parentId: String\n identifiers: [String!]\n}\n\ninput OperationsFilterInput {\n documentId: String!\n branch: String\n scopes: [String!]\n actionTypes: [String!]\n sinceRevision: Int\n timestampFrom: String\n timestampTo: String\n}\n\ninput DocumentOperationsFilterInput {\n branch: String\n scopes: [String!]\n actionTypes: [String!]\n sinceRevision: Int\n timestampFrom: String\n timestampTo: String\n}\n\n# Enums\nenum PropagationMode {\n CASCADE\n ORPHAN\n}\n\nenum DocumentChangeType {\n CREATED\n DELETED\n UPDATED\n PARENT_ADDED\n PARENT_REMOVED\n CHILD_ADDED\n CHILD_REMOVED\n}\n\n# Object types\ntype DocumentModelGlobalState {\n id: String!\n name: String!\n namespace: String\n version: String\n specification: JSONObject!\n}\n\ntype DocumentModelResultPage {\n items: [DocumentModelGlobalState!]!\n totalCount: Int!\n hasNextPage: Boolean!\n hasPreviousPage: Boolean!\n cursor: String\n}\n\ntype Revision {\n scope: String!\n revision: Int!\n}\n\ntype PHDocument {\n id: String!\n slug: String\n preferredEditor: String\n name: String!\n documentType: String!\n state: JSONObject!\n revisionsList: [Revision!]!\n createdAtUtcIso: DateTime!\n lastModifiedAtUtcIso: DateTime!\n operations(\n filter: DocumentOperationsFilterInput\n paging: PagingInput\n ): ReactorOperationResultPage\n}\n\ntype PHDocumentResultPage {\n items: [PHDocument!]!\n totalCount: Int!\n hasNextPage: Boolean!\n hasPreviousPage: Boolean!\n cursor: String\n}\n\ntype ReactorOperationResultPage {\n items: [ReactorOperation!]!\n totalCount: Int!\n hasNextPage: Boolean!\n hasPreviousPage: Boolean!\n cursor: String\n}\n\ntype DeadLetterInfo {\n documentId: String!\n error: String!\n jobId: String!\n branch: String!\n scopes: [String!]!\n operationCount: Int!\n}\n\ntype PollSyncEnvelopesResult {\n envelopes: [SyncEnvelope!]!\n ackOrdinal: Int!\n deadLetters: [DeadLetterInfo!]!\n hasMore: Boolean!\n}\n\ntype DocumentWithChildren {\n document: PHDocument!\n childIds: [String!]!\n}\n\ntype MoveRelationshipResult {\n source: PHDocument!\n target: PHDocument!\n}\n\ntype JobInfo {\n id: String!\n status: String!\n result: JSONObject!\n error: String\n createdAt: DateTime!\n completedAt: DateTime\n}\n\ntype DocumentChangeEvent {\n type: DocumentChangeType!\n documents: [PHDocument!]!\n context: DocumentChangeContext\n}\n\ntype DocumentChangeContext {\n parentId: String\n childId: String\n}\n\ntype JobChangeEvent {\n jobId: String!\n status: String!\n result: JSONObject!\n error: String\n}\n\ntype ReactorSignerUser {\n address: String!\n networkId: String!\n chainId: Int!\n}\n\ntype ReactorSignerApp {\n name: String!\n key: String!\n}\n\ntype ReactorSigner {\n user: ReactorSignerUser\n app: ReactorSignerApp\n signatures: [String!]!\n}\n\ntype ActionContext {\n signer: ReactorSigner\n}\n\ntype Action {\n id: String!\n type: String!\n timestampUtcMs: String!\n input: JSONObject!\n scope: String!\n
|
|
3856
|
+
var schema_default = "# Scalar types (for codegen - also defined in create-schema.ts)\nscalar JSONObject\nscalar DateTime\n\n# Input types\ninput PagingInput {\n limit: Int\n offset: Int\n cursor: String\n}\n\ninput ViewFilterInput {\n branch: String\n scopes: [String!]\n}\n\ninput SearchFilterInput {\n type: String\n parentId: String\n identifiers: [String!]\n}\n\ninput OperationsFilterInput {\n documentId: String!\n branch: String\n scopes: [String!]\n actionTypes: [String!]\n sinceRevision: Int\n timestampFrom: String\n timestampTo: String\n}\n\ninput DocumentOperationsFilterInput {\n branch: String\n scopes: [String!]\n actionTypes: [String!]\n sinceRevision: Int\n timestampFrom: String\n timestampTo: String\n}\n\n# Enums\nenum PropagationMode {\n CASCADE\n ORPHAN\n}\n\nenum DocumentChangeType {\n CREATED\n DELETED\n UPDATED\n PARENT_ADDED\n PARENT_REMOVED\n CHILD_ADDED\n CHILD_REMOVED\n}\n\n# Object types\ntype DocumentModelGlobalState {\n id: String!\n name: String!\n namespace: String\n version: String\n specification: JSONObject!\n}\n\ntype DocumentModelResultPage {\n items: [DocumentModelGlobalState!]!\n totalCount: Int!\n hasNextPage: Boolean!\n hasPreviousPage: Boolean!\n cursor: String\n}\n\ntype Revision {\n scope: String!\n revision: Int!\n}\n\ntype PHDocument {\n id: String!\n slug: String\n preferredEditor: String\n name: String!\n documentType: String!\n state: JSONObject!\n revisionsList: [Revision!]!\n createdAtUtcIso: DateTime!\n lastModifiedAtUtcIso: DateTime!\n operations(\n filter: DocumentOperationsFilterInput\n paging: PagingInput\n ): ReactorOperationResultPage\n}\n\ntype PHDocumentResultPage {\n items: [PHDocument!]!\n totalCount: Int!\n hasNextPage: Boolean!\n hasPreviousPage: Boolean!\n cursor: String\n}\n\ntype ReactorOperationResultPage {\n items: [ReactorOperation!]!\n totalCount: Int!\n hasNextPage: Boolean!\n hasPreviousPage: Boolean!\n cursor: String\n}\n\ntype DeadLetterInfo {\n documentId: String!\n error: String!\n jobId: String!\n branch: String!\n scopes: [String!]!\n operationCount: Int!\n}\n\ntype PollSyncEnvelopesResult {\n envelopes: [SyncEnvelope!]!\n ackOrdinal: Int!\n deadLetters: [DeadLetterInfo!]!\n hasMore: Boolean!\n}\n\ntype DocumentWithChildren {\n document: PHDocument!\n childIds: [String!]!\n}\n\ntype MoveRelationshipResult {\n source: PHDocument!\n target: PHDocument!\n}\n\ntype JobInfo {\n id: String!\n status: String!\n result: JSONObject!\n error: String\n createdAt: DateTime!\n completedAt: DateTime\n}\n\ntype DocumentChangeEvent {\n type: DocumentChangeType!\n documents: [PHDocument!]!\n context: DocumentChangeContext\n}\n\ntype DocumentChangeContext {\n parentId: String\n childId: String\n}\n\ntype JobChangeEvent {\n jobId: String!\n status: String!\n result: JSONObject!\n error: String\n}\n\ntype ReactorSignerUser {\n address: String!\n networkId: String!\n chainId: Int!\n}\n\ntype ReactorSignerApp {\n name: String!\n key: String!\n}\n\ntype ReactorSigner {\n user: ReactorSignerUser\n app: ReactorSignerApp\n signatures: [String!]!\n}\n\ntype ActionContext {\n signer: ReactorSigner\n}\n\ntype Action {\n id: String!\n type: String!\n timestampUtcMs: String!\n input: JSONObject!\n scope: String!\n context: ActionContext\n}\n\n# Input types for sync operations\ninput ActionContextInput {\n signer: ReactorSignerInput\n}\n\ninput ReactorSignerInput {\n user: ReactorSignerUserInput\n app: ReactorSignerAppInput\n signatures: [String!]!\n}\n\ninput ReactorSignerUserInput {\n address: String!\n networkId: String!\n chainId: Int!\n}\n\ninput ReactorSignerAppInput {\n name: String!\n key: String!\n}\n\ninput ActionInput {\n id: String!\n type: String!\n timestampUtcMs: String!\n input: JSONObject!\n scope: String!\n context: ActionContextInput\n}\n\n# Synchronization types\ntype ReactorOperation {\n index: Int!\n timestampUtcMs: String!\n hash: String!\n skip: Int!\n error: String\n id: String\n action: Action!\n}\n\ninput OperationInput {\n index: Int!\n timestampUtcMs: String!\n hash: String!\n skip: Int!\n error: String\n id: String\n action: ActionInput!\n}\n\ntype OperationContext {\n documentId: String!\n documentType: String!\n scope: String!\n branch: String!\n ordinal: Int!\n}\n\ninput OperationContextInput {\n documentId: String!\n documentType: String!\n scope: String!\n branch: String!\n ordinal: Int!\n}\n\ntype OperationWithContext {\n operation: ReactorOperation!\n context: OperationContext!\n}\n\ninput OperationWithContextInput {\n operation: OperationInput!\n context: OperationContextInput!\n}\n\ntype ChannelMeta {\n id: String!\n}\n\ninput ChannelMetaInput {\n id: String!\n}\n\ntype RemoteCursor {\n remoteName: String!\n cursorOrdinal: Int!\n lastSyncedAtUtcMs: String\n}\n\ninput RemoteCursorInput {\n remoteName: String!\n cursorOrdinal: Int!\n lastSyncedAtUtcMs: String\n}\n\nenum SyncEnvelopeType {\n OPERATIONS\n ACK\n}\n\ntype SyncEnvelope {\n type: SyncEnvelopeType!\n channelMeta: ChannelMeta!\n operations: [OperationWithContext!]\n cursor: RemoteCursor\n key: String\n dependsOn: [String!]\n}\n\ninput SyncEnvelopeInput {\n type: SyncEnvelopeType!\n channelMeta: ChannelMetaInput!\n operations: [OperationWithContextInput!]\n cursor: RemoteCursorInput\n key: String\n dependsOn: [String!]\n}\n\ninput RemoteFilterInput {\n documentId: [String!]!\n scope: [String!]!\n branch: String!\n}\n\ninput TouchChannelInput {\n id: String!\n name: String!\n collectionId: String!\n filter: RemoteFilterInput!\n sinceTimestampUtcMs: String!\n}\n\ntype TouchChannelResult {\n success: Boolean!\n ackOrdinal: Int!\n}\n\ntype Query {\n # Get document models for a namespace\n documentModels(\n namespace: String\n paging: PagingInput\n ): DocumentModelResultPage!\n\n # Get a specific document by ID or slug\n document(identifier: String!, view: ViewFilterInput): DocumentWithChildren\n\n # Get outgoing relationships of a given type from a source document\n documentOutgoingRelationships(\n sourceIdentifier: String!\n relationshipType: String!\n view: ViewFilterInput\n paging: PagingInput\n ): PHDocumentResultPage!\n\n # Get incoming relationships of a given type to a target document\n documentIncomingRelationships(\n targetIdentifier: String!\n relationshipType: String!\n view: ViewFilterInput\n paging: PagingInput\n ): PHDocumentResultPage!\n\n # Find documents by search criteria\n findDocuments(\n search: SearchFilterInput\n view: ViewFilterInput\n paging: PagingInput\n ): PHDocumentResultPage!\n\n # Get job status\n jobStatus(jobId: String!): JobInfo\n\n # Get operations for a document with filtering and pagination\n documentOperations(\n filter: OperationsFilterInput!\n paging: PagingInput\n ): ReactorOperationResultPage!\n\n # Poll for sync envelopes from a channel\n pollSyncEnvelopes(\n channelId: String!\n outboxAck: Int!\n outboxLatest: Int!\n ): PollSyncEnvelopesResult!\n}\n\ntype Mutation {\n # Create a new document\n createDocument(document: JSONObject!, parentIdentifier: String): PHDocument!\n\n # Create an empty document of specified type\n createEmptyDocument(\n documentType: String!\n parentIdentifier: String\n ): PHDocument!\n\n # Apply actions to a document (synchronous)\n mutateDocument(\n documentIdentifier: String!\n actions: [JSONObject!]!\n view: ViewFilterInput\n ): PHDocument!\n\n # Submit actions to a document (asynchronous)\n mutateDocumentAsync(\n documentIdentifier: String!\n actions: [JSONObject!]!\n view: ViewFilterInput\n ): String!\n\n # Rename a document\n renameDocument(\n documentIdentifier: String!\n name: String!\n branch: String\n ): PHDocument!\n\n # Update the preferred editor recorded in the document header meta.\n # Pass null/omit to clear it.\n setPreferredEditor(\n documentIdentifier: String!\n preferredEditor: String\n branch: String\n ): PHDocument!\n\n # Add a relationship between two documents\n addRelationship(\n sourceIdentifier: String!\n targetIdentifier: String!\n relationshipType: String!\n branch: String\n ): PHDocument!\n\n # Remove a relationship between two documents\n removeRelationship(\n sourceIdentifier: String!\n targetIdentifier: String!\n relationshipType: String!\n branch: String\n ): PHDocument!\n\n # Move a relationship from one source to another\n moveRelationship(\n sourceParentIdentifier: String!\n targetParentIdentifier: String!\n targetIdentifier: String!\n relationshipType: String!\n branch: String\n ): MoveRelationshipResult!\n\n # Delete a single document\n deleteDocument(identifier: String!, propagate: PropagationMode): Boolean!\n\n # Delete multiple documents\n deleteDocuments(identifiers: [String!]!, propagate: PropagationMode): Boolean!\n\n # Touch (create or update) a channel for sync\n touchChannel(input: TouchChannelInput!): TouchChannelResult!\n\n # Push sync envelopes to a channel\n pushSyncEnvelopes(envelopes: [SyncEnvelopeInput!]!): Boolean!\n}\n\ntype Subscription {\n # Subscribe to document changes\n documentChanges(\n search: SearchFilterInput\n view: ViewFilterInput\n ): DocumentChangeEvent!\n\n # Subscribe to job changes\n jobChanges(jobId: String!): JobChangeEvent!\n}\n";
|
|
3945
3857
|
//#endregion
|
|
3946
3858
|
//#region src/graphql/reactor/pubsub.ts
|
|
3947
3859
|
const pubSub = new PubSub();
|
|
@@ -4121,7 +4033,7 @@ var ReactorSubgraph = class extends BaseSubgraph {
|
|
|
4121
4033
|
try {
|
|
4122
4034
|
await this.assertCanRead(args.targetIdentifier, ctx);
|
|
4123
4035
|
const result = await documentIncomingRelationships(this.reactorClient, args);
|
|
4124
|
-
if (!this.
|
|
4036
|
+
if (!this.authorizationService.isSupremeAdmin(ctx.user?.address)) {
|
|
4125
4037
|
const filteredItems = [];
|
|
4126
4038
|
for (const item of result.items) if (await this.canReadDocument(item.id, ctx)) filteredItems.push(item);
|
|
4127
4039
|
return {
|
|
@@ -4142,7 +4054,7 @@ var ReactorSubgraph = class extends BaseSubgraph {
|
|
|
4142
4054
|
...args,
|
|
4143
4055
|
search: args.search ?? {}
|
|
4144
4056
|
});
|
|
4145
|
-
if (!this.
|
|
4057
|
+
if (!this.authorizationService.isSupremeAdmin(ctx.user?.address)) {
|
|
4146
4058
|
const filteredItems = [];
|
|
4147
4059
|
for (const item of result.items) if (await this.canReadDocument(item.id, ctx)) filteredItems.push(item);
|
|
4148
4060
|
return {
|
|
@@ -4198,12 +4110,10 @@ var ReactorSubgraph = class extends BaseSubgraph {
|
|
|
4198
4110
|
if (args.parentIdentifier) {
|
|
4199
4111
|
const parent = await document(this.reactorClient, { identifier: args.parentIdentifier });
|
|
4200
4112
|
await this.assertCanWrite(parent.document.id, ctx);
|
|
4201
|
-
} else
|
|
4202
|
-
if (!ctx.user?.address) throw new GraphQLError("Forbidden: authentication required to create documents");
|
|
4203
|
-
} else if (!this.hasGlobalAdminAccess(ctx)) throw new GraphQLError("Forbidden: insufficient permissions to create documents");
|
|
4113
|
+
} else this.assertCanCreate(ctx);
|
|
4204
4114
|
const result = await createDocument(this.reactorClient, args, this.graphqlManager.reactorDriveClient);
|
|
4205
4115
|
if (result?.id && isDriveContainerType(result.documentType)) this.graphqlManager.driveOwnershipCache.add(result.id);
|
|
4206
|
-
if (
|
|
4116
|
+
if (ctx.user?.address && result?.id) await this.documentPermissionService?.initializeDocumentProtection(result.id, ctx.user.address, this.authorizationService.config.defaultProtection);
|
|
4207
4117
|
return result;
|
|
4208
4118
|
} catch (error) {
|
|
4209
4119
|
this.logger.error("Error in createDocument(@args): @Error", args, error);
|
|
@@ -4216,12 +4126,10 @@ var ReactorSubgraph = class extends BaseSubgraph {
|
|
|
4216
4126
|
if (args.parentIdentifier) {
|
|
4217
4127
|
const parent = await document(this.reactorClient, { identifier: args.parentIdentifier });
|
|
4218
4128
|
await this.assertCanWrite(parent.document.id, ctx);
|
|
4219
|
-
} else
|
|
4220
|
-
if (!ctx.user?.address) throw new GraphQLError("Forbidden: authentication required to create documents");
|
|
4221
|
-
} else if (!this.hasGlobalAdminAccess(ctx)) throw new GraphQLError("Forbidden: insufficient permissions to create documents");
|
|
4129
|
+
} else this.assertCanCreate(ctx);
|
|
4222
4130
|
const result = await createEmptyDocument(this.reactorClient, args, this.graphqlManager.reactorDriveClient);
|
|
4223
4131
|
if (result?.id && isDriveContainerType(result.documentType)) this.graphqlManager.driveOwnershipCache.add(result.id);
|
|
4224
|
-
if (
|
|
4132
|
+
if (ctx.user?.address && result?.id) await this.documentPermissionService?.initializeDocumentProtection(result.id, ctx.user.address, this.authorizationService.config.defaultProtection);
|
|
4225
4133
|
return result;
|
|
4226
4134
|
} catch (error) {
|
|
4227
4135
|
this.logger.error("Error in createEmptyDocument(@args): @Error", args, error);
|
|
@@ -4231,7 +4139,6 @@ var ReactorSubgraph = class extends BaseSubgraph {
|
|
|
4231
4139
|
mutateDocument: async (_parent, args, ctx) => {
|
|
4232
4140
|
this.logger.debug("mutateDocument(@args)", args);
|
|
4233
4141
|
try {
|
|
4234
|
-
if (!this.authorizationService) await this.assertCanWrite(args.documentIdentifier, ctx);
|
|
4235
4142
|
await this.assertCanExecuteOperations(args.documentIdentifier, args.actions, ctx);
|
|
4236
4143
|
return await mutateDocument(this.reactorClient, args);
|
|
4237
4144
|
} catch (error) {
|
|
@@ -4242,7 +4149,6 @@ var ReactorSubgraph = class extends BaseSubgraph {
|
|
|
4242
4149
|
mutateDocumentAsync: async (_parent, args, ctx) => {
|
|
4243
4150
|
this.logger.debug("mutateDocumentAsync(@args)", args);
|
|
4244
4151
|
try {
|
|
4245
|
-
if (!this.authorizationService) await this.assertCanWrite(args.documentIdentifier, ctx);
|
|
4246
4152
|
await this.assertCanExecuteOperations(args.documentIdentifier, args.actions, ctx);
|
|
4247
4153
|
return await mutateDocumentAsync(this.reactorClient, args);
|
|
4248
4154
|
} catch (error) {
|
|
@@ -4414,10 +4320,10 @@ const ADMIN_USERS = getAdminUsers();
|
|
|
4414
4320
|
//#endregion
|
|
4415
4321
|
//#region src/graphql/system/version.ts
|
|
4416
4322
|
function getVersion() {
|
|
4417
|
-
return "6.2.0-dev.
|
|
4323
|
+
return "6.2.0-dev.5";
|
|
4418
4324
|
}
|
|
4419
4325
|
function getGitHash() {
|
|
4420
|
-
return "
|
|
4326
|
+
return "23ce3521986ce3f860a9c2fe19790906de027ff2";
|
|
4421
4327
|
}
|
|
4422
4328
|
function getGitUrl() {
|
|
4423
4329
|
return buildTreeUrl(getGitHash());
|
|
@@ -5038,107 +4944,6 @@ async function runMigrations(db) {
|
|
|
5038
4944
|
}
|
|
5039
4945
|
}
|
|
5040
4946
|
//#endregion
|
|
5041
|
-
//#region src/services/authorization.service.ts
|
|
5042
|
-
/**
|
|
5043
|
-
* Central authorization service — single source of truth for all permission checks.
|
|
5044
|
-
*
|
|
5045
|
-
* Authorization model:
|
|
5046
|
-
* 1. Supreme admin (ADMINS env) → ALLOW ALL
|
|
5047
|
-
* 2. Is document protected?
|
|
5048
|
-
* a. NOT protected:
|
|
5049
|
-
* - READ: anyone (even anonymous) → ALLOW
|
|
5050
|
-
* - WRITE: authenticated user → ALLOW
|
|
5051
|
-
* b. PROTECTED:
|
|
5052
|
-
* - READ: requires explicit READ/WRITE/ADMIN grant (direct or via group/parent)
|
|
5053
|
-
* - WRITE: requires explicit WRITE/ADMIN grant (direct or via group/parent)
|
|
5054
|
-
* 3. Operation restricted? → Check OperationUserPermission
|
|
5055
|
-
* 4. Document owner = implicit ADMIN
|
|
5056
|
-
* 5. Drive protected = all children effectively protected
|
|
5057
|
-
*/
|
|
5058
|
-
var AuthorizationService = class {
|
|
5059
|
-
config;
|
|
5060
|
-
constructor(documentPermissionService, config) {
|
|
5061
|
-
this.documentPermissionService = documentPermissionService;
|
|
5062
|
-
this.config = config;
|
|
5063
|
-
}
|
|
5064
|
-
/**
|
|
5065
|
-
* Check if a user is a supreme admin (from ADMINS env var).
|
|
5066
|
-
*/
|
|
5067
|
-
isSupremeAdmin(userAddress) {
|
|
5068
|
-
if (!userAddress) return false;
|
|
5069
|
-
return this.config.admins.includes(userAddress.toLowerCase());
|
|
5070
|
-
}
|
|
5071
|
-
/**
|
|
5072
|
-
* Check if a user can read a document.
|
|
5073
|
-
*
|
|
5074
|
-
* - Supreme admin → yes
|
|
5075
|
-
* - Not protected → anyone can read (even anonymous)
|
|
5076
|
-
* - Protected → requires READ/WRITE/ADMIN grant (direct, group, or parent inheritance)
|
|
5077
|
-
* - Owner → yes (implicit ADMIN)
|
|
5078
|
-
*/
|
|
5079
|
-
async canRead(documentId, userAddress, getParentIds) {
|
|
5080
|
-
if (this.isSupremeAdmin(userAddress)) return true;
|
|
5081
|
-
if (!(getParentIds ? await this.documentPermissionService.isProtectedWithAncestors(documentId, getParentIds) : await this.documentPermissionService.isDocumentProtected(documentId))) return true;
|
|
5082
|
-
if (!userAddress) return false;
|
|
5083
|
-
const owner = await this.documentPermissionService.getDocumentOwner(documentId);
|
|
5084
|
-
if (owner && owner === userAddress.toLowerCase()) return true;
|
|
5085
|
-
if (getParentIds) return this.documentPermissionService.canRead(documentId, userAddress, getParentIds);
|
|
5086
|
-
return this.documentPermissionService.canReadDocument(documentId, userAddress);
|
|
5087
|
-
}
|
|
5088
|
-
/**
|
|
5089
|
-
* Check if a user can write to a document.
|
|
5090
|
-
*
|
|
5091
|
-
* - Supreme admin → yes
|
|
5092
|
-
* - Not protected → anyone can write (even anonymous)
|
|
5093
|
-
* - Protected → requires authentication + WRITE/ADMIN grant
|
|
5094
|
-
* - Owner → yes (implicit ADMIN)
|
|
5095
|
-
*/
|
|
5096
|
-
async canWrite(documentId, userAddress, getParentIds) {
|
|
5097
|
-
if (this.isSupremeAdmin(userAddress)) return true;
|
|
5098
|
-
if (!(getParentIds ? await this.documentPermissionService.isProtectedWithAncestors(documentId, getParentIds) : await this.documentPermissionService.isDocumentProtected(documentId))) return true;
|
|
5099
|
-
if (!userAddress) return false;
|
|
5100
|
-
const owner = await this.documentPermissionService.getDocumentOwner(documentId);
|
|
5101
|
-
if (owner && owner === userAddress.toLowerCase()) return true;
|
|
5102
|
-
if (getParentIds) return this.documentPermissionService.canWrite(documentId, userAddress, getParentIds);
|
|
5103
|
-
return this.documentPermissionService.canWriteDocument(documentId, userAddress);
|
|
5104
|
-
}
|
|
5105
|
-
/**
|
|
5106
|
-
* Check if a user can manage a document (change permissions, protection, transfer ownership).
|
|
5107
|
-
*
|
|
5108
|
-
* - Supreme admin → yes
|
|
5109
|
-
* - Owner → yes
|
|
5110
|
-
* - Has ADMIN grant → yes
|
|
5111
|
-
*/
|
|
5112
|
-
async canManage(documentId, userAddress, _getParentIds) {
|
|
5113
|
-
if (this.isSupremeAdmin(userAddress)) return true;
|
|
5114
|
-
if (!userAddress) return false;
|
|
5115
|
-
const owner = await this.documentPermissionService.getDocumentOwner(documentId);
|
|
5116
|
-
if (owner && owner === userAddress.toLowerCase()) return true;
|
|
5117
|
-
return this.documentPermissionService.canManageDocument(documentId, userAddress);
|
|
5118
|
-
}
|
|
5119
|
-
/**
|
|
5120
|
-
* Check if a user can execute a specific operation.
|
|
5121
|
-
* If the operation is not restricted, falls through to the standard write check.
|
|
5122
|
-
* If the operation is restricted, requires an explicit OperationUserPermission grant.
|
|
5123
|
-
*/
|
|
5124
|
-
async canExecuteOperation(documentId, operationType, userAddress, getParentIds) {
|
|
5125
|
-
if (this.isSupremeAdmin(userAddress)) return true;
|
|
5126
|
-
if (!await this.documentPermissionService.isOperationRestricted(documentId, operationType)) return this.canWrite(documentId, userAddress, getParentIds);
|
|
5127
|
-
return this.documentPermissionService.canExecuteOperation(documentId, operationType, userAddress?.toLowerCase());
|
|
5128
|
-
}
|
|
5129
|
-
/**
|
|
5130
|
-
* Combined check for mutations: can the user write + execute the operation?
|
|
5131
|
-
* This enables READ-only users with operation grants to execute specific operations.
|
|
5132
|
-
* For restricted operations, only the operation grant is checked (bypasses write check),
|
|
5133
|
-
* allowing READ-only users with an explicit operation grant to execute that operation.
|
|
5134
|
-
*/
|
|
5135
|
-
async canMutate(documentId, operationType, userAddress, getParentIds) {
|
|
5136
|
-
if (this.isSupremeAdmin(userAddress)) return true;
|
|
5137
|
-
if (await this.documentPermissionService.isOperationRestricted(documentId, operationType)) return this.documentPermissionService.canExecuteOperation(documentId, operationType, userAddress?.toLowerCase());
|
|
5138
|
-
return this.canWrite(documentId, userAddress, getParentIds);
|
|
5139
|
-
}
|
|
5140
|
-
};
|
|
5141
|
-
//#endregion
|
|
5142
4947
|
//#region src/services/document-permission.service.ts
|
|
5143
4948
|
/**
|
|
5144
4949
|
* Service for managing document-level permissions.
|
|
@@ -5774,6 +5579,22 @@ const initAnalyticsStoreSql = [
|
|
|
5774
5579
|
//#region src/server.ts
|
|
5775
5580
|
const defaultLogger = childLogger(["reactor-api", "server"]);
|
|
5776
5581
|
const DEFAULT_PORT = 4e3;
|
|
5582
|
+
/**
|
|
5583
|
+
* Doc-perms require auth: with auth off no `user` is ever resolved, so every
|
|
5584
|
+
* authorization check fails closed. Refuse to boot rather than run broken.
|
|
5585
|
+
*/
|
|
5586
|
+
function assertAuthRequiredForDocumentPermissions(authEnabled, documentPermissionsRequested) {
|
|
5587
|
+
if (!authEnabled && documentPermissionsRequested) throw new Error("Document permissions require authentication: AUTH_ENABLED is false but document permissions were requested (DOCUMENT_PERMISSIONS_ENABLED=true or a documentPermissionService was provided). Enable authentication (AUTH_ENABLED=true, or auth.enabled in the config file) or disable document permissions.");
|
|
5588
|
+
}
|
|
5589
|
+
function createReadinessGate() {
|
|
5590
|
+
let ready = false;
|
|
5591
|
+
return {
|
|
5592
|
+
isReady: () => ready,
|
|
5593
|
+
markReady: () => {
|
|
5594
|
+
ready = true;
|
|
5595
|
+
}
|
|
5596
|
+
};
|
|
5597
|
+
}
|
|
5777
5598
|
function resolveAttachmentStoragePath(options) {
|
|
5778
5599
|
if (options.attachmentStoragePath) return options.attachmentStoragePath;
|
|
5779
5600
|
if (options.dbPath && !options.dbPath.startsWith("postgres")) return path.resolve(options.dbPath, "..", "attachments");
|
|
@@ -5812,7 +5633,7 @@ function makeDbClosers(knexInstance, pglite) {
|
|
|
5812
5633
|
/**
|
|
5813
5634
|
* Sets up the subgraph manager and registers subgraphs
|
|
5814
5635
|
*/
|
|
5815
|
-
async function setupGraphQLManager(httpAdapter, authFetchMiddleware, httpServer, wsServer, client, relationalDb, analyticsStore, syncManager, subgraphs, logger, auth, documentPermissionService, enableDocumentModelSubgraphs, port,
|
|
5636
|
+
async function setupGraphQLManager(httpAdapter, authFetchMiddleware, httpServer, wsServer, client, relationalDb, analyticsStore, syncManager, subgraphs, logger, authorizationService, auth, documentPermissionService, enableDocumentModelSubgraphs, port, reactorDriveClient) {
|
|
5816
5637
|
const graphqlManager = new GraphQLManager(config.basePath, httpServer, wsServer, client, relationalDb, analyticsStore, syncManager, logger, httpAdapter, await createGatewayAdapter("apollo", logger), {
|
|
5817
5638
|
enabled: auth?.enabled ?? false,
|
|
5818
5639
|
admins: auth?.admins ?? []
|
|
@@ -5905,12 +5726,14 @@ async function _setupCommonInfrastructure(options) {
|
|
|
5905
5726
|
if (ADMINS !== void 0) admins = ADMINS.split(",").map((a) => a.toLowerCase());
|
|
5906
5727
|
let defaultProtection = false;
|
|
5907
5728
|
if (DEFAULT_PROTECTION !== void 0) defaultProtection = DEFAULT_PROTECTION.toLowerCase() === "true";
|
|
5908
|
-
const { USERS, GUESTS, FREE_ENTRY } = process.env;
|
|
5909
|
-
if (USERS || GUESTS || FREE_ENTRY) console.warn("[DEPRECATION WARNING] The USERS, GUESTS, and FREE_ENTRY environment variables are no longer supported. Access control is now managed per-document via the DocumentProtection system. Use DEFAULT_PROTECTION=true for strict mode, or manage protection per document via the GraphQL API. See the auth documentation for migration guidance.");
|
|
5910
5729
|
let skipCredentialVerification = false;
|
|
5911
5730
|
if (SKIP_CREDENTIAL_VERIFICATION !== void 0) skipCredentialVerification = SKIP_CREDENTIAL_VERIFICATION === "true";
|
|
5731
|
+
const documentPermissionsRequested = options.documentPermissionService !== void 0 || DOCUMENT_PERMISSIONS_ENABLED === "true";
|
|
5732
|
+
assertAuthRequiredForDocumentPermissions(authEnabled, documentPermissionsRequested);
|
|
5912
5733
|
const logger = options.logger ?? defaultLogger;
|
|
5913
5734
|
httpAdapter.getRoute("/health", () => new Response("OK", { status: 200 }));
|
|
5735
|
+
const readiness = createReadinessGate();
|
|
5736
|
+
httpAdapter.getRoute("/ready", () => readiness.isReady() ? new Response("OK", { status: 200 }) : new Response("starting", { status: 503 }));
|
|
5914
5737
|
const explorerPrefix = `${config.basePath}/explorer`;
|
|
5915
5738
|
httpAdapter.getRoute(`${explorerPrefix}/:endpoint?`, (request) => {
|
|
5916
5739
|
const url = new URL(request.url);
|
|
@@ -5942,14 +5765,13 @@ async function _setupCommonInfrastructure(options) {
|
|
|
5942
5765
|
documentPermissionService = new DocumentPermissionService(db, { defaultProtection });
|
|
5943
5766
|
logger.info("Document permission service initialized");
|
|
5944
5767
|
}
|
|
5945
|
-
|
|
5946
|
-
|
|
5947
|
-
|
|
5948
|
-
|
|
5949
|
-
|
|
5950
|
-
|
|
5951
|
-
|
|
5952
|
-
}
|
|
5768
|
+
const policy = documentPermissionService ? AuthorizationPolicy.DOCUMENT_PERMISSIONS : authEnabled ? AuthorizationPolicy.ADMIN_ONLY : AuthorizationPolicy.OPEN;
|
|
5769
|
+
const authorizationService = createAuthorizationService({
|
|
5770
|
+
admins,
|
|
5771
|
+
defaultProtection,
|
|
5772
|
+
policy
|
|
5773
|
+
}, documentPermissionService);
|
|
5774
|
+
logger.info(`Authorization service initialized (policy: ${policy})`);
|
|
5953
5775
|
const attachmentStoragePath = resolveAttachmentStoragePath(options);
|
|
5954
5776
|
await mkdir(attachmentStoragePath, { recursive: true });
|
|
5955
5777
|
const { db: attachmentDb, knex: attachmentKnex, pglite: attachmentPglite } = getDbClient(options.dbPath, options.pgliteFactory);
|
|
@@ -5979,7 +5801,8 @@ async function _setupCommonInfrastructure(options) {
|
|
|
5979
5801
|
authorizationService,
|
|
5980
5802
|
attachments,
|
|
5981
5803
|
packages,
|
|
5982
|
-
dbClosers
|
|
5804
|
+
dbClosers,
|
|
5805
|
+
readiness
|
|
5983
5806
|
};
|
|
5984
5807
|
}
|
|
5985
5808
|
/**
|
|
@@ -6039,7 +5862,7 @@ async function _setupAPI(reactorClient, syncManager, reactorProcessorManager, ht
|
|
|
6039
5862
|
const graphqlManager = await setupGraphQLManager(httpAdapter, authFetchMiddleware, httpServer, wsServer, reactorClient, relationalDb, analyticsStore, syncManager, {
|
|
6040
5863
|
extended: subgraphs,
|
|
6041
5864
|
core: coreSubgraphs
|
|
6042
|
-
}, logger.child(["graphql-manager"]), auth, documentPermissionService, options.enableDocumentModelSubgraphs, port,
|
|
5865
|
+
}, logger.child(["graphql-manager"]), authorizationService, auth, documentPermissionService, options.enableDocumentModelSubgraphs, port, reactorDriveClient);
|
|
6043
5866
|
setupEventListeners(packages, graphqlManager, reactorProcessorManager, hostModule, documentModelRegistry);
|
|
6044
5867
|
if (mcpServerEnabled) {
|
|
6045
5868
|
await setupMcpServer({
|
|
@@ -6101,7 +5924,7 @@ function buildApiDispose(args) {
|
|
|
6101
5924
|
};
|
|
6102
5925
|
}
|
|
6103
5926
|
async function initializeAndStartAPI(clientInitializer, options, processorApp) {
|
|
6104
|
-
const { port, httpAdapter, authFetchMiddleware, authService, auth, relationalDb, analyticsStore, documentPermissionService, authorizationService, attachments, packages, dbClosers } = await _setupCommonInfrastructure(options);
|
|
5927
|
+
const { port, httpAdapter, authFetchMiddleware, authService, auth, relationalDb, analyticsStore, documentPermissionService, authorizationService, attachments, packages, dbClosers, readiness } = await _setupCommonInfrastructure(options);
|
|
6105
5928
|
const { documentModels, processors, subgraphs } = await packages.init();
|
|
6106
5929
|
const { module: reactorClientModule, reactorDriveClient } = await clientInitializer(documentModels);
|
|
6107
5930
|
const reactorClient = reactorClientModule.client;
|
|
@@ -6115,7 +5938,8 @@ async function initializeAndStartAPI(clientInitializer, options, processorApp) {
|
|
|
6115
5938
|
...await _setupAPI(reactorClient, syncManager, reactorProcessorManager, httpAdapter, authFetchMiddleware, authService, port, packages, relationalDb, analyticsStore, documentPermissionService, processors, subgraphs, options, auth, processorApp, (reactorClientModule.reactorModule?.readModelCoordinator)?.readModels ?? [], attachments, authorizationService, documentModelRegistry, dbClosers, reactorDriveClient),
|
|
6116
5939
|
client: reactorClient,
|
|
6117
5940
|
syncManager,
|
|
6118
|
-
documentModelRegistry
|
|
5941
|
+
documentModelRegistry,
|
|
5942
|
+
readiness
|
|
6119
5943
|
};
|
|
6120
5944
|
}
|
|
6121
5945
|
//#endregion
|
|
@@ -6219,7 +6043,7 @@ var PackageManagementService = class {
|
|
|
6219
6043
|
}
|
|
6220
6044
|
};
|
|
6221
6045
|
//#endregion
|
|
6222
|
-
export { ADMIN_USERS, ActionContextInputSchema, ActionInputSchema, AddRelationshipDocument, AnalyticsSubgraph,
|
|
6046
|
+
export { ADMIN_USERS, ActionContextInputSchema, ActionInputSchema, AddRelationshipDocument, AnalyticsSubgraph, AuthService, AuthSubgraph, BaseSubgraph, ChannelMetaInputSchema, CreateDocumentDocument, CreateEmptyDocumentDocument, DeleteDocumentDocument, DeleteDocumentsDocument, DocumentChangeType, DocumentChangeTypeSchema, DocumentChangesDocument, DocumentOperationsFilterInputSchema, DocumentPermissionService, FindDocumentsDocument, GetDocumentDocument, GetDocumentIncomingRelationshipsDocument, GetDocumentModelsDocument, GetDocumentOperationsDocument, GetDocumentOutgoingRelationshipsDocument, GetDocumentWithOperationsDocument, GetJobStatusDocument, GraphQLManager, HttpDocumentModelLoader, HttpPackageLoader, ImportPackageLoader, InMemoryPackageStorage, JobChangesDocument, MoveRelationshipDocument, MutateDocumentAsyncDocument, MutateDocumentDocument, OperationContextInputSchema, OperationInputSchema, OperationWithContextInputSchema, OperationsFilterInputSchema, PackageManagementService, PackageManager, PackagesSubgraph, PagingInputSchema, PhDocumentFieldsFragmentDoc, PollSyncEnvelopesDocument, PropagationMode, PropagationModeSchema, PushSyncEnvelopesDocument, ReactorSignerAppInputSchema, ReactorSignerInputSchema, ReactorSignerUserInputSchema, ReactorSubgraph, RemoteCursorInputSchema, RemoteFilterInputSchema, RemoveRelationshipDocument, RenameDocumentDocument, SearchFilterInputSchema, SetPreferredEditorDocument, SyncEnvelopeInputSchema, SyncEnvelopeType, SyncEnvelopeTypeSchema, SystemSubgraph, TouchChannelDocument, TouchChannelInputSchema, ViewFilterInputSchema, assertAuthRequiredForDocumentPermissions, buildGraphQlDocument, buildGraphQlDriveDocument, buildGraphqlOperation, buildGraphqlOperations, buildSubgraphSchemaModule, createAuthFetchMiddleware, createGatewayAdapter, createHttpAdapter, createMergedSchema, createReactorGraphQLClient, createSchema, definedNonNullAnySchema, driveIdFromUrl, extractSubgraphsFromModule, generateDocumentModelSchema, getAuthContext, getDbClient, getDocumentModelSchemaName, getDocumentModelTypeDefs, getGitHash, getGitUrl, getSdk, getUniqueDocumentModels, getVersion, initAnalyticsStoreSql, initializeAndStartAPI, isDefinedNonNullAny, isExpectedLoaderMiss, isSubgraphClass, parseDriveUrl, renderGraphqlPlayground };
|
|
6223
6047
|
|
|
6224
6048
|
//# sourceMappingURL=index.mjs.map
|
|
6225
|
-
//# debugId=
|
|
6049
|
+
//# debugId=64b14acf-bb9d-528e-b2b6-b3fa2097026f
|