@powerhousedao/reactor-api 6.2.0-dev.9 → 6.2.0-rc.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/{adapter-gateway-apollo-IZuGzFaY.mjs → adapter-gateway-apollo-CxV_hMTv.mjs} +27 -5
- package/dist/adapter-gateway-apollo-CxV_hMTv.mjs.map +1 -0
- package/dist/index.d.mts +134 -269
- package/dist/index.d.mts.map +1 -1
- package/dist/index.mjs +619 -687
- package/dist/index.mjs.map +1 -1
- package/dist/src/packages/vite-loader.mjs +3 -3
- package/dist/src/packages/vite-loader.mjs.map +1 -1
- package/dist/{utils-CtC8sjRo.mjs → utils-iibOQ50e.mjs} +216 -50
- package/dist/utils-iibOQ50e.mjs.map +1 -0
- package/package.json +28 -16
- package/dist/adapter-gateway-apollo-IZuGzFaY.mjs.map +0 -1
- package/dist/utils-CtC8sjRo.mjs.map +0 -1
package/dist/index.d.mts
CHANGED
|
@@ -3,9 +3,9 @@ import { IAnalyticsStore } from "@powerhousedao/analytics-engine-core";
|
|
|
3
3
|
import { AnalyticsModel } from "@powerhousedao/analytics-engine-graphql";
|
|
4
4
|
import * as graphql from "graphql";
|
|
5
5
|
import { DocumentNode, GraphQLResolveInfo, GraphQLScalarType, GraphQLScalarTypeConfig, GraphQLSchema } from "graphql";
|
|
6
|
+
import { IDocumentModelLoader, IDocumentModelRegistry, IDriveClient, IReactorClient, IRelationalDb, ISyncManager, ParsedDriveUrl, ReactorClientModule, driveIdFromUrl, parseDriveUrl } from "@powerhousedao/reactor";
|
|
6
7
|
import { ILogger } from "document-model";
|
|
7
8
|
import { DocumentModelGlobalState as DocumentModelGlobalState$1, DocumentModelModule, Operation, PHDocument, PHDocumentHeader } from "@powerhousedao/shared/document-model";
|
|
8
|
-
import { IDocumentModelLoader, IDocumentModelRegistry, IDriveClient, IReactorClient, IRelationalDb, ISyncManager, ParsedDriveUrl, ReactorClientModule, driveIdFromUrl, parseDriveUrl } from "@powerhousedao/reactor";
|
|
9
9
|
import * as z$1 from "zod";
|
|
10
10
|
import { DocumentDriveDocument, DocumentDriveGlobalState } from "@powerhousedao/shared/document-drive";
|
|
11
11
|
import { AttachmentBuildResult } from "@powerhousedao/reactor-attachments";
|
|
@@ -42,11 +42,7 @@ interface DocumentProtectionTable {
|
|
|
42
42
|
}
|
|
43
43
|
interface DocumentPermissionDatabase {
|
|
44
44
|
DocumentPermission: DocumentPermissionTable;
|
|
45
|
-
Group: GroupTable;
|
|
46
|
-
UserGroup: UserGroupTable;
|
|
47
|
-
DocumentGroupPermission: DocumentGroupPermissionTable;
|
|
48
45
|
OperationUserPermission: OperationUserPermissionTable;
|
|
49
|
-
OperationGroupPermission: OperationGroupPermissionTable;
|
|
50
46
|
DocumentProtection: DocumentProtectionTable;
|
|
51
47
|
}
|
|
52
48
|
interface DocumentPermissionTable {
|
|
@@ -58,27 +54,6 @@ interface DocumentPermissionTable {
|
|
|
58
54
|
createdAt: Date;
|
|
59
55
|
updatedAt: Date;
|
|
60
56
|
}
|
|
61
|
-
interface GroupTable {
|
|
62
|
-
id: Generated<number>;
|
|
63
|
-
name: string;
|
|
64
|
-
description: string | null;
|
|
65
|
-
createdAt: Date;
|
|
66
|
-
updatedAt: Date;
|
|
67
|
-
}
|
|
68
|
-
interface UserGroupTable {
|
|
69
|
-
userAddress: string;
|
|
70
|
-
groupId: number;
|
|
71
|
-
createdAt: Date;
|
|
72
|
-
}
|
|
73
|
-
interface DocumentGroupPermissionTable {
|
|
74
|
-
id: Generated<number>;
|
|
75
|
-
documentId: string;
|
|
76
|
-
groupId: number;
|
|
77
|
-
permission: DocumentPermissionLevel;
|
|
78
|
-
grantedBy: string;
|
|
79
|
-
createdAt: Date;
|
|
80
|
-
updatedAt: Date;
|
|
81
|
-
}
|
|
82
57
|
interface OperationUserPermissionTable {
|
|
83
58
|
id: Generated<number>;
|
|
84
59
|
documentId: string;
|
|
@@ -87,14 +62,6 @@ interface OperationUserPermissionTable {
|
|
|
87
62
|
grantedBy: string;
|
|
88
63
|
createdAt: Date;
|
|
89
64
|
}
|
|
90
|
-
interface OperationGroupPermissionTable {
|
|
91
|
-
id: Generated<number>;
|
|
92
|
-
documentId: string;
|
|
93
|
-
operationType: string;
|
|
94
|
-
groupId: number;
|
|
95
|
-
grantedBy: string;
|
|
96
|
-
createdAt: Date;
|
|
97
|
-
}
|
|
98
65
|
type Db = Kysely<any>;
|
|
99
66
|
/**
|
|
100
67
|
* Optional factory used by callers (e.g. Switchboard) to inject a
|
|
@@ -120,21 +87,6 @@ interface DocumentPermissionEntry {
|
|
|
120
87
|
createdAt: Date;
|
|
121
88
|
updatedAt: Date;
|
|
122
89
|
}
|
|
123
|
-
interface Group {
|
|
124
|
-
id: number;
|
|
125
|
-
name: string;
|
|
126
|
-
description: string | null;
|
|
127
|
-
createdAt: Date;
|
|
128
|
-
updatedAt: Date;
|
|
129
|
-
}
|
|
130
|
-
interface DocumentGroupPermissionEntry {
|
|
131
|
-
documentId: string;
|
|
132
|
-
groupId: number;
|
|
133
|
-
permission: DocumentPermissionLevel;
|
|
134
|
-
grantedBy: string;
|
|
135
|
-
createdAt: Date;
|
|
136
|
-
updatedAt: Date;
|
|
137
|
-
}
|
|
138
90
|
interface OperationUserPermissionEntry {
|
|
139
91
|
documentId: string;
|
|
140
92
|
operationType: string;
|
|
@@ -142,13 +94,6 @@ interface OperationUserPermissionEntry {
|
|
|
142
94
|
grantedBy: string;
|
|
143
95
|
createdAt: Date;
|
|
144
96
|
}
|
|
145
|
-
interface OperationGroupPermissionEntry {
|
|
146
|
-
documentId: string;
|
|
147
|
-
operationType: string;
|
|
148
|
-
groupId: number;
|
|
149
|
-
grantedBy: string;
|
|
150
|
-
createdAt: Date;
|
|
151
|
-
}
|
|
152
97
|
/**
|
|
153
98
|
* Function type for getting parent document IDs
|
|
154
99
|
* This is injected to avoid circular dependencies with the reactor client
|
|
@@ -169,7 +114,7 @@ interface DocumentPermissionConfig {
|
|
|
169
114
|
* - ADMIN: Can manage document permissions and settings
|
|
170
115
|
*
|
|
171
116
|
* Operation permissions:
|
|
172
|
-
* - Users
|
|
117
|
+
* - Users can be granted permission to execute specific operations
|
|
173
118
|
*/
|
|
174
119
|
declare class DocumentPermissionService {
|
|
175
120
|
private readonly db;
|
|
@@ -200,83 +145,6 @@ declare class DocumentPermissionService {
|
|
|
200
145
|
* Delete all permissions for a document (used when deleting a document)
|
|
201
146
|
*/
|
|
202
147
|
deleteAllDocumentPermissions(documentId: string): Promise<void>;
|
|
203
|
-
/**
|
|
204
|
-
* Check if a user can read a document.
|
|
205
|
-
* Returns true if user has READ, WRITE, or ADMIN permission (direct or via group)
|
|
206
|
-
*/
|
|
207
|
-
canReadDocument(documentId: string, userAddress: string | undefined): Promise<boolean>;
|
|
208
|
-
/**
|
|
209
|
-
* Check if a user can write to a document.
|
|
210
|
-
* Returns true if user has WRITE or ADMIN permission (direct or via group)
|
|
211
|
-
*/
|
|
212
|
-
canWriteDocument(documentId: string, userAddress: string | undefined): Promise<boolean>;
|
|
213
|
-
/**
|
|
214
|
-
* Check if a user can manage a document (change permissions, settings).
|
|
215
|
-
* Returns true if user has ADMIN permission (direct or via group)
|
|
216
|
-
*/
|
|
217
|
-
canManageDocument(documentId: string, userAddress: string | undefined): Promise<boolean>;
|
|
218
|
-
/**
|
|
219
|
-
* Check if a user can read a document, including parent permission inheritance.
|
|
220
|
-
* Returns true if user has permission on the document OR any parent in the hierarchy.
|
|
221
|
-
*/
|
|
222
|
-
canRead(documentId: string, userAddress: string | undefined, getParentIds: GetParentIdsFn): Promise<boolean>;
|
|
223
|
-
/**
|
|
224
|
-
* Check if a user can write to a document, including parent permission inheritance.
|
|
225
|
-
* Returns true if user has write permission on the document OR any parent in the hierarchy.
|
|
226
|
-
*/
|
|
227
|
-
canWrite(documentId: string, userAddress: string | undefined, getParentIds: GetParentIdsFn): Promise<boolean>;
|
|
228
|
-
/**
|
|
229
|
-
* Filter a list of document IDs to only include those the user can read.
|
|
230
|
-
*/
|
|
231
|
-
filterReadableDocuments(documentIds: string[], userAddress: string | undefined, getParentIds: GetParentIdsFn): Promise<string[]>;
|
|
232
|
-
/**
|
|
233
|
-
* Create a new group
|
|
234
|
-
*/
|
|
235
|
-
createGroup(name: string, description?: string): Promise<Group>;
|
|
236
|
-
/**
|
|
237
|
-
* Delete a group and all its associations
|
|
238
|
-
*/
|
|
239
|
-
deleteGroup(groupId: number): Promise<void>;
|
|
240
|
-
/**
|
|
241
|
-
* Get a group by ID
|
|
242
|
-
*/
|
|
243
|
-
getGroup(groupId: number): Promise<Group | null>;
|
|
244
|
-
/**
|
|
245
|
-
* List all groups
|
|
246
|
-
*/
|
|
247
|
-
listGroups(): Promise<Group[]>;
|
|
248
|
-
/**
|
|
249
|
-
* Add a user to a group
|
|
250
|
-
*/
|
|
251
|
-
addUserToGroup(userAddress: string, groupId: number): Promise<void>;
|
|
252
|
-
/**
|
|
253
|
-
* Remove a user from a group
|
|
254
|
-
*/
|
|
255
|
-
removeUserFromGroup(userAddress: string, groupId: number): Promise<void>;
|
|
256
|
-
/**
|
|
257
|
-
* Get all groups a user belongs to
|
|
258
|
-
*/
|
|
259
|
-
getUserGroups(userAddress: string): Promise<Group[]>;
|
|
260
|
-
/**
|
|
261
|
-
* Get all members of a group
|
|
262
|
-
*/
|
|
263
|
-
getGroupMembers(groupId: number): Promise<string[]>;
|
|
264
|
-
/**
|
|
265
|
-
* Grant a group permission on a document
|
|
266
|
-
*/
|
|
267
|
-
grantGroupPermission(documentId: string, groupId: number, permission: DocumentPermissionLevel, grantedBy: string): Promise<DocumentGroupPermissionEntry>;
|
|
268
|
-
/**
|
|
269
|
-
* Revoke a group's permission on a document
|
|
270
|
-
*/
|
|
271
|
-
revokeGroupPermission(documentId: string, groupId: number): Promise<void>;
|
|
272
|
-
/**
|
|
273
|
-
* Get all group permissions for a document
|
|
274
|
-
*/
|
|
275
|
-
getDocumentGroupPermissions(documentId: string): Promise<DocumentGroupPermissionEntry[]>;
|
|
276
|
-
/**
|
|
277
|
-
* Get best permission level a user has on a document via groups
|
|
278
|
-
*/
|
|
279
|
-
getUserGroupPermission(documentId: string, userAddress: string): Promise<DocumentPermissionLevel | null>;
|
|
280
148
|
/**
|
|
281
149
|
* Grant a user permission to execute an operation on a document
|
|
282
150
|
*/
|
|
@@ -285,27 +153,14 @@ declare class DocumentPermissionService {
|
|
|
285
153
|
* Revoke a user's permission to execute an operation
|
|
286
154
|
*/
|
|
287
155
|
revokeOperationPermission(documentId: string, operationType: string, userAddress: string): Promise<void>;
|
|
288
|
-
/**
|
|
289
|
-
* Grant a group permission to execute an operation on a document
|
|
290
|
-
*/
|
|
291
|
-
grantGroupOperationPermission(documentId: string, operationType: string, groupId: number, grantedBy: string): Promise<OperationGroupPermissionEntry>;
|
|
292
|
-
/**
|
|
293
|
-
* Revoke a group's permission to execute an operation
|
|
294
|
-
*/
|
|
295
|
-
revokeGroupOperationPermission(documentId: string, operationType: string, groupId: number): Promise<void>;
|
|
296
156
|
/**
|
|
297
157
|
* Get all users with permission to execute an operation
|
|
298
158
|
*/
|
|
299
159
|
getOperationUserPermissions(documentId: string, operationType: string): Promise<OperationUserPermissionEntry[]>;
|
|
300
160
|
/**
|
|
301
|
-
*
|
|
161
|
+
* Whether an operation-permission row exists for the user on this operation.
|
|
302
162
|
*/
|
|
303
|
-
|
|
304
|
-
/**
|
|
305
|
-
* Check if a user can execute a specific operation on a document.
|
|
306
|
-
* Returns true if user has direct permission or is in a group with permission.
|
|
307
|
-
*/
|
|
308
|
-
canExecuteOperation(documentId: string, operationType: string, userAddress: string | undefined): Promise<boolean>;
|
|
163
|
+
hasOperationGrant(documentId: string, operationType: string, userAddress: string): Promise<boolean>;
|
|
309
164
|
/**
|
|
310
165
|
* Check if an operation has any permissions set (is restricted)
|
|
311
166
|
*/
|
|
@@ -352,6 +207,34 @@ declare class DocumentPermissionService {
|
|
|
352
207
|
}
|
|
353
208
|
//#endregion
|
|
354
209
|
//#region src/services/authorization.service.d.ts
|
|
210
|
+
/**
|
|
211
|
+
* A document id that has been resolved to its canonical form, never a slug.
|
|
212
|
+
*
|
|
213
|
+
* Protection and grant rows are written under the canonical id, while the
|
|
214
|
+
* read/operation data paths accept an id-or-slug identifier. The decision layer
|
|
215
|
+
* must key on the canonical id, so branding it forces every caller to resolve a
|
|
216
|
+
* slug to its id before consulting this service, closing the slug-aliasing
|
|
217
|
+
* bypass (S-C1). The only sanctioned cast from string to CanonicalDocumentId
|
|
218
|
+
* lives in the BaseSubgraph resolution helpers, immediately after the shared
|
|
219
|
+
* resolveIdOrSlug lookup returns.
|
|
220
|
+
*/
|
|
221
|
+
type CanonicalDocumentId = string & {
|
|
222
|
+
readonly __canonicalDocumentId: unique symbol;
|
|
223
|
+
};
|
|
224
|
+
/**
|
|
225
|
+
* Result of a passed per-document authorization check. `fetchIdentifier` is
|
|
226
|
+
* always safe for the data fetch: the canonical id when resolved, or the raw
|
|
227
|
+
* identifier when the check was skipped for a policy-wide caller.
|
|
228
|
+
*/
|
|
229
|
+
declare class AuthorizedDocumentHandle {
|
|
230
|
+
readonly fetchIdentifier: string;
|
|
231
|
+
readonly isResolved: boolean;
|
|
232
|
+
private constructor();
|
|
233
|
+
static resolved(documentId: CanonicalDocumentId): AuthorizedDocumentHandle;
|
|
234
|
+
static skipped(identifier: string): AuthorizedDocumentHandle;
|
|
235
|
+
/** The verified canonical id; throws when resolution was skipped. */
|
|
236
|
+
canonicalId(): CanonicalDocumentId;
|
|
237
|
+
}
|
|
355
238
|
declare const AuthorizationPolicy: {
|
|
356
239
|
readonly OPEN: "OPEN";
|
|
357
240
|
readonly ADMIN_ONLY: "ADMIN_ONLY";
|
|
@@ -371,14 +254,33 @@ interface AuthorizationConfig {
|
|
|
371
254
|
* - OPEN: authentication disabled — everyone (incl. anonymous) is allowed.
|
|
372
255
|
* - ADMIN_ONLY: authentication on, document permissions off — only ADMINS.
|
|
373
256
|
* - DOCUMENT_PERMISSIONS: the full per-document protection + grant model.
|
|
257
|
+
*
|
|
258
|
+
* Permission inheritance walks the parent-document hierarchy through a
|
|
259
|
+
* parent resolver injected at construction; callers never supply one.
|
|
374
260
|
*/
|
|
375
261
|
interface IAuthorizationService {
|
|
376
262
|
readonly config: AuthorizationConfig;
|
|
263
|
+
/**
|
|
264
|
+
* Whether the user has unrestricted, policy-wide access. Under OPEN this is
|
|
265
|
+
* true for everyone (including anonymous callers) by design: OPEN means "no
|
|
266
|
+
* restrictions", and consumers use this check to skip per-document
|
|
267
|
+
* filtering. It does NOT mean the caller is in the ADMINS list.
|
|
268
|
+
*/
|
|
377
269
|
isSupremeAdmin(userAddress?: string): boolean;
|
|
378
|
-
|
|
379
|
-
|
|
380
|
-
|
|
381
|
-
|
|
270
|
+
/**
|
|
271
|
+
* Whether the user may create new documents under the current policy:
|
|
272
|
+
* everyone in OPEN, only admins in ADMIN_ONLY, any authenticated user in
|
|
273
|
+
* DOCUMENT_PERMISSIONS.
|
|
274
|
+
*/
|
|
275
|
+
canCreate(userAddress?: string): boolean;
|
|
276
|
+
canRead(documentId: CanonicalDocumentId, userAddress?: string): Promise<boolean>;
|
|
277
|
+
canWrite(documentId: CanonicalDocumentId, userAddress?: string): Promise<boolean>;
|
|
278
|
+
/**
|
|
279
|
+
* Whether the user administers the document: supreme admin, document
|
|
280
|
+
* owner, or holder of an ADMIN grant.
|
|
281
|
+
*/
|
|
282
|
+
canManage(documentId: CanonicalDocumentId, userAddress?: string): Promise<boolean>;
|
|
283
|
+
canMutate(documentId: CanonicalDocumentId, operationType: string, userAddress?: string): Promise<boolean>;
|
|
382
284
|
}
|
|
383
285
|
//#endregion
|
|
384
286
|
//#region src/graphql/types.d.ts
|
|
@@ -473,6 +375,7 @@ type GqlDriveDocument = GqlDocument & {
|
|
|
473
375
|
//#endregion
|
|
474
376
|
//#region src/graphql/base-subgraph.d.ts
|
|
475
377
|
declare class BaseSubgraph implements ISubgraph$1 {
|
|
378
|
+
#private;
|
|
476
379
|
name: string;
|
|
477
380
|
path: string;
|
|
478
381
|
resolvers: Record<string, any>;
|
|
@@ -485,12 +388,44 @@ declare class BaseSubgraph implements ISubgraph$1 {
|
|
|
485
388
|
authorizationService: IAuthorizationService;
|
|
486
389
|
constructor(args: SubgraphArgs$1);
|
|
487
390
|
onSetup(): Promise<void>;
|
|
488
|
-
|
|
489
|
-
|
|
490
|
-
|
|
491
|
-
|
|
492
|
-
|
|
493
|
-
|
|
391
|
+
/**
|
|
392
|
+
* Resolves a caller-supplied identifier (id or slug) to its canonical
|
|
393
|
+
* document id, memoized per request. Both the decision layer and the data
|
|
394
|
+
* layer must agree on the subject, so this runs the same resolveIdOrSlug
|
|
395
|
+
* lookup the data path uses. A resolution failure (not found, ambiguous, or
|
|
396
|
+
* transient) surfaces as a generic Forbidden, fail-closed, so a bad
|
|
397
|
+
* identifier cannot be used as a document-existence oracle.
|
|
398
|
+
*/
|
|
399
|
+
resolveCanonicalDocumentId(identifier: string, requestKey: object): Promise<CanonicalDocumentId>;
|
|
400
|
+
/**
|
|
401
|
+
* Resolves the args' `documentId` to canonical form. Unconditional (unlike the
|
|
402
|
+
* assertCan* helpers, no admin skip): ACL rows are keyed on the canonical id.
|
|
403
|
+
*/
|
|
404
|
+
withCanonicalDocumentId<T extends {
|
|
405
|
+
documentId: string;
|
|
406
|
+
}>(args: T, requestKey: object): Promise<T & {
|
|
407
|
+
documentId: CanonicalDocumentId;
|
|
408
|
+
}>;
|
|
409
|
+
/**
|
|
410
|
+
* Read filter for an already-canonical document id (one sourced from the data
|
|
411
|
+
* layer, such as a fetched document's id). Performs no slug resolution.
|
|
412
|
+
*/
|
|
413
|
+
canReadDocument(documentId: CanonicalDocumentId, ctx: Context): Promise<boolean>;
|
|
414
|
+
/**
|
|
415
|
+
* Asserts read access, resolving a slug first. Returns a handle whose
|
|
416
|
+
* `fetchIdentifier` the caller reuses for the data fetch; a denial throws.
|
|
417
|
+
*/
|
|
418
|
+
assertCanRead(identifier: string, ctx: Context): Promise<AuthorizedDocumentHandle>;
|
|
419
|
+
assertCanWrite(identifier: string, ctx: Context): Promise<AuthorizedDocumentHandle>;
|
|
420
|
+
assertCanExecuteOperation(identifier: string, operationType: string, ctx: Context): Promise<AuthorizedDocumentHandle>;
|
|
421
|
+
/**
|
|
422
|
+
* Read assertion for an already-canonical document id. No slug resolution;
|
|
423
|
+
* use only with ids sourced from the data layer or already resolved.
|
|
424
|
+
*/
|
|
425
|
+
assertCanReadCanonical(documentId: CanonicalDocumentId, ctx: Context): Promise<void>;
|
|
426
|
+
assertCanWriteCanonical(documentId: CanonicalDocumentId, ctx: Context): Promise<void>;
|
|
427
|
+
assertCanExecuteOperationCanonical(documentId: CanonicalDocumentId, operationType: string, ctx: Context): Promise<void>;
|
|
428
|
+
assertCanCreate(ctx: Context): void;
|
|
494
429
|
}
|
|
495
430
|
//#endregion
|
|
496
431
|
//#region src/graphql/analytics-subgraph.d.ts
|
|
@@ -514,29 +449,6 @@ type DocumentAccessInfo = {
|
|
|
514
449
|
createdAt: Date;
|
|
515
450
|
updatedAt: Date;
|
|
516
451
|
}>;
|
|
517
|
-
groupPermissions: Array<{
|
|
518
|
-
documentId: string;
|
|
519
|
-
groupId: number;
|
|
520
|
-
permission: DocumentPermissionLevel;
|
|
521
|
-
grantedBy: string;
|
|
522
|
-
createdAt: Date;
|
|
523
|
-
updatedAt: Date;
|
|
524
|
-
}>;
|
|
525
|
-
};
|
|
526
|
-
type Group$1 = {
|
|
527
|
-
id: number;
|
|
528
|
-
name: string;
|
|
529
|
-
description: string | null;
|
|
530
|
-
createdAt: Date;
|
|
531
|
-
updatedAt: Date;
|
|
532
|
-
};
|
|
533
|
-
type DocumentGroupPermission = {
|
|
534
|
-
documentId: string;
|
|
535
|
-
groupId: number;
|
|
536
|
-
permission: DocumentPermissionLevel;
|
|
537
|
-
grantedBy: string;
|
|
538
|
-
createdAt: Date;
|
|
539
|
-
updatedAt: Date;
|
|
540
452
|
};
|
|
541
453
|
type OperationUserPermission = {
|
|
542
454
|
documentId: string;
|
|
@@ -545,18 +457,10 @@ type OperationUserPermission = {
|
|
|
545
457
|
grantedBy: string;
|
|
546
458
|
createdAt: Date;
|
|
547
459
|
};
|
|
548
|
-
type OperationGroupPermission = {
|
|
549
|
-
documentId: string;
|
|
550
|
-
operationType: string;
|
|
551
|
-
groupId: number;
|
|
552
|
-
grantedBy: string;
|
|
553
|
-
createdAt: Date;
|
|
554
|
-
};
|
|
555
460
|
type OperationPermissionsInfo = {
|
|
556
461
|
documentId: string;
|
|
557
462
|
operationType: string;
|
|
558
463
|
userPermissions: OperationUserPermission[];
|
|
559
|
-
groupPermissions: OperationGroupPermission[];
|
|
560
464
|
};
|
|
561
465
|
type DocumentProtectionInfo = {
|
|
562
466
|
documentId: string;
|
|
@@ -571,8 +475,7 @@ type DocumentProtectionInfo = {
|
|
|
571
475
|
* This subgraph is conditionally registered based on the DOCUMENT_PERMISSIONS_ENABLED
|
|
572
476
|
* feature flag. When enabled, it provides GraphQL operations for:
|
|
573
477
|
* - Document permissions (grant/revoke user access)
|
|
574
|
-
* -
|
|
575
|
-
* - Group document permissions (grant/revoke group access)
|
|
478
|
+
* - Document protection and ownership
|
|
576
479
|
* - Operation-level permissions (fine-grained operation control)
|
|
577
480
|
*/
|
|
578
481
|
declare class AuthSubgraph extends BaseSubgraph {
|
|
@@ -585,6 +488,10 @@ declare class AuthSubgraph extends BaseSubgraph {
|
|
|
585
488
|
Query: {
|
|
586
489
|
documentAccess: (_parent: unknown, args: {
|
|
587
490
|
documentId: string;
|
|
491
|
+
}, ctx: {
|
|
492
|
+
user?: {
|
|
493
|
+
address: string;
|
|
494
|
+
};
|
|
588
495
|
}) => Promise<DocumentAccessInfo>;
|
|
589
496
|
userDocumentPermissions: (_parent: unknown, _args: unknown, ctx: {
|
|
590
497
|
user?: {
|
|
@@ -598,16 +505,13 @@ declare class AuthSubgraph extends BaseSubgraph {
|
|
|
598
505
|
createdAt: Date;
|
|
599
506
|
updatedAt: Date;
|
|
600
507
|
}[]>;
|
|
601
|
-
groups: () => Promise<Group$1[]>;
|
|
602
|
-
group: (_parent: unknown, args: {
|
|
603
|
-
id: number;
|
|
604
|
-
}) => Promise<Group$1 | null>;
|
|
605
|
-
userGroups: (_parent: unknown, args: {
|
|
606
|
-
userAddress: string;
|
|
607
|
-
}) => Promise<Group$1[]>;
|
|
608
508
|
operationPermissions: (_parent: unknown, args: {
|
|
609
509
|
documentId: string;
|
|
610
510
|
operationType: string;
|
|
511
|
+
}, ctx: {
|
|
512
|
+
user?: {
|
|
513
|
+
address: string;
|
|
514
|
+
};
|
|
611
515
|
}) => Promise<OperationPermissionsInfo>;
|
|
612
516
|
canExecuteOperation: (_parent: unknown, args: {
|
|
613
517
|
documentId: string;
|
|
@@ -666,38 +570,6 @@ declare class AuthSubgraph extends BaseSubgraph {
|
|
|
666
570
|
address: string;
|
|
667
571
|
};
|
|
668
572
|
}) => Promise<boolean>;
|
|
669
|
-
createGroup: (_parent: unknown, args: {
|
|
670
|
-
name: string;
|
|
671
|
-
description?: string | null;
|
|
672
|
-
}) => Promise<Group$1>;
|
|
673
|
-
deleteGroup: (_parent: unknown, args: {
|
|
674
|
-
id: number;
|
|
675
|
-
}) => Promise<boolean>;
|
|
676
|
-
addUserToGroup: (_parent: unknown, args: {
|
|
677
|
-
userAddress: string;
|
|
678
|
-
groupId: number;
|
|
679
|
-
}) => Promise<boolean>;
|
|
680
|
-
removeUserFromGroup: (_parent: unknown, args: {
|
|
681
|
-
userAddress: string;
|
|
682
|
-
groupId: number;
|
|
683
|
-
}) => Promise<boolean>;
|
|
684
|
-
grantGroupPermission: (_parent: unknown, args: {
|
|
685
|
-
documentId: string;
|
|
686
|
-
groupId: number;
|
|
687
|
-
permission: string;
|
|
688
|
-
}, ctx: {
|
|
689
|
-
user?: {
|
|
690
|
-
address: string;
|
|
691
|
-
};
|
|
692
|
-
}) => Promise<DocumentGroupPermission>;
|
|
693
|
-
revokeGroupPermission: (_parent: unknown, args: {
|
|
694
|
-
documentId: string;
|
|
695
|
-
groupId: number;
|
|
696
|
-
}, ctx: {
|
|
697
|
-
user?: {
|
|
698
|
-
address: string;
|
|
699
|
-
};
|
|
700
|
-
}) => Promise<boolean>;
|
|
701
573
|
grantOperationPermission: (_parent: unknown, args: {
|
|
702
574
|
documentId: string;
|
|
703
575
|
operationType: string;
|
|
@@ -716,39 +588,6 @@ declare class AuthSubgraph extends BaseSubgraph {
|
|
|
716
588
|
address: string;
|
|
717
589
|
};
|
|
718
590
|
}) => Promise<boolean>;
|
|
719
|
-
grantGroupOperationPermission: (_parent: unknown, args: {
|
|
720
|
-
documentId: string;
|
|
721
|
-
operationType: string;
|
|
722
|
-
groupId: number;
|
|
723
|
-
}, ctx: {
|
|
724
|
-
user?: {
|
|
725
|
-
address: string;
|
|
726
|
-
};
|
|
727
|
-
}) => Promise<OperationGroupPermission>;
|
|
728
|
-
revokeGroupOperationPermission: (_parent: unknown, args: {
|
|
729
|
-
documentId: string;
|
|
730
|
-
operationType: string;
|
|
731
|
-
groupId: number;
|
|
732
|
-
}, ctx: {
|
|
733
|
-
user?: {
|
|
734
|
-
address: string;
|
|
735
|
-
};
|
|
736
|
-
}) => Promise<boolean>;
|
|
737
|
-
};
|
|
738
|
-
Group: {
|
|
739
|
-
members: (parent: {
|
|
740
|
-
id: number;
|
|
741
|
-
}) => Promise<string[]>;
|
|
742
|
-
};
|
|
743
|
-
DocumentGroupPermission: {
|
|
744
|
-
group: (parent: {
|
|
745
|
-
groupId: number;
|
|
746
|
-
}) => Promise<Group$1>;
|
|
747
|
-
};
|
|
748
|
-
OperationGroupPermission: {
|
|
749
|
-
group: (parent: {
|
|
750
|
-
groupId: number;
|
|
751
|
-
}) => Promise<Group$1>;
|
|
752
591
|
};
|
|
753
592
|
};
|
|
754
593
|
onSetup(): Promise<void>;
|
|
@@ -759,6 +598,7 @@ interface AuthConfig {
|
|
|
759
598
|
enabled: boolean;
|
|
760
599
|
admins: string[];
|
|
761
600
|
skipCredentialVerification?: boolean;
|
|
601
|
+
credentialVerificationCacheTtlMs?: number;
|
|
762
602
|
}
|
|
763
603
|
interface User {
|
|
764
604
|
address: string;
|
|
@@ -772,6 +612,7 @@ interface AuthContext {
|
|
|
772
612
|
}
|
|
773
613
|
declare class AuthService {
|
|
774
614
|
private readonly config;
|
|
615
|
+
private readonly credentialCache;
|
|
775
616
|
constructor(config: AuthConfig);
|
|
776
617
|
authenticateRequest(request: globalThis.Request): Promise<AuthContext | globalThis.Response>;
|
|
777
618
|
/**
|
|
@@ -789,9 +630,28 @@ declare class AuthService {
|
|
|
789
630
|
*/
|
|
790
631
|
private extractUserFromVerification;
|
|
791
632
|
/**
|
|
792
|
-
* Verify that the credential still exists on the Renown API
|
|
633
|
+
* Verify that the credential still exists on the Renown API.
|
|
634
|
+
*
|
|
635
|
+
* Results are cached per (address, chainId, issuer) for a short TTL so the
|
|
636
|
+
* blocking external round-trip is not paid on every request. Concurrent
|
|
637
|
+
* checks for the same key share a single in-flight request, and entries
|
|
638
|
+
* that resolve to false are evicted immediately so failed or revoked
|
|
639
|
+
* credentials are re-checked on the next request.
|
|
793
640
|
*/
|
|
794
641
|
private verifyCredentialExists;
|
|
642
|
+
/**
|
|
643
|
+
* Enforce the cache size cap before inserting a new entry: drop expired
|
|
644
|
+
* entries first, then evict oldest-inserted entries (insertion order
|
|
645
|
+
* matches expiry order since the TTL is constant) until under the cap, so
|
|
646
|
+
* a flood of distinct keys cannot grow the map without bound.
|
|
647
|
+
*/
|
|
648
|
+
private pruneCredentialCache;
|
|
649
|
+
/**
|
|
650
|
+
* Fetch the credential from the Renown API and validate it against the
|
|
651
|
+
* expected address, chainId and issuer. Never throws; returns false on any
|
|
652
|
+
* network or validation failure.
|
|
653
|
+
*/
|
|
654
|
+
private fetchCredentialExists;
|
|
795
655
|
}
|
|
796
656
|
//#endregion
|
|
797
657
|
//#region src/graphql/gateway/types.d.ts
|
|
@@ -944,7 +804,7 @@ declare class GraphQLManager {
|
|
|
944
804
|
private readonly logger;
|
|
945
805
|
private readonly httpAdapter;
|
|
946
806
|
private readonly gatewayAdapter;
|
|
947
|
-
private readonly
|
|
807
|
+
private readonly authService?;
|
|
948
808
|
private readonly documentPermissionService?;
|
|
949
809
|
private readonly featureFlags;
|
|
950
810
|
private readonly port;
|
|
@@ -952,7 +812,6 @@ declare class GraphQLManager {
|
|
|
952
812
|
private coreSubgraphsMap;
|
|
953
813
|
private contextFields;
|
|
954
814
|
private readonly subgraphs;
|
|
955
|
-
private authService;
|
|
956
815
|
private readonly subgraphWsDisposers;
|
|
957
816
|
readonly driveOwnershipCache: DriveOwnershipCache;
|
|
958
817
|
/** Cached document models for schema generation - updated on init and regenerate */
|
|
@@ -965,7 +824,7 @@ declare class GraphQLManager {
|
|
|
965
824
|
*/
|
|
966
825
|
readonly reactorDriveClient?: IDriveClient;
|
|
967
826
|
private readonly authorizationService;
|
|
968
|
-
constructor(path: string, httpServer: http.Server, wsServer: WebSocketServer, reactorClient: IReactorClient, relationalDb: IRelationalDb, analyticsStore: IAnalyticsStore, syncManager: ISyncManager, logger: ILogger, httpAdapter: IHttpAdapter, gatewayAdapter: IGatewayAdapter<Context$1>,
|
|
827
|
+
constructor(path: string, httpServer: http.Server, wsServer: WebSocketServer, reactorClient: IReactorClient, relationalDb: IRelationalDb, analyticsStore: IAnalyticsStore, syncManager: ISyncManager, logger: ILogger, httpAdapter: IHttpAdapter, gatewayAdapter: IGatewayAdapter<Context$1>, authService?: AuthService | undefined, documentPermissionService?: DocumentPermissionService | undefined, featureFlags?: GraphqlManagerFeatureFlags, port?: number, authorizationService?: IAuthorizationService, reactorDriveClient?: IDriveClient);
|
|
969
828
|
init(coreSubgraphs: SubgraphClass$1[], authMiddleware?: AuthFetchMiddleware): Promise<void>;
|
|
970
829
|
/**
|
|
971
830
|
* Regenerate document model subgraphs when models are dynamically loaded.
|
|
@@ -2946,6 +2805,12 @@ type ProcessorInitializer = ProcessorFactoryBuilder;
|
|
|
2946
2805
|
* authorization check fails closed. Refuse to boot rather than run broken.
|
|
2947
2806
|
*/
|
|
2948
2807
|
declare function assertAuthRequiredForDocumentPermissions(authEnabled: boolean, documentPermissionsRequested: boolean): void;
|
|
2808
|
+
/**
|
|
2809
|
+
* Refuses SKIP_CREDENTIAL_VERIFICATION at boot outside tests or an explicit
|
|
2810
|
+
* opt-in: it removes the only binding between a token's claimed address and its
|
|
2811
|
+
* signing key. Fail-closed — unset NODE_ENV counts as production.
|
|
2812
|
+
*/
|
|
2813
|
+
declare function assertSkipCredentialVerificationAllowed(authEnabled: boolean, skipCredentialVerification: boolean, env: NodeJS.ProcessEnv): void;
|
|
2949
2814
|
/**
|
|
2950
2815
|
* Initializes and starts the API server using an initializer function.
|
|
2951
2816
|
* This function first loads packages to get document models, then calls the initializer function
|
|
@@ -3005,5 +2870,5 @@ interface DocumentModelSchemaOptions {
|
|
|
3005
2870
|
*/
|
|
3006
2871
|
declare function generateDocumentModelSchema(documentModel: DocumentModelGlobalState$1, options?: DocumentModelSchemaOptions): DocumentNode;
|
|
3007
2872
|
//#endregion
|
|
3008
|
-
export { ADMIN_USERS, API, Action, ActionContext, ActionContextInput, ActionContextInputSchema, ActionContextResolvers, ActionInput, ActionInputSchema, ActionResolvers, AddRelationshipDocument, AddRelationshipMutation, AddRelationshipMutationVariables, AnalyticsSubgraph, AuthConfig, AuthContext, AuthFetchMiddleware, AuthService, AuthSubgraph, BaseSubgraph, ChannelMeta, ChannelMetaInput, ChannelMetaInputSchema, ChannelMetaResolvers, ClientInitializerResult, Context, CreateDocumentDocument, CreateDocumentMutation, CreateDocumentMutationVariables, CreateEmptyDocumentDocument, CreateEmptyDocumentMutation, CreateEmptyDocumentMutationVariables, DateTimeScalarConfig, DbClient, DeadLetterInfo, DeadLetterInfoResolvers, DeleteDocumentDocument, DeleteDocumentMutation, DeleteDocumentMutationVariables, DeleteDocumentsDocument, DeleteDocumentsMutation, DeleteDocumentsMutationVariables, DirectiveResolverFn, DocumentChangeContext, DocumentChangeContextResolvers, DocumentChangeEvent, DocumentChangeEventResolvers, DocumentChangeType, DocumentChangeTypeSchema, DocumentChangesDocument, DocumentChangesSubscription, DocumentChangesSubscriptionVariables,
|
|
2873
|
+
export { ADMIN_USERS, API, Action, ActionContext, ActionContextInput, ActionContextInputSchema, ActionContextResolvers, ActionInput, ActionInputSchema, ActionResolvers, AddRelationshipDocument, AddRelationshipMutation, AddRelationshipMutationVariables, AnalyticsSubgraph, AuthConfig, AuthContext, AuthFetchMiddleware, AuthService, AuthSubgraph, type AuthorizationConfig, AuthorizationPolicy, AuthorizedDocumentHandle, BaseSubgraph, type CanonicalDocumentId, ChannelMeta, ChannelMetaInput, ChannelMetaInputSchema, ChannelMetaResolvers, ClientInitializerResult, Context, CreateDocumentDocument, CreateDocumentMutation, CreateDocumentMutationVariables, CreateEmptyDocumentDocument, CreateEmptyDocumentMutation, CreateEmptyDocumentMutationVariables, DateTimeScalarConfig, DbClient, DeadLetterInfo, DeadLetterInfoResolvers, DeleteDocumentDocument, DeleteDocumentMutation, DeleteDocumentMutationVariables, DeleteDocumentsDocument, DeleteDocumentsMutation, DeleteDocumentsMutationVariables, DirectiveResolverFn, DocumentChangeContext, DocumentChangeContextResolvers, DocumentChangeEvent, DocumentChangeEventResolvers, DocumentChangeType, DocumentChangeTypeSchema, DocumentChangesDocument, DocumentChangesSubscription, DocumentChangesSubscriptionVariables, DocumentModelGlobalState, DocumentModelGlobalStateResolvers, DocumentModelResultPage, DocumentModelResultPageResolvers, DocumentModelSchemaOptions, DocumentOperationsFilterInput, DocumentOperationsFilterInputSchema, DocumentPermissionConfig, DocumentPermissionDatabase, DocumentPermissionEntry, DocumentPermissionLevel, DocumentPermissionService, DocumentPermissionTable, DocumentProtectionTable, DocumentWithChildren, DocumentWithChildrenResolvers, Exact, FetchHandler, FindDocumentsDocument, FindDocumentsQuery, FindDocumentsQueryVariables, GatewayAdapterType, GatewayContextFactory, GetDocumentDocument, GetDocumentIncomingRelationshipsDocument, GetDocumentIncomingRelationshipsQuery, GetDocumentIncomingRelationshipsQueryVariables, GetDocumentModelsDocument, GetDocumentModelsQuery, GetDocumentModelsQueryVariables, GetDocumentOperationsDocument, GetDocumentOperationsQuery, GetDocumentOperationsQueryVariables, GetDocumentOutgoingRelationshipsDocument, GetDocumentOutgoingRelationshipsQuery, GetDocumentOutgoingRelationshipsQueryVariables, GetDocumentQuery, GetDocumentQueryVariables, GetDocumentWithOperationsDocument, GetDocumentWithOperationsQuery, GetDocumentWithOperationsQueryVariables, GetJobStatusDocument, GetJobStatusQuery, GetJobStatusQueryVariables, GetParentIdsFn, GqlDocument, GqlDriveDocument, GqlOperation, GqlOperationContext, GqlSigner, GqlSignerApp, GqlSignerUser, GraphQLManager, GraphqlManagerFeatureFlags, HttpAdapterSetup, HttpAdapterType, HttpDocumentModelLoader, HttpPackageLoader, HttpPackageLoaderLogger, HttpPackageLoaderOptions, type IAuthorizationService, IGatewayAdapter, IHttpAdapter, type IPackageLoader, type IPackageLoaderOptions, IPackageStorage, IReactorProcessorHostModule, ISubgraph, ImportPackageLoader, InMemoryPackageStorage, Incremental, InputMaybe, InstallPackageResult, InstalledPackageInfo, IsTypeOfResolverFn, JobChangeEvent, JobChangeEventResolvers, JobChangesDocument, JobChangesSubscription, JobChangesSubscriptionVariables, JobInfo, JobInfoResolvers, JsonObjectScalarConfig, MakeEmpty, MakeMaybe, MakeOptional, Maybe, MoveRelationshipDocument, MoveRelationshipMutation, MoveRelationshipMutationVariables, MoveRelationshipResult, MoveRelationshipResultResolvers, MutateDocumentAsyncDocument, MutateDocumentAsyncMutation, MutateDocumentAsyncMutationVariables, MutateDocumentDocument, MutateDocumentMutation, MutateDocumentMutationVariables, Mutation, MutationAddRelationshipArgs, MutationCreateDocumentArgs, MutationCreateEmptyDocumentArgs, MutationDeleteDocumentArgs, MutationDeleteDocumentsArgs, MutationMoveRelationshipArgs, MutationMutateDocumentArgs, MutationMutateDocumentAsyncArgs, MutationPushSyncEnvelopesArgs, MutationRemoveRelationshipArgs, MutationRenameDocumentArgs, MutationResolvers, MutationSetPreferredEditorArgs, MutationTouchChannelArgs, NextResolverFn, OperationContext, OperationContextInput, OperationContextInputSchema, OperationContextResolvers, OperationInput, OperationInputSchema, OperationUserPermissionEntry, OperationUserPermissionTable, OperationWithContext, OperationWithContextInput, OperationWithContextInputSchema, OperationWithContextResolvers, OperationsFilterInput, OperationsFilterInputSchema, PackageManagementService, PackageManagementServiceOptions, PackageManager, PackagesSubgraph, type PackagesSubgraphArgs, PagingInput, PagingInputSchema, type ParsedDriveUrl, PgliteFactory, PhDocument, PhDocumentFieldsFragment, PhDocumentFieldsFragmentDoc, PhDocumentOperationsArgs, PhDocumentResolvers, PhDocumentResultPage, PhDocumentResultPageResolvers, PollSyncEnvelopesDocument, PollSyncEnvelopesQuery, PollSyncEnvelopesQueryVariables, PollSyncEnvelopesResult, PollSyncEnvelopesResultResolvers, Processor, ProcessorDriveFactory, ProcessorFactoryBuilder, PropagationMode, PropagationModeSchema, PushSyncEnvelopesDocument, PushSyncEnvelopesMutation, PushSyncEnvelopesMutationVariables, Query, QueryDocumentArgs, QueryDocumentIncomingRelationshipsArgs, QueryDocumentModelsArgs, QueryDocumentOperationsArgs, QueryDocumentOutgoingRelationshipsArgs, QueryFindDocumentsArgs, QueryJobStatusArgs, QueryPollSyncEnvelopesArgs, QueryResolvers, ReactorModule, ReactorOperation, ReactorOperationResolvers, ReactorOperationResultPage, ReactorOperationResultPageResolvers, ReactorSigner, ReactorSignerApp, ReactorSignerAppInput, ReactorSignerAppInputSchema, ReactorSignerAppResolvers, ReactorSignerInput, ReactorSignerInputSchema, ReactorSignerResolvers, ReactorSignerUser, ReactorSignerUserInput, ReactorSignerUserInputSchema, ReactorSignerUserResolvers, ReactorSubgraph, ReadinessGate, RemoteCursor, RemoteCursorInput, RemoteCursorInputSchema, RemoteCursorResolvers, RemoteFilterInput, RemoteFilterInputSchema, RemoveRelationshipDocument, RemoveRelationshipMutation, RemoveRelationshipMutationVariables, RenameDocumentDocument, RenameDocumentMutation, RenameDocumentMutationVariables, Requester, RequireFields, Resolver, ResolverFn, ResolverTypeWrapper, ResolverWithResolve, Resolvers, ResolversObject, ResolversParentTypes, ResolversTypes, Revision, RevisionResolvers, Scalars, Sdk, SearchFilterInput, SearchFilterInputSchema, SetPreferredEditorDocument, SetPreferredEditorMutation, SetPreferredEditorMutationVariables, SubgraphArgs, SubgraphClass, SubgraphDefinition, Subscription, SubscriptionDocumentChangesArgs, SubscriptionJobChangesArgs, SubscriptionObject, SubscriptionResolveFn, SubscriptionResolver, SubscriptionResolverObject, SubscriptionResolvers, SubscriptionSubscribeFn, SubscriptionSubscriberObject, SyncEnvelope, SyncEnvelopeInput, SyncEnvelopeInputSchema, SyncEnvelopeResolvers, SyncEnvelopeType, SyncEnvelopeTypeSchema, SystemSubgraph, TlsOptions, TouchChannelDocument, TouchChannelInput, TouchChannelInputSchema, TouchChannelMutation, TouchChannelMutationVariables, TouchChannelResult, TouchChannelResultResolvers, TypeResolveFn, User, ViewFilterInput, ViewFilterInputSchema, WithIndex, WsContextFactory, WsDisposer, assertAuthRequiredForDocumentPermissions, assertSkipCredentialVerificationAllowed, buildGraphQlDocument, buildGraphQlDriveDocument, buildGraphqlOperation, buildGraphqlOperations, buildSubgraphSchemaModule, createAuthFetchMiddleware, createGatewayAdapter, createHttpAdapter, createMergedSchema, createReactorGraphQLClient, createSchema, definedNonNullAnySchema, driveIdFromUrl, extractSubgraphsFromModule, generateDocumentModelSchema, getAuthContext, getDbClient, getDocumentModelSchemaName, getDocumentModelTypeDefs, getGitHash, getGitUrl, getSdk, getUniqueDocumentModels, getVersion, initAnalyticsStoreSql, initializeAndStartAPI, isDefinedNonNullAny, isExpectedLoaderMiss, isSubgraphClass, parseDriveUrl, renderGraphqlPlayground };
|
|
3009
2874
|
//# sourceMappingURL=index.d.mts.map
|