graphql-shield-node23 7.6.5

package/dist/esm/constructors.js

@@ -0,0 +1,124 @@
+import { Rule, RuleAnd, RuleOr, RuleNot, RuleTrue, RuleFalse, InputRule, RuleChain, RuleRace, } from './rules.js';
+/**
+ *
+ * @param name
+ * @param options
+ *
+ * Wraps a function into a Rule class. This way we can identify rules
+ * once we start generating middleware from our ruleTree.
+ *
+ * 1.
+ * const auth = rule()(async (parent, args, ctx, info) => {
+ *  return true
+ * })
+ *
+ * 2.
+ * const auth = rule('name')(async (parent, args, ctx, info) => {
+ *  return true
+ * })
+ *
+ * 3.
+ * const auth = rule({
+ *  name: 'name',
+ *  fragment: 'string',
+ *  cache: 'cache',
+ * })(async (parent, args, ctx, info) => {
+ *  return true
+ * })
+ *
+ */
+export const rule = (name, options) => (func) => {
+    if (typeof name === 'object') {
+        options = name;
+        name = Math.random().toString();
+    }
+    else if (typeof name === 'string') {
+        options = options || {};
+    }
+    else {
+        name = Math.random().toString();
+        options = {};
+    }
+    return new Rule(name, func, {
+        fragment: options.fragment,
+        cache: options.cache,
+    });
+};
+/**
+ *
+ * Constructs a new InputRule based on the schema.
+ *
+ * @param schema
+ */
+export const inputRule = (name) => (schema, options) => {
+    if (typeof name === 'string') {
+        return new InputRule(name, schema, options);
+    }
+    else {
+        return new InputRule(Math.random().toString(), schema, options);
+    }
+};
+/**
+ *
+ * @param rules
+ *
+ * Logical operator and serves as a wrapper for and operation.
+ *
+ */
+export const and = (...rules) => {
+    return new RuleAnd(rules);
+};
+/**
+ *
+ * @param rules
+ *
+ * Logical operator and serves as a wrapper for and operation.
+ *
+ */
+export const chain = (...rules) => {
+    return new RuleChain(rules);
+};
+/**
+ *
+ * @param rules
+ *
+ * Logical operator and serves as a wrapper for and operation.
+ *
+ */
+export const race = (...rules) => {
+    return new RuleRace(rules);
+};
+/**
+ *
+ * @param rules
+ *
+ * Logical operator or serves as a wrapper for or operation.
+ *
+ */
+export const or = (...rules) => {
+    return new RuleOr(rules);
+};
+/**
+ *
+ * @param rule
+ *
+ * Logical operator not serves as a wrapper for not operation.
+ *
+ */
+export const not = (rule, error) => {
+    if (typeof error === 'string')
+        return new RuleNot(rule, new Error(error));
+    return new RuleNot(rule, error);
+};
+/**
+ *
+ * Allow queries.
+ *
+ */
+export const allow = new RuleTrue();
+/**
+ *
+ * Deny queries.
+ *
+ */
+export const deny = new RuleFalse();

package/dist/esm/generator.js

@@ -0,0 +1,201 @@
+import { isObjectType, isIntrospectionType, } from 'graphql';
+import { isRuleFunction, isRuleFieldMap, isRule, isLogicRule, withDefault, } from './utils.js';
+import { ValidationError } from './validation.js';
+/**
+ *
+ * @param options
+ *
+ * Generates a middleware function from a given rule and
+ * initializes the cache object in context.
+ *
+ */
+function generateFieldMiddlewareFromRule(rule, options) {
+    async function middleware(resolve, parent, args, ctx, info) {
+        // Cache
+        if (!ctx) {
+            ctx = {};
+        }
+        if (!ctx._shield) {
+            ctx._shield = {
+                cache: {},
+            };
+        }
+        // Execution
+        try {
+            const res = await rule.resolve(parent, args, ctx, info, options);
+            if (res === true) {
+                return await resolve(parent, args, ctx, info);
+            }
+            else if (res === false) {
+                if (typeof options.fallbackError === 'function') {
+                    return await options.fallbackError(null, parent, args, ctx, info);
+                }
+                return options.fallbackError;
+            }
+            else {
+                return res;
+            }
+        }
+        catch (err) {
+            if (options.debug) {
+                throw err;
+            }
+            else if (options.allowExternalErrors) {
+                return err;
+            }
+            else {
+                if (typeof options.fallbackError === 'function') {
+                    return await options.fallbackError(err, parent, args, ctx, info);
+                }
+                return options.fallbackError;
+            }
+        }
+    }
+    if (isRule(rule) && rule.extractFragment()) {
+        return {
+            fragment: rule.extractFragment(),
+            resolve: middleware,
+        };
+    }
+    if (isLogicRule(rule)) {
+        return {
+            fragments: rule.extractFragments(),
+            resolve: middleware,
+        };
+    }
+    return middleware;
+}
+/**
+ *
+ * @param type
+ * @param rules
+ * @param options
+ *
+ * Generates middleware from rule for a particular type.
+ *
+ */
+function applyRuleToType(type, rules, options) {
+    if (isRuleFunction(rules)) {
+        /* Apply defined rule function to every field */
+        const fieldMap = type.getFields();
+        const middleware = Object.keys(fieldMap).reduce((middleware, field) => {
+            return {
+                ...middleware,
+                [field]: generateFieldMiddlewareFromRule(rules, options),
+            };
+        }, {});
+        return middleware;
+    }
+    else if (isRuleFieldMap(rules)) {
+        /* Apply rules assigned to each field to each field */
+        const fieldMap = type.getFields();
+        /* Extract default type wildcard if any and remove it for validation */
+        const defaultTypeRule = rules['*'];
+        const { '*': _, ...rulesWithoutWildcard } = rules;
+        /* Validation */
+        const fieldErrors = Object.keys(rulesWithoutWildcard)
+            .filter((type) => !Object.prototype.hasOwnProperty.call(fieldMap, type))
+            .map((field) => `${type.name}.${field}`)
+            .join(', ');
+        if (fieldErrors.length > 0) {
+            throw new ValidationError(`It seems like you have applied rules to ${fieldErrors} fields but Shield cannot find them in your schema.`);
+        }
+        /* Generation */
+        const middleware = Object.keys(fieldMap).reduce((middleware, field) => ({
+            ...middleware,
+            [field]: generateFieldMiddlewareFromRule(withDefault(defaultTypeRule || options.fallbackRule)(rules[field]), options),
+        }), {});
+        return middleware;
+    }
+    else {
+        /* Apply fallbackRule to type with no defined rule */
+        const fieldMap = type.getFields();
+        const middleware = Object.keys(fieldMap).reduce((middleware, field) => ({
+            ...middleware,
+            [field]: generateFieldMiddlewareFromRule(options.fallbackRule, options),
+        }), {});
+        return middleware;
+    }
+}
+/**
+ *
+ * @param schema
+ * @param rule
+ * @param options
+ *
+ * Applies the same rule over entire schema.
+ *
+ */
+function applyRuleToSchema(schema, rule, options) {
+    const typeMap = schema.getTypeMap();
+    const middleware = Object.keys(typeMap)
+        .filter((type) => !isIntrospectionType(typeMap[type]))
+        .reduce((middleware, typeName) => {
+        const type = typeMap[typeName];
+        if (isObjectType(type)) {
+            return {
+                ...middleware,
+                [typeName]: applyRuleToType(type, rule, options),
+            };
+        }
+        else {
+            return middleware;
+        }
+    }, {});
+    return middleware;
+}
+/**
+ *
+ * @param rules
+ * @param wrapper
+ *
+ * Converts rule tree to middleware.
+ *
+ */
+function generateMiddlewareFromSchemaAndRuleTree(schema, rules, options) {
+    if (isRuleFunction(rules)) {
+        /* Applies rule to entire schema. */
+        return applyRuleToSchema(schema, rules, options);
+    }
+    else {
+        /**
+         * Checks type map and field map and applies rules
+         * to particular fields.
+         */
+        const typeMap = schema.getTypeMap();
+        /* Validation */
+        const typeErrors = Object.keys(rules)
+            .filter((type) => !Object.prototype.hasOwnProperty.call(typeMap, type))
+            .join(', ');
+        if (typeErrors.length > 0) {
+            throw new ValidationError(`It seems like you have applied rules to ${typeErrors} types but Shield cannot find them in your schema.`);
+        }
+        // Generation
+        const middleware = Object.keys(typeMap)
+            .filter((type) => !isIntrospectionType(typeMap[type]))
+            .reduce((middleware, typeName) => {
+            const type = typeMap[typeName];
+            if (isObjectType(type)) {
+                return {
+                    ...middleware,
+                    [typeName]: applyRuleToType(type, rules[typeName], options),
+                };
+            }
+            else {
+                return middleware;
+            }
+        }, {});
+        return middleware;
+    }
+}
+/**
+ *
+ * @param ruleTree
+ * @param options
+ *
+ * Generates middleware from given rules.
+ *
+ */
+export function generateMiddlewareGeneratorFromRuleTree(ruleTree, options) {
+    return (schema) => generateMiddlewareFromSchemaAndRuleTree(schema, ruleTree, options);
+}

package/dist/esm/index.js

@@ -0,0 +1,2 @@
+export { shield } from './shield.js';
+export { rule, inputRule, allow, deny, and, chain, race, or, not, } from './constructors.js';

package/dist/esm/rules.js

@@ -0,0 +1,366 @@
+import * as Yup from 'yup';
+import { isLogicRule } from './utils.js';
+export class Rule {
+    constructor(name, func, constructorOptions) {
+        const options = this.normalizeOptions(constructorOptions);
+        this.name = name;
+        this.func = func;
+        this.cache = options.cache;
+        this.fragment = options.fragment;
+    }
+    /**
+     *
+     * @param parent
+     * @param args
+     * @param ctx
+     * @param info
+     *
+     * Resolves rule and writes to cache its result.
+     *
+     */
+    async resolve(parent, args, ctx, info, options) {
+        try {
+            /* Resolve */
+            const res = await this.executeRule(parent, args, ctx, info, options);
+            if (res instanceof Error) {
+                return res;
+            }
+            else if (typeof res === 'string') {
+                return new Error(res);
+            }
+            else if (res === true) {
+                return true;
+            }
+            else {
+                return false;
+            }
+        }
+        catch (err) {
+            if (options.debug) {
+                throw err;
+            }
+            else {
+                return false;
+            }
+        }
+    }
+    /**
+     *
+     * @param rule
+     *
+     * Compares a given rule with the current one
+     * and checks whether their functions are equal.
+     *
+     */
+    equals(rule) {
+        return this.func === rule.func;
+    }
+    /**
+     *
+     * Extracts fragment from the rule.
+     *
+     */
+    extractFragment() {
+        return this.fragment;
+    }
+    /**
+     *
+     * @param options
+     *
+     * Sets default values for options.
+     *
+     */
+    normalizeOptions(options) {
+        return {
+            cache: options.cache !== undefined
+                ? this.normalizeCacheOption(options.cache)
+                : 'no_cache',
+            fragment: options.fragment !== undefined ? options.fragment : undefined,
+        };
+    }
+    /**
+     *
+     * @param cache
+     *
+     * This ensures backward capability of shield.
+     *
+     */
+    normalizeCacheOption(cache) {
+        switch (cache) {
+            case true: {
+                return 'strict';
+            }
+            case false: {
+                return 'no_cache';
+            }
+            default: {
+                return cache;
+            }
+        }
+    }
+    /**
+     * Executes a rule and writes to cache if needed.
+     *
+     * @param parent
+     * @param args
+     * @param ctx
+     * @param info
+     */
+    executeRule(parent, args, ctx, info, options) {
+        switch (typeof this.cache) {
+            case 'function': {
+                /* User defined cache function. */
+                const key = `${this.name}-${this.cache(parent, args, ctx, info)}`;
+                return this.writeToCache(key)(parent, args, ctx, info);
+            }
+            case 'string': {
+                /* Standard cache option. */
+                switch (this.cache) {
+                    case 'strict': {
+                        const key = options.hashFunction({ parent, args });
+                        return this.writeToCache(`${this.name}-${key}`)(parent, args, ctx, info);
+                    }
+                    case 'contextual': {
+                        return this.writeToCache(this.name)(parent, args, ctx, info);
+                    }
+                    case 'no_cache': {
+                        return this.func(parent, args, ctx, info);
+                    }
+                }
+            }
+            /* istanbul ignore next */
+            default: {
+                throw new Error(`Unsupported cache format: ${typeof this.cache}`);
+            }
+        }
+    }
+    /**
+     * Writes or reads result from cache.
+     *
+     * @param key
+     */
+    writeToCache(key) {
+        return (parent, args, ctx, info) => {
+            if (!ctx._shield.cache[key]) {
+                ctx._shield.cache[key] = this.func(parent, args, ctx, info);
+            }
+            return ctx._shield.cache[key];
+        };
+    }
+}
+export class InputRule extends Rule {
+    constructor(name, schema, options) {
+        const validationFunction = (parent, args, ctx) => schema(Yup, ctx)
+            .validate(args, options)
+            .then(() => true)
+            .catch((err) => err);
+        super(name, validationFunction, { cache: 'strict', fragment: undefined });
+    }
+}
+export class LogicRule {
+    constructor(rules) {
+        this.rules = rules;
+    }
+    /**
+     * By default logic rule resolves to false.
+     */
+    async resolve(parent, args, ctx, info, options) {
+        return false;
+    }
+    /**
+     * Evaluates all the rules.
+     */
+    async evaluate(parent, args, ctx, info, options) {
+        const rules = this.getRules();
+        const tasks = rules.map((rule) => rule.resolve(parent, args, ctx, info, options));
+        return Promise.all(tasks);
+    }
+    /**
+     * Returns rules in a logic rule.
+     */
+    getRules() {
+        return this.rules;
+    }
+    /**
+     * Extracts fragments from the defined rules.
+     */
+    extractFragments() {
+        const fragments = this.rules.reduce((fragments, rule) => {
+            if (isLogicRule(rule)) {
+                return fragments.concat(...rule.extractFragments());
+            }
+            const fragment = rule.extractFragment();
+            if (fragment)
+                return fragments.concat(fragment);
+            return fragments;
+        }, []);
+        return fragments;
+    }
+}
+// Extended Types
+export class RuleOr extends LogicRule {
+    constructor(rules) {
+        super(rules);
+    }
+    /**
+     * Makes sure that at least one of them has evaluated to true.
+     */
+    async resolve(parent, args, ctx, info, options) {
+        const result = await this.evaluate(parent, args, ctx, info, options);
+        if (result.every((res) => res !== true)) {
+            const customError = result.find((res) => res instanceof Error);
+            return customError || false;
+        }
+        else {
+            return true;
+        }
+    }
+}
+export class RuleAnd extends LogicRule {
+    constructor(rules) {
+        super(rules);
+    }
+    /**
+     * Makes sure that all of them have resolved to true.
+     */
+    async resolve(parent, args, ctx, info, options) {
+        const result = await this.evaluate(parent, args, ctx, info, options);
+        if (result.some((res) => res !== true)) {
+            const customError = result.find((res) => res instanceof Error);
+            return customError || false;
+        }
+        else {
+            return true;
+        }
+    }
+}
+export class RuleChain extends LogicRule {
+    constructor(rules) {
+        super(rules);
+    }
+    /**
+     * Makes sure that all of them have resolved to true.
+     */
+    async resolve(parent, args, ctx, info, options) {
+        const result = await this.evaluate(parent, args, ctx, info, options);
+        if (result.some((res) => res !== true)) {
+            const customError = result.find((res) => res instanceof Error);
+            return customError || false;
+        }
+        else {
+            return true;
+        }
+    }
+    /**
+     * Evaluates all the rules.
+     */
+    async evaluate(parent, args, ctx, info, options) {
+        const rules = this.getRules();
+        return iterate(rules);
+        async function iterate([rule, ...otherRules]) {
+            if (rule === undefined)
+                return [];
+            return rule.resolve(parent, args, ctx, info, options).then((res) => {
+                if (res !== true) {
+                    return [res];
+                }
+                else {
+                    return iterate(otherRules).then((ress) => ress.concat(res));
+                }
+            });
+        }
+    }
+}
+export class RuleRace extends LogicRule {
+    constructor(rules) {
+        super(rules);
+    }
+    /**
+     * Makes sure that at least one of them resolved to true.
+     */
+    async resolve(parent, args, ctx, info, options) {
+        const result = await this.evaluate(parent, args, ctx, info, options);
+        if (result.some((res) => res === true)) {
+            return true;
+        }
+        else {
+            const customError = result.find((res) => res instanceof Error);
+            return customError || false;
+        }
+    }
+    /**
+     * Evaluates all the rules.
+     */
+    async evaluate(parent, args, ctx, info, options) {
+        const rules = this.getRules();
+        return iterate(rules);
+        async function iterate([rule, ...otherRules]) {
+            if (rule === undefined)
+                return [];
+            return rule.resolve(parent, args, ctx, info, options).then((res) => {
+                if (res === true) {
+                    return [res];
+                }
+                else {
+                    return iterate(otherRules).then((ress) => ress.concat(res));
+                }
+            });
+        }
+    }
+}
+export class RuleNot extends LogicRule {
+    constructor(rule, error) {
+        super([rule]);
+        this.error = error;
+    }
+    /**
+     *
+     * @param parent
+     * @param args
+     * @param ctx
+     * @param info
+     *
+     * Negates the result.
+     *
+     */
+    async resolve(parent, args, ctx, info, options) {
+        const [res] = await this.evaluate(parent, args, ctx, info, options);
+        if (res instanceof Error) {
+            return true;
+        }
+        else if (res !== true) {
+            return true;
+        }
+        else {
+            if (this.error)
+                return this.error;
+            return false;
+        }
+    }
+}
+export class RuleTrue extends LogicRule {
+    constructor() {
+        super([]);
+    }
+    /**
+     *
+     * Always true.
+     *
+     */
+    async resolve() {
+        return true;
+    }
+}
+export class RuleFalse extends LogicRule {
+    constructor() {
+        super([]);
+    }
+    /**
+     *
+     * Always false.
+     *
+     */
+    async resolve() {
+        return false;
+    }
+}