graphql-shield-node23 7.6.5

package/dist/esm/shield.js

@@ -0,0 +1,45 @@
+import hash from 'object-hash';
+import { middleware } from 'graphql-middleware';
+import { ValidationError, validateRuleTree } from './validation.js';
+import { generateMiddlewareGeneratorFromRuleTree } from './generator.js';
+import { allow } from './constructors.js';
+import { withDefault } from './utils.js';
+/**
+ *
+ * @param options
+ *
+ * Makes sure all of defined rules are in accord with the options
+ * shield can process.
+ *
+ */
+function normalizeOptions(options) {
+    if (typeof options.fallbackError === 'string') {
+        options.fallbackError = new Error(options.fallbackError);
+    }
+    return {
+        debug: options.debug !== undefined ? options.debug : false,
+        allowExternalErrors: withDefault(false)(options.allowExternalErrors),
+        fallbackRule: withDefault(allow)(options.fallbackRule),
+        fallbackError: withDefault(new Error('Not Authorised!'))(options.fallbackError),
+        hashFunction: withDefault(hash)(options.hashFunction),
+    };
+}
+/**
+ *
+ * @param ruleTree
+ * @param options
+ *
+ * Validates rules and generates middleware from defined rule tree.
+ *
+ */
+export function shield(ruleTree, options = {}) {
+    const normalizedOptions = normalizeOptions(options);
+    const ruleTreeValidity = validateRuleTree(ruleTree);
+    if (ruleTreeValidity.status === 'ok') {
+        const generatorFunction = generateMiddlewareGeneratorFromRuleTree(ruleTree, normalizedOptions);
+        return middleware(generatorFunction);
+    }
+    else {
+        throw new ValidationError(ruleTreeValidity.message);
+    }
+}

package/dist/esm/types.js

@@ -0,0 +1 @@
+export {};

package/dist/esm/utils.js

@@ -0,0 +1,88 @@
+import { Rule, LogicRule } from './rules.js';
+/**
+ *
+ * @param x
+ *
+ * Makes sure that a certain field is a rule.
+ *
+ */
+export function isRule(x) {
+    return (x instanceof Rule || (x && x.constructor && x.constructor.name === 'Rule'));
+}
+/**
+ *
+ * @param x
+ *
+ * Makes sure that a certain field is a logic rule.
+ *
+ */
+export function isLogicRule(x) {
+    return (x instanceof LogicRule ||
+        (x &&
+            x.constructor &&
+            (x.constructor.name === 'RuleOr' ||
+                x.constructor.name === 'RuleAnd' ||
+                x.constructor.name === 'RuleChain' ||
+                x.constructor.name === 'RuleRace' ||
+                x.constructor.name === 'RuleNot' ||
+                x.constructor.name === 'RuleTrue' ||
+                x.constructor.name === 'RuleFalse')));
+}
+/**
+ *
+ * @param x
+ *
+ * Makes sure that a certain field is a rule or a logic rule.
+ *
+ */
+export function isRuleFunction(x) {
+    return isRule(x) || isLogicRule(x);
+}
+/**
+ *
+ * @param x
+ *
+ * Determines whether a certain field is rule field map or not.
+ *
+ */
+export function isRuleFieldMap(x) {
+    return (typeof x === 'object' &&
+        Object.values(x).every((rule) => isRuleFunction(rule)));
+}
+/**
+ *
+ * @param obj
+ * @param func
+ *
+ * Flattens object of particular type by checking if the leaf
+ * evaluates to true from particular function.
+ *
+ */
+export function flattenObjectOf(obj, f) {
+    const values = Object.keys(obj).reduce((acc, key) => {
+        const val = obj[key];
+        if (f(val)) {
+            return [...acc, val];
+        }
+        else if (typeof val === 'object' && !f(val)) {
+            return [...acc, ...flattenObjectOf(val, f)];
+        }
+        else {
+            return acc;
+        }
+    }, []);
+    return values;
+}
+/**
+ *
+ * Returns fallback is provided value is undefined
+ *
+ * @param fallback
+ */
+export function withDefault(fallback) {
+    return (value) => {
+        if (value === undefined)
+            return fallback;
+        return value;
+    };
+}

package/dist/esm/validation.js

@@ -0,0 +1,79 @@
+import { isRuleFunction, flattenObjectOf, isLogicRule } from './utils.js';
+/**
+ *
+ * @param ruleTree
+ *
+ * Validates the rule tree declaration by checking references of rule
+ * functions. We deem rule tree valid if no two rules with the same name point
+ * to different rules.
+ *
+ */
+export function validateRuleTree(ruleTree) {
+    const rules = extractRules(ruleTree);
+    const valid = rules.reduce(({ map, duplicates }, rule) => {
+        if (!map.has(rule.name)) {
+            return { map: map.set(rule.name, rule), duplicates };
+        }
+        else if (!map.get(rule.name).equals(rule) &&
+            !duplicates.includes(rule.name)) {
+            return {
+                map: map.set(rule.name, rule),
+                duplicates: [...duplicates, rule.name],
+            };
+        }
+        else {
+            return { map, duplicates };
+        }
+    }, { map: new Map(), duplicates: [] });
+    if (valid.duplicates.length === 0) {
+        return { status: 'ok' };
+    }
+    else {
+        const duplicates = valid.duplicates.join(', ');
+        return {
+            status: 'err',
+            message: `There seem to be multiple definitions of these rules: ${duplicates}`,
+        };
+    }
+    /* Helper functions */
+    /**
+     *
+     * @param ruleTree
+     *
+     * Extracts rules from rule tree.
+     *
+     */
+    function extractRules(ruleTree) {
+        const resolvers = flattenObjectOf(ruleTree, isRuleFunction);
+        const rules = resolvers.reduce((rules, rule) => {
+            if (isLogicRule(rule)) {
+                return [...rules, ...extractLogicRules(rule)];
+            }
+            else {
+                return [...rules, rule];
+            }
+        }, []);
+        return rules;
+    }
+    /**
+     *
+     * Recursively extracts Rules from LogicRule
+     *
+     * @param rule
+     */
+    function extractLogicRules(rule) {
+        return rule.getRules().reduce((acc, shieldRule) => {
+            if (isLogicRule(shieldRule)) {
+                return [...acc, ...extractLogicRules(shieldRule)];
+            }
+            else {
+                return [...acc, shieldRule];
+            }
+        }, []);
+    }
+}
+export class ValidationError extends Error {
+    constructor(message) {
+        super(message);
+    }
+}

package/dist/package.json

@@ -0,0 +1,47 @@
+{
+  "name": "@szofon/graphql-shield-node23",
+  "version": "7.6.5",
+  "description": "GraphQL Server permissions as another layer of abstraction!",
+  "sideEffects": false,
+  "peerDependencies": {
+    "graphql": "^0.11.0 || ^0.12.0 || ^0.13.0 || ^14.0.0 || ^15.0.0 || ^16.0.0",
+    "graphql-middleware": "^2.0.0 || ^3.0.0 || ^4.0.0 || ^6.0.0"
+  },
+  "dependencies": {
+    "@types/yup": "0.29.13",
+    "object-hash": "^3.0.0",
+    "tslib": "^2.4.0",
+    "yup": "^0.32.0"
+  },
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/maticzav/graphql-shield.git"
+  },
+  "homepage": "https://github.com/maticzav/graphql-shield",
+  "author": "Matic Zavadlal <matic.zavadlal@gmail.com>",
+  "license": "MIT",
+  "main": "cjs/index.js",
+  "module": "esm/index.js",
+  "typings": "typings/index.d.ts",
+  "typescript": {
+    "definition": "typings/index.d.ts"
+  },
+  "type": "module",
+  "exports": {
+    ".": {
+      "require": {
+        "types": "./typings/index.d.cts",
+        "default": "./cjs/index.js"
+      },
+      "import": {
+        "types": "./typings/index.d.ts",
+        "default": "./esm/index.js"
+      },
+      "default": {
+        "types": "./typings/index.d.ts",
+        "default": "./esm/index.js"
+      }
+    },
+    "./package.json": "./package.json"
+  }
+}

package/dist/typings/constructors.d.cts

@@ -0,0 +1,91 @@
+import * as Yup from 'yup';
+import { IRuleFunction, IRuleConstructorOptions, ShieldRule, IShieldContext } from './types.cjs';
+import { Rule, RuleAnd, RuleOr, RuleNot, RuleTrue, RuleFalse, InputRule, RuleChain, RuleRace } from './rules.cjs';
+/**
+ *
+ * @param name
+ * @param options
+ *
+ * Wraps a function into a Rule class. This way we can identify rules
+ * once we start generating middleware from our ruleTree.
+ *
+ * 1.
+ * const auth = rule()(async (parent, args, ctx, info) => {
+ *  return true
+ * })
+ *
+ * 2.
+ * const auth = rule('name')(async (parent, args, ctx, info) => {
+ *  return true
+ * })
+ *
+ * 3.
+ * const auth = rule({
+ *  name: 'name',
+ *  fragment: 'string',
+ *  cache: 'cache',
+ * })(async (parent, args, ctx, info) => {
+ *  return true
+ * })
+ *
+ */
+export declare const rule: (name?: string | IRuleConstructorOptions, options?: IRuleConstructorOptions) => (func: IRuleFunction) => Rule;
+/**
+ *
+ * Constructs a new InputRule based on the schema.
+ *
+ * @param schema
+ */
+export declare const inputRule: <T>(name?: string) => (schema: (yup: typeof Yup, ctx: IShieldContext) => Yup.BaseSchema<T, import("yup/lib/types.js").AnyObject, any>, options?: import("yup/lib/types.js").ValidateOptions<import("yup/lib/types.js").AnyObject> | undefined) => InputRule<T>;
+/**
+ *
+ * @param rules
+ *
+ * Logical operator and serves as a wrapper for and operation.
+ *
+ */
+export declare const and: (...rules: ShieldRule[]) => RuleAnd;
+/**
+ *
+ * @param rules
+ *
+ * Logical operator and serves as a wrapper for and operation.
+ *
+ */
+export declare const chain: (...rules: ShieldRule[]) => RuleChain;
+/**
+ *
+ * @param rules
+ *
+ * Logical operator and serves as a wrapper for and operation.
+ *
+ */
+export declare const race: (...rules: ShieldRule[]) => RuleRace;
+/**
+ *
+ * @param rules
+ *
+ * Logical operator or serves as a wrapper for or operation.
+ *
+ */
+export declare const or: (...rules: ShieldRule[]) => RuleOr;
+/**
+ *
+ * @param rule
+ *
+ * Logical operator not serves as a wrapper for not operation.
+ *
+ */
+export declare const not: (rule: ShieldRule, error?: string | Error) => RuleNot;
+/**
+ *
+ * Allow queries.
+ *
+ */
+export declare const allow: RuleTrue;
+/**
+ *
+ * Deny queries.
+ *
+ */
+export declare const deny: RuleFalse;

package/dist/typings/constructors.d.ts

@@ -0,0 +1,91 @@
+import * as Yup from 'yup';
+import { IRuleFunction, IRuleConstructorOptions, ShieldRule, IShieldContext } from './types.js';
+import { Rule, RuleAnd, RuleOr, RuleNot, RuleTrue, RuleFalse, InputRule, RuleChain, RuleRace } from './rules.js';
+/**
+ *
+ * @param name
+ * @param options
+ *
+ * Wraps a function into a Rule class. This way we can identify rules
+ * once we start generating middleware from our ruleTree.
+ *
+ * 1.
+ * const auth = rule()(async (parent, args, ctx, info) => {
+ *  return true
+ * })
+ *
+ * 2.
+ * const auth = rule('name')(async (parent, args, ctx, info) => {
+ *  return true
+ * })
+ *
+ * 3.
+ * const auth = rule({
+ *  name: 'name',
+ *  fragment: 'string',
+ *  cache: 'cache',
+ * })(async (parent, args, ctx, info) => {
+ *  return true
+ * })
+ *
+ */
+export declare const rule: (name?: string | IRuleConstructorOptions, options?: IRuleConstructorOptions) => (func: IRuleFunction) => Rule;
+/**
+ *
+ * Constructs a new InputRule based on the schema.
+ *
+ * @param schema
+ */
+export declare const inputRule: <T>(name?: string) => (schema: (yup: typeof Yup, ctx: IShieldContext) => Yup.BaseSchema<T, import("yup/lib/types.js").AnyObject, any>, options?: import("yup/lib/types.js").ValidateOptions<import("yup/lib/types.js").AnyObject> | undefined) => InputRule<T>;
+/**
+ *
+ * @param rules
+ *
+ * Logical operator and serves as a wrapper for and operation.
+ *
+ */
+export declare const and: (...rules: ShieldRule[]) => RuleAnd;
+/**
+ *
+ * @param rules
+ *
+ * Logical operator and serves as a wrapper for and operation.
+ *
+ */
+export declare const chain: (...rules: ShieldRule[]) => RuleChain;
+/**
+ *
+ * @param rules
+ *
+ * Logical operator and serves as a wrapper for and operation.
+ *
+ */
+export declare const race: (...rules: ShieldRule[]) => RuleRace;
+/**
+ *
+ * @param rules
+ *
+ * Logical operator or serves as a wrapper for or operation.
+ *
+ */
+export declare const or: (...rules: ShieldRule[]) => RuleOr;
+/**
+ *
+ * @param rule
+ *
+ * Logical operator not serves as a wrapper for not operation.
+ *
+ */
+export declare const not: (rule: ShieldRule, error?: string | Error) => RuleNot;
+/**
+ *
+ * Allow queries.
+ *
+ */
+export declare const allow: RuleTrue;
+/**
+ *
+ * Deny queries.
+ *
+ */
+export declare const deny: RuleFalse;

package/dist/typings/generator.d.cts

@@ -0,0 +1,11 @@
+import { IMiddlewareGeneratorConstructor } from 'graphql-middleware';
+import { IRules, IOptions } from './types.cjs';
+/**
+ *
+ * @param ruleTree
+ * @param options
+ *
+ * Generates middleware from given rules.
+ *
+ */
+export declare function generateMiddlewareGeneratorFromRuleTree<TSource = any, TContext = any, TArgs = any>(ruleTree: IRules, options: IOptions): IMiddlewareGeneratorConstructor<TSource, TContext, TArgs>;

package/dist/typings/generator.d.ts

@@ -0,0 +1,11 @@
+import { IMiddlewareGeneratorConstructor } from 'graphql-middleware';
+import { IRules, IOptions } from './types.js';
+/**
+ *
+ * @param ruleTree
+ * @param options
+ *
+ * Generates middleware from given rules.
+ *
+ */
+export declare function generateMiddlewareGeneratorFromRuleTree<TSource = any, TContext = any, TArgs = any>(ruleTree: IRules, options: IOptions): IMiddlewareGeneratorConstructor<TSource, TContext, TArgs>;

package/dist/typings/index.d.cts

@@ -0,0 +1,3 @@
+export { IRules, IRule } from './types.cjs';
+export { shield } from './shield.cjs';
+export { rule, inputRule, allow, deny, and, chain, race, or, not, } from './constructors.cjs';

package/dist/typings/index.d.ts

@@ -0,0 +1,3 @@
+export { IRules, IRule } from './types.js';
+export { shield } from './shield.js';
+export { rule, inputRule, allow, deny, and, chain, race, or, not, } from './constructors.js';

package/dist/typings/rules.d.cts

@@ -0,0 +1,159 @@
+import * as Yup from 'yup';
+import { IRuleFunction, IRule, IFragment, IRuleConstructorOptions, ILogicRule, ShieldRule, IRuleResult, IOptions, IShieldContext } from './types.cjs';
+import { GraphQLResolveInfo } from 'graphql';
+export declare class Rule implements IRule {
+    readonly name: string;
+    private cache;
+    private fragment?;
+    private func;
+    constructor(name: string, func: IRuleFunction, constructorOptions: IRuleConstructorOptions);
+    /**
+     *
+     * @param parent
+     * @param args
+     * @param ctx
+     * @param info
+     *
+     * Resolves rule and writes to cache its result.
+     *
+     */
+    resolve(parent: object, args: object, ctx: IShieldContext, info: GraphQLResolveInfo, options: IOptions): Promise<IRuleResult>;
+    /**
+     *
+     * @param rule
+     *
+     * Compares a given rule with the current one
+     * and checks whether their functions are equal.
+     *
+     */
+    equals(rule: Rule): boolean;
+    /**
+     *
+     * Extracts fragment from the rule.
+     *
+     */
+    extractFragment(): IFragment | undefined;
+    /**
+     *
+     * @param options
+     *
+     * Sets default values for options.
+     *
+     */
+    private normalizeOptions;
+    /**
+     *
+     * @param cache
+     *
+     * This ensures backward capability of shield.
+     *
+     */
+    private normalizeCacheOption;
+    /**
+     * Executes a rule and writes to cache if needed.
+     *
+     * @param parent
+     * @param args
+     * @param ctx
+     * @param info
+     */
+    private executeRule;
+    /**
+     * Writes or reads result from cache.
+     *
+     * @param key
+     */
+    private writeToCache;
+}
+export declare class InputRule<T> extends Rule {
+    constructor(name: string, schema: (yup: typeof Yup, ctx: IShieldContext) => Yup.BaseSchema<T>, options?: Parameters<Yup.BaseSchema<T>['validate']>[1]);
+}
+export declare class LogicRule implements ILogicRule {
+    private rules;
+    constructor(rules: ShieldRule[]);
+    /**
+     * By default logic rule resolves to false.
+     */
+    resolve(parent: object, args: object, ctx: IShieldContext, info: GraphQLResolveInfo, options: IOptions): Promise<IRuleResult>;
+    /**
+     * Evaluates all the rules.
+     */
+    evaluate(parent: object, args: object, ctx: IShieldContext, info: GraphQLResolveInfo, options: IOptions): Promise<IRuleResult[]>;
+    /**
+     * Returns rules in a logic rule.
+     */
+    getRules(): ShieldRule[];
+    /**
+     * Extracts fragments from the defined rules.
+     */
+    extractFragments(): IFragment[];
+}
+export declare class RuleOr extends LogicRule {
+    constructor(rules: ShieldRule[]);
+    /**
+     * Makes sure that at least one of them has evaluated to true.
+     */
+    resolve(parent: object, args: object, ctx: IShieldContext, info: GraphQLResolveInfo, options: IOptions): Promise<IRuleResult>;
+}
+export declare class RuleAnd extends LogicRule {
+    constructor(rules: ShieldRule[]);
+    /**
+     * Makes sure that all of them have resolved to true.
+     */
+    resolve(parent: object, args: object, ctx: IShieldContext, info: GraphQLResolveInfo, options: IOptions): Promise<IRuleResult>;
+}
+export declare class RuleChain extends LogicRule {
+    constructor(rules: ShieldRule[]);
+    /**
+     * Makes sure that all of them have resolved to true.
+     */
+    resolve(parent: object, args: object, ctx: IShieldContext, info: GraphQLResolveInfo, options: IOptions): Promise<IRuleResult>;
+    /**
+     * Evaluates all the rules.
+     */
+    evaluate(parent: object, args: object, ctx: IShieldContext, info: GraphQLResolveInfo, options: IOptions): Promise<IRuleResult[]>;
+}
+export declare class RuleRace extends LogicRule {
+    constructor(rules: ShieldRule[]);
+    /**
+     * Makes sure that at least one of them resolved to true.
+     */
+    resolve(parent: object, args: object, ctx: IShieldContext, info: GraphQLResolveInfo, options: IOptions): Promise<IRuleResult>;
+    /**
+     * Evaluates all the rules.
+     */
+    evaluate(parent: object, args: object, ctx: IShieldContext, info: GraphQLResolveInfo, options: IOptions): Promise<IRuleResult[]>;
+}
+export declare class RuleNot extends LogicRule {
+    error?: Error;
+    constructor(rule: ShieldRule, error?: Error);
+    /**
+     *
+     * @param parent
+     * @param args
+     * @param ctx
+     * @param info
+     *
+     * Negates the result.
+     *
+     */
+    resolve(parent: object, args: object, ctx: IShieldContext, info: GraphQLResolveInfo, options: IOptions): Promise<IRuleResult>;
+}
+export declare class RuleTrue extends LogicRule {
+    constructor();
+    /**
+     *
+     * Always true.
+     *
+     */
+    resolve(): Promise<IRuleResult>;
+}
+export declare class RuleFalse extends LogicRule {
+    constructor();
+    /**
+     *
+     * Always false.
+     *
+     */
+    resolve(): Promise<IRuleResult>;
+}