graphql-shield-node23 7.6.5

package/dist/typings/rules.d.ts

@@ -0,0 +1,159 @@
+import * as Yup from 'yup';
+import { IRuleFunction, IRule, IFragment, IRuleConstructorOptions, ILogicRule, ShieldRule, IRuleResult, IOptions, IShieldContext } from './types.js';
+import { GraphQLResolveInfo } from 'graphql';
+export declare class Rule implements IRule {
+    readonly name: string;
+    private cache;
+    private fragment?;
+    private func;
+    constructor(name: string, func: IRuleFunction, constructorOptions: IRuleConstructorOptions);
+    /**
+     *
+     * @param parent
+     * @param args
+     * @param ctx
+     * @param info
+     *
+     * Resolves rule and writes to cache its result.
+     *
+     */
+    resolve(parent: object, args: object, ctx: IShieldContext, info: GraphQLResolveInfo, options: IOptions): Promise<IRuleResult>;
+    /**
+     *
+     * @param rule
+     *
+     * Compares a given rule with the current one
+     * and checks whether their functions are equal.
+     *
+     */
+    equals(rule: Rule): boolean;
+    /**
+     *
+     * Extracts fragment from the rule.
+     *
+     */
+    extractFragment(): IFragment | undefined;
+    /**
+     *
+     * @param options
+     *
+     * Sets default values for options.
+     *
+     */
+    private normalizeOptions;
+    /**
+     *
+     * @param cache
+     *
+     * This ensures backward capability of shield.
+     *
+     */
+    private normalizeCacheOption;
+    /**
+     * Executes a rule and writes to cache if needed.
+     *
+     * @param parent
+     * @param args
+     * @param ctx
+     * @param info
+     */
+    private executeRule;
+    /**
+     * Writes or reads result from cache.
+     *
+     * @param key
+     */
+    private writeToCache;
+}
+export declare class InputRule<T> extends Rule {
+    constructor(name: string, schema: (yup: typeof Yup, ctx: IShieldContext) => Yup.BaseSchema<T>, options?: Parameters<Yup.BaseSchema<T>['validate']>[1]);
+}
+export declare class LogicRule implements ILogicRule {
+    private rules;
+    constructor(rules: ShieldRule[]);
+    /**
+     * By default logic rule resolves to false.
+     */
+    resolve(parent: object, args: object, ctx: IShieldContext, info: GraphQLResolveInfo, options: IOptions): Promise<IRuleResult>;
+    /**
+     * Evaluates all the rules.
+     */
+    evaluate(parent: object, args: object, ctx: IShieldContext, info: GraphQLResolveInfo, options: IOptions): Promise<IRuleResult[]>;
+    /**
+     * Returns rules in a logic rule.
+     */
+    getRules(): ShieldRule[];
+    /**
+     * Extracts fragments from the defined rules.
+     */
+    extractFragments(): IFragment[];
+}
+export declare class RuleOr extends LogicRule {
+    constructor(rules: ShieldRule[]);
+    /**
+     * Makes sure that at least one of them has evaluated to true.
+     */
+    resolve(parent: object, args: object, ctx: IShieldContext, info: GraphQLResolveInfo, options: IOptions): Promise<IRuleResult>;
+}
+export declare class RuleAnd extends LogicRule {
+    constructor(rules: ShieldRule[]);
+    /**
+     * Makes sure that all of them have resolved to true.
+     */
+    resolve(parent: object, args: object, ctx: IShieldContext, info: GraphQLResolveInfo, options: IOptions): Promise<IRuleResult>;
+}
+export declare class RuleChain extends LogicRule {
+    constructor(rules: ShieldRule[]);
+    /**
+     * Makes sure that all of them have resolved to true.
+     */
+    resolve(parent: object, args: object, ctx: IShieldContext, info: GraphQLResolveInfo, options: IOptions): Promise<IRuleResult>;
+    /**
+     * Evaluates all the rules.
+     */
+    evaluate(parent: object, args: object, ctx: IShieldContext, info: GraphQLResolveInfo, options: IOptions): Promise<IRuleResult[]>;
+}
+export declare class RuleRace extends LogicRule {
+    constructor(rules: ShieldRule[]);
+    /**
+     * Makes sure that at least one of them resolved to true.
+     */
+    resolve(parent: object, args: object, ctx: IShieldContext, info: GraphQLResolveInfo, options: IOptions): Promise<IRuleResult>;
+    /**
+     * Evaluates all the rules.
+     */
+    evaluate(parent: object, args: object, ctx: IShieldContext, info: GraphQLResolveInfo, options: IOptions): Promise<IRuleResult[]>;
+}
+export declare class RuleNot extends LogicRule {
+    error?: Error;
+    constructor(rule: ShieldRule, error?: Error);
+    /**
+     *
+     * @param parent
+     * @param args
+     * @param ctx
+     * @param info
+     *
+     * Negates the result.
+     *
+     */
+    resolve(parent: object, args: object, ctx: IShieldContext, info: GraphQLResolveInfo, options: IOptions): Promise<IRuleResult>;
+}
+export declare class RuleTrue extends LogicRule {
+    constructor();
+    /**
+     *
+     * Always true.
+     *
+     */
+    resolve(): Promise<IRuleResult>;
+}
+export declare class RuleFalse extends LogicRule {
+    constructor();
+    /**
+     *
+     * Always false.
+     *
+     */
+    resolve(): Promise<IRuleResult>;
+}

package/dist/typings/shield.d.cts

@@ -0,0 +1,11 @@
+import { IMiddlewareGenerator } from 'graphql-middleware';
+import { IRules, IOptionsConstructor } from './types.cjs';
+/**
+ *
+ * @param ruleTree
+ * @param options
+ *
+ * Validates rules and generates middleware from defined rule tree.
+ *
+ */
+export declare function shield<TSource = any, TContext = any, TArgs = any>(ruleTree: IRules, options?: IOptionsConstructor): IMiddlewareGenerator<TSource, TContext, TArgs>;

package/dist/typings/shield.d.ts

@@ -0,0 +1,11 @@
+import { IMiddlewareGenerator } from 'graphql-middleware';
+import { IRules, IOptionsConstructor } from './types.js';
+/**
+ *
+ * @param ruleTree
+ * @param options
+ *
+ * Validates rules and generates middleware from defined rule tree.
+ *
+ */
+export declare function shield<TSource = any, TContext = any, TArgs = any>(ruleTree: IRules, options?: IOptionsConstructor): IMiddlewareGenerator<TSource, TContext, TArgs>;

package/dist/typings/types.d.cts

@@ -0,0 +1,64 @@
+import { GraphQLResolveInfo } from 'graphql';
+import { IMiddlewareGenerator } from 'graphql-middleware';
+export declare type ShieldRule = IRule | ILogicRule;
+export interface IRule {
+    readonly name: string;
+    equals(rule: IRule): boolean;
+    extractFragment(): IFragment | undefined;
+    resolve(parent: object, args: object, ctx: IShieldContext, info: GraphQLResolveInfo, options: IOptions): Promise<IRuleResult>;
+}
+export interface IRuleOptions {
+    cache: ICache;
+    fragment?: IFragment;
+}
+export interface ILogicRule {
+    getRules(): ShieldRule[];
+    extractFragments(): IFragment[];
+    evaluate(parent: object, args: object, ctx: IShieldContext, info: GraphQLResolveInfo, options: IOptions): Promise<IRuleResult[]>;
+    resolve(parent: object, args: object, ctx: IShieldContext, info: GraphQLResolveInfo, options: IOptions): Promise<IRuleResult>;
+}
+export declare type IFragment = string;
+export declare type ICache = 'strict' | 'contextual' | 'no_cache' | ICacheKeyFn;
+export declare type ICacheKeyFn = (parent: any, args: any, ctx: any, info: GraphQLResolveInfo) => string;
+export declare type IRuleResult = boolean | string | Error;
+export declare type IRuleFunction = (parent: any, args: any, ctx: any, info: GraphQLResolveInfo) => IRuleResult | Promise<IRuleResult>;
+export declare type ICacheContructorOptions = ICache | boolean;
+export interface IRuleConstructorOptions {
+    cache?: ICacheContructorOptions;
+    fragment?: IFragment;
+}
+export interface IRuleTypeMap {
+    [key: string]: ShieldRule | IRuleFieldMap;
+}
+export interface IRuleFieldMap {
+    [key: string]: ShieldRule;
+}
+export declare type IRules = ShieldRule | IRuleTypeMap;
+export declare type IHashFunction = (arg: {
+    parent: any;
+    args: any;
+}) => string;
+export declare type IFallbackErrorMapperType = (err: unknown, parent: object, args: object, ctx: IShieldContext, info: GraphQLResolveInfo) => Promise<Error> | Error;
+export declare type IFallbackErrorType = Error | IFallbackErrorMapperType;
+export interface IOptions {
+    debug: boolean;
+    allowExternalErrors: boolean;
+    fallbackRule: ShieldRule;
+    fallbackError?: IFallbackErrorType;
+    hashFunction: IHashFunction;
+}
+export interface IOptionsConstructor {
+    debug?: boolean;
+    allowExternalErrors?: boolean;
+    fallbackRule?: ShieldRule;
+    fallbackError?: string | IFallbackErrorType;
+    hashFunction?: IHashFunction;
+}
+export declare function shield<TSource = any, TContext = any, TArgs = any>(ruleTree: IRules, options: IOptions): IMiddlewareGenerator<TSource, TContext, TArgs>;
+export interface IShieldContext {
+    _shield: {
+        cache: {
+            [key: string]: IRuleResult | Promise<IRuleResult>;
+        };
+    };
+}

package/dist/typings/types.d.ts

@@ -0,0 +1,64 @@
+import { GraphQLResolveInfo } from 'graphql';
+import { IMiddlewareGenerator } from 'graphql-middleware';
+export declare type ShieldRule = IRule | ILogicRule;
+export interface IRule {
+    readonly name: string;
+    equals(rule: IRule): boolean;
+    extractFragment(): IFragment | undefined;
+    resolve(parent: object, args: object, ctx: IShieldContext, info: GraphQLResolveInfo, options: IOptions): Promise<IRuleResult>;
+}
+export interface IRuleOptions {
+    cache: ICache;
+    fragment?: IFragment;
+}
+export interface ILogicRule {
+    getRules(): ShieldRule[];
+    extractFragments(): IFragment[];
+    evaluate(parent: object, args: object, ctx: IShieldContext, info: GraphQLResolveInfo, options: IOptions): Promise<IRuleResult[]>;
+    resolve(parent: object, args: object, ctx: IShieldContext, info: GraphQLResolveInfo, options: IOptions): Promise<IRuleResult>;
+}
+export declare type IFragment = string;
+export declare type ICache = 'strict' | 'contextual' | 'no_cache' | ICacheKeyFn;
+export declare type ICacheKeyFn = (parent: any, args: any, ctx: any, info: GraphQLResolveInfo) => string;
+export declare type IRuleResult = boolean | string | Error;
+export declare type IRuleFunction = (parent: any, args: any, ctx: any, info: GraphQLResolveInfo) => IRuleResult | Promise<IRuleResult>;
+export declare type ICacheContructorOptions = ICache | boolean;
+export interface IRuleConstructorOptions {
+    cache?: ICacheContructorOptions;
+    fragment?: IFragment;
+}
+export interface IRuleTypeMap {
+    [key: string]: ShieldRule | IRuleFieldMap;
+}
+export interface IRuleFieldMap {
+    [key: string]: ShieldRule;
+}
+export declare type IRules = ShieldRule | IRuleTypeMap;
+export declare type IHashFunction = (arg: {
+    parent: any;
+    args: any;
+}) => string;
+export declare type IFallbackErrorMapperType = (err: unknown, parent: object, args: object, ctx: IShieldContext, info: GraphQLResolveInfo) => Promise<Error> | Error;
+export declare type IFallbackErrorType = Error | IFallbackErrorMapperType;
+export interface IOptions {
+    debug: boolean;
+    allowExternalErrors: boolean;
+    fallbackRule: ShieldRule;
+    fallbackError?: IFallbackErrorType;
+    hashFunction: IHashFunction;
+}
+export interface IOptionsConstructor {
+    debug?: boolean;
+    allowExternalErrors?: boolean;
+    fallbackRule?: ShieldRule;
+    fallbackError?: string | IFallbackErrorType;
+    hashFunction?: IHashFunction;
+}
+export declare function shield<TSource = any, TContext = any, TArgs = any>(ruleTree: IRules, options: IOptions): IMiddlewareGenerator<TSource, TContext, TArgs>;
+export interface IShieldContext {
+    _shield: {
+        cache: {
+            [key: string]: IRuleResult | Promise<IRuleResult>;
+        };
+    };
+}

package/dist/typings/utils.d.cts

@@ -0,0 +1,52 @@
+import { ShieldRule, ILogicRule, IRuleFieldMap, IRule } from './types.cjs';
+/**
+ *
+ * @param x
+ *
+ * Makes sure that a certain field is a rule.
+ *
+ */
+export declare function isRule(x: any): x is IRule;
+/**
+ *
+ * @param x
+ *
+ * Makes sure that a certain field is a logic rule.
+ *
+ */
+export declare function isLogicRule(x: any): x is ILogicRule;
+/**
+ *
+ * @param x
+ *
+ * Makes sure that a certain field is a rule or a logic rule.
+ *
+ */
+export declare function isRuleFunction(x: any): x is ShieldRule;
+/**
+ *
+ * @param x
+ *
+ * Determines whether a certain field is rule field map or not.
+ *
+ */
+export declare function isRuleFieldMap(x: any): x is IRuleFieldMap;
+/**
+ *
+ * @param obj
+ * @param func
+ *
+ * Flattens object of particular type by checking if the leaf
+ * evaluates to true from particular function.
+ *
+ */
+export declare function flattenObjectOf<T>(obj: {
+    [key: string]: any;
+}, f: (x: any) => boolean): T[];
+/**
+ *
+ * Returns fallback is provided value is undefined
+ *
+ * @param fallback
+ */
+export declare function withDefault<T>(fallback: T): (value: T | undefined) => T;

package/dist/typings/utils.d.ts

@@ -0,0 +1,52 @@
+import { ShieldRule, ILogicRule, IRuleFieldMap, IRule } from './types.js';
+/**
+ *
+ * @param x
+ *
+ * Makes sure that a certain field is a rule.
+ *
+ */
+export declare function isRule(x: any): x is IRule;
+/**
+ *
+ * @param x
+ *
+ * Makes sure that a certain field is a logic rule.
+ *
+ */
+export declare function isLogicRule(x: any): x is ILogicRule;
+/**
+ *
+ * @param x
+ *
+ * Makes sure that a certain field is a rule or a logic rule.
+ *
+ */
+export declare function isRuleFunction(x: any): x is ShieldRule;
+/**
+ *
+ * @param x
+ *
+ * Determines whether a certain field is rule field map or not.
+ *
+ */
+export declare function isRuleFieldMap(x: any): x is IRuleFieldMap;
+/**
+ *
+ * @param obj
+ * @param func
+ *
+ * Flattens object of particular type by checking if the leaf
+ * evaluates to true from particular function.
+ *
+ */
+export declare function flattenObjectOf<T>(obj: {
+    [key: string]: any;
+}, f: (x: any) => boolean): T[];
+/**
+ *
+ * Returns fallback is provided value is undefined
+ *
+ * @param fallback
+ */
+export declare function withDefault<T>(fallback: T): (value: T | undefined) => T;

package/dist/typings/validation.d.cts

@@ -0,0 +1,19 @@
+import { IRules } from './types.cjs';
+/**
+ *
+ * @param ruleTree
+ *
+ * Validates the rule tree declaration by checking references of rule
+ * functions. We deem rule tree valid if no two rules with the same name point
+ * to different rules.
+ *
+ */
+export declare function validateRuleTree(ruleTree: IRules): {
+    status: 'ok';
+} | {
+    status: 'err';
+    message: string;
+};
+export declare class ValidationError extends Error {
+    constructor(message: string);
+}

package/dist/typings/validation.d.ts

@@ -0,0 +1,19 @@
+import { IRules } from './types.js';
+/**
+ *
+ * @param ruleTree
+ *
+ * Validates the rule tree declaration by checking references of rule
+ * functions. We deem rule tree valid if no two rules with the same name point
+ * to different rules.
+ *
+ */
+export declare function validateRuleTree(ruleTree: IRules): {
+    status: 'ok';
+} | {
+    status: 'err';
+    message: string;
+};
+export declare class ValidationError extends Error {
+    constructor(message: string);
+}

package/package.json

@@ -0,0 +1,67 @@
+{
+  "name": "graphql-shield-node23",
+  "description": "GraphQL Server permissions as another layer of abstraction!",
+  "version": "7.6.5",
+  "author": "Matic Zavadlal <matic.zavadlal@gmail.com>",
+  "homepage": "https://github.com/maticzav/graphql-shield",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/maticzav/graphql-shield.git"
+  },
+  "scripts": {
+    "check": "tsc --noEmit"
+  },
+  "dependencies": {
+    "@types/yup": "0.29.13",
+    "object-hash": "^3.0.0",
+    "tslib": "^2.4.0",
+    "yup": "^0.32.0"
+  },
+  "devDependencies": {
+    "@graphql-tools/schema": "8.5.1",
+    "@graphql-tools/utils": "8.9.0",
+    "@types/node": "18.6.3",
+    "@types/node-fetch": "^2.6.2",
+    "@types/object-hash": "2.2.1",
+    "@types/request-promise-native": "1.0.18",
+    "apollo-server": "3.10.0",
+    "graphql": "16.5.0",
+    "graphql-middleware": "6.1.33",
+    "graphql-shield-rules": "0.0.1",
+    "node-fetch": "^2.6.7"
+  },
+  "peerDependencies": {
+    "graphql": "^0.11.0 || ^0.12.0 || ^0.13.0 || ^14.0.0 || ^15.0.0 || ^16.0.0",
+    "graphql-middleware": "^2.0.0 || ^3.0.0 || ^4.0.0 || ^6.0.0"
+  },
+  "license": "MIT",
+  "main": "dist/cjs/index.js",
+  "module": "dist/esm/index.js",
+  "exports": {
+    ".": {
+      "require": {
+        "types": "./dist/typings/index.d.cts",
+        "default": "./dist/cjs/index.js"
+      },
+      "import": {
+        "types": "./dist/typings/index.d.ts",
+        "default": "./dist/esm/index.js"
+      },
+      "default": {
+        "types": "./dist/typings/index.d.ts",
+        "default": "./dist/esm/index.js"
+      }
+    },
+    "./package.json": "./package.json"
+  },
+  "typings": "dist/typings/index.d.ts",
+  "typescript": {
+    "definition": "dist/typings/index.d.ts"
+  },
+  "type": "module",
+  "sideEffects": false,
+  "publishConfig": {
+    "directory": "dist",
+    "access": "public"
+  }
+}

package/src/constructors.ts

@@ -0,0 +1,157 @@
+import * as Yup from 'yup'
+import {
+  IRuleFunction,
+  IRuleConstructorOptions,
+  ShieldRule,
+  IShieldContext,
+} from './types.js'
+import {
+  Rule,
+  RuleAnd,
+  RuleOr,
+  RuleNot,
+  RuleTrue,
+  RuleFalse,
+  InputRule,
+  RuleChain,
+  RuleRace,
+} from './rules.js'
+
+/**
+ *
+ * @param name
+ * @param options
+ *
+ * Wraps a function into a Rule class. This way we can identify rules
+ * once we start generating middleware from our ruleTree.
+ *
+ * 1.
+ * const auth = rule()(async (parent, args, ctx, info) => {
+ *  return true
+ * })
+ *
+ * 2.
+ * const auth = rule('name')(async (parent, args, ctx, info) => {
+ *  return true
+ * })
+ *
+ * 3.
+ * const auth = rule({
+ *  name: 'name',
+ *  fragment: 'string',
+ *  cache: 'cache',
+ * })(async (parent, args, ctx, info) => {
+ *  return true
+ * })
+ *
+ */
+export const rule =
+  (
+    name?: string | IRuleConstructorOptions,
+    options?: IRuleConstructorOptions,
+  ) =>
+  (func: IRuleFunction): Rule => {
+    if (typeof name === 'object') {
+      options = name
+      name = Math.random().toString()
+    } else if (typeof name === 'string') {
+      options = options || {}
+    } else {
+      name = Math.random().toString()
+      options = {}
+    }
+
+    return new Rule(name, func, {
+      fragment: options.fragment,
+      cache: options.cache,
+    })
+  }
+
+/**
+ *
+ * Constructs a new InputRule based on the schema.
+ *
+ * @param schema
+ */
+export const inputRule =
+  <T>(name?: string) =>
+  (
+    schema: (yup: typeof Yup, ctx: IShieldContext) => Yup.BaseSchema<T>,
+    options?: Parameters<Yup.BaseSchema<T>['validate']>[1],
+  ) => {
+    if (typeof name === 'string') {
+      return new InputRule(name, schema, options)
+    } else {
+      return new InputRule(Math.random().toString(), schema, options)
+    }
+  }
+
+/**
+ *
+ * @param rules
+ *
+ * Logical operator and serves as a wrapper for and operation.
+ *
+ */
+export const and = (...rules: ShieldRule[]): RuleAnd => {
+  return new RuleAnd(rules)
+}
+
+/**
+ *
+ * @param rules
+ *
+ * Logical operator and serves as a wrapper for and operation.
+ *
+ */
+export const chain = (...rules: ShieldRule[]): RuleChain => {
+  return new RuleChain(rules)
+}
+
+/**
+ *
+ * @param rules
+ *
+ * Logical operator and serves as a wrapper for and operation.
+ *
+ */
+export const race = (...rules: ShieldRule[]): RuleRace => {
+  return new RuleRace(rules)
+}
+
+/**
+ *
+ * @param rules
+ *
+ * Logical operator or serves as a wrapper for or operation.
+ *
+ */
+export const or = (...rules: ShieldRule[]): RuleOr => {
+  return new RuleOr(rules)
+}
+
+/**
+ *
+ * @param rule
+ *
+ * Logical operator not serves as a wrapper for not operation.
+ *
+ */
+export const not = (rule: ShieldRule, error?: string | Error): RuleNot => {
+  if (typeof error === 'string') return new RuleNot(rule, new Error(error))
+  return new RuleNot(rule, error)
+}
+
+/**
+ *
+ * Allow queries.
+ *
+ */
+export const allow = new RuleTrue()
+
+/**
+ *
+ * Deny queries.
+ *
+ */
+export const deny = new RuleFalse()