npm
Sign UpSign In

graphql-authz
TypeScript icon, indicating that this package has built-in type declarations

0.0.1 • Public • Published

graphql-authz

graphql-authz is a Casbin authorization middleware for graphql-js

NPM version NPM download install size GitHub Actions Coverage Status Release Gitter

Installation

npm install graphql-authz
// or
yarn add graphql-authz

Get Started

This package should use with graphql and graphql-middleware

To limit access to each endpoint, you can use casbin policy or graphql directive.

In the policy method, you can use casbin policy like

p,user,project.members,query
p,roleb,project.members.tickets.id,query

to restricted access to each endpoint.

In the directive method, you can use directive can to do the same thing.

Here's a minimal example. You can find the full example in the tests/server.test.ts

import { applyMiddleware } from 'graphql-middleware';
import { newMiddleware, CanDirective } from 'graphql-authz';
import { newEnforcer } from 'casbin';
import { ApolloServer } from 'apollo-server';
import { makeExecutableSchema } from '@graphql-tools/schema';
import { CasbinContextEnforcerKey } from '../src';
// After graphql-js 14.0.0, you should manually define directive in the SDL.
const typeDefs = `
directive @can(who: String!) on FIELD_DEFINITION

type User {
    id: ID! @can(who: "user")
    name: String @can(who: "someone")
}
`;

  const resolvers = {
    // something
  };
  const schemaWithDirective = makeExecutableSchema({
    typeDefs,
    resolvers,
    schemaDirectives: {
      can: CanDirective,
    },
  }); 
  // If you want to use directive, this is necessary.
  // You can ignore this in the policy only method.

  const enforcer = await newEnforcer('tests/casbin.conf', 'tests/policy.csv');
  // As for now, you should use model tests/casbin.conf to initialize enforcer.
  // For more info about enforcer, plz refer to https://github.com/casbin/node-casbin

  const middleware = await newMiddleware({
    ctxMember: 'user', // middleware will get current user role from the graphql context[ctxMember]
    enforcer: enforcer, // Casbin Instance
  });
  
  // Apply middlware to graphql schema
  const schemaWithDirectiveMiddleware = applyMiddleware(schemaWithDirective, middleware);

  const server = new ApolloServer({
    schema: schemaWithDirectiveMiddleware,
    context: ({ req }) => {
      // Provide necessary info in the context.
      const token = req.headers.authorization || '';

      // Try to retrieve a user with the token
      const user = getUser(token);

      const a: any = {};
      a[CasbinContextEnforcerKey] = enforcer;
      a['user'] = user;
      return a;
    },
  });

Getting Help

License

This project is under Apache 2.0 License. See the LICENSE file for the full license text.

Readme

Keywords

none

Package Sidebar

Install

npm i graphql-authz

Repository

github.com/node-casbin/graphql-authz

Homepage

casbin.org

Weekly Downloads

4

Version

0.0.1

License

none

Unpacked Size

63.2 kB

Total Files

27

Last publish

Collaborators

  • hsluoyz
  • chalin
Try on RunKit
Report malware