Compare revisions

Yannis Barlas · jgutix · Yannis Barlas · Yannis Barlas · Yannis Barlas · 9773acd3
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,18 @@

 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.

+## [1.0.0](https://gitlab.coko.foundation/cokoapps/server/compare/v0.1.0...v1.0.0) (2020-05-11)
+
+
+### Features
+
+* **middleware:** add middleware for authorization ([33659f4](https://gitlab.coko.foundation/cokoapps/server/commit/33659f424453f19f45f90eade432bc0df207e06c))
+
+
+### Bug Fixes
+
+* **server:** fix crash when trying to read empty config values ([c6c07e4](https://gitlab.coko.foundation/cokoapps/server/commit/c6c07e46141156a39c7e875223798303ea70e776))
+
 ## [0.1.0](https://gitlab.coko.foundation/cokoapps/server/compare/v0.0.2...v0.1.0) (2020-04-04)



--- a/README.md
+++ b/README.md
@@ -36,6 +36,49 @@ If you place this file in `server/app.js`, starting the server should work autom
 }
 ```

+### Authorization middleware
+
+The server provides authorization checks through using `graphql-shield`.  
+You can access all of shield's exports (eg. `rule`, `and`, `or` etc.) through `@coko/server/authorization`.  
+The only exception is `shield`, which is used internally by the server.
+
+To get started, declare your permissions in any file you want:
+
+```js
+// myPermissions.js
+
+const { rule } = require('@coko/server/authorization')
+
+const permissions = {
+  Query: {
+    myQuery: rule()(async (parent, args, ctx, info) => {
+      // my auth logic here
+    }),
+  },
+  Mutation: {
+    myMutation: rule()(async (parent, args, ctx, info) => {
+      // my other auth logic here
+    }),
+  },
+}
+
+module.exports = permissions
+```
+
+For the server to access your permissions, simply add them to the config:
+
+```js
+// config/default.js
+
+const permissions = require('../path/to/myPermissions.js')
+
+{
+  permissions: permissions
+}
+```
+
+Please refer to shield's [documentation](https://github.com/maticzav/graphql-shield#overview) for more details.
+
 ### Cron support

 All you need for cron-based scheduled tasks to run is to provide the path to your cron jobs.
@@ -85,5 +128,5 @@ If you run your client on a different host/port than the server, you might run i

 ### Future features

- Graphql middleware
+- Notification middleware
 - Include more pubsweet packages into the bundle
--- a/authorization.js
+++ b/authorization.js
+const {
+  rule,
+  inputRule,
+  allow,
+  deny,
+  and,
+  chain,
+  or,
+  not,
+} = require('graphql-shield')
+
+module.exports = {
+  rule,
+  inputRule,
+  allow,
+  deny,
+  and,
+  chain,
+  or,
+  not,
+}
--- a/package.json
+++ b/package.json
 {
  "name": "@coko/server",
-  "version": "0.1.0",
+  "version": "1.0.0",
  "description": "A tweaked version of pubsweet-server for use by Coko's projects",
  "main": "src/index.js",
  "scripts": {
@@ -32,6 +32,8 @@
    "cookie-parser": "^1.4.5",
    "cors": "^2.8.5",
    "express": "^4.17.1",
+    "graphql-middleware": "^4.0.2",
+    "graphql-shield": "^7.2.6",
    "helmet": "^3.22.0",
    "http-status-codes": "^1.4.0",
    "lodash": "^4.17.15",

--- a/src/app.js
+++ b/src/app.js
@@ -57,14 +57,19 @@ const configureApp = app => {
  }

  // Allow CORS from client if host / port is different
-  app.use(
-    cors({
-      origin: `${config.get('pubsweet-client.host')}:${config.get(
-        'pubsweet-client.port',
-      )}`,
-      credentials: true,
-    }),
-  )
+  if (
+    config.has('pubsweet-client.host') &&
+    config.has('pubsweet-client.port')
+  ) {
+    app.use(
+      cors({
+        origin: `${config.get('pubsweet-client.host')}:${config.get(
+          'pubsweet-client.port',
+        )}`,
+        credentials: true,
+      }),
+    )
+  }

  // Register passport authentication strategies
  app.use(passport.initialize())

--- a/src/graphqlApi.js
+++ b/src/graphqlApi.js
@@ -5,10 +5,10 @@ const errors = require('@pubsweet/errors')

 const config = require('config')

-const schema = require('pubsweet-server/src/graphql/schema')
 const connectors = require('pubsweet-server/src/connectors')
 const loaders = require('pubsweet-server/src/graphql/loaders')
 const helpers = require('pubsweet-server/src/helpers/authorization')
+const schema = require('./graphqlSchema')

 const hostname = config.has('pubsweet-server.hostname')
  ? config.get('pubsweet-server.hostname')

--- a/src/graphqlSchema.js
+++ b/src/graphqlSchema.js
+const config = require('config')
+
+const { applyMiddleware } = require('graphql-middleware')
+const { shield } = require('graphql-shield')
+let schema = require('pubsweet-server/src/graphql/schema')
+
+if (config.has('permissions')) {
+  schema = applyMiddleware(schema, shield(config.get('permissions')))
+}
+
+module.exports = schema
--- a/yarn.lock
+++ b/yarn.lock
@@ -115,6 +115,13 @@
  dependencies:
    regenerator-runtime "^0.13.4"

+"@babel/runtime@^7.9.6":
+  version "7.9.6"
+  resolved "https://registry.yarnpkg.com/@babel/runtime/-/runtime-7.9.6.tgz#a9102eb5cadedf3f31d08a9ecf294af7827ea29f"
+  integrity sha512-64AF1xY3OAkFHqOb9s4jpgk1Mm5vDZ4L3acHvAml+53nO1XbXLuDodsVpO4OIUsmemlUHMxNdYMNJmsvOwLrvQ==
+  dependencies:
+    regenerator-runtime "^0.13.4"
+
 "@babel/template@^7.8.3":
  version "7.8.6"
  resolved "https://registry.yarnpkg.com/@babel/template/-/template-7.8.6.tgz#86b22af15f828dfb086474f964dcc3e39c43ce2b"
@@ -639,6 +646,11 @@
  dependencies:
    "@types/node" "*"

+"@types/yup@0.26.37":
+  version "0.26.37"
+  resolved "https://registry.yarnpkg.com/@types/yup/-/yup-0.26.37.tgz#7a52854ac602ba0dc969bebc960559f7464a1686"
+  integrity sha512-cDqR/ez4+iAVQYOwadXjKX4Dq1frtnDGV2GNVKj3aUVKVCKRvsr8esFk66j+LgeeJGmrMcBkkfCf3zk13MjV7A==
+
 "@typescript-eslint/experimental-utils@^2.5.0":
  version "2.25.0"
  resolved "https://registry.yarnpkg.com/@typescript-eslint/experimental-utils/-/experimental-utils-2.25.0.tgz#13691c4fe368bd377b1e5b1e4ad660b220bf7714"
@@ -1008,6 +1020,16 @@ apollo-graphql@^0.4.0:
    apollo-env "^0.6.2"
    lodash.sortby "^4.7.0"

+apollo-link@^1.2.14:
+  version "1.2.14"
+  resolved "https://registry.yarnpkg.com/apollo-link/-/apollo-link-1.2.14.tgz#3feda4b47f9ebba7f4160bef8b977ba725b684d9"
+  integrity sha512-p67CMEFP7kOG1JZ0ZkYZwRDa369w5PIjtMjvrQd/HnIV8FRsHRqLqK+oAZQnFa1DDdZtOtHTi+aMIW6EatC2jg==
+  dependencies:
+    apollo-utilities "^1.3.0"
+    ts-invariant "^0.4.0"
+    tslib "^1.9.3"
+    zen-observable-ts "^0.8.21"
+
 apollo-link@^1.2.3:
  version "1.2.13"
  resolved "https://registry.yarnpkg.com/apollo-link/-/apollo-link-1.2.13.tgz#dff00fbf19dfcd90fddbc14b6a3f9a771acac6c4"
@@ -3673,6 +3695,11 @@ flush-write-stream@^1.0.0:
    inherits "^2.0.3"
    readable-stream "^2.3.6"

+fn-name@~3.0.0:
+  version "3.0.0"
+  resolved "https://registry.yarnpkg.com/fn-name/-/fn-name-3.0.0.tgz#0596707f635929634d791f452309ab41558e3c5c"
+  integrity sha512-eNMNr5exLoavuAMhIUVsOKF79SWd/zG104ef6sxBTSw+cZc6BXdQXDvYcGvp0VbxVVSp1XDUNoz7mg1xMtSznA==
+
 follow-redirects@^1.0.0:
  version "1.10.0"
  resolved "https://registry.yarnpkg.com/follow-redirects/-/follow-redirects-1.10.0.tgz#01f5263aee921c6a54fb91667f08f4155ce169eb"
@@ -4019,6 +4046,13 @@ graphql-extensions@^0.11.0:
    apollo-server-env "^2.4.3"
    apollo-server-types "^0.3.0"

+graphql-middleware@^4.0.2:
+  version "4.0.2"
+  resolved "https://registry.yarnpkg.com/graphql-middleware/-/graphql-middleware-4.0.2.tgz#eb589bf428e1795e48cd6a3cfeeba0807b996ebd"
+  integrity sha512-ESVDvMXeN00S1BNsjNS18uExcR16J8zbT31CuKcpyeBa7IMbidG0Pnqnu5P1wKkJLmPmKOfCljWlhXpD/Fawqg==
+  dependencies:
+    graphql-tools "^4.0.5"
+
 graphql-postgres-subscriptions@^1.0.4:
  version "1.0.5"
  resolved "https://registry.yarnpkg.com/graphql-postgres-subscriptions/-/graphql-postgres-subscriptions-1.0.5.tgz#1bf33bc34fb031025da86715524db23ea871f216"
@@ -4029,6 +4063,15 @@ graphql-postgres-subscriptions@^1.0.4:
    pg "^7.4.1"
    pg-ipc "^1.0.4"

+graphql-shield@^7.2.6:
+  version "7.2.6"
+  resolved "https://registry.yarnpkg.com/graphql-shield/-/graphql-shield-7.2.6.tgz#f11107ed122c1882cb8062d55ed3c3acffcdbc17"
+  integrity sha512-XTGd+l0Ah3JzJp/jBFpluGZTmlcM8y09WxVR0w74DuQoFdr7W58j9cNvFudJIET5uBSaCVd7pUPYtep26SltsQ==
+  dependencies:
+    "@types/yup" "0.26.37"
+    object-hash "^2.0.3"
+    yup "^0.28.4"
+
 graphql-subscriptions@^0.5.8:
  version "0.5.8"
  resolved "https://registry.yarnpkg.com/graphql-subscriptions/-/graphql-subscriptions-0.5.8.tgz#13a6143c546bce390404657dc73ca501def30aa7"
@@ -4059,6 +4102,17 @@ graphql-tools@^4.0.0:
    iterall "^1.1.3"
    uuid "^3.1.0"

+graphql-tools@^4.0.5:
+  version "4.0.8"
+  resolved "https://registry.yarnpkg.com/graphql-tools/-/graphql-tools-4.0.8.tgz#e7fb9f0d43408fb0878ba66b522ce871bafe9d30"
+  integrity sha512-MW+ioleBrwhRjalKjYaLQbr+920pHBgy9vM/n47sswtns8+96sRn5M/G+J1eu7IMeKWiN/9p6tmwCHU7552VJg==
+  dependencies:
+    apollo-link "^1.2.14"
+    apollo-utilities "^1.0.1"
+    deprecated-decorator "^0.1.6"
+    iterall "^1.1.3"
+    uuid "^3.1.0"
+
 graphql-upload@^8.0.2:
  version "8.1.0"
  resolved "https://registry.yarnpkg.com/graphql-upload/-/graphql-upload-8.1.0.tgz#6d0ab662db5677a68bfb1f2c870ab2544c14939a"
@@ -5208,6 +5262,11 @@ locate-path@^5.0.0:
  dependencies:
    p-locate "^4.1.0"

+lodash-es@^4.17.11:
+  version "4.17.15"
+  resolved "https://registry.yarnpkg.com/lodash-es/-/lodash-es-4.17.15.tgz#21bd96839354412f23d7a10340e5eac6ee455d78"
+  integrity sha512-rlrc3yU3+JNOpZ9zj5pQtxnx2THmvRykwL4Xlxoa8I9lHBlVbbyPhgyPMioxVZ4NqyxaVVtaJnzsyOidQIhyyQ==
+
 lodash._reinterpolate@^3.0.0:
  version "3.0.0"
  resolved "https://registry.yarnpkg.com/lodash._reinterpolate/-/lodash._reinterpolate-3.0.0.tgz#0ccf2d89166af03b3663c796538b75ac6e114d9d"
@@ -5887,6 +5946,11 @@ object-copy@^0.1.0:
    define-property "^0.2.5"
    kind-of "^3.0.3"

+object-hash@^2.0.3:
+  version "2.0.3"
+  resolved "https://registry.yarnpkg.com/object-hash/-/object-hash-2.0.3.tgz#d12db044e03cd2ca3d77c0570d87225b02e1e6ea"
+  integrity sha512-JPKn0GMu+Fa3zt3Bmr66JhokJU5BaNBIh4ZeTlaCBzrBsOeXzwcKKAK1tbLiPKgvwmPXsDvvLHoWh5Bm7ofIYg==
+
 object-inspect@^1.7.0:
  version "1.7.0"
  resolved "https://registry.yarnpkg.com/object-inspect/-/object-inspect-1.7.0.tgz#f4f6bd181ad77f006b5ece60bd0b6f398ff74a67"
@@ -6664,6 +6728,11 @@ prop-types@^15.7.2:
    object-assign "^4.1.1"
    react-is "^16.8.1"

+property-expr@^2.0.2:
+  version "2.0.2"
+  resolved "https://registry.yarnpkg.com/property-expr/-/property-expr-2.0.2.tgz#fff2a43919135553a3bc2fdd94bdb841965b2330"
+  integrity sha512-bc/5ggaYZxNkFKj374aLbEDqVADdYaLcFo8XBkishUWbaAdjlphaBFns9TvRA2pUseVL/wMFmui9X3IdNDU37g==
+
 proxy-addr@~2.0.5:
  version "2.0.6"
  resolved "https://registry.yarnpkg.com/proxy-addr/-/proxy-addr-2.0.6.tgz#fdc2336505447d3f2f2c638ed272caf614bbb2bf"
@@ -7864,6 +7933,11 @@ symbol-observable@^1.0.4:
  resolved "https://registry.yarnpkg.com/symbol-observable/-/symbol-observable-1.2.0.tgz#c22688aed4eab3cdc2dfeacbb561660560a00804"
  integrity sha512-e900nM8RRtGhlV36KGEU9k65K3mPb1WV70OdjfxlG2EAuM1noi/E/BaW/uMhL7bPEssK8QV57vN3esixjUvcXQ==

+synchronous-promise@^2.0.10:
+  version "2.0.11"
+  resolved "https://registry.yarnpkg.com/synchronous-promise/-/synchronous-promise-2.0.11.tgz#e92022b0754e916f556d3ace1626d24a24214b7e"
+  integrity sha512-8/L5FOCjnlK0FoAfj+NqdCaImMKvEyOEzGmdfcezKp5K9HIukm4akx72endvM87eS/gU8kOxiMQflpC/CdkQAg==
+
 table@^5.2.3:
  version "5.4.6"
  resolved "https://registry.yarnpkg.com/table/-/table-5.4.6.tgz#1292d19500ce3f86053b05f0e8e7e4a3bb21079e"
@@ -8025,6 +8099,11 @@ toidentifier@1.0.0:
  resolved "https://registry.yarnpkg.com/toidentifier/-/toidentifier-1.0.0.tgz#7e1be3470f1e77948bc43d94a3c8f4d7752ba553"
  integrity sha512-yaOH/Pk/VEhBWWTlhI+qXxDFXlejDGcQipMlyxda9nthulaxLZUNcUqFxokp0vcYnvteJln5FNQDRrxj3YcbVw==

+toposort@^2.0.2:
+  version "2.0.2"
+  resolved "https://registry.yarnpkg.com/toposort/-/toposort-2.0.2.tgz#ae21768175d1559d48bef35420b2f4962f09c330"
+  integrity sha1-riF2gXXRVZ1IvvNUILL0li8JwzA=
+
 trim-newlines@^1.0.0:
  version "1.0.0"
  resolved "https://registry.yarnpkg.com/trim-newlines/-/trim-newlines-1.0.0.tgz#5887966bb582a4503a41eb524f7d35011815a613"
@@ -8666,6 +8745,19 @@ yargs@15.0.2:
    y18n "^4.0.0"
    yargs-parser "^16.1.0"

+yup@^0.28.4:
+  version "0.28.5"
+  resolved "https://registry.yarnpkg.com/yup/-/yup-0.28.5.tgz#85cabb4000d3623ef69be81551190692e631a8a5"
+  integrity sha512-7JZcvpUGUxMKoaEtcoMEM8lCWRaueGNH/A3EhL/UWqfbFm3uloiI+x59Yq4nzhbbYWUTwAsCteaZOJ+VbqI1uw==
+  dependencies:
+    "@babel/runtime" "^7.9.6"
+    fn-name "~3.0.0"
+    lodash "^4.17.15"
+    lodash-es "^4.17.11"
+    property-expr "^2.0.2"
+    synchronous-promise "^2.0.10"
+    toposort "^2.0.2"
+
 zen-observable-ts@^0.8.20:
  version "0.8.20"
  resolved "https://registry.yarnpkg.com/zen-observable-ts/-/zen-observable-ts-0.8.20.tgz#44091e335d3fcbc97f6497e63e7f57d5b516b163"
@@ -8674,6 +8766,14 @@ zen-observable-ts@^0.8.20:
    tslib "^1.9.3"
    zen-observable "^0.8.0"

+zen-observable-ts@^0.8.21:
+  version "0.8.21"
+  resolved "https://registry.yarnpkg.com/zen-observable-ts/-/zen-observable-ts-0.8.21.tgz#85d0031fbbde1eba3cd07d3ba90da241215f421d"
+  integrity sha512-Yj3yXweRc8LdRMrCC8nIc4kkjWecPAUVh0TI0OUrWXx6aX790vLcDlWca6I4vsyCGH3LpWxq0dJRcMOFoVqmeg==
+  dependencies:
+    tslib "^1.9.3"
+    zen-observable "^0.8.0"
+
 zen-observable@^0.8.0:
  version "0.8.15"
  resolved "https://registry.yarnpkg.com/zen-observable/-/zen-observable-0.8.15.tgz#96415c512d8e3ffd920afd3889604e30b9eaac15"
No results found