-
Notifications
You must be signed in to change notification settings - Fork 4
Expand file tree
/
Copy pathauthorization.rb
More file actions
120 lines (97 loc) · 3.71 KB
/
authorization.rb
File metadata and controls
120 lines (97 loc) · 3.71 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
# frozen_string_literal: true
module GraphQL::Stitching
class Composer
module Authorization
class << self
def print_scopes(or_scopes)
or_scopes.map do |and_scopes|
and_scopes = and_scopes.map { "`#{_1}`" }
if and_scopes.length > 2
"#{and_scopes[0..-1].join(",")}, and #{and_scopes.last}"
else
and_scopes.join(" and ")
end
end
or_scopes.join("; or ")
end
def print_description(scopes)
"Required authorization scopes: #{print_scopes(scopes)}."
end
end
private
def merge_authorization_scopes(*scopes)
merged_scopes = scopes.reduce([]) do |acc, or_scopes|
expanded_scopes = []
or_scopes.each do |and_scopes|
if acc.any?
acc.each do |acc_scopes|
expanded_scopes << acc_scopes + and_scopes
end
else
expanded_scopes << and_scopes.dup
end
end
expanded_scopes
end
merged_scopes.each { _1.tap(&:sort!).tap(&:uniq!) }
merged_scopes.tap(&:uniq!).tap(&:sort!)
end
end
class SubgraphAuthorization
include Authorization
EMPTY_SCOPES = [EMPTY_ARRAY].freeze
def initialize(schema)
@schema = schema
end
def reverse_merge!(collector)
@schema.types.each_value.with_object(collector) do |type, memo|
next if type.introspection? || !type.kind.fields?
type.fields.each_value do |field|
field_scopes = scopes_for_field(type, field)
if field_scopes.any?(&:any?)
memo[type.graphql_name] ||= {}
existing = memo[type.graphql_name][field.graphql_name]
memo[type.graphql_name][field.graphql_name] = if existing
merge_authorization_scopes(existing, field_scopes)
else
field_scopes
end
end
end
end
end
def collect
reverse_merge!({})
end
private
def scopes_for_field(parent_type, field)
parent_type_scopes = scopes_from_directives(parent_type.directives)
field_scopes = scopes_from_directives(field.directives)
field_scopes = merge_authorization_scopes(parent_type_scopes, field_scopes)
return_type = field.type.unwrap
if return_type.kind.scalar? || return_type.kind.enum?
return_type_scopes = scopes_from_directives(return_type.directives)
field_scopes = merge_authorization_scopes(field_scopes, return_type_scopes)
end
each_corresponding_interface_field(parent_type, field.graphql_name) do |interface_type, interface_field|
field_scopes = merge_authorization_scopes(field_scopes, scopes_from_directives(interface_type.directives))
field_scopes = merge_authorization_scopes(field_scopes, scopes_from_directives(interface_field.directives))
end
field_scopes
end
def each_corresponding_interface_field(parent_type, field_name, &block)
parent_type.interfaces.each do |interface_type|
interface_field = interface_type.get_field(field_name)
next if interface_field.nil?
yield(interface_type, interface_field)
each_corresponding_interface_field(interface_type, field_name, &block)
end
end
def scopes_from_directives(directives)
authorization = directives.find { _1.graphql_name == GraphQL::Stitching.authorization_directive }
return EMPTY_SCOPES if authorization.nil?
authorization.arguments.keyword_arguments[:scopes] || EMPTY_SCOPES
end
end
end
end