Unignore dist/ directory

b8c57503 · Ben Galloway · 482288a4 · b8c57503 · b8c57503 · b8c57503
Commit b8c57503 authored 6 years ago by Ben Galloway
6 changed files
--- a/.gitignore
+++ b/.gitignore
-# Project specifics
-config.json
-dist
-
 # https://github.com/github/gitignore

 # Logs

--- a/dist/config.js
+++ b/dist/config.js
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.default = void 0;
+
+var _nconf = _interopRequireDefault(require("nconf"));
+
+function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
+
+_nconf.default.env("__");
+
+_nconf.default.file("./config.json");
+
+_nconf.default.defaults({
+  gscAzureTenantId: "f62a415a-76c0-4075-9eb3-f31250de2db2"
+});
+
+const config = _nconf.default.get();
+
+var _default = config;
+exports.default = _default;
\ No newline at end of file
--- a/dist/generateAuthDirective.js
+++ b/dist/generateAuthDirective.js
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.default = void 0;
+
+var _graphqlTools = require("graphql-tools");
+
+var _graphql = require("graphql");
+
+var _ipaddr = _interopRequireDefault(require("ipaddr.js"));
+
+var _userUtils = require("./userUtils");
+
+function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
+
+const generateAuthDirective = authRoleMap => class AuthDirective extends _graphqlTools.SchemaDirectiveVisitor {
+  // Based on https://www.apollographql.com/docs/graphql-tools/schema-directives.html#Enforcing-access-permissions
+  constructor(...args) {
+    super(...args);
+    this.authRoleMap = authRoleMap;
+  }
+
+  checkAuthRolePresent(role) {
+    if (role && !Object.keys(this.authRoleMap).includes(role)) throw new TypeError(`Could not find an AAD group UUID for ${role} in the authRoleMap`);else return;
+  }
+
+  visitObject(type) {
+    this.ensureFieldsWrapped(type);
+    this.checkAuthRolePresent(this.args.requires);
+    type._requiredAuthRole = this.args.requires;
+    type._requiredAuthRoleId = this.authRoleMap[this.args.requires];
+    type._disallowIpBasedAuthz = this.args.evenInternally;
+  } // Visitor methods for nested types like fields and arguments
+  // also receive a details object that provides information about
+  // the parent and grandparent types.
+
+
+  visitFieldDefinition(field, details) {
+    this.ensureFieldsWrapped(details.objectType);
+    this.checkAuthRolePresent(this.args.requires);
+    field._requiredAuthRole = this.args.requires;
+    field._requiredAuthRoleId = this.authRoleMap[this.args.requires];
+    field._disallowIpBasedAuthz = this.args.evenInternally;
+  }
+
+  ensureFieldsWrapped(objectType) {
+    // Mark the GraphQLObjectType object to avoid re-wrapping:
+    if (objectType._authFieldsWrapped) return;
+    objectType._authFieldsWrapped = true;
+    const fields = objectType.getFields();
+    Object.keys(fields).forEach(fieldName => {
+      const field = fields[fieldName];
+      const {
+        resolve = _graphql.defaultFieldResolver
+      } = field;
+
+      field.resolve = async function (...args) {
+        // Get the required Role from the field first, falling back
+        // to the objectType if no Role is required by the field:
+        const requiredRole = field._requiredAuthRole || objectType._requiredAuthRole;
+        const requiredRoleGroupId = field._requiredAuthRoleId || objectType._requiredAuthRoleId;
+        const alwaysAuthenticate = field._disallowIpBasedAuthz || objectType._disallowIpBasedAuthz;
+
+        if (!requiredRole) {
+          return resolve.apply(this, args);
+        }
+
+        const context = args[2];
+        const userToken = context.request.headers.authorization || "";
+
+        const userIPType = _ipaddr.default.parse(context.request.ip).range();
+
+        const authRequired = alwaysAuthenticate || !["private", "loopback", "uniqueLocal"].includes(userIPType);
+        const withRole = requiredRoleGroupId === true ? "" : `with role ${requiredRole}`;
+        console.info("Request from IP address", context.request.ip, authRequired ? `requires auth ${withRole}` : "does not require auth");
+
+        if (authRequired) {
+          const user = await (0, _userUtils.getUser)(userToken);
+
+          if (!user.hasRole(requiredRoleGroupId)) {
+            throw new Error(`This request requires ${requiredRole} privileges`);
+          }
+
+          console.info(`Request from user ${user.preferred_username} at IP address ${context.request.ip} was authorized`);
+        }
+
+        return resolve.apply(this, args);
+      };
+    });
+  }
+
+};
+
+var _default = generateAuthDirective;
+exports.default = _default;
\ No newline at end of file
--- a/dist/generateCustomScalarMap.js
+++ b/dist/generateCustomScalarMap.js
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.default = void 0;
+
+var _graphql = require("graphql");
+
+const generateCustomScalarMap = () => {
+  return new _graphql.GraphQLScalarType({
+    name: "MyCustomScalar",
+    description: "Description of my custom scalar type",
+
+    serialize(value) {
+      let result; // Implement custom behavior by setting the 'result' variable
+
+      return result;
+    },
+
+    parseValue(value) {
+      let result; // Implement custom behavior here by setting the 'result' variable
+
+      return result;
+    },
+
+    parseLiteral(ast) {
+      switch (ast.kind) {
+        case _graphql.Kind.Int: // return a literal value, such as 1 or 'static string'
+
+      }
+    }
+
+  });
+};
+
+var _default = generateCustomScalarMap;
+exports.default = _default;
\ No newline at end of file
--- a/dist/index.js
+++ b/dist/index.js
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+Object.defineProperty(exports, "generateAuthDirective", {
+  enumerable: true,
+  get: function () {
+    return _generateAuthDirective.default;
+  }
+});
+Object.defineProperty(exports, "getUser", {
+  enumerable: true,
+  get: function () {
+    return _userUtils.getUser;
+  }
+});
+Object.defineProperty(exports, "generateCustomScalarMap", {
+  enumerable: true,
+  get: function () {
+    return _generateCustomScalarMap.default;
+  }
+});
+
+var _generateAuthDirective = _interopRequireDefault(require("./generateAuthDirective"));
+
+var _userUtils = require("./userUtils");
+
+var _generateCustomScalarMap = _interopRequireDefault(require("./generateCustomScalarMap"));
+
+function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
\ No newline at end of file
--- a/dist/userUtils.js
+++ b/dist/userUtils.js
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.getUser = void 0;
+
+var _azureAdJwt = _interopRequireDefault(require("azure-ad-jwt"));
+
+var _config = require("./config");
+
+function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
+
+const verifyAadToken = (token, options = {}) => // The options object is passed down to the jsonwebtokens module
+// so any supported verify options there can be used:
+// https://github.com/auth0/node-jsonwebtoken
+new Promise((resolve, reject) => _azureAdJwt.default.verify(token, options, (err, result) => {
+  if (err) return reject(err);
+  return resolve(result);
+}));
+
+const userHasRole = user => roleGroupId => {
+  if (roleGroupId === true) return true;
+  if (!user.groups) return undefined;
+  return user.groups.includes(roleGroupId);
+};
+
+const getUser = async token => {
+  try {
+    const user = await verifyAadToken(token);
+    if (user.tid !== _config.gscAzureTenantId) throw new Error("User was authenticated but not with a GSC account");
+    return { ...user,
+      validated: true,
+      hasRole: roleGroupId => userHasRole(user)(roleGroupId)
+    };
+  } catch (err) {
+    const errMsg = `User token verification failed ${err.message && "with error: " + err.message}`;
+    throw new Error(errMsg);
+  }
+};
+
+exports.getUser = getUser;
\ No newline at end of file