Skip to content

Commit 0b64c51

Browse files
hobbescodeshobbescodes
authored
RBAC (#29)
* refactor(schema): add role column for userToOrganization table * feature(graphql): configure armor envelop plugin * refactor(graphql): add curentUser to GraphQLContext * refactor(schema): add missing indexes * feature(plugins): add RBAC plugin WIP * feature(plugins): add NonNullable plugin WIP * refactor(plugins): reorganize plugins directory * refactor(drizzle): update config to read directly from barrel file * refactor(plugins): narrow scope of RBAC plugin * refactor(plugins): update sideEffect for project RBAC plugin * feature(plugins): add organization RBAC plugin * feature(plugins): add corresponding RBAC plugins for each table WIP * feature(plugins): add corresponding RBAC plugins for each table WIP * feature(plugins): add corresponding RBAC plugins for each table WIP * feature(plugins): add corresponding RBAC plugins for each table WIP * fix(plugins): update comment RBAC plugin in to appropriately user commentId * docs(plugins): add appropriate documentation for plugins * refactor: update graphql context to use observer, adjust naming convention and docs for armor plugins * refactor(schema): rename userToOrganization --> member, fix context injection
1 parent 40f6afc commit 0b64c51

40 files changed

+13761
-9669
lines changed

bun.lock

100755100644
Lines changed: 18 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,9 +1,10 @@
11
{
2-
"lockfileVersion": 0,
2+
"lockfileVersion": 1,
33
"workspaces": {
44
"": {
55
"dependencies": {
66
"@envelop/generic-auth": "^8.0.1",
7+
"@escape.tech/graphql-armor": "^3.1.2",
78
"@graphile/pg-aggregates": "^0.2.0-beta.7",
89
"@graphile/simplify-inflection": "^8.0.0-beta.5",
910
"dayjs": "^1.11.13",
@@ -138,6 +139,22 @@
138139

139140
"@esbuild/win32-x64": ["@esbuild/[email protected]", "", { "os": "win32", "cpu": "x64" }, "sha512-T1QyPSDCyMXaO3pzBkF96E8xMkiRYbUEZADd29SyPGabqxMViNoii+NcK7eWJAEoU6RZyEm5lVSIjTmcdoB9HA=="],
140141

142+
"@escape.tech/graphql-armor": ["@escape.tech/[email protected]", "", { "dependencies": { "@escape.tech/graphql-armor-block-field-suggestions": "3.0.0", "@escape.tech/graphql-armor-cost-limit": "2.4.0", "@escape.tech/graphql-armor-max-aliases": "2.6.0", "@escape.tech/graphql-armor-max-depth": "2.4.0", "@escape.tech/graphql-armor-max-directives": "2.3.0", "@escape.tech/graphql-armor-max-tokens": "2.5.0", "graphql": "^16.0.0" }, "peerDependencies": { "@apollo/server": "^4.0.0", "@envelop/core": "^5.0.0", "@escape.tech/graphql-armor-types": "0.7.0" }, "optionalPeers": ["@apollo/server", "@envelop/core", "@escape.tech/graphql-armor-types"] }, "sha512-nrCSdBTQU2f087xQXDqCI8dbyG+YG0Rj79vNonahea0qs12pKGTpKgOkbTnEeFqY/UIWxlkl9zipKWa5VoEPgg=="],
143+
144+
"@escape.tech/graphql-armor-block-field-suggestions": ["@escape.tech/[email protected]", "", { "dependencies": { "graphql": "^16.0.0" }, "optionalDependencies": { "@envelop/core": "^5.0.0" } }, "sha512-fx6o6uh9t9B96qFMdzp3TfBPW/wcGExa9F82PgHIekpKkg50K8848brv6y8Ue17VpVsleiYXHQeMtS4W4pY2AQ=="],
145+
146+
"@escape.tech/graphql-armor-cost-limit": ["@escape.tech/[email protected]", "", { "dependencies": { "graphql": "^16.0.0" }, "optionalDependencies": { "@envelop/core": "^5.0.0", "@escape.tech/graphql-armor-types": "0.7.0" } }, "sha512-B1s95ZFG1Xv4RtkQxpSe/tkFP2b0Cprvt8ZDnY7NddjRoI5kHy5aQt6n3g0erB9eMKXm17e0h+TcurMhVSTaPw=="],
147+
148+
"@escape.tech/graphql-armor-max-aliases": ["@escape.tech/[email protected]", "", { "dependencies": { "graphql": "^16.0.0" }, "optionalDependencies": { "@envelop/core": "^5.0.0", "@escape.tech/graphql-armor-types": "0.7.0" } }, "sha512-9dwRC5+dl986byBD9QRYRUrLALa7awpUe4aIM1j7StZHGJgmYRj3LZaWQM3JyI8j2FXg4rqBC4FJAiVYpRyWqw=="],
149+
150+
"@escape.tech/graphql-armor-max-depth": ["@escape.tech/[email protected]", "", { "dependencies": { "graphql": "^16.0.0" }, "optionalDependencies": { "@envelop/core": "^5.0.0", "@escape.tech/graphql-armor-types": "0.7.0" } }, "sha512-4sQkvPITjkSW4mReGyBT5A4qFkBTzyK9HGOLm8Rrte/JrulVAsokK8HWDr/2Yw0KqSFBMCAmy575YMaYoTHLvQ=="],
151+
152+
"@escape.tech/graphql-armor-max-directives": ["@escape.tech/[email protected]", "", { "dependencies": { "graphql": "^16.0.0" }, "optionalDependencies": { "@envelop/core": "^5.0.0", "@escape.tech/graphql-armor-types": "0.7.0" } }, "sha512-8tCJ5pymEOp6niKqqyWdiiuY2GDaei02FNj2Vx0dg/1uCnJbUcOZoL7YaAW6W7e3raY2kOWTK2wF4L/KY+fINw=="],
153+
154+
"@escape.tech/graphql-armor-max-tokens": ["@escape.tech/[email protected]", "", { "dependencies": { "graphql": "^16.0.0" }, "optionalDependencies": { "@envelop/core": "^5.0.0", "@escape.tech/graphql-armor-types": "0.7.0" } }, "sha512-XypQs0NELYwmz/Mx9wVjw1riI3bvZyU2Ya4BnV0AIFLd9UYYl0BzuI4BSR46t5V2Sh73ePl6Ru1jj5rb4nfVOw=="],
155+
156+
"@escape.tech/graphql-armor-types": ["@escape.tech/[email protected]", "", { "dependencies": { "graphql": "^16.0.0" } }, "sha512-RHxyyp6PDgS6NAPnnmB6JdmUJ6oqhpSHFbsglGWeCcnNzceA5AkQFpir7VIDbVyS8LNC1xhipOtk7f9ycrIemQ=="],
157+
141158
"@faker-js/faker": ["@faker-js/[email protected]", "", {}, "sha512-r0tJ3ZOkMd9xsu3VRfqlFR6cz0V/jFYRswAIpC+m/DIfAUXq7g8N7wTAlhSANySXYGKzGryfDXwtwsY8TxEIDw=="],
142159

143160
"@graphile/lru": ["@graphile/[email protected]", "", { "dependencies": { "tslib": "^2.6.2" } }, "sha512-atoHRmLuYMCoMeCjS1pIA442eqAHwFZ3+bnjm3Mn+kAvujyXzGs8uup39gfmMgxOFjRAPNmPEiPw2oJUbOk65Q=="],

drizzle.config.ts

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@ import { DATABASE_URL } from "./src/lib/config/env";
44

55
export default defineConfig({
66
out: "./src/lib/drizzle/migrations",
7-
schema: "./src/lib/drizzle/schema",
7+
schema: "./src/lib/drizzle/schema/index.ts",
88
dialect: "postgresql",
99
casing: "snake_case",
1010
dbCredentials: {

graphile.config.ts

Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,17 @@ import { makePgService } from "postgraphile/adaptors/pg";
55
import { PostGraphileAmberPreset } from "postgraphile/presets/amber";
66

77
import { DATABASE_URL, isProdEnv } from "./src/lib/config/env";
8+
import {
9+
CommentRBACPlugin,
10+
DownvoteRBACPlugin,
11+
MemberRBACPlugin,
12+
OrganizationRBACPlugin,
13+
PostRBACPlugin,
14+
PrimaryKeyMutationsOnlyPlugin,
15+
ProjectRBACPlugin,
16+
UpvoteRBACPlugin,
17+
UserRBACPlugin,
18+
} from "./src/lib/plugins/postgraphile";
819

920
import type { GraphileConfig } from "graphile-config";
1021

@@ -20,8 +31,20 @@ const preset: GraphileConfig.Preset = {
2031
sortExport: true,
2132
pgForbidSetofFunctionsToReturnNull: false,
2233
jsonScalarAsString: false,
34+
defaultBehavior: "-type:node -interface:node",
2335
},
2436
disablePlugins: ["PgIndexBehaviorsPlugin"],
37+
plugins: [
38+
PrimaryKeyMutationsOnlyPlugin,
39+
OrganizationRBACPlugin,
40+
UserRBACPlugin,
41+
MemberRBACPlugin,
42+
ProjectRBACPlugin,
43+
PostRBACPlugin,
44+
DownvoteRBACPlugin,
45+
UpvoteRBACPlugin,
46+
CommentRBACPlugin,
47+
],
2548
grafserv: {
2649
graphiql: false,
2750
},

package.json

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -33,6 +33,7 @@
3333
},
3434
"dependencies": {
3535
"@envelop/generic-auth": "^8.0.1",
36+
"@escape.tech/graphql-armor": "^3.1.2",
3637
"@graphile/pg-aggregates": "^0.2.0-beta.7",
3738
"@graphile/simplify-inflection": "^8.0.0-beta.5",
3839
"dayjs": "^1.11.13",

0 commit comments

Comments
 (0)