diff --git a/apps/metamigo-api/src/app/plugins/auth-bearer.ts b/apps/metamigo-api/src/app/plugins/auth-bearer.ts index 82ae8d6..b514060 100644 --- a/apps/metamigo-api/src/app/plugins/auth-bearer.ts +++ b/apps/metamigo-api/src/app/plugins/auth-bearer.ts @@ -11,11 +11,17 @@ export const registerAuthBearer = async ( server.auth.strategy("session-id-bearer-token", "bearer-access-token", { allowQueryToken: false, - validate: async (request: Hapi.Request, token: string, h: Hapi.ResponseToolkit) => { + validate: async ( + request: Hapi.Request, + token: string, + h: Hapi.ResponseToolkit + ) => { const repos = request.db() as IMetamigoRepositories; const session = await repos.sessions.findBy({ sessionToken: token }); const isValid = !!session; - const credentials = { token }; + if (!isValid) return { isValid, credentials: {} }; + const user = await repos.users.findById({ id: session.userId }); + const credentials = { sessionToken: token, user }; return { isValid, credentials }; }, }); diff --git a/apps/metamigo-api/src/app/plugins/hapi-postgraphile.ts b/apps/metamigo-api/src/app/plugins/hapi-postgraphile.ts index 7f62fd7..e790908 100644 --- a/apps/metamigo-api/src/app/plugins/hapi-postgraphile.ts +++ b/apps/metamigo-api/src/app/plugins/hapi-postgraphile.ts @@ -1,34 +1,52 @@ import type * as Hapi from "@hapi/hapi"; import { IAppConfig } from "@digiresilience/metamigo-config"; -import { postgraphile } from 'postgraphile'; +import { postgraphile, HttpRequestHandler } from "postgraphile"; import { getPostGraphileOptions } from "@digiresilience/metamigo-db"; - -export interface HapiPostgraphileOptions { - pgConfig: any; - schemaOptions: any; - schemaName: string; -} +export interface HapiPostgraphileOptions {} const PostgraphilePlugin: Hapi.Plugin = { - name: 'postgraphilePlugin', - version: '1.0.0', + name: "postgraphilePlugin", + version: "1.0.0", register: async function (server, options: HapiPostgraphileOptions) { - - const postgraphileMiddleware = postgraphile(options.pgConfig, options.schemaName, options.schemaOptions); + const config = server.config(); + const postgraphileMiddleware: HttpRequestHandler = postgraphile( + config.postgraphile.authConnection, + "app_public", + { + ...getPostGraphileOptions(), + jwtSecret: "", + pgSettings: async (req) => { + const auth = (req as any).hapiAuth; + if (auth.isAuthenticated && auth.credentials.user.userRole) { + return { + role: `app_${auth.credentials.user.userRole}`, + "jwt.claims.session_id": auth.credentials.sessionToken, + }; + } else { + return { + role: "app_anonymous", + }; + } + }, + } + ); server.route({ - method: ['POST'], - path: '/graphql', + method: ["POST"], + path: "/graphql", options: { + auth: "session-id-bearer-token", payload: { parse: false, // this disables payload parsing - output: 'stream' // ensures the payload is a readable stream + output: "stream", // ensures the payload is a readable stream which postgraphile expects }, }, - handler: (request, h) => { + handler: (request: Hapi.Request, h: Hapi.ResponseToolkit) => { return new Promise((resolve, reject) => { - postgraphileMiddleware(request.raw.req, request.raw.res, (error) => { + const rawReq = request.raw.req as any; + rawReq.hapiAuth = request.auth; + postgraphileMiddleware(rawReq, request.raw.res, (error) => { if (error) { reject(error); } else { @@ -46,21 +64,8 @@ export const registerPostgraphile = async ( server: Hapi.Server, config: IAppConfig ): Promise => { - - await server.register({ plugin: PostgraphilePlugin, - options: { - pgConfig: config.postgraphile.authConnection, - schemaName: "app_public", - schemaOptions: { - ...getPostGraphileOptions(), - jwtAudiences: [config.nextAuth.audience], - jwtSecret: "", - // unauthenticated users will hit the database with this role - pgDefaultRole: "app_anonymous", - }, - }, + options: {}, }); }; -