feat: export isAuthorizedByRole util function

src/directives/directiveResolvers.ts

@@ -1,4 +1,5 @@
 import { CONTEXT_KEY } from '../KeycloakContext'
+import { isAuthorizedByRole } from './utils'
 
 /**
  * 
@@ -104,17 +105,8 @@ export const hasRole = (roles: Array<string>) => (next: Function) => (root: any,
   if (typeof roles === 'string') {
     roles = [roles]
   }
-
-  let foundRole = null // this will be the role the user was successfully authorized on
-
-  for (let role of roles) {
-    if (context[CONTEXT_KEY].hasRole(role)) {
-      foundRole = role
-      break
-    }
-  }
-
-  if (!foundRole) {
+
+  if (!isAuthorizedByRole(roles, context)) {
     const error: any = new Error(`User is not authorized. Must have one of the following roles: [${roles}]`);
     error.code = "FORBIDDEN"
     throw error

src/directives/utils.ts

@@ -0,0 +1,21 @@
+import { CONTEXT_KEY } from '../KeycloakContext'
+
+/**
+ * 
+ * @param roles the list of roles the user should match against
+ * @param context the graphql context that contains the user info
+ */
+export function isAuthorizedByRole(roles: string[], context?: any) {
+  if (!(context && context[CONTEXT_KEY])) {
+    console.error('context.kauth is missing. Keycloak integration is probably misconfigured')  
+    return false
+  }
+
+  for (const role of roles) {
+    if (context[CONTEXT_KEY].hasRole(role)) {
+      return true
+    }
+  }
+
+  return false
+}

src/index.ts

@@ -2,3 +2,4 @@ export * from './KeycloakSubscriptionHandler'
 export * from './KeycloakContext'
 export * from './directives'
 export * from './api'
+export { isAuthorizedByRole } from './directives/utils'