Bump Nexus

README.md

@@ -4,13 +4,17 @@
 
 <!-- START doctoc generated TOC please keep comment here to allow auto update -->
 <!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
+
+- [Installation](#installation)
+- [Example Usage](#example-usage)
+- [Runtime Contributions](#runtime-contributions)
+
 <!-- END doctoc generated TOC please keep comment here to allow auto update -->
 
 <br>
 
 ## Installation
 
-
 ```
 npm install nexus-plugin-auth0
 ```
@@ -19,20 +23,18 @@ npm install nexus-plugin-auth0
 
 ## Example Usage
 
-TODO
-
-<br>
-
-## Worktime Contributions
-
-TODO
+```ts
+use(
+  auth({
+    auth0Audience: 'nexus-plugin-auth0',
+    auth0Domain: 'graphql-nexus.eu.auth0.com',
+    protectedPaths: ['Query.properties'],
+  })
+)
+```
 
 <br>
 
 ## Runtime Contributions
 
 TODO
-
-## Testtime Contributions
-
-TODO

package.json

@@ -40,9 +40,9 @@
     "@types/jest": "26.0.8",
     "doctoc": "^1.4.0",
     "dripip": "0.9.0",
+    "nexus": "^0.26.1",
     "jest": "26.2.2",
     "jest-watch-typeahead": "0.6.0",
-    "nexus": "^0.26.0-next.14",
     "prettier": "2.0.5",
     "ts-jest": "26.1.4",
     "typescript": "3.9.7"

src/runtime.ts

@@ -1,12 +1,10 @@
 import { RuntimePlugin } from 'nexus/plugin'
 import { verify, decode } from 'jsonwebtoken'
 import { Settings } from './settings'
-import { Auth0Plugin } from './lib/schema'
-import jwksClient, { SigningKey, CertSigningKey } from 'jwks-rsa'
+import { Auth0Plugin } from './schema'
+import jwksClient from 'jwks-rsa'
 
-export const plugin: RuntimePlugin<Settings, 'required'> = (
-  settings: Settings
-) => (project: any) => {
+export const plugin: RuntimePlugin<Settings, 'required'> = (settings: Settings) => (project: any) => {
   var plugins = []
   const protectedPaths = settings.protectedPaths
   if (protectedPaths) {
@@ -16,22 +14,15 @@ export const plugin: RuntimePlugin<Settings, 'required'> = (
   return {
     context: {
       create: async (req: any) => {
-        if (
-          req.headers.authorization &&
-          req.headers.authorization.split(' ')[0] === 'Bearer'
-        ) {
+        if (req.headers.authorization && req.headers.authorization.split(' ')[0] === 'Bearer') {
           const token = req.headers.authorization.split(' ')[1]
-          return verifyToken(
-            token,
-            settings.auth0Domain,
-            settings.auth0Audience
-          )
+          return await verifyToken(token, settings.auth0Domain, settings.auth0Audience)
         }
-
         return {
           token: null,
         }
       },
+
       typeGen: {
         fields: {
           token: 'string | null',
@@ -56,44 +47,36 @@ const verifyToken = async (
   token: string,
   auth0Domain: string,
   auth0Audience: string
-) => {
+): Promise<{ token: string | null }> => {
   try {
     const client = jwksClient({
       cache: true,
       rateLimit: true,
       jwksRequestsPerMinute: 5,
+      strictSsl: true,
       jwksUri: `https://${auth0Domain}/.well-known/jwks.json`,
     })
+    // console.log('token', token)
     const secret = await getSecret(client, token)
-    // TODO Remove
-    console.log(`Secret: ${secret} `)
 
     if (secret) {
-      const verifiedToken = verify(token, secret, { audience: auth0Audience })
-      return {
-        token: verifiedToken,
-      }
+      const decodedToken = verify(token, secret, { audience: auth0Audience })
+      return { token: token }
     } else {
-      return {
-        token: null,
-      }
+      return { token: null }
     }
   } catch (err) {
+    console.log(err)
     return {
       token: null,
     }
   }
 }
 
-function getSecret(
-  client: jwksClient.JwksClient,
-  token: string
-): Promise<string | null> {
+function getSecret(client: jwksClient.JwksClient, token: string): Promise<string | null> {
   return new Promise(function (resolve, reject) {
-    const decodedToken = decode(token)
-    const header =
-      decodedToken && typeof decodedToken === 'object' && decodedToken['header']
-    console.log(decodedToken)
+    const decodedToken = decode(token, { complete: true })
+    const header = decodedToken && typeof decodedToken === 'object' && decodedToken['header']
     if (!header || header.alg !== 'RS256') {
       reject(new Error('No Header or Incorrect Header Alg, Only RS256 Allowed'))
     }

src/schema.ts

@@ -0,0 +1,30 @@
+import { plugin } from '@nexus/schema'
+
+export function Auth0Plugin(protectedPaths: string[]) {
+  return plugin({
+    name: 'Auth0 Plguin',
+    description: 'A nexus schema plugin for Auth0',
+
+    onCreateFieldResolver(config) {
+      return async (root, args, ctx, info, next) => {
+        const parentType = config.parentTypeConfig.name
+
+        console.log(ctx.token)
+        if (parentType != 'Query' && parentType != 'Mutation') {
+          return await next(root, args, ctx, info)
+        }
+
+        const resolver = `${parentType}.${config.fieldConfig.name}`
+
+        if (!protectedPaths.includes(resolver)) {
+          return await next(root, args, ctx, info)
+        }
+        if (!ctx.token) {
+          throw new Error('Not Authorized!')
+        }
+
+        return await next(root, args, ctx, info)
+      }
+    },
+  })
+}