feat(project): wip authentication

package.json

@@ -19,6 +19,7 @@
     "express": "4.17.*",
     "graphql": "^14.5.8",
     "graphql-tag": "^2.10.1",
+    "jsonwebtoken": "^8.5.1",
     "neo4j-driver": "4.0.*",
     "neo4j-graphql-js": "https://github.com/neo4j-graphql/neo4j-graphql-js#3e166629dfedcc8a8094851fd5d651f32650fb86",
     "validator": "12.1.*",

src/index.js

@@ -27,7 +27,7 @@ app.use('/', router)
 // generated resolvers to connect to the database.
 const server = new ApolloServer({
   schema: schema,
-  context: ({ req }) => ({ driver, req })
+  context: ({ req }) => ({ driver, ...req })
 })
 
 // Bind the Apollo server to the express server.

src/routes/index.js

@@ -3,8 +3,10 @@ import { Router } from 'express'
 import { getDocument } from './helpers/document'
 import { transformJsonLD } from './helpers/transformers'
 import { info } from '../utils/logger'
+import { sign } from 'jsonwebtoken'
 
 const router = new Router()
+const authKeys = JSON.parse(process.env.JWT_AUTH_KEYS)
 
 /**
  * Health check endpoint
@@ -55,4 +57,18 @@ router.get('/:identifier', (req, res) => {
     })
 })
 
+router.post('/token', async (req, res) => {
+  const { id, key } = req.body
+
+  // check if key is valid
+  const authKey = authKeys.find(x => x.id === id)
+  if (typeof authKey === 'undefined' || authKey.key !== key) {
+    return res.status(401).send({ success: false, message: 'Invalid request' })
+  }
+
+  // generate token
+  const token = sign({ id: authKey.id, expiresIn: ((60 * 60) * (24 * 1)) * 1000, scope: authKey.scope }, process.env.JWT_SECRET)
+  return res.send({ success: true, token: token })
+})
+
 export default router

src/schema.js

@@ -2,25 +2,59 @@ import { makeAugmentedSchema } from 'neo4j-graphql-js'
 import { resolvers } from './resolvers'
 import concatenate from 'concatenate'
 import walkSync from 'walk-sync'
+import { buildAuthScopeDirective } from 'neo4j-graphql-js/dist/augment/directives'
 
 /*
  * Determine type definitions from which to auto generate queries and mutations
  */
 const graphQlFiles = walkSync(`${__dirname}/schema`, { directories: false, includeBasePath: true, globs: ['**/**/*.graphql'] })
 const typeDefs = concatenate.sync(graphQlFiles)
 
+const addDirectives = (schema) => {
+  const mutationTypes = schema['_mutationType']['_fields']
+  for (let mutationTypesKey in mutationTypes) {
+    mutationTypes[mutationTypesKey].astNode.directives.push(buildDirective(mutationTypesKey))
+  }
+
+  const queryTypes = schema['_queryType']['_fields']
+  for (let queryTypesKey in queryTypes) {
+    queryTypes[queryTypesKey].astNode.directives = []
+
+    if (['DeleteAction', 'AddAction', 'ReplaceAction'].includes(queryTypesKey) === true) {
+      queryTypes[queryTypesKey].astNode.directives.push(buildDirective(queryTypesKey))
+    }
+  }
+  return schema
+}
+
+const buildDirective = (typeName) => {
+  const directive = buildAuthScopeDirective({
+    scopes: [
+      { typeName: 'ALL', mutation: `Add` },
+      { typeName: 'ALL', mutation: `Create` },
+      { typeName: 'ALL', mutation: `Merge` },
+      { typeName: 'ALL', mutation: `Update` },
+      { typeName: 'ALL', mutation: `Remove` }
+    ]
+  })
+  return directive
+}
+
 /*
  * Create an executable GraphQL schema object from GraphQL type definitions
  * including autogenerated queries and mutations.
  * Optionally a config object can be included to specify which types to include
  * in generated queries and/or mutations. Read more in the docs:
  * https://grandstack.io/docs/neo4j-graphql-js-api.html#makeaugmentedschemaoptions-graphqlschema
  */
-export const schema = makeAugmentedSchema({
+export const schema = addDirectives(makeAugmentedSchema({
   typeDefs,
   resolvers,
   allowUndefinedInResolve: true,
   config: {
+    auth: {
+      hasScope: true
+    },
     query: {
       exclude: [
         'ActionInterface',
@@ -44,3 +78,4 @@ export const schema = makeAugmentedSchema({
     }
   }
 })
+)