From be8e8be854f05e13cf465ec4ad7b9e5400a487e6 Mon Sep 17 00:00:00 2001 From: izzy lyseggen Date: Fri, 21 Aug 2020 14:11:10 +0100 Subject: [PATCH] feat(subs): auth within subscripition resolvers --- modules/core/graph/resolvers/branches.js | 12 +++++++++--- modules/core/graph/resolvers/commits.js | 12 +++++++++--- modules/core/graph/resolvers/streams.js | 20 +++++++++++++++----- 3 files changed, 33 insertions(+), 11 deletions(-) diff --git a/modules/core/graph/resolvers/branches.js b/modules/core/graph/resolvers/branches.js index 7b03f8669..9076719bb 100644 --- a/modules/core/graph/resolvers/branches.js +++ b/modules/core/graph/resolvers/branches.js @@ -99,13 +99,17 @@ module.exports = { Subscription: { branchCreated: { subscribe: withFilter( () => pubsub.asyncIterator( [ BRANCH_CREATED ] ), - ( payload, variables ) => { + async ( payload, variables, context ) => { + await authorizeResolver( context.userId, payload.streamId, 'stream:reviewer' ) + return payload.streamId === variables.streamId } ) }, branchUpdated: { subscribe: withFilter( () => pubsub.asyncIterator( [ BRANCH_UPDATED ] ), - ( payload, variables ) => { + async ( payload, variables, context ) => { + await authorizeResolver( context.userId, payload.streamId, 'stream:reviewer' ) + let streamMatch = payload.streamId === variables.streamId if ( streamMatch && variables.branchId ) { return payload.branchId === variables.branchId @@ -116,7 +120,9 @@ module.exports = { }, branchDeleted: { subscribe: withFilter( () => pubsub.asyncIterator( [ BRANCH_DELETED ] ), - ( payload, variables ) => { + async ( payload, variables, context ) => { + await authorizeResolver( context.userId, payload.streamId, 'stream:reviewer' ) + return payload.streamId === variables.streamId } ) } diff --git a/modules/core/graph/resolvers/commits.js b/modules/core/graph/resolvers/commits.js index 56a3c6f3e..889aeab3d 100644 --- a/modules/core/graph/resolvers/commits.js +++ b/modules/core/graph/resolvers/commits.js @@ -133,13 +133,17 @@ module.exports = { Subscription: { commitCreated: { subscribe: withFilter( () => pubsub.asyncIterator( [ COMMIT_CREATED ] ), - ( payload, variables ) => { + async ( payload, variables, context ) => { + await authorizeResolver( context.userId, payload.streamId, 'stream:reviewer' ) + return payload.streamId === variables.streamId } ) }, commitUpdated: { subscribe: withFilter( () => pubsub.asyncIterator( [ COMMIT_UPDATED ] ), - ( payload, variables ) => { + async ( payload, variables, context ) => { + await authorizeResolver( context.userId, payload.streamId, 'stream:reviewer' ) + let streamMatch = payload.streamId === variables.streamId if ( streamMatch && variables.commitId ) { return payload.commitId === variables.commitId @@ -150,7 +154,9 @@ module.exports = { }, commitDeleted: { subscribe: withFilter( () => pubsub.asyncIterator( [ COMMIT_DELETED ] ), - ( payload, variables ) => { + async ( payload, variables, context ) => { + await authorizeResolver( context.userId, payload.streamId, 'stream:reviewer' ) + return payload.streamId === variables.streamId } ) } diff --git a/modules/core/graph/resolvers/streams.js b/modules/core/graph/resolvers/streams.js index ee0ebd50b..5c22800a9 100644 --- a/modules/core/graph/resolvers/streams.js +++ b/modules/core/graph/resolvers/streams.js @@ -122,7 +122,9 @@ module.exports = { let granted = await grantPermissionsStream( permissionParams ) if ( granted ) { - await pubsub.publish( STREAM_PERMISSION_GRANTED, { streamPermissionGranted: permissionParams, userId: args.userId } ) + await pubsub.publish( STREAM_PERMISSION_GRANTED, { + streamPermissionGranted: permissionParams, userId: args.userId, streamId: args.streamId + } ) } return granted @@ -135,7 +137,9 @@ module.exports = { let revoked = await revokePermissionsStream( { ...args } ) if ( revoked ) { - await pubsub.publish( STREAM_PERMISSION_REVOKED, { streamPermissionRevoked: { ...args }, userId: args.userId } ) + await pubsub.publish( STREAM_PERMISSION_REVOKED, { + streamPermissionRevoked: { ...args }, userId: args.userId, streamId: args.streamId + } ) } return revoked @@ -151,7 +155,9 @@ module.exports = { streamUpdated: { subscribe: withFilter( ( ) => pubsub.asyncIterator( [ STREAM_UPDATED ] ), - ( payload, variables ) => { + async ( payload, variables, context ) => { + await authorizeResolver( context.userId, payload.streamId, 'stream:reviewer' ) + return payload.streamId === variables.streamId } ) }, @@ -163,13 +169,17 @@ module.exports = { }, streamPermissionGranted: { subscribe: withFilter( () => pubsub.asyncIterator( [ STREAM_PERMISSION_GRANTED ] ), - ( payload, variables ) => { + async ( payload, variables, context ) => { + await authorizeResolver( context.userId, payload.streamId, 'stream:reviewer' ) + return payload.userId === variables.userId } ) }, streamPermissionRevoked: { subscribe: withFilter( () => pubsub.asyncIterator( [ STREAM_PERMISSION_REVOKED ] ), - ( payload, variables ) => { + async ( payload, variables, context ) => { + await authorizeResolver( context.userId, payload.streamId, 'stream:reviewer' ) + return payload.userId === variables.userId } ) }