Authentification JWT sur le backend super-graph #8
@ -1,9 +1,9 @@
|
||||
app_name: "Test Development"
|
||||
app_name: "Daddy Dev"
|
||||
host_port: 0.0.0.0:8080
|
||||
web_ui: true
|
||||
|
||||
# debug, error, warn, info
|
||||
log_level: "info"
|
||||
log_level: debug
|
||||
|
||||
# enable or disable http compression (uses gzip)
|
||||
http_compress: true
|
||||
@ -15,7 +15,7 @@ http_compress: true
|
||||
production: false
|
||||
|
||||
# Throw a 401 on auth failure for queries that need auth
|
||||
auth_fail_block: false
|
||||
auth_fail_block: true
|
||||
|
||||
# Latency tracing for database queries and remote joins
|
||||
# the resulting latency information is returned with the
|
||||
@ -65,18 +65,16 @@ cors_debug: false
|
||||
auth:
|
||||
# Can be 'rails', 'jwt' or 'header'
|
||||
type: jwt
|
||||
cookie: _supergraph_session
|
||||
#cookie: _supergraph_session
|
||||
|
||||
# Comment this out if you want to disable setting
|
||||
# the user_id via a header for testing.
|
||||
# Disable in production
|
||||
creds_in_header: true
|
||||
#creds_in_header: false
|
||||
|
||||
# jwt:
|
||||
# provider: auth0
|
||||
# secret: abc335bfcfdb04e50db5bb0a4d67ab9
|
||||
# public_key_file: /secrets/public_key.pem
|
||||
# public_key_type: ecdsa #rsa
|
||||
jwt:
|
||||
provider: hydra
|
||||
jwks_url: http://hydra:4444/.well-known/jwks.json
|
||||
|
||||
# header:
|
||||
# name: dnt
|
||||
@ -87,16 +85,16 @@ auth:
|
||||
# In this example actions using this auth can only be
|
||||
# called from the Google Appengine Cron service that
|
||||
# sets a special header to all it's requests
|
||||
auths:
|
||||
- name: from_taskqueue
|
||||
type: header
|
||||
header:
|
||||
name: X-Appengine-Cron
|
||||
exists: true
|
||||
# auths:
|
||||
# - name: from_taskqueue
|
||||
# type: header
|
||||
# header:
|
||||
# name: X-Appengine-Cron
|
||||
# exists: true
|
||||
|
||||
database:
|
||||
type: postgres
|
||||
host: db
|
||||
host: localhost
|
||||
port: 5432
|
||||
dbname: daddy
|
||||
user: daddy
|
||||
@ -105,19 +103,19 @@ database:
|
||||
#schema: "public"
|
||||
#pool_size: 10
|
||||
#max_retries: 0
|
||||
#log_level: "debug"
|
||||
log_level: "debug"
|
||||
|
||||
# Set session variable "user.id" to the user id
|
||||
# Enable this if you need the user id in triggers, etc
|
||||
set_user_id: false
|
||||
set_user_id: true
|
||||
|
||||
# database ping timeout is used for db health checking
|
||||
ping_timeout: 1m
|
||||
|
||||
# Define additional variables here to be used with filters
|
||||
variables:
|
||||
#admin_account_id: "5"
|
||||
admin_account_id: "sql:select id from users where admin = true limit 1"
|
||||
# admin_account_id: "5"
|
||||
# admin_account_id: "sql:select id from users where admin = true limit 1"
|
||||
|
||||
|
||||
# Field and table names that you wish to block
|
||||
@ -135,67 +133,91 @@ database:
|
||||
# which in this case refreshes a materialized view in the database.
|
||||
# The auth_name is from one of the configured auths
|
||||
actions:
|
||||
- name: refresh_leaderboard_users
|
||||
sql: REFRESH MATERIALIZED VIEW CONCURRENTLY "leaderboard_users"
|
||||
auth_name: from_taskqueue
|
||||
# - name: refresh_leaderboard_users
|
||||
# sql: REFRESH MATERIALIZED VIEW CONCURRENTLY "leaderboard_users"
|
||||
# auth_name: from_taskqueue
|
||||
|
||||
tables:
|
||||
- name: customers
|
||||
remotes:
|
||||
- name: payments
|
||||
id: stripe_id
|
||||
url: http://rails_app:3000/stripe/$id
|
||||
path: data
|
||||
# debug: true
|
||||
pass_headers:
|
||||
- cookie
|
||||
set_headers:
|
||||
- name: Host
|
||||
value: 0.0.0.0
|
||||
# - name: customers
|
||||
# remotes:
|
||||
# - name: payments
|
||||
# id: stripe_id
|
||||
# url: http://rails_app:3000/stripe/$id
|
||||
# path: data
|
||||
# # debug: true
|
||||
# pass_headers:
|
||||
# - cookie
|
||||
# set_headers:
|
||||
# - name: Host
|
||||
# value: 0.0.0.0
|
||||
# - name: Authorization
|
||||
# value: Bearer <stripe_api_key>
|
||||
|
||||
- # You can create new fields that have a
|
||||
# real db table backing them
|
||||
name: me
|
||||
table: users
|
||||
# - # You can create new fields that have a
|
||||
# # real db table backing them
|
||||
# name: me
|
||||
# table: users
|
||||
|
||||
|
||||
#roles_query: "SELECT * FROM users WHERE id = $user_id"
|
||||
roles_query: "select * from users where users.email = $user_id"
|
||||
|
||||
roles:
|
||||
# Rôle par défaut si l'utilisateur n'existe pas dans la table `users`
|
||||
- name: anon
|
||||
tables:
|
||||
- name: users
|
||||
query:
|
||||
limit: 10
|
||||
# - name: users
|
||||
# insert:
|
||||
# block: true
|
||||
# query:
|
||||
# block: true
|
||||
# update:
|
||||
# block: true
|
||||
# delete:
|
||||
# block: true
|
||||
|
||||
# Rôle par défaut si l'utilisateur existe dans la table `users`
|
||||
# mais que la valeur de la colonne `role` n'est pas définie
|
||||
- name: user
|
||||
tables:
|
||||
- name: users
|
||||
query:
|
||||
filters: ["{ id: { _eq: $user_id } }"]
|
||||
|
||||
- name: products
|
||||
query:
|
||||
limit: 50
|
||||
filters: ["{ user_id: { eq: $user_id } }"]
|
||||
disable_functions: false
|
||||
|
||||
insert:
|
||||
filters: ["{ user_id: { eq: $user_id } }"]
|
||||
presets:
|
||||
- user_id: "$user_id"
|
||||
- created_at: "now"
|
||||
|
||||
block: true
|
||||
query:
|
||||
filters: ["{ email: { _eq: $user_id } }"]
|
||||
update:
|
||||
filters: ["{ user_id: { eq: $user_id } }"]
|
||||
presets:
|
||||
- updated_at: "now"
|
||||
|
||||
columns:
|
||||
- full_name
|
||||
filters: ["{ email: { _eq: $user_id } }"]
|
||||
delete:
|
||||
block: true
|
||||
|
||||
- name: admin
|
||||
match: role = 'admin'
|
||||
tables:
|
||||
- name: users
|
||||
query:
|
||||
filters: []
|
||||
|
||||
# - name: products
|
||||
# query:
|
||||
# limit: 50
|
||||
# filters: ["{ user_id: { eq: $user_id } }"]
|
||||
# disable_functions: false
|
||||
|
||||
# insert:
|
||||
# filters: ["{ user_id: { eq: $user_id } }"]
|
||||
# presets:
|
||||
# - user_id: "$user_id"
|
||||
# - created_at: "now"
|
||||
|
||||
# update:
|
||||
# filters: ["{ user_id: { eq: $user_id } }"]
|
||||
# presets:
|
||||
# - updated_at: "now"
|
||||
|
||||
# delete:
|
||||
# block: true
|
||||
|
||||
# - name: admin
|
||||
# match: id = 1000
|
||||
# tables:
|
||||
|
Loading…
Reference in New Issue
Block a user