Authentification JWT sur le backend super-graph #8

Manually merged
tcornaut merged 12 commits from feature/super-graph-auth into develop 2020-06-22 21:28:41 +02:00
1 changed files with 84 additions and 62 deletions
Showing only changes of commit d85edd949c - Show all commits

View File

@ -1,9 +1,9 @@
app_name: "Test Development" app_name: "Daddy Dev"
host_port: 0.0.0.0:8080 host_port: 0.0.0.0:8080
web_ui: true web_ui: true
# debug, error, warn, info # debug, error, warn, info
log_level: "info" log_level: debug
# enable or disable http compression (uses gzip) # enable or disable http compression (uses gzip)
http_compress: true http_compress: true
@ -15,7 +15,7 @@ http_compress: true
production: false production: false
# Throw a 401 on auth failure for queries that need auth # Throw a 401 on auth failure for queries that need auth
auth_fail_block: false auth_fail_block: true
# Latency tracing for database queries and remote joins # Latency tracing for database queries and remote joins
# the resulting latency information is returned with the # the resulting latency information is returned with the
@ -65,18 +65,16 @@ cors_debug: false
auth: auth:
# Can be 'rails', 'jwt' or 'header' # Can be 'rails', 'jwt' or 'header'
type: jwt type: jwt
cookie: _supergraph_session #cookie: _supergraph_session
# Comment this out if you want to disable setting # Comment this out if you want to disable setting
# the user_id via a header for testing. # the user_id via a header for testing.
# Disable in production # Disable in production
creds_in_header: true #creds_in_header: false
# jwt: jwt:
# provider: auth0 provider: hydra
# secret: abc335bfcfdb04e50db5bb0a4d67ab9 jwks_url: http://hydra:4444/.well-known/jwks.json
# public_key_file: /secrets/public_key.pem
# public_key_type: ecdsa #rsa
# header: # header:
# name: dnt # name: dnt
@ -87,16 +85,16 @@ auth:
# In this example actions using this auth can only be # In this example actions using this auth can only be
# called from the Google Appengine Cron service that # called from the Google Appengine Cron service that
# sets a special header to all it's requests # sets a special header to all it's requests
auths: # auths:
- name: from_taskqueue # - name: from_taskqueue
type: header # type: header
header: # header:
name: X-Appengine-Cron # name: X-Appengine-Cron
exists: true # exists: true
database: database:
type: postgres type: postgres
host: db host: localhost
port: 5432 port: 5432
dbname: daddy dbname: daddy
user: daddy user: daddy
@ -105,11 +103,11 @@ database:
#schema: "public" #schema: "public"
#pool_size: 10 #pool_size: 10
#max_retries: 0 #max_retries: 0
#log_level: "debug" log_level: "debug"
# Set session variable "user.id" to the user id # Set session variable "user.id" to the user id
# Enable this if you need the user id in triggers, etc # Enable this if you need the user id in triggers, etc
set_user_id: false set_user_id: true
# database ping timeout is used for db health checking # database ping timeout is used for db health checking
ping_timeout: 1m ping_timeout: 1m
@ -117,7 +115,7 @@ database:
# Define additional variables here to be used with filters # Define additional variables here to be used with filters
variables: variables:
# admin_account_id: "5" # admin_account_id: "5"
admin_account_id: "sql:select id from users where admin = true limit 1" # admin_account_id: "sql:select id from users where admin = true limit 1"
# Field and table names that you wish to block # Field and table names that you wish to block
@ -135,67 +133,91 @@ database:
# which in this case refreshes a materialized view in the database. # which in this case refreshes a materialized view in the database.
# The auth_name is from one of the configured auths # The auth_name is from one of the configured auths
actions: actions:
- name: refresh_leaderboard_users # - name: refresh_leaderboard_users
sql: REFRESH MATERIALIZED VIEW CONCURRENTLY "leaderboard_users" # sql: REFRESH MATERIALIZED VIEW CONCURRENTLY "leaderboard_users"
auth_name: from_taskqueue # auth_name: from_taskqueue
tables: tables:
- name: customers # - name: customers
remotes: # remotes:
- name: payments # - name: payments
id: stripe_id # id: stripe_id
url: http://rails_app:3000/stripe/$id # url: http://rails_app:3000/stripe/$id
path: data # path: data
# debug: true # # debug: true
pass_headers: # pass_headers:
- cookie # - cookie
set_headers: # set_headers:
- name: Host # - name: Host
value: 0.0.0.0 # value: 0.0.0.0
# - name: Authorization # - name: Authorization
# value: Bearer <stripe_api_key> # value: Bearer <stripe_api_key>
- # You can create new fields that have a # - # You can create new fields that have a
# real db table backing them # # real db table backing them
name: me # name: me
table: users # table: users
#roles_query: "SELECT * FROM users WHERE id = $user_id" roles_query: "select * from users where users.email = $user_id"
roles: roles:
# Rôle par défaut si l'utilisateur n'existe pas dans la table `users`
- name: anon - name: anon
tables: tables:
- name: users # - name: users
query: # insert:
limit: 10 # block: true
# query:
# block: true
# update:
# block: true
# delete:
# block: true
# Rôle par défaut si l'utilisateur existe dans la table `users`
# mais que la valeur de la colonne `role` n'est pas définie
- name: user - name: user
tables: tables:
- name: users - name: users
query:
filters: ["{ id: { _eq: $user_id } }"]
- name: products
query:
limit: 50
filters: ["{ user_id: { eq: $user_id } }"]
disable_functions: false
insert: insert:
filters: ["{ user_id: { eq: $user_id } }"] block: true
presets: query:
- user_id: "$user_id" filters: ["{ email: { _eq: $user_id } }"]
- created_at: "now"
update: update:
filters: ["{ user_id: { eq: $user_id } }"] columns:
presets: - full_name
- updated_at: "now" filters: ["{ email: { _eq: $user_id } }"]
delete: delete:
block: true block: true
- name: admin
match: role = 'admin'
tables:
- name: users
query:
filters: []
# - name: products
# query:
# limit: 50
# filters: ["{ user_id: { eq: $user_id } }"]
# disable_functions: false
# insert:
# filters: ["{ user_id: { eq: $user_id } }"]
# presets:
# - user_id: "$user_id"
# - created_at: "now"
# update:
# filters: ["{ user_id: { eq: $user_id } }"]
# presets:
# - updated_at: "now"
# delete:
# block: true
# - name: admin # - name: admin
# match: id = 1000 # match: id = 1000
# tables: # tables: