hasura graphql auth-webhook api 说明
hasura graphql 生产的使用是推荐使用webhook 进行角色访问控制的,官方同时提供了一个nodejs
的简单demo
代码
git clone https://github.com/hasura/sample-auth-webhook
代码说明
-
项目结构
-
api 格式说明
auth0 auth0/auth0Handler.js
var express = require('express');
var auth0Router = express.Router();
var requestClient = require('request');
var auth0Domain = process.env.AUTH_ZERO_DOMAIN;
/*
Auth webhook handler for auth0
Flow:
1) Expects access_token to be sent as 'Authorization: Bearer <access-token>
2) Verified access_token by fetching /userinfo endpoint from auth0
Usage:
1) From your application, when you call Hasura's GraphQL APIs remember to send the access_token from auth0 as an authorization header
2) Replace the url (https://test-hasura.auth0.com/userinfo) in the code below with your own auth0 app url
*/
auth0Router.route('/webhook').get((request, response) => {
// Throw 500 if auth0 domain is not configured
if (!auth0Domain) {
response.status(500).send('Auth0 domain not configured');
return;
}
var token = request.get('Authorization');
if (!token) {
response.json({'x-hasura-role': 'anonymous'});
return;
} else {
// Fetch information about this user from
// auth0 to validate this token
// NOTE: Replace the URL with your own auth0 app url
var options = {
url: `https://${auth0Domain}/userinfo`,
headers: {
Authorization: token,
'Content-Type': 'application/json'
}
};
requestClient(options, (err, res, body) => {
if (!err && res.statusCode == 200) {
var userInfo = JSON.parse(body);
console.log(userInfo); //debug
var hasuraVariables = {
'X-Hasura-User-Id': userInfo.sub,
'X-Hasura-Role': 'user'
};
console.log(hasuraVariables); // For debug
response.json(hasuraVariables);
} else {
// Error response from auth0
console.log(err, res, body);
response.json({'x-hasura-role': 'anonymous'});
return;
}
});
}
});
module.exports = auth0Router;
普通rest api: server.js
app.get('/simple/webhook', (request, response) => {
// Extract token from request
var token = request.get('Authorization');
// Fetch user_id that is associated with this token
fetchUserInfo(token, (result) => {
// Return appropriate response to Hasura
var hasuraVariables = {
'X-Hasura-Role': 'user', // result.role
'X-Hasura-User-Id': '1' // result.user_id
};
response.json(hasuraVariables);
});
});
上边的代码比较简单就是提供一个webhook 的rest api 地址,获取请求中的token (Authorization)
之后进行判定,并返回使用json表示,用户对应的role 以及user-id (X-Hasura-User-Id 、X-Hasura-Role)
参考资料
https://github.com/hasura/sample-auth-webhook
https://docs.hasura.io/1.0/graphql/manual/auth/index.html