hasura graphql auth-webhook api 说明
hasura graphql 生产的使用是推荐使用webhook 进行角色访问控制的,官方同时提供了一个nodejs
的简单demo
代码
git clone https://github.com/hasura/sample-auth-webhook代码说明
-
项目结构
-
api 格式说明
auth0 auth0/auth0Handler.js
var express = require('express');
var auth0Router = express.Router();
var requestClient = require('request');
var auth0Domain = process.env.AUTH_ZERO_DOMAIN;
/*
Auth webhook handler for auth0
Flow:
1) Expects access_token to be sent as 'Authorization: Bearer <access-token>
2) Verified access_token by fetching /userinfo endpoint from auth0
Usage:
1) From your application, when you call Hasura's GraphQL APIs remember to send the access_token from auth0 as an authorization header
2) Replace the url (https://test-hasura.auth0.com/userinfo) in the code below with your own auth0 app url
*/
auth0Router.route('/webhook').get((request, response) => {
// Throw 500 if auth0 domain is not configured
if (!auth0Domain) {
response.status(500).send('Auth0 domain not configured');
return;
}
var token = request.get('Authorization');
if (!token) {
response.json({'x-hasura-role': 'anonymous'});
return;
} else {
// Fetch information about this user from
// auth0 to validate this token
// NOTE: Replace the URL with your own auth0 app url
var options = {
url: `https://${auth0Domain}/userinfo`,
headers: {
Authorization: token,
'Content-Type': 'application/json'
}
};
requestClient(options, (err, res, body) => {
if (!err && res.statusCode == 200) {
var userInfo = JSON.parse(body);
console.log(userInfo); //debug
var hasuraVariables = {
'X-Hasura-User-Id': userInfo.sub,
'X-Hasura-Role': 'user'
};
console.log(hasuraVariables); // For debug
response.json(hasuraVariables);
} else {
// Error response from auth0
console.log(err, res, body);
response.json({'x-hasura-role': 'anonymous'});
return;
}
});
}
});
module.exports = auth0Router;
普通rest api: server.js
app.get('/simple/webhook', (request, response) => {
// Extract token from request
var token = request.get('Authorization');
// Fetch user_id that is associated with this token
fetchUserInfo(token, (result) => {
// Return appropriate response to Hasura
var hasuraVariables = {
'X-Hasura-Role': 'user', // result.role
'X-Hasura-User-Id': '1' // result.user_id
};
response.json(hasuraVariables);
});
});
上边的代码比较简单就是提供一个webhook 的rest api 地址,获取请求中的token (Authorization)
之后进行判定,并返回使用json表示,用户对应的role 以及user-id (X-Hasura-User-Id 、X-Hasura-Role)参考资料
https://github.com/hasura/sample-auth-webhook
https://docs.hasura.io/1.0/graphql/manual/auth/index.html
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 记一次.NET内存居高不下排查解决与启示
· 探究高空视频全景AR技术的实现原理
· 理解Rust引用及其生命周期标识(上)
· 浏览器原生「磁吸」效果!Anchor Positioning 锚点定位神器解析
· 没有源码,如何修改代码逻辑?
· 全程不用写代码,我用AI程序员写了一个飞机大战
· DeepSeek 开源周回顾「GitHub 热点速览」
· 记一次.NET内存居高不下排查解决与启示
· MongoDB 8.0这个新功能碉堡了,比商业数据库还牛
· .NET10 - 预览版1新功能体验(一)