Merge pull request #58 from fossapps/directive

cyberhck · web-flow · commit a5c76de06e08 · 2021-06-26T17:56:48.000+07:00
feat(directive): add require permission directive
diff --git a/Micro.Auth.Api/GraphQL/AuthSchema.cs b/Micro.Auth.Api/GraphQL/AuthSchema.cs
@@ -11,7 +11,9 @@ public AuthSchema(IServiceProvider services, Query query, Mutation mutation) : b
             Query = query;
             Mutation = mutation;
             Directives.Register(new AuthorizeDirective());
+            Directives.Register(new RequirePermissionDirective());
             RegisterVisitor(typeof(AuthorizeDirectiveVisitor));
+            RegisterVisitor(typeof(RequirePermissionDirectiveVisitor));
         }
     }
 }
diff --git a/Micro.Auth.Api/GraphQL/Directives/AuthorizeDirective.cs b/Micro.Auth.Api/GraphQL/Directives/AuthorizeDirective.cs
@@ -46,7 +46,7 @@ public override void VisitObjectFieldDefinition(FieldType field, IObjectGraphTyp
 
             field.Resolver = new AsyncFieldResolver<object>(async context =>
             {
-                throw new NotAuthorizedException();
+                throw new NotAuthenticatedException();
             });
         }
     }
diff --git a/Micro.Auth.Api/GraphQL/Directives/Exceptions/NotAuthenticatedException.cs b/Micro.Auth.Api/GraphQL/Directives/Exceptions/NotAuthenticatedException.cs
@@ -0,0 +1,11 @@
+using System;
+
+namespace Micro.Auth.Api.GraphQL.Directives.Exceptions
+{
+    public class NotAuthenticatedException : Exception
+    {
+        public NotAuthenticatedException() : base("This operation requires logging in")
+        {
+        }
+    }
+}
diff --git a/Micro.Auth.Api/GraphQL/Directives/Exceptions/NotAuthorizedException.cs b/Micro.Auth.Api/GraphQL/Directives/Exceptions/NotAuthorizedException.cs
@@ -4,7 +4,7 @@ namespace Micro.Auth.Api.GraphQL.Directives.Exceptions
 {
     public class NotAuthorizedException : Exception
     {
-        public NotAuthorizedException() : base("This operation requires logging in")
+        public NotAuthorizedException() : base("You do not have sufficient permission to perform this operation")
         {
         }
     }
diff --git a/Micro.Auth.Api/GraphQL/Directives/Extensions/Directives.cs b/Micro.Auth.Api/GraphQL/Directives/Extensions/Directives.cs
@@ -14,5 +14,32 @@ public static FieldBuilder<TSourceType, TReturnType> Authorize<TSourceType, TRet
         {
             return type.Directive(AuthorizeDirective.DirectiveName);
         }
+
+        public static FieldType RequirePermission(this FieldType type, string permission)
+        {
+            return type.ApplyDirective(RequirePermissionDirective.DirectiveName, "permission", permission);
+        }
+
+        public static FieldBuilder<TSourceType, TReturnType> RequirePermission<TSourceType, TReturnType>(
+            this FieldBuilder<TSourceType, TReturnType> type, string permission)
+        {
+            return type.Directive(RequirePermissionDirective.DirectiveName, "permission", permission);
+        }
+
+        public static string? GetAppliedPermission(this FieldType fieldType)
+        {
+            var applied = fieldType.FindAppliedDirective(RequirePermissionDirective.DirectiveName);
+            if (applied == null)
+            {
+                return null;
+            }
+            var arg = applied.FindArgument("permission");
+            if (arg.Name == "permission")
+            {
+                return (string) arg.Value;
+            }
+
+            return null;
+        }
     }
 }
diff --git a/Micro.Auth.Api/GraphQL/Directives/RequirePermissionDirective.cs b/Micro.Auth.Api/GraphQL/Directives/RequirePermissionDirective.cs
@@ -0,0 +1,52 @@
+using GraphQL.Resolvers;
+using GraphQL.Types;
+using GraphQL.Utilities;
+using Micro.Auth.Api.GraphQL.Directives.Exceptions;
+using Micro.Auth.Api.GraphQL.Directives.Extensions;
+using Microsoft.AspNetCore.Http;
+
+namespace Micro.Auth.Api.GraphQL.Directives
+{
+    public class RequirePermissionDirective : DirectiveGraphType
+    {
+        public const string DirectiveName = "requirePermission";
+
+        public RequirePermissionDirective() : base(
+            DirectiveName,
+            DirectiveLocation.Field,
+            DirectiveLocation.Mutation,
+            DirectiveLocation.Query,
+            DirectiveLocation.FieldDefinition)
+        {
+        }
+    }
+    public class RequirePermissionDirectiveVisitor : BaseSchemaNodeVisitor
+    {
+        private readonly IHttpContextAccessor _contextAccessor;
+
+        public RequirePermissionDirectiveVisitor(IHttpContextAccessor contextAccessor)
+        {
+            _contextAccessor = contextAccessor;
+        }
+        public override void VisitObjectFieldDefinition(FieldType field, IObjectGraphType type, ISchema schema)
+        {
+            var permission = field.GetAppliedPermission();
+            if (permission == null)
+            {
+                return;
+            }
+
+            var isAuthorized = _contextAccessor
+                .HttpContext
+                ?.User
+                .HasClaim(x => x.Type == "Permission" && x.Value == permission);
+
+            if (isAuthorized == true)
+            {
+                return;
+            }
+
+            field.Resolver = new AsyncFieldResolver<object>(async context => throw new NotAuthorizedException());
+        }
+    }
+}

Original file line number	Diff line number	Diff line change
`@@ -11,7 +11,9 @@ public AuthSchema(IServiceProvider services, Query query, Mutation mutation) : b`
`11`	`11`	`Query = query;`
`12`	`12`	`Mutation = mutation;`
`13`	`13`	`Directives.Register(new AuthorizeDirective());`
	`14`	`+ Directives.Register(new RequirePermissionDirective());`
`14`	`15`	`RegisterVisitor(typeof(AuthorizeDirectiveVisitor));`
	`16`	`+ RegisterVisitor(typeof(RequirePermissionDirectiveVisitor));`
`15`	`17`	`}`
`16`	`18`	`}`
`17`	`19`	`}`
Original file line number	Diff line number	Diff line change
`@@ -46,7 +46,7 @@ public override void VisitObjectFieldDefinition(FieldType field, IObjectGraphTyp`
`46`	`46`
`47`	`47`	`field.Resolver = new AsyncFieldResolver<object>(async context =>`
`48`	`48`	`{`
`49`		`- throw new NotAuthorizedException();`
	`49`	`+ throw new NotAuthenticatedException();`
`50`	`50`	`});`
`51`	`51`	`}`
`52`	`52`	`}`
Original file line number	Diff line number	Diff line change
`@@ -4,7 +4,7 @@ namespace Micro.Auth.Api.GraphQL.Directives.Exceptions`
`4`	`4`	`{`
`5`	`5`	`public class NotAuthorizedException : Exception`
`6`	`6`	`{`
`7`		`- public NotAuthorizedException() : base("This operation requires logging in")`
	`7`	`+ public NotAuthorizedException() : base("You do not have sufficient permission to perform this operation")`
`8`	`8`	`{`
`9`	`9`	`}`
`10`	`10`	`}`