npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@nico29/graphql-shield

v5.1.3

Published

GraphQL Server permissions as another layer of abstraction!

Downloads

3

Readme

graphql-shield

CircleCI codecov npm version Backers on Open CollectiveSponsors on Open Collective

GraphQL Server permissions as another layer of abstraction!

Overview

GraphQL Shield helps you create a permission layer for your application. Using an intuitive rule-API, you'll gain the power of the shield engine on every request and reduce the load time of every request with smart caching. This way you can make sure your application will remain quick, and no internal data will be exposed.

Sponsored By GraphCMS

Try building a groceries shop to better understand the benefits of GraphQL Shield! Banana &Co. 🍏🍌🍓.

Explore common receipts and learn about advanced GraphQL! GraphQL Shield 3.0 ⚔️🛡🐴.

Features

  • ✂️ Flexible: Based on GraphQL Middleware.
  • 😌 Easy to use: Just add permissions to your Yoga middlewares set, and you are ready to go!
  • 🤝 Compatible: Works with all GraphQL Servers.
  • 🚀 Smart: Intelligent V8 Shield engine caches all your request to prevent any unnecessary load.
  • 🎯 Per-Type or Per-Field: Write permissions for your schema, types or specific fields (check the example below).

Install

yarn add graphql-shield

Example

GraphQL Yoga

import { GraphQLServer } from 'graphql-yoga'
import { rule, shield, and, or, not } from 'graphql-shield'

const typeDefs = `
  type Query {
    frontPage: [Fruit!]!
    fruits: [Fruit!]!
    customers: [Customer!]!
  }

  type Mutation {
    addFruitToBasket: Boolean!
  }

  type Fruit {
    name: String!
    count: Int!
  }

  type Customer {
    id: ID!
    basket: [Fruit!]!
  }
`

const resolvers = {
  Query: {
    frontPage: () => [
      { name: 'orange', count: 10 },
      { name: 'apple', count: 1 },
    ],
  },
}

// Auth

const users = {
  mathew: {
    id: 1,
    name: 'Mathew',
    role: 'admin',
  },
  george: {
    id: 2,
    name: 'George',
    role: 'editor',
  },
  johnny: {
    id: 3,
    name: 'Johnny',
    role: 'customer',
  },
}

function getUser(req) {
  const auth = req.get('Authorization')
  if (users[auth]) {
    return users[auth]
  } else {
    return null
  }
}

// Rules

const isAuthenticated = rule()(async (parent, args, ctx, info) => {
  return ctx.user !== null
})

const isAdmin = rule()(async (parent, args, ctx, info) => {
  return ctx.user.role === 'admin'
})

const isEditor = rule()(async (parent, args, ctx, info) => {
  return ctx.user.role === 'editor'
})

// Permissions

const permissions = shield({
  Query: {
    frontPage: not(isAuthenticated),
    fruits: and(isAuthenticated, or(isAdmin, isEditor)),
    customers: and(isAuthenticated, isAdmin),
  },
  Mutation: {
    addFruitToBasket: isAuthenticated,
  },
  Fruit: isAuthenticated,
  Customer: isAdmin,
})

const server = new GraphQLServer({
  typeDefs,
  resolvers,
  middlewares: [permissions],
  context: req => ({
    ...req,
    user: getUser(req),
  }),
})

server.start(() => console.log('Server is running on http://localhost:4000'))

Others, using graphql-middleware

// Permissions...

// Apply permissions middleware with applyMiddleware
// Giving any schema (instance of GraphQLSchema)

import { applyMiddleware } from 'graphql-middleware'
// schema definition...
schema = applyMiddleware(schema, permissions)

API

Types

// Rule
function rule(
  name?: string,
  options?: IRuleOptions,
): (func: IRuleFunction) => Rule

type IFragment = string
type ICacheOptions = 'strict' | 'contextual' | 'no_cache' | boolean
type IRuleResult = boolean | string | Error

type IRuleFunction = (
  parent?: any,
  args?: any,
  context?: any,
  info?: GraphQLResolveInfo,
) => IRuleResult | Promise<IRuleResult>

interface IRuleOptions {
  cache?: ICacheOptions
  fragment?: IFragment
}

// Logic
function and(...rules: IRule[]): LogicRule
function or(...rules: IRule[]): LogicRule
function not(rule: IRule): LogicRule
const allow: LogicRule
const deny: LogicRule

import { GraphQLResolveInfo } from 'graphql'
import { IMiddlewareGenerator } from 'graphql-middleware'

// Rule

export type IFragment = string
export type ICache = 'strict' | 'contextual' | 'no_cache'
export type IRuleResult = boolean | string | Error
export type IRuleFunction = (
  parent?: any,
  args?: any,
  context?: any,
  info?: GraphQLResolveInfo,
) => IRuleResult | Promise<IRuleResult>

// Rule Constructor Options

type ICacheOptions = 'strict' | 'contextual' | 'no_cache' | boolean

interface IRuleOptions {
  cache?: ICacheOptions
  fragment?: IFragment
}

// Rules Definition Tree

export type ShieldRule = IRule | ILogicRule

interface IRuleFieldMap {
  [key: string]: ShieldRule
}

interface IRuleTypeMap {
  [key: string]: ShieldRule | IRuleFieldMap
}

type IRules = ShieldRule | IRuleTypeMap

// Generator Options

interface IOptions {
  debug?: boolean
  allowExternalErrors?: boolean
  fallbackRule?: ShieldRule
  fallbackError?: string | Error
}

declare function shield(
  ruleTree: IRules,
  options: IOptions,
): IMiddlewareGenerator

shield(rules?, options?)

Generates GraphQL Middleware layer from your rules.

rules

A rule map must match your schema definition. All rules must be created using the rule function to ensure caches are made correctly. You can apply your rule across entire schema, Type scoped, or field specific.

Limitations
  • All rules must have a distinct name. Usually, you won't have to care about this as all names are by default automatically generated to prevent such problems. In case your function needs additional variables from other parts of the code and is defined as a function, you'll set a specific name to your rule to avoid name generation.
// Normal
const admin = rule({ cache: 'contextual' })(
  async (parent, args, ctx, info) => true,
)

// With external data
const admin = bool =>
  rule(`name-${bool}`, { cache: 'contextual' })(
    async (parent, args, ctx, info) => bool,
  )
  • Cache is enabled by default across all rules. To prevent cache generation, set { cache: 'no_cache' } or { cache: false } when generating a rule.
  • By default, no rule is executed more than once in complete query execution. This accounts for significantly better load times and quick responses.
Cache

You can choose from three different cache options.

  1. no_cache - prevents rules from being cached.
  2. contextual - use when rule only relies on ctx parameter.
  3. strict - use when rule relies on parent or args parameter as well.
// Contextual
const admin = rule({ cache: 'contextual' })(async (parent, args, ctx, info) => {
  return ctx.user.isAdmin
})

// Strict
const admin = rule({ cache: 'strict' })(async (parent, args, ctx, info) => {
  return ctx.user.isAdmin || args.code === 'secret' || parent.id === 'theone'
})

Backward compatibility: { cache: false } converts to no_cache, and { cache: true } converts to strict.

Custom Errors

Shield, by default, catches all errors thrown during resolver execution. This way we can be 100% sure none of your internal logic can be exposed to the client if it was not meant to be.

To return custom error messages to your client, you can return error instead of throwing it. This way, Shield knows it's not a bug but rather a design decision under control. Besides returning an error you can also return a string representing a custom error message.

You can return custom error from resolver or from rule itself. Rules that return error are treated as failing, therefore not processing any further resolvers.

const typeDefs = `
  type Query {
    customErrorInResolver: String
    customErrorInRule: String
  }
`

const resolvers = {
  Query: {
    customErrorInResolver: () => {
      return new Error('Custom error message from resolver.')
    },
    customErrorMessageInRule: () => {
      // Querying is stopped because rule returns an error
      console.log("This won't be logged.")
      return "you won't see me!"
    },
    customErrorInRule: () => {
      // Querying is stopped because rule returns an error
      console.log("This won't be logged.")
      return "you won't see me!"
    },
  },
}

const ruleWithCustomError = rule()(async (parent, args, ctx, info) => {
  return new Error('Custom error from rule.')
})

const ruleWithCustomErrorMessage = rule()(async (parent, args, ctx, info) => {
  return 'Custom error message from rule.'
})

const permissions = shield({
  Query: {
    customErrorInRule: ruleWithCustomError,
    customErrorMessageInRule: ruleWithCustomErrorMessage,
  },
})

const server = GraphQLServer({
  typeDefs,
  resolvers,
  middlewares: [permissions],
})

Errors thrown in resolvers can be tracked using debug option. This way Shield ensures your code is production ready at all times.

If you wish to see errors thrown inside resolvers, you can set allowExternalErrors option to true. This way, Shield won't hide custom errors thrown during query resolving.

per type wildcard rule

There is an option to specify a rule that will be applied to all fields of a type (Query, Mutatation, ...) that do not specify a rule. It is similar to the options.fallbackRule but allows you to specify a fallbackRule per type.

// this will only allow query1 and query2.
// query3 for instance will be denied
// it will also deny every mutation
// (you can still use `fallbackRule` option with it)
const permissions = shield({
  Query: {
    "*": deny
    query1: allow,
    query2: allow,
  },
  Mutation: {
    "*": deny
  },
}, {
  fallbackRule: allow
})

options

| Property | Required | Default | Description | | ------------------- | -------- | ------------------------ | -------------------------------------------------- | | allowExternalErrors | false | false | Toggle catching internal errors. | | debug | false | false | Toggle debug mode. | | fallbackRule | false | allow | The default rule for every "rule-undefined" field. | | fallbackError | false | Error('Not Authorised!') | Error Permission system fallbacks to. |

By default shield ensures no internal data is exposed to client if it was not meant to be. Therefore, all thrown errors during execution resolve in Not Authorised! error message if not otherwise specified using error wrapper. This can be turned off by setting allowExternalErrors option to true.

allow, deny

GraphQL Shield predefined rules.

allow and deny rules do exactly what their names describe.

and, or, not

and, or and not allow you to nest rules in logic operations.

And Rule

And rule allows access only if all sub rules used return true.

Or Rule

Or rule allows access if at least one sub rule returns true and no rule throws an error.

Not

Not works as usual not in code works.

import { shield, rule, and, or } from 'graphql-shield'

const isAdmin = rule()(async (parent, args, ctx, info) => {
  return ctx.user.role === 'admin'
})

const isEditor = rule()(async (parent, args, ctx, info) => {
  return ctx.user.role === 'editor'
})

const isOwner = rule()(async (parent, args, ctx, info) => {
  return ctx.user.items.some(id => id === parent.id)
})

const permissions = shield({
  Query: {
    users: or(isAdmin, isEditor),
  },
  Mutation: {
    createBlogPost: or(isAdmin, and(isOwner, isEditor)),
  },
  User: {
    secret: isOwner,
  },
})

Global Fallback Error

GraphQL Shield allows you to set a globally defined fallback error that is used instead of Not Authorised! default response. This might be particularly useful for localization. You can use string or even custom Error to define it.

const permissions = shield(
  {
    Query: {
      items: allow,
    },
  },
  {
    fallbackError: 'To je napaka!', // meaning "This is a mistake" in Slovene.
  },
)

const permissions = shield(
  {
    Query: {
      items: allow,
    },
  },
  {
    fallbackError: new CustomError('You are something special!'),
  },
)

Fragments

Fragments allow you to define which fields your rule requires to work correctly. This comes in extremely handy when your rules rely on data from database. You can use fragments to define which data your rule relies on.

const isItemOwner = rule({
  cache: 'strict',
  fragment: 'fragment ItemID on Item { id }',
})(async ({ id }, args, ctx, info) => {
  return ctx.db.exists.Item({
    id,
    owner: { id: ctx.user.id },
  })
})

const permissions = shield(
  {
    Query: {
      items: allow,
    },
    Item: {
      id: allow,
      name: allow,
      secret: isItemOwner,
    },
  },
  {
    fallbackRule: deny,
  },
)

// GraphQL Yoga

const server = new GraphQLServer({
  typeDefs: './src/schema.graphql',
  resolvers,
  middlewares: [permissions],
  context: ({
    request,
    response,
    fragmentReplacements: middlewareFragmentReplacements,
  }) => {
    return {
      request,
      response,
      db: new Prisma({
        fragmentReplacements: [
          ...middlewareFragmentReplacements,
          ...resolverFragmentReplacements,
        ],
        endpoint: process.env.PRISMA_ENDPOINT,
        secret: process.env.PRISMA_SECRET,
        debug: true,
      }),
    }
  },
})

// GraphQL Middleware

const { schema, fragmentReplacements } = applyMiddleware(schema, permissions)

Whitelisting vs Blacklisting

Whitelisting/Blacklisting is no longer available in versions after 3.x.x, and has been replaced in favor of fallbackRule.

Shield allows you to lock-in your schema. This way, you can seamlessly develop and publish your work without worrying about exposing your data. To lock in your service simply set fallbackRule to deny like this;

const typeDefs = `
  type Query {
    users: [User!]!
    newFeatures: FeaturesConnection!
  }

  type User {
    id: ID!
    name: String!
    author: Author!
  }

  type Author {
    id: ID!
    name: String!
    secret: String
  }
`

const permissions = shield(
  {
    Query: {
      users: allow,
    },
    User: allow,
    Author: {
      id: allow,
      name: allow,
    },
  },
  { fallbackRule: deny },
)

You can achieve same functionality by setting every "rule-undefined" field to deny the request.

Troubleshooting

When a single field is "Not Authorised!" the entire parent object returns null.

This occurs when a non-nullable field (specified in the schema) returns a null value (due to GraphQL Shield blocking the field's value). GraphQL is a strongly typed language - the schema serves as a contract between client and server - which requires that the server response follow the schema definition.

See #126 and #97 for more detailed explanations.

A rule is executed only once even though the dataset contains multiple values (and thus should execute the rule multiple times)

This occurs because of caching. When the cache is set to "contextual" only the contextual variable of the rule is expected to be evaluated. Setting the cache to "strict" allows the rule to rely on parent and args parameters as well.

Contributors

This project exists thanks to all the people who contribute. [Contribute].

Backers

Thank you to all our backers! 🙏 [Become a backer]

Sponsors

Support this project by becoming a sponsor. Your logo will show up here with a link to your website. [Become a sponsor]

Contributing

We are always looking for people to help us grow graphql-shield! If you have an issue, feature request, or pull request, let us know!

License

MIT @ Matic Zavadlal