hasura graphql auth-webhook api 说明-白红宇

hasura graphql auth-webhook api 说明

阅读量：6931 次

发布时间：2019-06-27

本文共 2564 字，大约阅读时间需要 8 分钟。

hasura graphql 生产的使用是推荐使用webhook 进行角色访问控制的，官方同时提供了一个nodejs

的简单demo

代码

git clone https://github.com/hasura/sample-auth-webhook

代码说明

项目结构

api 格式说明

auth0   auth0/auth0Handler.jsvar express = require('express');var auth0Router = express.Router();var requestClient = require('request');var auth0Domain = process.env.AUTH_ZERO_DOMAIN;/*  Auth webhook handler for auth0  Flow:  1) Expects access_token to be sent as 'Authorization: Bearer 
     
        2) Verified access_token by fetching /userinfo endpoint from auth0  Usage:  1) From your application, when you call Hasura's GraphQL APIs remember to send the access_token from auth0 as an authorization header  2) Replace the url (https://test-hasura.auth0.com/userinfo) in the code below with your own auth0 app url*/auth0Router.route('/webhook').get((request, response) => {  // Throw 500 if auth0 domain is not configured  if (!auth0Domain) {    response.status(500).send('Auth0 domain not configured');    return;  }  var token = request.get('Authorization');  if (!token) {    response.json({'x-hasura-role': 'anonymous'});    return;  } else {    // Fetch information about this user from    // auth0 to validate this token    // NOTE: Replace the URL with your own auth0 app url    var options = {      url: `https://${auth0Domain}/userinfo`,      headers: {        Authorization: token,        'Content-Type': 'application/json'      }    };    requestClient(options, (err, res, body) => {      if (!err && res.statusCode == 200) {        var userInfo = JSON.parse(body);        console.log(userInfo); //debug        var hasuraVariables = {          'X-Hasura-User-Id': userInfo.sub,          'X-Hasura-Role': 'user'        };        console.log(hasuraVariables); // For debug        response.json(hasuraVariables);      } else {        // Error response from auth0        console.log(err, res, body);        response.json({'x-hasura-role': 'anonymous'});        return;      }    });  }});module.exports = auth0Router;普通rest api： server.jsapp.get('/simple/webhook', (request, response) => {  // Extract token from request  var token = request.get('Authorization');  // Fetch user_id that is associated with this token  fetchUserInfo(token, (result) => {    // Return appropriate response to Hasura    var hasuraVariables = {      'X-Hasura-Role': 'user', // result.role      'X-Hasura-User-Id': '1' // result.user_id    };    response.json(hasuraVariables);  });});上边的代码比较简单就是提供一个webhook 的rest api 地址，获取请求中的token （Authorization）之后进行判定，并返回使用json表示，用户对应的role 以及user-id （X-Hasura-User-Id 、X-Hasura-Role）