Closed tristan-orourke closed 2 months ago
Another option for hosting the second endpoint could be a new subdomain.
Will it be a challenge to hit two endpoints with urql client? Do we have two client providers? Or do we have a way to change state somehow?
✨ Feature
We currently restrict admin pages behind the network firewall. However, the full API can be accessed from anywhere, and that is how any real interaction with the database happens. We want to be able to ensure that privileged roles and actions are restricted to government employees. The easiest way to do that is restrict those actions to the government network, which is already restricted to government employees.
🕵️ Details
The plan is to host a second API endpoint which behind the firewall.
/admin/graphql
would work. And then, anywhere we're checking for permissions, we somehow check which api endpoint is being used. If the request came from the public endpoint, then we only allow permissions which are available to Guest, Base, or Applicant users to pass authorization.We also need to be very careful on any authorizedToView scopes.
We will also need to change the client-side admin pages to use the new admin endpoint.
Helpful documentation:
🙋♀️ Proposed Implementation
How to check for allowed permissions/roles
From the public access point, we only want to consider permissions that come from Guest, Base User, or Applicant roles. I've been thinking how to implement this, and I think you'd have to check if the user has the permission (what already happens), and then additionally check if the Role has that permission, and the user has the role. It would look something like the following:
Any
authorizedToViewScope
functions will have to work similarly. They'll have to check which endpoint was used independently.How to override the permission check
Instead of overriding the method on User model, we may want to create our own Laratrust checker. We could use different checkers depending on the endpoint used, or check if we're on the admin endpoint within the checker code.
Hosting the api at multiple endpoints
There's a thread [here](https://github.com/nuwave/lighthouse/issues/273 about hosting multiple graphql schemas with Lighthouse. We want to host the same schema at two endpoints, but I think we can use a similar solution to what is proposed there. Lighthouse config file has a
route.uri
variable, which tells lighthouse which route to respond to. But we can use middleware to edit that config variable if going through a second endpoint, so Lighthouse handles that endpoint instead. This middleware might be a good time to do other things as well, like overriding the Laratrust checker.If this strategy doesn't work, @petertgiles had an idea for using a Nginx fastcgi parameter to record that we came through one or the other endpoint, before overriding or redirecting to the main endpoint.
Laravel's context facade might be a good way of sharing any info that gets determined in middleware like this.
✅ Acceptance Criteria
guest
,base_user
andapplicant
are ignored for the purposes of authorization. Any permissions which might be assigned outside of roles are also ignored.authorizedToView
scopes as well