Closed nickisyourfan closed 1 year ago
New syntax for implementing:
[[service.guards]]
name = "invalid_id"
if_expr = "input(\"cities\") == (\"Dallas\")"
then_msg = "Invalid ID - Permission Denied"
First version implemented. Closing for rescope of second version.
Should be able to guard the service/authorize access down to the field level of an entity. Guards will be boolean evaluators that can be applied to sections of the config file in order to "guard" accordingly.
Guards
Application
Applying a guard will be simple, using the
guard
property. The guard property will be of type string, which can handle evaluations.For example, blocking acceess to the entire service can be done by providing a true value to the guard option.
Using an eval lib, we will be able to provide conditions to the guard.
Guard Locations
The application will be able to have high level guards as well as low level guards effectively allowing you to block access from the entire service down to access to a specific field of a specific entity.
Global Accessors
Boolean evaluators will work with globally available variables that can allow you to access dynamic data points. These dynamic data points come from the context within the GraphQL Request.
For example, block access to the user entity if the requesting user is not an admin by checking the request headers for
auth.role
. Ifauth.role
===Admin
then allow the request to go forward, else guard the entity.Or, guard the input value that the user has submitted. The following example will stop the query from being executed if the user has provided an value of less than 18 for the
age
input.You will also be able to compare Globals. Assuming the entity has a
id
andpassword
fields:Errors
By default, guards that are evaluated as truthy will result in a default "403 Forbidden" like error. That being said, custom error messages will be easy to apply in the result of a successful guard. Passing a string as the last argument results in a custom message.
In this case, the error message will be extracted from the guard and returned in response of the request.
Complex Error Handling
In such even that a guard becomes too complex for the configuration file, the guard may be moved to a file allowing for multi guard checks.
This guard will read the content from the assigned file path. You may assign a general message as the first line in the file. Individual error messages may be assigned per error key allowing you to provide detailed error messages with ease.
Error Execution and Response
Once evaluated, if guarded, an error will be thrown.
The Error Response
The error response is a key value map that allows each error to be displayed. All errors will be mapped to their appropriate key value pair.