hasura graphql auth-webhook api 说明

hasura graphql 生产的使用是推荐使用webhook 进行角色访问控制的，官方同时提供了一个nodejs
的简单demo

代码

git clone https://github.com/hasura/sample-auth-webhook

代码说明

• 项目结构
  

• api 格式说明

auth0   auth0/auth0Handler.js
var express = require('express');
var auth0Router = express.Router();
var requestClient = require('request');
var auth0Domain = process.env.AUTH_ZERO_DOMAIN;
/*
  Auth webhook handler for auth0
  Flow:
  1) Expects access_token to be sent as 'Authorization: Bearer <access-token>
  2) Verified access_token by fetching /userinfo endpoint from auth0
  Usage:
  1) From your application, when you call Hasura's GraphQL APIs remember to send the access_token from auth0 as an authorization header
  2) Replace the url (https://test-hasura.auth0.com/userinfo) in the code below with your own auth0 app url
*/

auth0Router.route('/webhook').get((request, response) => {
  // Throw 500 if auth0 domain is not configured
  if (!auth0Domain) {
    response.status(500).send('Auth0 domain not configured');
    return;
  }

  var token = request.get('Authorization');

  if (!token) {
    response.json({'x-hasura-role': 'anonymous'});
    return;
  } else {
    // Fetch information about this user from
    // auth0 to validate this token
    // NOTE: Replace the URL with your own auth0 app url
    var options = {
      url: `https://${auth0Domain}/userinfo`,
      headers: {
        Authorization: token,
        'Content-Type': 'application/json'
      }
    };

    requestClient(options, (err, res, body) => {
      if (!err && res.statusCode == 200) {
        var userInfo = JSON.parse(body);
        console.log(userInfo); //debug
        var hasuraVariables = {
          'X-Hasura-User-Id': userInfo.sub,
          'X-Hasura-Role': 'user'
        };
        console.log(hasuraVariables); // For debug
        response.json(hasuraVariables);
      } else {
        // Error response from auth0
        console.log(err, res, body);
        response.json({'x-hasura-role': 'anonymous'});
        return;
      }
    });
  }
});
module.exports = auth0Router;

普通rest api： server.js
app.get('/simple/webhook', (request, response) => {
  // Extract token from request
  var token = request.get('Authorization');

  // Fetch user_id that is associated with this token
  fetchUserInfo(token, (result) => {

    // Return appropriate response to Hasura
    var hasuraVariables = {
      'X-Hasura-Role': 'user', // result.role
      'X-Hasura-User-Id': '1' // result.user_id
    };
    response.json(hasuraVariables);
  });
});
上边的代码比较简单就是提供一个webhook 的rest api 地址，获取请求中的token （Authorization）
之后进行判定，并返回使用json表示，用户对应的role 以及user-id （X-Hasura-User-Id 、X-Hasura-Role）

参考资料

https://github.com/hasura/sample-auth-webhook
https://docs.hasura.io/1.0/graphql/manual/auth/index.html