-
Notifications
You must be signed in to change notification settings - Fork 161
Update middleware with options and new design #774
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
Merged
Changes from all commits
Commits
Show all changes
52 commits
Select commit
Hold shift + click to select a range
92b04da
Update middleware with options and new design
Shane32 e2e9196
Add failing check for mutation for get
Shane32 d22a09f
Update
Shane32 ea3c1be
Merge from develop
Shane32 d54d09c
Update
Shane32 31a2512
Update api approvals
Shane32 512cd17
Merge branch 'develop' into update_middleware
Shane32 b505c71
Convert IUserContextBuilder to file-scoped namespace
Shane32 ca9801a
Enable NRT for app builder extensions
Shane32 7c79351
Enable NRT for IUserContextBuilder
Shane32 c8fea7c
Update user context comments
Shane32 51ff27b
Update comment for GraphQLHttpMiddlewareOptions
Shane32 9b2c642
Update api approvals
Shane32 f2a7011
Update src/Transports.AspNetCore/IUserContextBuilder.cs
Shane32 6a65c3b
Update src/Transports.AspNetCore/Errors/RequestError.cs
Shane32 9398d10
Bump to GraphQL 5.3.0 with necessary changes
Shane32 f57505c
Update
Shane32 7ce6131
Merge from master
Shane32 c673740
Updates
Shane32 5671c49
Update
Shane32 e1c5ab5
Update src/Transports.AspNetCore/AuthorizationParameters.cs
Shane32 27741bf
Update
Shane32 b2caa06
Update src/Transports.AspNetCore/GraphQLHttpMiddlewareOptions.cs
Shane32 83b0b84
Readonly struct
Shane32 20608ec
Merge branch 'update_middleware' of https://github.com/graphql-dotnet…
Shane32 0edb99b
Update HandlePost comment
Shane32 7ba55ff
Update src/Transports.AspNetCore/GraphQLHttpMiddleware.cs
Shane32 7a11025
Update src/Transports.AspNetCore/Errors/InvalidContentTypeError.cs
Shane32 0f2e282
Update src/Transports.AspNetCore/Errors/WebSocketSubProtocolNotSuppor…
Shane32 ed44ade
Update src/Transports.AspNetCore/GraphQLHttpMiddleware.cs
Shane32 0c84acd
Update NRT
Shane32 da68660
Merge branch 'update_middleware' of https://github.com/graphql-dotnet…
Shane32 254f738
Remove MediaTypes static class
Shane32 77fd8c6
Update
Shane32 73c1ac6
Update
Shane32 38df925
Update src/Transports.AspNetCore/GraphQLHttpMiddleware.cs
Shane32 05f8e85
Update src/Transports.AspNetCore/GraphQLHttpMiddleware.cs
Shane32 ce950c5
Update src/Transports.AspNetCore/GraphQLHttpMiddleware.cs
Shane32 d9b8529
Invert condition
Shane32 c02e17b
Update
Shane32 bd14582
Update
Shane32 b4c6501
Update src/Transports.AspNetCore/GraphQLHttpMiddleware.cs
Shane32 b9e3636
Update src/Transports.AspNetCore/GraphQLHttpMiddleware.cs
Shane32 65a177e
Update src/Transports.AspNetCore/GraphQLHttpMiddleware.cs
Shane32 60c9fbc
Update src/Transports.AspNetCore/GraphQLHttpMiddleware.cs
Shane32 0318669
Update src/Transports.AspNetCore/GraphQLHttpMiddleware.cs
Shane32 d67efe2
Update src/Transports.AspNetCore/GraphQLHttpMiddleware.cs
Shane32 ef8dbcf
Update src/Transports.AspNetCore/GraphQLHttpMiddleware.cs
Shane32 e8920ff
Update src/Transports.AspNetCore/GraphQLHttpMiddleware.cs
Shane32 7557bba
Update src/Transports.AspNetCore/GraphQLHttpMiddleware.cs
Shane32 dc7354a
Update src/Transports.AspNetCore/GraphQLHttpMiddleware.cs
Shane32 5f79796
Update src/Transports.AspNetCore/GraphQLHttpMiddleware.cs
Shane32 File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,66 @@ | ||
#nullable enable | ||
|
||
using System.Security.Claims; | ||
using System.Security.Principal; | ||
using Microsoft.AspNetCore.Authorization; | ||
using Microsoft.Extensions.DependencyInjection; | ||
|
||
namespace GraphQL.Server.Transports.AspNetCore; | ||
|
||
/// <summary> | ||
/// Helper methods for performing connection authorization. | ||
/// </summary> | ||
public static class AuthorizationHelper | ||
sungam3r marked this conversation as resolved.
Show resolved
Hide resolved
|
||
{ | ||
/// <summary> | ||
/// Performs connection authorization according to the options set within | ||
/// <see cref="AuthorizationParameters{TState}"/>. Returns <see langword="true"/> | ||
sungam3r marked this conversation as resolved.
Show resolved
Hide resolved
|
||
/// if authorization was successful or not required. | ||
/// </summary> | ||
public static async ValueTask<bool> AuthorizeAsync<TState>(AuthorizationParameters<TState> options, TState state) | ||
{ | ||
if (options.AuthorizationRequired) | ||
{ | ||
if (!((options.HttpContext.User ?? NoUser()).Identity ?? NoIdentity()).IsAuthenticated) | ||
{ | ||
if (options.OnNotAuthenticated != null) | ||
await options.OnNotAuthenticated(state); | ||
return false; | ||
} | ||
} | ||
|
||
if (options.AuthorizedRoles?.Count > 0) | ||
{ | ||
var user = options.HttpContext.User ?? NoUser(); | ||
foreach (var role in options.AuthorizedRoles) | ||
{ | ||
if (user.IsInRole(role)) | ||
goto PassRoleCheck; | ||
sungam3r marked this conversation as resolved.
Show resolved
Hide resolved
|
||
} | ||
if (options.OnNotAuthorizedRole != null) | ||
await options.OnNotAuthorizedRole(state); | ||
return false; | ||
} | ||
PassRoleCheck: | ||
|
||
if (options.AuthorizedPolicy != null) | ||
{ | ||
var authorizationService = options.HttpContext.RequestServices.GetRequiredService<IAuthorizationService>(); | ||
var authResult = await authorizationService.AuthorizeAsync(options.HttpContext.User ?? NoUser(), null, options.AuthorizedPolicy); | ||
if (!authResult.Succeeded) | ||
{ | ||
if (options.OnNotAuthorizedPolicy != null) | ||
await options.OnNotAuthorizedPolicy(state, authResult); | ||
return false; | ||
} | ||
} | ||
|
||
return true; | ||
} | ||
|
||
private static IIdentity NoIdentity() | ||
=> throw new InvalidOperationException($"IIdentity could not be retrieved from HttpContext.User.Identity."); | ||
|
||
private static ClaimsPrincipal NoUser() | ||
=> throw new InvalidOperationException("ClaimsPrincipal could not be retrieved from HttpContext.User."); | ||
} |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,71 @@ | ||
#nullable enable | ||
|
||
using System.Security.Claims; | ||
using System.Security.Principal; | ||
using Microsoft.AspNetCore.Authorization; | ||
using Microsoft.AspNetCore.Http; | ||
|
||
namespace GraphQL.Server.Transports.AspNetCore; | ||
|
||
/// <summary> | ||
/// Authorization parameters. | ||
/// This struct is used to group all necessary parameters together and perform arbitrary | ||
/// actions based on provided authentication properties/attributes/etc. | ||
/// It is not intended to be called from user code. | ||
/// </summary> | ||
public readonly struct AuthorizationParameters<TState> | ||
{ | ||
/// <summary> | ||
/// Initializes an instance with a specified <see cref="Microsoft.AspNetCore.Http.HttpContext"/> | ||
/// and parameters copied from the specified instance of <see cref="GraphQLHttpMiddlewareOptions"/>. | ||
/// </summary> | ||
public AuthorizationParameters( | ||
HttpContext httpContext, | ||
GraphQLHttpMiddlewareOptions middlewareOptions, | ||
Func<TState, Task>? onNotAuthenticated, | ||
Func<TState, Task>? onNotAuthorizedRole, | ||
Func<TState, AuthorizationResult, Task>? onNotAuthorizedPolicy) | ||
{ | ||
HttpContext = httpContext; | ||
AuthorizationRequired = middlewareOptions.AuthorizationRequired; | ||
AuthorizedRoles = middlewareOptions.AuthorizedRoles; | ||
AuthorizedPolicy = middlewareOptions.AuthorizedPolicy; | ||
OnNotAuthenticated = onNotAuthenticated; | ||
OnNotAuthorizedRole = onNotAuthorizedRole; | ||
OnNotAuthorizedPolicy = onNotAuthorizedPolicy; | ||
} | ||
|
||
/// <summary> | ||
/// Gets or sets the <see cref="Microsoft.AspNetCore.Http.HttpContext"/> for the request. | ||
/// </summary> | ||
public HttpContext HttpContext { get; } | ||
|
||
/// <inheritdoc cref="GraphQLHttpMiddlewareOptions.AuthorizationRequired"/> | ||
public bool AuthorizationRequired { get; } | ||
|
||
/// <inheritdoc cref="GraphQLHttpMiddlewareOptions.AuthorizedRoles"/> | ||
public List<string>? AuthorizedRoles { get; } | ||
|
||
/// <inheritdoc cref="GraphQLHttpMiddlewareOptions.AuthorizedPolicy"/> | ||
public string? AuthorizedPolicy { get; } | ||
|
||
/// <summary> | ||
/// A delegate which executes if <see cref="AuthorizationRequired"/> is set | ||
/// but <see cref="IIdentity.IsAuthenticated"/> returns <see langword="false"/>. | ||
/// </summary> | ||
public Func<TState, Task>? OnNotAuthenticated { get; } | ||
|
||
/// <summary> | ||
/// A delegate which executes if <see cref="AuthorizedRoles"/> is set but | ||
/// <see cref="ClaimsPrincipal.IsInRole(string)"/> returns <see langword="false"/> | ||
/// for all roles. | ||
/// </summary> | ||
public Func<TState, Task>? OnNotAuthorizedRole { get; } | ||
|
||
/// <summary> | ||
/// A delegate which executes if <see cref="AuthorizedPolicy"/> is set but | ||
/// <see cref="IAuthorizationService.AuthorizeAsync(ClaimsPrincipal, object, string)"/> | ||
/// returns an unsuccessful <see cref="AuthorizationResult"/> for the specified policy. | ||
/// </summary> | ||
public Func<TState, AuthorizationResult, Task>? OnNotAuthorizedPolicy { get; } | ||
} |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,38 @@ | ||
#nullable enable | ||
|
||
using GraphQL.Validation; | ||
using GraphQLParser.AST; | ||
using Microsoft.AspNetCore.Authorization; | ||
|
||
namespace GraphQL.Server.Transports.AspNetCore.Errors; | ||
|
||
/// <summary> | ||
/// Represents an error indicating that the user is not allowed access to the specified resource. | ||
/// </summary> | ||
public class AccessDeniedError : ValidationError | ||
{ | ||
/// <inheritdoc cref="AccessDeniedError"/> | ||
public AccessDeniedError(string resource) | ||
: base($"Access denied for {resource}.") | ||
{ | ||
} | ||
|
||
/// <inheritdoc cref="AccessDeniedError"/> | ||
public AccessDeniedError(string resource, GraphQLParser.ROM originalQuery, params ASTNode[] nodes) | ||
: base(originalQuery, null!, $"Access denied for {resource}.", nodes) | ||
{ | ||
} | ||
|
||
/// <summary> | ||
/// Returns the policy that would allow access to these node(s). | ||
/// </summary> | ||
public string? PolicyRequired { get; set; } | ||
|
||
/// <inheritdoc cref="AuthorizationResult"/> | ||
public AuthorizationResult? PolicyAuthorizationResult { get; set; } | ||
|
||
/// <summary> | ||
/// Returns the list of role memberships that would allow access to these node(s). | ||
/// </summary> | ||
public List<string>? RolesRequired { get; set; } | ||
} |
14 changes: 14 additions & 0 deletions
14
src/Transports.AspNetCore/Errors/BatchedRequestsNotSupportedError.cs
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
#nullable enable | ||
|
||
using GraphQL.Execution; | ||
|
||
namespace GraphQL.Server.Transports.AspNetCore.Errors; | ||
|
||
/// <summary> | ||
/// Represents an error indicating that batched requests are not supported. | ||
/// </summary> | ||
public class BatchedRequestsNotSupportedError : RequestError | ||
{ | ||
/// <inheritdoc cref="BatchedRequestsNotSupportedError"/> | ||
public BatchedRequestsNotSupportedError() : base("Batched requests are not supported.") { } | ||
} |
19 changes: 19 additions & 0 deletions
19
src/Transports.AspNetCore/Errors/HttpMethodValidationError.cs
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
#nullable enable | ||
|
||
using GraphQL.Validation; | ||
using GraphQLParser.AST; | ||
|
||
namespace GraphQL.Server.Transports.AspNetCore.Errors; | ||
|
||
/// <summary> | ||
/// Represents a validation error indicating that the requested operation is not valid | ||
/// for the type of HTTP request. | ||
/// </summary> | ||
public class HttpMethodValidationError : ValidationError | ||
{ | ||
/// <inheritdoc cref="HttpMethodValidationError"/> | ||
public HttpMethodValidationError(GraphQLParser.ROM originalQuery, ASTNode node, string message) | ||
: base(originalQuery, null!, message, node) | ||
{ | ||
} | ||
} |
17 changes: 17 additions & 0 deletions
17
src/Transports.AspNetCore/Errors/InvalidContentTypeError.cs
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
#nullable enable | ||
|
||
using GraphQL.Execution; | ||
|
||
namespace GraphQL.Server.Transports.AspNetCore.Errors; | ||
|
||
/// <summary> | ||
/// Represents an error indicating that the content-type is invalid, for example, could not be parsed or is not supported. | ||
/// </summary> | ||
public class InvalidContentTypeError : RequestError | ||
{ | ||
/// <inheritdoc cref="InvalidContentTypeError"/> | ||
public InvalidContentTypeError() : base("Invalid 'Content-Type' header.") { } | ||
|
||
/// <inheritdoc cref="InvalidContentTypeError"/> | ||
public InvalidContentTypeError(string message) : base("Invalid 'Content-Type' header: " + message) { } | ||
} |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
#nullable enable | ||
|
||
using GraphQL.Execution; | ||
|
||
namespace GraphQL.Server.Transports.AspNetCore.Errors; | ||
|
||
/// <summary> | ||
/// Represents an error indicating that the JSON provided could not be parsed. | ||
/// </summary> | ||
public class JsonInvalidError : RequestError | ||
{ | ||
/// <inheritdoc cref="JsonInvalidError"/> | ||
public JsonInvalidError() : base($"JSON body text could not be parsed.") { } | ||
|
||
/// <inheritdoc cref="JsonInvalidError"/> | ||
public JsonInvalidError(Exception innerException) : base($"JSON body text could not be parsed. {innerException.Message}") { } | ||
} |
17 changes: 17 additions & 0 deletions
17
src/Transports.AspNetCore/Errors/WebSocketSubProtocolNotSupportedError.cs
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
#nullable enable | ||
|
||
using GraphQL.Execution; | ||
|
||
namespace GraphQL.Server.Transports.AspNetCore.Errors; | ||
|
||
/// <summary> | ||
/// Represents an error indicating that none of the requested websocket sub-protocols are supported. | ||
/// </summary> | ||
public class WebSocketSubProtocolNotSupportedError : RequestError | ||
{ | ||
/// <inheritdoc cref="WebSocketSubProtocolNotSupportedError"/> | ||
public WebSocketSubProtocolNotSupportedError(IEnumerable<string> requestedSubProtocols) | ||
: base($"Invalid requested WebSocket sub-protocol(s): {string.Join(",", requestedSubProtocols.Select(x => $"'{x}'"))}") | ||
{ | ||
} | ||
} |
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.