Skip to content

Server - Allow toggle of the DEFAULT user via an ENV variable. #525

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
OSPFNeighbour wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Server - Allow toggle of the DEFAULT user via an ENV variable. #525

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
0cb4731
Allow toggle of the DEFAULT user via an ENV variable.
OSPFNeighbour Jun 21, 2018
56351c9
make travis work
OSPFNeighbour Jun 21, 2018
fc082bd
moved to global
OSPFNeighbour Jun 21, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions .travis.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,8 @@ env:
- AWS_ACCESS_KEY_ID=AKIAIJKCIEXQV7AKWAXA
- secure: jaDeAzMUjWsjjFS43zCIYKi/z6kmzfRSs4/1vYXvSkZM/Hx2YtvHcVONdR/eZpzjv4g49Q/lRtghOjSw+I9FpE6XQgSE8BgpU2VY+55iNXKp1kviJXYAfB/OE2601Dpa8/phaRy7esNoxOCEg7rR51Y2TbSZKGLTjOVRUBl5v1JUQ8f5FbxX5lJzaorve3zALv/VKytZPT/8+8eAXKBtUDb6dm8eWHIsoEqcdl7sw+UswGCrK2dZXp0He+Qh3O1DOxXQ6lTFJF0+Chif1ag0DdOMjlfSvc6ohIGwUDS9F++YbdmEkGLbWsGkyKCwfZTSahXVW26LwgdcUD6rXHJUP+qKRz3wJfWTsOM1s0ZrQmRUsXM0p3sB+e5+pncDiPvDk+24JOLFdPI3hyTbX9fmEYOV1fzWdQ3Ju+vImtKH4HmJ68vkyutN/7TkBDskjaMaqiFOlfjiudZHGvETSFgPGu53a27MUo3uVYYEnLjOxynv0GxXvuQycPA1P4udBrJ8ppsiQ/BJF8YDq25ImfVJHTyVwKMShOPBhpUMMyI04I141dzxZS8mrO/KuNkwvUlSgbJIiHImUxnCTJWQRDAs4WC+QJwuYK2pO5MppTiAbiD0BLlidz4qztS1CKinhRtttDOlNs9EDziGYR2Jbeb+qQTQoopYydmP0nKm4bz8b4M=

#Allow GQL Anon (No JWT Tokens)
- ALLOW_ANON=true
# list of build stages to run. Stages with the same name get run in parallel.
jobs:
include:
Expand Down
15 changes: 9 additions & 6 deletions server/src/main.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,6 @@ const postJWTAuth = ({ id, device }) => {
},
});
} else {
// If we didnt allow anon access we would reject the promise here
returnUser = User.findById(DEFAULT_USER_ID);
returnDevice = Device.findOne({
where: {
Expand All @@ -63,7 +62,6 @@ const postJWTAuth = ({ id, device }) => {
},
});
}

return Promise.resolve({ user: returnUser, device: returnDevice });
};

Expand All @@ -75,7 +73,7 @@ app.use(
// used by later middleware for authorization and access control.
jwt({
secret: JWT_SECRET,
credentialsRequired: false,
credentialsRequired: !process.env.ALLOW_ANON,
}),
graphqlExpress(req => postJWTAuth(
req.user ? { id: req.user.id, device: req.user.device } : { id: null, device: null },
Expand All @@ -85,8 +83,9 @@ app.use(
user,
device,
},
})).catch(() => Promise.reject(Error('Unauthorised'))),
));
})).catch(() => false),
Copy link
Member

@sdunster sdunster Jun 26, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

please explain what this changes functionally

Copy link
Member

@sdunster sdunster Jul 24, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ping

),
);

app.use('/graphiql', graphiqlExpress(req => ({
endpointURL: '/graphql',
Expand All @@ -105,11 +104,15 @@ SubscriptionServer.create({
subscribe,
onConnect(connectionParams) {
// theres no standard auth header in WS so we use jwt connection param
if (!connectionParams.jwt && !process.env.ALLOW_ANON) {
return Promise.reject(Error('Unauthorised'));
}
return jsonwebtoken.verify(connectionParams.jwt || null, JWT_SECRET,
(err, decoded) =>
postJWTAuth(!err ? { id: decoded.id, device: decoded.device } : { id: null, device: null })
.then(({ user, device }) => ({ user, device }))
.catch(() => Promise.error('Unauthorised')),
.catch(() => Promise.reject(Error('Unauthorised')),
Copy link
Member

@sdunster sdunster Jun 26, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

sneaky fix

Copy link
Contributor Author

@OSPFNeighbour OSPFNeighbour Jun 26, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Noticed that one did you

),
);
},
// unpack the subscription request and load it into context
Expand Down