Gathering detailed insights and metrics for @treedom/mercurius-auth-opa
Gathering detailed insights and metrics for @treedom/mercurius-auth-opa
Installations
npm install @treedom/mercurius-auth-opaDeveloper
Developer Guide
BETA
Module System
CommonJS
Min. Node Version
>=16.0.0
Typescript Support
Yes
Node Version
20.15.1
NPM Version
10.7.0
Statistics
5 Stars
16 Commits
2 Forks
6 Watching
1 Branches
6 Contributors
Updated on 23 Jul 2024
Languages
TypeScript (100%)
Total Downloads
Cumulative downloads
Total Downloads
697
Last day
0%
10
Compared to previous day
Last week
10%
11
Compared to previous week
Last month
266.7%
22
Compared to previous month
Last year
0%
697
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
4
Versions
@treedom/mercurius-auth-opa
Mercurius Auth OPA is a plugin for Mercurius that adds an Authentication and Authorization directive using Open Policy Agent
Made with β€οΈ atΒ Β 
, join us in making a difference!
Usage
1import { opaAuthPlugin } from "@treedom/mercurius-auth-opa"; 2import { opaAuthDirective } from "@treedom/mercurius-auth-opa/opaAuthDirective"; 3 4const schema = `#graphql 5 ${opaAuthDirective} 6 7 type Query { 8 ping(message: String!): String! @opa(path: "my/opa/policy", options: { ... }) 9 }` 10 11app.register(mercurius, { 12 schema, 13 resolvers: { 14 Query: { 15 ping: (source, args) => args.message, 16 }, 17 }, 18}) 19 20app.register(opaAuthPlugin, { 21 opaEndpoint: 'https://my.opa.endpoint', 22})
OPA policy input
This plugin queries OPA providing the following properties as input
headersthe Fastify headers objectparentthe Mercurius parent object of the field/object which got queriedargsthe Mercurius args object of the field/object which got queriedoptionsstatic untyped properties defined in the directive arguments (optional)
Example Rego Policy
Let's imagine a GraphQL server which accept requests authorized using JWTs containing the role property in their claims.
The following Rego uses a hypotetical oidc.verify_token that validates the JWT signature and returns the token claims
or false if the token is not valid.
1package my.opa.policy 2 3import rego.v1 4import data.oidc 5 6default allow := false 7 8allow if { 9 user := oidc.verify_token(input.headers.authorization) 10 11 user 12 user.role = "admin" 13}
Custom directive
The authorization directive can be customized registering a custom one in the schema and specifying its name in the plugin configuration
1scalar OpaOptions 2directive @policy(path: String!, options: OpaOptions) on OBJECT | FIELD_DEFINITION
1app.register(opaAuthPlugin, { 2 // ... 3 authDirective: 'policy' 4})
1app.register(opaAuthPlugin, { 2 // ... 3 opaOptions: { 4 // ... 5 } 6})
π³ Join Us in Making a Difference! π³
We invite all developers who use Treedom's open-source code to support our mission of sustainability by planting a tree with us. By contributing to reforestation efforts, you help create a healthier planet and give back to the environment. Visit our Treedom Open Source Forest to plant your tree today and join our community of eco-conscious developers.
Additionally, you can integrate the Treedom GitHub badge into your repository to showcase the number of trees in your Treedom forest and encourage others to plant new ones. Check out our integration guide to get started.
Together, we can make a lasting impact! ππ
Contributing
Contributions are welcome! Please read the contributing guidelines before submitting a pull request.
License
This project is licensed under the MIT License.
No vulnerabilities found.
No security vulnerabilities found.