add new checkActionVisibility action

moleculerjs · Oct 4, 2022 · daed24a · daed24a
1 parent b01e1b4
commit daed24a
Show file tree

Hide file tree

Showing 5 changed files with 97 additions and 10 deletions.
diff --git a/examples/simple/index.js b/examples/simple/index.js
@@ -24,6 +24,8 @@ broker.createService({
 				mappingPolicy: "restrict",
 			},
 
+			checkActionVisibility: true,
+
 			// https://www.apollographql.com/docs/apollo-server/v2/api/apollo-server.html
 			serverOptions: {},
 		}),
@@ -78,6 +80,26 @@ broker.createService({
 				throw new MoleculerClientError("I've said it's a danger action!", 422, "DANGER");
 			},
 		},
+
+		secret: {
+			visibility: "protected",
+			graphql: {
+				query: "secret: String!",
+			},
+			async handler() {
+				return "! TOP SECRET !";
+			},
+		},
+
+		visible: {
+			visibility: "published",
+			graphql: {
+				query: "visible: String!",
+			},
+			async handler() {
+				return "Not secret";
+			},
+		},
 	},
 });
 

diff --git a/index.d.ts b/index.d.ts
@@ -41,6 +41,7 @@ declare module "moleculer-apollo-server" {
 		};
 		dataLoader?: boolean;
 		nullIfError?: boolean;
+		skipNullKeys?: boolean;
 		params?: { [key: string]: any };
 	}
 
@@ -94,6 +95,7 @@ declare module "moleculer-apollo-server" {
 		};
 		routeOptions?: ServiceRouteOptions;
 		serverOptions?: Config;
+		checkActionVisibility?: boolean;
 		autoUpdateSchema?: boolean;
 	}
 

diff --git a/package-lock.json b/package-lock.json
diff --git a/src/service.js b/src/service.js
@@ -25,6 +25,7 @@ module.exports = function (mixinOptions) {
 		createAction: true,
 		subscriptionEventName: "graphql.publish",
 		autoUpdateSchema: true,
+		checkActionVisibility: false,
 	});
 
 	const serviceSchema = {
@@ -450,6 +451,13 @@ module.exports = function (mixinOptions) {
 
 						Object.values(service.actions).forEach(action => {
 							const { graphql: def } = action;
+							if (
+								mixinOptions.checkActionVisibility &&
+								action.visibility != null &&
+								action.visibility != "published"
+							)
+								return;
+
 							if (def && _.isObject(def)) {
 								if (def.query) {
 									if (!resolver["Query"]) resolver.Query = {};

diff --git a/test/integration/greeter.spec.js b/test/integration/greeter.spec.js
@@ -26,6 +26,8 @@ describe("Integration test for greeter service", () => {
 					mappingPolicy: "restrict",
 				},
 
+				checkActionVisibility: true,
+
 				// https://www.apollographql.com/docs/apollo-server/v2/api/apollo-server.html
 				serverOptions: {},
 			}),
@@ -104,6 +106,16 @@ describe("Integration test for greeter service", () => {
 					);
 				},
 			},
+
+			secret: {
+				visibility: "protected",
+				graphql: {
+					query: "secret: String!",
+				},
+				async handler() {
+					return "! TOP SECRET !";
+				},
+			},
 		},
 	});
 
@@ -227,4 +239,41 @@ describe("Integration test for greeter service", () => {
 			],
 		});
 	});
+
+	it("should not call the greeter.secret", async () => {
+		const res = await fetch(`http://localhost:${port}/graphql`, {
+			method: "post",
+			body: JSON.stringify({
+				operationName: null,
+				variables: {},
+				query: "query { danger }",
+			}),
+			headers: { "Content-Type": "application/json" },
+		});
+
+		expect(res.status).toBe(200);
+		expect(await res.json()).toStrictEqual({
+			data: null,
+			errors: [
+				{
+					extensions: {
+						code: "INTERNAL_SERVER_ERROR",
+						exception: {
+							code: 422,
+							retryable: false,
+							type: "DANGER",
+						},
+					},
+					locations: [
+						{
+							column: 9,
+							line: 1,
+						},
+					],
+					message: "I've said it's a danger action!",
+					path: ["danger"],
+				},
+			],
+		});
+	});
 });