feat(server): add is_valid_jwt query

2022-01-24 00:32:06 +05:30
parent 7f18a3f634
commit 87b1cac979
10 changed files with 465 additions and 52 deletions
--- a/server/resolvers/is_valid_jwt.go
+++ b/server/resolvers/is_valid_jwt.go
@@ -0,0 +1,39 @@
+package resolvers
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/authorizerdev/authorizer/server/constants"
+	"github.com/authorizerdev/authorizer/server/envstore"
+	"github.com/authorizerdev/authorizer/server/graph/model"
+	tokenHelper "github.com/authorizerdev/authorizer/server/token"
+	"github.com/authorizerdev/authorizer/server/utils"
+)
+
+// IsValidJwtResolver resolver to return if given jwt is valid
+func IsValidJwtResolver(ctx context.Context, params *model.IsValidJWTQueryInput) (*model.ValidJWTResponse, error) {
+	claims, err := tokenHelper.VerifyJWTToken(params.Jwt)
+	if err != nil {
+		return nil, err
+	}
+
+	claimRoleInterface := claims[envstore.EnvInMemoryStoreObj.GetStringStoreEnvVariable(constants.EnvKeyJwtRoleClaim)].([]interface{})
+	claimRoles := []string{}
+	for _, v := range claimRoleInterface {
+		claimRoles = append(claimRoles, v.(string))
+	}
+
+	if params != nil && params.Roles != nil && len(params.Roles) > 0 {
+		for _, v := range params.Roles {
+			if !utils.StringSliceContains(claimRoles, v) {
+				return nil, fmt.Errorf(`unauthorized`)
+			}
+		}
+	}
+
+	return &model.ValidJWTResponse{
+		Valid:   true,
+		Message: "Valid JWT",
+	}, nil
+}
--- a/server/resolvers/session.go
+++ b/server/resolvers/session.go
@@ -13,7 +13,7 @@ import (
 )

 // SessionResolver is a resolver for session query
-func SessionResolver(ctx context.Context, roles []string) (*model.AuthResponse, error) {
+func SessionResolver(ctx context.Context, params *model.SessionQueryInput) (*model.AuthResponse, error) {
 	var res *model.AuthResponse

 	gc, err := utils.GinContextFromContext(ctx)
@@ -65,8 +65,8 @@ func SessionResolver(ctx context.Context, roles []string) (*model.AuthResponse,
 		claimRoles = append(claimRoles, v.(string))
 	}

-	if len(roles) > 0 {
-		for _, v := range roles {
+	if params != nil && params.Roles != nil && len(params.Roles) > 0 {
+		for _, v := range params.Roles {
 			if !utils.StringSliceContains(claimRoles, v) {
 				return res, fmt.Errorf(`unauthorized`)
 			}