djkato/saleor-app-sdk-REDIS_APL
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Extend protectedHandler to contain user object with email and permissions (#252)

Browse source
This commit is contained in:
Lukasz Ostrowski 2023-06-13 14:52:53 +02:00 committed by GitHub
parent 215a410d58
commit 390fae2c97
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 19 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
.changeset/wicked-jobs-exist.md Normal file
View file

@ -0,0 +1,5 @@
---
"@saleor/app-sdk": minor
---
Extended context argument in createProtectedHandler. Now it contains "user" object with email and permissions

4
docs/protected-handlers.md
View file

@ -15,6 +15,10 @@ First, create handler for your business logic. The only difference from usual Ne
export type ProtectedHandlerContext = { export type ProtectedHandlerContext = {
baseUrl: string; // the URL your application is available baseUrl: string; // the URL your application is available
authData: AuthData; // Auth Data which can be used to communicate with the Saleor API authData: AuthData; // Auth Data which can be used to communicate with the Saleor API
user: {
email: string;
userPermissions: string[];
};
}; };
``` ```

4
src/handlers/next/process-protected-handler.test.ts
View file

@ -63,6 +63,10 @@ describe("processSaleorProtectedHandler", () => {
jwks: mockAPL.mockJwks, jwks: mockAPL.mockJwks,
}, },
baseUrl: "https://some-saleor-host.cloud", baseUrl: "https://some-saleor-host.cloud",
user: expect.objectContaining({
email: expect.any(String),
userPermissions: expect.any(Array),
}),
}); });
}); });

5
src/handlers/next/process-protected-handler.ts
View file

@ -5,6 +5,7 @@ import { AuthData } from "../../APL/apl";
import { createDebug } from "../../debug"; import { createDebug } from "../../debug";
import { getBaseUrl, getSaleorHeaders } from "../../headers"; import { getBaseUrl, getSaleorHeaders } from "../../headers";
import { Permission } from "../../types"; import { Permission } from "../../types";
import { extractUserFromJwt, TokenUserPayload } from "../../util/extract-user-from-jwt";
import { verifyJWT } from "../../verify-jwt"; import { verifyJWT } from "../../verify-jwt";
const debug = createDebug("processProtectedHandler"); const debug = createDebug("processProtectedHandler");
@ -34,6 +35,7 @@ export class ProtectedHandlerError extends Error {
export type ProtectedHandlerContext = { export type ProtectedHandlerContext = {
baseUrl: string; baseUrl: string;
authData: AuthData; authData: AuthData;
user: TokenUserPayload;
}; };
interface ProcessSaleorProtectedHandlerArgs { interface ProcessSaleorProtectedHandlerArgs {
@ -96,8 +98,11 @@ export const processSaleorProtectedHandler: ProcessAsyncSaleorProtectedHandler =
throw new ProtectedHandlerError("JWT verification failed: ", "JWT_VERIFICATION_FAILED"); throw new ProtectedHandlerError("JWT verification failed: ", "JWT_VERIFICATION_FAILED");
} }
const userJwtPayload = extractUserFromJwt(token);
return { return {
baseUrl, baseUrl,
authData, authData,
user: userJwtPayload,
}; };
}; };

2
src/util/extract-user-from-jwt.ts
View file

@ -2,7 +2,7 @@ import * as jose from "jose";
import { Permission } from "../types"; import { Permission } from "../types";
type TokenUserPayload = { export type TokenUserPayload = {
email: string; email: string;
userPermissions: Permission[]; userPermissions: Permission[];
}; };