From 7d64314c34f2901c67f47dc1576cc1d4b2d0849e Mon Sep 17 00:00:00 2001 From: chrisala Date: Fri, 2 Feb 2024 09:00:06 +1100 Subject: [PATCH] Workaround jwt filter ignoring urlPattern, add graphql associations #907 --- .../au/org/ala/ecodata/GraphqlInterceptor.groovy | 4 +++- .../au/org/ala/ecodata/GraphqlWsController.groovy | 12 ++++++++++++ .../au/org/ala/ecodata/UrlMappings.groovy | 2 +- .../graphql/mappers/ProjectGraphQLMapper.groovy | 14 ++++++++++++++ 4 files changed, 30 insertions(+), 2 deletions(-) create mode 100644 grails-app/controllers/au/org/ala/ecodata/GraphqlWsController.groovy diff --git a/grails-app/controllers/au/org/ala/ecodata/GraphqlInterceptor.groovy b/grails-app/controllers/au/org/ala/ecodata/GraphqlInterceptor.groovy index 6a8d44b53..385760edb 100644 --- a/grails-app/controllers/au/org/ala/ecodata/GraphqlInterceptor.groovy +++ b/grails-app/controllers/au/org/ala/ecodata/GraphqlInterceptor.groovy @@ -9,7 +9,9 @@ import org.apache.http.HttpStatus class GraphqlInterceptor { GraphqlInterceptor() { - match uri: '/ws/graphql/**' // Web services - uses the supplied JWT bearer token to authorize + //match uri: '/ws/graphql/**' // Web services - uses the supplied JWT bearer token to authorize. + // WS endpoints now use the GraphSQLWsController which decodes the JWT then forwards on. + match uri: '/graphql/**' // Admin UI - uses the jee session state to authorize } diff --git a/grails-app/controllers/au/org/ala/ecodata/GraphqlWsController.groovy b/grails-app/controllers/au/org/ala/ecodata/GraphqlWsController.groovy new file mode 100644 index 000000000..7352974c7 --- /dev/null +++ b/grails-app/controllers/au/org/ala/ecodata/GraphqlWsController.groovy @@ -0,0 +1,12 @@ +package au.org.ala.ecodata + +@au.ala.org.ws.security.RequireApiKey(scopes=["profile", "email", "openid"]) +/** + * This class exists to allow the RequireApiKey annotation to be applied to the path around the GraphQL endpoint + * so we can decode the JWT before forwarding the request on. + */ +class GraphqlWsController { + def index() { + forward(uri:'/graphql/index') + } +} diff --git a/grails-app/controllers/au/org/ala/ecodata/UrlMappings.groovy b/grails-app/controllers/au/org/ala/ecodata/UrlMappings.groovy index c7bb569f5..9ce1abbd7 100644 --- a/grails-app/controllers/au/org/ala/ecodata/UrlMappings.groovy +++ b/grails-app/controllers/au/org/ala/ecodata/UrlMappings.groovy @@ -212,7 +212,7 @@ class UrlMappings { } "/ws/graphql" { - controller = 'graphql' + controller = 'graphqlWs' } "/ws/paratoo/user-projects" { diff --git a/src/main/groovy/au/org/ala/ecodata/graphql/mappers/ProjectGraphQLMapper.groovy b/src/main/groovy/au/org/ala/ecodata/graphql/mappers/ProjectGraphQLMapper.groovy index 7d1f82069..43465f267 100644 --- a/src/main/groovy/au/org/ala/ecodata/graphql/mappers/ProjectGraphQLMapper.groovy +++ b/src/main/groovy/au/org/ala/ecodata/graphql/mappers/ProjectGraphQLMapper.groovy @@ -2,6 +2,8 @@ package au.org.ala.ecodata.graphql.mappers import au.org.ala.ecodata.Activity import au.org.ala.ecodata.Document +import au.org.ala.ecodata.Organisation +import au.org.ala.ecodata.Program import au.org.ala.ecodata.Project import au.org.ala.ecodata.ProjectActivity import au.org.ala.ecodata.Report @@ -78,6 +80,18 @@ class ProjectGraphQLMapper { } } + add('program', [Program]) { + dataFetcher { Program program -> + Program.findByProgramIdAndStatusNotEqual(project.programId, Status.DELETED) + } + } + + add('organisation', [Organisation]) { + dataFetcher { Organisation organisation -> + Organisation.findByOrganisationIdAndStatusNotEqual(project.organisationId, Status.DELETED) + } + } + add('sites', [Site]) { dataFetcher { Project project -> Site.findAllByProjectsAndStatusNotEqual(project.projectId, Status.DELETED)