How to use the graphql-mapping-template.block function in graphql-mapping-template

To help you get started, we’ve selected a few graphql-mapping-template examples, based on popular ways it is used in public projects.

github aws-amplify / amplify-cli / packages / graphql-auth-transformer / src / resources.ts View on Github external
}
      ownerAuthorizationExpressions = ownerAuthorizationExpressions.concat(
        raw(`$util.qr($ownerAuthExpressionNames.put("#${ownerName}", "${ownerAttribute}"))`),
        // tslint:disable
        isUser
          ? raw(
              `$util.qr($ownerAuthExpressionValues.put(":${identityName}", $util.dynamodb.toDynamoDB($util.defaultIfNull($ctx.identity.claims.get("${rawUsername}"), $util.defaultIfNull($ctx.identity.claims.get("${identityAttribute}"), "${NONE_VALUE}")))))`
            )
          : raw(
              `$util.qr($ownerAuthExpressionValues.put(":${identityName}", $util.dynamodb.toDynamoDB($util.defaultIfNull($ctx.identity.claims.get("${identityAttribute}"), "${NONE_VALUE}"))))`
            )
        // tslint:enable
      );
      ruleNumber++;
    }
    return block('Owner Authorization Checks', [
      set(ref('ownerAuthExpressions'), list([])),
      set(ref('ownerAuthExpressionValues'), obj({})),
      set(ref('ownerAuthExpressionNames'), obj({})),
      ...ownerAuthorizationExpressions,
    ]);
  }
github aws-amplify / amplify-cli / packages / graphql-auth-transformer / src / resources.ts View on Github external
groupAuthorizationExpressions = groupAuthorizationExpressions.concat(
        comment(
          `Authorization rule${fieldMention}: { allow: ${rule.allow}, groupsField: "${groupsAttribute}", groupClaim: "${groupClaimAttribute}"}`
        ),
        // Add the new auth expression and values
        this.setUserGroups(rule.groupClaim),
        forEach(ref('userGroup'), ref('userGroups'), [
          raw(`$util.qr($groupAuthExpressions.add("contains(#${groupsAttributeName}, :${groupName}$foreach.count)"))`),
          raw(`$util.qr($groupAuthExpressionValues.put(":${groupName}$foreach.count", { "S": $userGroup }))`),
        ]),
        iff(raw('$userGroups.size() > 0'), raw(`$util.qr($groupAuthExpressionNames.put("#${groupsAttributeName}", "${groupsAttribute}"))`))
      );
      ruleNumber++;
    }
    // check for groupclaim here
    return block('Dynamic group authorization checks', [
      set(ref('groupAuthExpressions'), list([])),
      set(ref('groupAuthExpressionValues'), obj({})),
      set(ref('groupAuthExpressionNames'), obj({})),
      ...groupAuthorizationExpressions,
    ]);
  }
github aws-amplify / amplify-cli / packages / graphql-transformer-common / src / dynamodbUtils.ts View on Github external
export function applyKeyConditionExpression(
  argName: string,
  attributeType: 'S' | 'N' | 'B' = 'S',
  queryExprReference: string = 'query',
  sortKeyName?: string,
  prefixVariableName?: string
) {
  const prefixValue = (value: string): string => (prefixVariableName ? `$${prefixVariableName}#${value}` : value);
  const _sortKeyName = sortKeyName ? sortKeyName : argName;
  return block('Applying Key Condition', [
    iff(
      raw(`!$util.isNull($ctx.args.${argName}) && !$util.isNull($ctx.args.${argName}.beginsWith)`),
      compoundExpression([
        set(ref(`${queryExprReference}.expression`), raw(`"$${queryExprReference}.expression AND begins_with(#sortKey, :sortKey)"`)),
        qref(`$${queryExprReference}.expressionNames.put("#sortKey", "${_sortKeyName}")`),
        // TODO: Handle N & B.
        qref(
          `$${queryExprReference}.expressionValues.put(":sortKey", { "${attributeType}": "${prefixValue(
            `$ctx.args.${argName}.beginsWith`
          )}" })`
        ),
      ])
    ),
    iff(
      raw(`!$util.isNull($ctx.args.${argName}) && !$util.isNull($ctx.args.${argName}.between)`),
      compoundExpression([
github aws-amplify / amplify-cli / packages / graphql-auth-transformer / src / resources.ts View on Github external
public throwIfUnauthorized(): Expression {
        const ifUnauthThrow = iff(
            not(parens(
                or([
                    equals(ref(ResourceConstants.SNIPPETS.IsStaticGroupAuthorizedVariable), raw('true')),
                    equals(ref(ResourceConstants.SNIPPETS.IsDynamicGroupAuthorizedVariable), raw('true')),
                    equals(ref(ResourceConstants.SNIPPETS.IsOwnerAuthorizedVariable), raw('true'))
                ])
            )), raw('$util.unauthorized()')
        )
        return block('Throw if unauthorized', [
            ifUnauthThrow,
        ])
    }
github aws-amplify / amplify-cli / packages / graphql-auth-transformer / src / resources.ts View on Github external
public operationCheckExpression(operation: string, field: string) {
    return block('Checking for allowed operations which can return this field', [
      set(ref('operation'), raw('$util.defaultIfNull($context.source.operation, "null")')),
      ifElse(raw(`$operation == "${operation}"`), ref('util.toJson(null)'), ref(`util.toJson($context.source.${field})`)),
    ]);
  }
github aws-amplify / amplify-cli / packages / graphql-transformer-common / src / dynamodbUtils.ts View on Github external
if (keys.length > 1) {
    for (let index = keys.length - 1; index > 0; index--) {
      const rightKey = keys[index];
      const previousKey = keys[index - 1];
      exprs.push(
        iff(
          raw(`!$util.isNull($ctx.args.${rightKey}) && $util.isNull($ctx.args.${previousKey})`),
          raw(
            `$util.error("When providing argument '${rightKey}' you must also provide arguments ${keys
              .slice(0, index)
              .join(', ')}", "InvalidArgumentsError")`
          )
        )
      );
    }
    return block('Validate key arguments.', exprs);
  } else {
    return newline();
  }
}
github aws-amplify / amplify-cli / packages / graphql-auth-transformer / src / resources.ts View on Github external
iff(
                        raw('$util.isList($allowedGroups)'),
                        iff(
                            raw(`$allowedGroups.contains($userGroup)`),
                            set(ref(variableToSet), raw('true'))),
                    ),
                    iff(
                        raw(`$util.isString($allowedGroups)`),
                        iff(
                            raw(`$allowedGroups == $userGroup`),
                            set(ref(variableToSet), raw('true'))),
                    )
                ])
            )
        }
        return block('Dynamic Group Authorization Checks', [
            this.setUserGroups(),
            set(ref(variableToSet), defaultValue),
            ...groupAuthorizationExpressions,
        ])
    }
github aws-amplify / amplify-cli / packages / graphql-auth-transformer / src / resources.ts View on Github external
public ownerAuthorizationExpressionForCreateOperations(
    rules: AuthRule[],
    fieldIsList: (fieldName: string) => boolean,
    variableToCheck: string = 'ctx.args.input',
    variableToSet: string = ResourceConstants.SNIPPETS.IsOwnerAuthorizedVariable
  ): Expression {
    if (!rules || rules.length === 0) {
      return comment(`No Owner Authorization Rules`);
    }
    return block('Owner Authorization Checks', [
      this.ownershipAuthorizationExpressionForCreate(rules, fieldIsList, variableToCheck, variableToSet),
    ]);
  }
github aws-amplify / amplify-cli / packages / graphql-auth-transformer / src / resources.ts View on Github external
public ownerAuthorizationExpressionForSubscriptions(
    rules: AuthRule[],
    variableToCheck: string = 'ctx.args',
    variableToSet: string = ResourceConstants.SNIPPETS.IsOwnerAuthorizedVariable
  ): Expression {
    if (!rules || rules.length === 0) {
      return comment(`No Owner Authorization Rules`);
    }
    return block('Owner Authorization Checks', [
      this.ownershipAuthorizationExpressionForSubscriptions(rules, variableToCheck, variableToSet),
    ]);
  }
  public ownershipAuthorizationExpressionForSubscriptions(
github aws-amplify / amplify-cli / packages / graphql-auth-transformer / src / resources.ts View on Github external
not(raw(`$util.isNull($ctx.identity.claims)`)),
            raw(`$util.isNull($ctx.identity.username)`),
            raw(`$util.isNull($ctx.identity.sourceIp)`),
          ]),
          set(ref(ResourceConstants.SNIPPETS.AuthMode), str(`oidc`))
        );

        if (expressions.length > 0) {
          expressions.push(newline());
        }

        expressions.push(oidcExpression);
      }
    }

    return block('Determine request authentication mode', expressions);
  }