How to use the graphql-mapping-template.block function in graphql-mapping-template
To help you get started, we’ve selected a few graphql-mapping-template examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
aws-amplify / amplify-cli / packages / graphql-auth-transformer / src / resources.ts View on Github 
}
ownerAuthorizationExpressions = ownerAuthorizationExpressions.concat(
raw(`$util.qr($ownerAuthExpressionNames.put("#${ownerName}", "${ownerAttribute}"))`),
// tslint:disable
isUser
? raw(
`$util.qr($ownerAuthExpressionValues.put(":${identityName}", $util.dynamodb.toDynamoDB($util.defaultIfNull($ctx.identity.claims.get("${rawUsername}"), $util.defaultIfNull($ctx.identity.claims.get("${identityAttribute}"), "${NONE_VALUE}")))))`
)
: raw(
`$util.qr($ownerAuthExpressionValues.put(":${identityName}", $util.dynamodb.toDynamoDB($util.defaultIfNull($ctx.identity.claims.get("${identityAttribute}"), "${NONE_VALUE}"))))`
)
// tslint:enable
);
ruleNumber++;
}
return block('Owner Authorization Checks', [
set(ref('ownerAuthExpressions'), list([])),
set(ref('ownerAuthExpressionValues'), obj({})),
set(ref('ownerAuthExpressionNames'), obj({})),
...ownerAuthorizationExpressions,
]);
}groupAuthorizationExpressions = groupAuthorizationExpressions.concat(
comment(
`Authorization rule${fieldMention}: { allow: ${rule.allow}, groupsField: "${groupsAttribute}", groupClaim: "${groupClaimAttribute}"}`
),
// Add the new auth expression and values
this.setUserGroups(rule.groupClaim),
forEach(ref('userGroup'), ref('userGroups'), [
raw(`$util.qr($groupAuthExpressions.add("contains(#${groupsAttributeName}, :${groupName}$foreach.count)"))`),
raw(`$util.qr($groupAuthExpressionValues.put(":${groupName}$foreach.count", { "S": $userGroup }))`),
]),
iff(raw('$userGroups.size() > 0'), raw(`$util.qr($groupAuthExpressionNames.put("#${groupsAttributeName}", "${groupsAttribute}"))`))
);
ruleNumber++;
}
// check for groupclaim here
return block('Dynamic group authorization checks', [
set(ref('groupAuthExpressions'), list([])),
set(ref('groupAuthExpressionValues'), obj({})),
set(ref('groupAuthExpressionNames'), obj({})),
...groupAuthorizationExpressions,
]);
}export function applyKeyConditionExpression(
argName: string,
attributeType: 'S' | 'N' | 'B' = 'S',
queryExprReference: string = 'query',
sortKeyName?: string,
prefixVariableName?: string
) {
const prefixValue = (value: string): string => (prefixVariableName ? `$${prefixVariableName}#${value}` : value);
const _sortKeyName = sortKeyName ? sortKeyName : argName;
return block('Applying Key Condition', [
iff(
raw(`!$util.isNull($ctx.args.${argName}) && !$util.isNull($ctx.args.${argName}.beginsWith)`),
compoundExpression([
set(ref(`${queryExprReference}.expression`), raw(`"$${queryExprReference}.expression AND begins_with(#sortKey, :sortKey)"`)),
qref(`$${queryExprReference}.expressionNames.put("#sortKey", "${_sortKeyName}")`),
// TODO: Handle N & B.
qref(
`$${queryExprReference}.expressionValues.put(":sortKey", { "${attributeType}": "${prefixValue(
`$ctx.args.${argName}.beginsWith`
)}" })`
),
])
),
iff(
raw(`!$util.isNull($ctx.args.${argName}) && !$util.isNull($ctx.args.${argName}.between)`),
compoundExpression([public throwIfUnauthorized(): Expression {
const ifUnauthThrow = iff(
not(parens(
or([
equals(ref(ResourceConstants.SNIPPETS.IsStaticGroupAuthorizedVariable), raw('true')),
equals(ref(ResourceConstants.SNIPPETS.IsDynamicGroupAuthorizedVariable), raw('true')),
equals(ref(ResourceConstants.SNIPPETS.IsOwnerAuthorizedVariable), raw('true'))
])
)), raw('$util.unauthorized()')
)
return block('Throw if unauthorized', [
ifUnauthThrow,
])
}public operationCheckExpression(operation: string, field: string) {
return block('Checking for allowed operations which can return this field', [
set(ref('operation'), raw('$util.defaultIfNull($context.source.operation, "null")')),
ifElse(raw(`$operation == "${operation}"`), ref('util.toJson(null)'), ref(`util.toJson($context.source.${field})`)),
]);
}if (keys.length > 1) {
for (let index = keys.length - 1; index > 0; index--) {
const rightKey = keys[index];
const previousKey = keys[index - 1];
exprs.push(
iff(
raw(`!$util.isNull($ctx.args.${rightKey}) && $util.isNull($ctx.args.${previousKey})`),
raw(
`$util.error("When providing argument '${rightKey}' you must also provide arguments ${keys
.slice(0, index)
.join(', ')}", "InvalidArgumentsError")`
)
)
);
}
return block('Validate key arguments.', exprs);
} else {
return newline();
}
}iff(
raw('$util.isList($allowedGroups)'),
iff(
raw(`$allowedGroups.contains($userGroup)`),
set(ref(variableToSet), raw('true'))),
),
iff(
raw(`$util.isString($allowedGroups)`),
iff(
raw(`$allowedGroups == $userGroup`),
set(ref(variableToSet), raw('true'))),
)
])
)
}
return block('Dynamic Group Authorization Checks', [
this.setUserGroups(),
set(ref(variableToSet), defaultValue),
...groupAuthorizationExpressions,
])
}public ownerAuthorizationExpressionForCreateOperations(
rules: AuthRule[],
fieldIsList: (fieldName: string) => boolean,
variableToCheck: string = 'ctx.args.input',
variableToSet: string = ResourceConstants.SNIPPETS.IsOwnerAuthorizedVariable
): Expression {
if (!rules || rules.length === 0) {
return comment(`No Owner Authorization Rules`);
}
return block('Owner Authorization Checks', [
this.ownershipAuthorizationExpressionForCreate(rules, fieldIsList, variableToCheck, variableToSet),
]);
}public ownerAuthorizationExpressionForSubscriptions(
rules: AuthRule[],
variableToCheck: string = 'ctx.args',
variableToSet: string = ResourceConstants.SNIPPETS.IsOwnerAuthorizedVariable
): Expression {
if (!rules || rules.length === 0) {
return comment(`No Owner Authorization Rules`);
}
return block('Owner Authorization Checks', [
this.ownershipAuthorizationExpressionForSubscriptions(rules, variableToCheck, variableToSet),
]);
}
public ownershipAuthorizationExpressionForSubscriptions(not(raw(`$util.isNull($ctx.identity.claims)`)),
raw(`$util.isNull($ctx.identity.username)`),
raw(`$util.isNull($ctx.identity.sourceIp)`),
]),
set(ref(ResourceConstants.SNIPPETS.AuthMode), str(`oidc`))
);
if (expressions.length > 0) {
expressions.push(newline());
}
expressions.push(oidcExpression);
}
}
return block('Determine request authentication mode', expressions);
}graphql-mapping-template
An AST wrapper around AWS AppSync resolvers
Package Health Score
95 / 100Popular graphql-mapping-template functions
- graphql-mapping-template.and
- graphql-mapping-template.block
- graphql-mapping-template.bool
- graphql-mapping-template.comment
- graphql-mapping-template.compoundExpression
- graphql-mapping-template.equals
- graphql-mapping-template.forEach
- graphql-mapping-template.ifElse
- graphql-mapping-template.iff
- graphql-mapping-template.list
- graphql-mapping-template.newline
- graphql-mapping-template.obj
- graphql-mapping-template.or
- graphql-mapping-template.parens
- graphql-mapping-template.print
- graphql-mapping-template.qref
- graphql-mapping-template.raw
- graphql-mapping-template.ref
- graphql-mapping-template.set
- graphql-mapping-template.str