MCPcopy
hub / github.com/dgraph-io/dgraph / AppendAuthInfo

Function AppendAuthInfo

testutil/graphql.go:267–298  ·  view source on GitHub ↗
(schema []byte, algo, publicKeyFile string, closedByDefault bool)

Source from the content-addressed store, hash-verified

265}
266
267func AppendAuthInfo(schema []byte, algo, publicKeyFile string, closedByDefault bool) ([]byte, error) {
268 authInfo := `# Dgraph.Authorization {"VerificationKey":"%s","Header":"X-Test-Auth","Namespace":"https://xyz.io/jwt/claims","Algo":"%s","Audience":["aud1","63do0q16n6ebjgkumu05kkeian","aud5"],"ClosedByDefault":%s}`
269
270 closedByDefaultStr := "false"
271 if closedByDefault {
272 closedByDefaultStr = "true"
273 }
274
275 var verificationKey string
276 switch algo {
277 case "HS256":
278 // Widened from the original 9-byte "secretkey" to meet the 14-byte
279 // (112-bit) HMAC key minimum that NIST SP 800-131A requires and
280 // that some FIPS-validated crypto providers (e.g. the OpenSSL FIPS
281 // provider used by Chainguard go-fips / Microsoft Go FIPS-mode builds)
282 // enforce at EVP_MAC_init. Benign for non-FIPS builds — a longer
283 // HMAC key is always acceptable. See graphql/resolve/auth_test.go
284 // for the matching hardcoded JWT tokens signed with this value.
285 verificationKey = "secretkey-long-enough"
286 case "RS256":
287 keyData, err := os.ReadFile(publicKeyFile)
288 if err != nil {
289 return nil, err
290 }
291 // Replacing ASCII newline with "\n" as the authorization information in the schema
292 // should be present in a single line.
293 verificationKey = string(bytes.ReplaceAll(keyData, []byte{10}, []byte{92, 110}))
294 }
295
296 authInfo = fmt.Sprintf(authInfo, verificationKey, algo, closedByDefaultStr)
297 return append(schema, []byte(authInfo)...), nil
298}
299
300func AppendAuthInfoWithJWKUrl(schema []byte) ([]byte, error) {
301 authInfo := `# Dgraph.Authorization {"VerificationKey":"","Header":"X-Test-Auth","jwkurl":"https://dev-hr2kugfp.us.auth0.com/.well-known/jwks.json", "Namespace":"https://xyz.io/jwt/claims","Algo":"","Audience":[ "HhaXkQVRBn5e0K3DmMp2zbjI8i1wcv2e"]}`

Callers 8

TestStringCustomClaimFunction · 0.92
TestAudienceClaimFunction · 0.92
TestJWTExpiryFunction · 0.92
TestAuthQueryRewritingFunction · 0.92
TestMainFunction · 0.92
TestMainFunction · 0.92
TestMainFunction · 0.92

Calls

no outgoing calls

Tested by 8

TestStringCustomClaimFunction · 0.74
TestAudienceClaimFunction · 0.74
TestJWTExpiryFunction · 0.74
TestAuthQueryRewritingFunction · 0.74
TestMainFunction · 0.74
TestMainFunction · 0.74
TestMainFunction · 0.74