feat: hasura mapping support

Author: DanielRivers

lib/utils/token/getDecodedToken.ts

@@ -1,19 +1,51 @@
-import { jwtDecoder, JWTDecoded } from "@kinde/jwt-decoder";
+import { jwtDecoder, JWTDecoded as JWTBase } from "@kinde/jwt-decoder";
 import { getActiveStorage } from ".";
 import { StorageKeys } from "../../sessionManager";
 /**
  *
  * @param tokenType Type of token to decode
  * @returns { Promise<JWTDecoded | null> }
  */
-export const getDecodedToken = async <
-  T = JWTDecoded & {
-    permissions: string[];
-    org_code: string;
-  },
->(
+
+type JWTExtra = {
+  "x-hasura-permissions": never;
+  "x-hasura-org-code": never;
+  "x-hasura-org-codes": never;
+  "x-hasura-roles": never;
+  "x-hasura-feature-flags": never;
+
+  feature_flags: Record<
+    string,
+    { t: "b" | "i" | "s"; v: string | boolean | number | object }
+  >;
+  permissions: string[];
+  org_code: string;
+  org_codes: string[];
+  roles: string[];
+};
+
+type JWTExtraHasura = {
+  "x-hasura-permissions": string[];
+  "x-hasura-org-code": string;
+  "x-hasura-org-codes": string[];
+  "x-hasura-roles": string[];
+  "x-hasura-feature-flags": Record<
+    string,
+    { t: "b" | "i" | "s"; v: string | boolean | number | object }
+  >;
+
+  feature_flags: never;
+  permissions: never;
+  org_codes: never;
+  org_code: never;
+  roles: never;
+};
+
+type JWTDecoded = JWTBase & (JWTExtra | JWTExtraHasura);
+
+export const getDecodedToken = async <T = JWTDecoded>(
   tokenType: "accessToken" | "idToken" = StorageKeys.accessToken,
-): Promise<T | null> => {
+): Promise<(T & JWTDecoded) | null> => {
   const activeStorage = getActiveStorage();
 
   if (!activeStorage) {
@@ -28,7 +60,7 @@ export const getDecodedToken = async <
     return null;
   }
 
-  const decodedToken = jwtDecoder<T>(token);
+  const decodedToken = jwtDecoder<T & JWTDecoded>(token);
 
   if (!decodedToken) {
     console.warn("No decoded token found");

lib/utils/token/getFlag.ts

@@ -1,23 +1,27 @@
-import { getClaim } from "./getClaim";
+import { getDecodedToken } from ".";
 
 /**
  *
  * @param keyName key to get from the token
  * @returns { Promise<string | number | string[] | null> }
  */
-export const getFlag = async <T = string | boolean | number>(
+export const getFlag = async <T = string | boolean | number | object>(
   name: string,
 ): Promise<T | null> => {
-  const flags = (
-    await getClaim<
-      { feature_flags: string },
-      Record<string, { t: "b" | "i" | "s"; v: T }>
-    >("feature_flags")
-  )?.value;
+  const claims = await getDecodedToken();
+
+  if (!claims) {
+    return null;
+  }
+
+  const flags = claims.feature_flags || claims["x-hasura-feature-flags"];
+  if (!flags) {
+    return null;
+  }
 
   if (name && flags) {
     const value = flags[name];
-    return value ? value?.v : null;
+    return value ? (value?.v as T) : null;
   }
   return null;
 };

lib/utils/token/getFlagHasura.test.ts

@@ -0,0 +1,104 @@
+import { describe, expect, it, beforeEach } from "vitest";
+import { MemoryStorage, StorageKeys } from "../../sessionManager";
+import { setActiveStorage, getFlag } from ".";
+import { createMockAccessToken } from "./testUtils";
+
+const storage = new MemoryStorage();
+
+describe("getFlag - Hasura", () => {
+  beforeEach(() => {
+    setActiveStorage(storage);
+  });
+
+  it("when no token", async () => {
+    await storage.setSessionItem(StorageKeys.idToken, null);
+    const idToken = await getFlag("test");
+
+    expect(idToken).toStrictEqual(null);
+  });
+
+  it("boolean true", async () => {
+    await storage.setSessionItem(
+      StorageKeys.accessToken,
+      createMockAccessToken({
+        ["x-hasura-feature-flags"]: {
+          test: {
+            v: true,
+            t: "b",
+          },
+        },
+      }),
+    );
+    const idToken = await getFlag<boolean>("test");
+
+    expect(idToken).toStrictEqual(true);
+  });
+
+  it("boolean false", async () => {
+    await storage.setSessionItem(
+      StorageKeys.accessToken,
+      createMockAccessToken({
+        ["x-hasura-feature-flags"]: {
+          test: {
+            v: false,
+            t: "b",
+          },
+        },
+      }),
+    );
+    const idToken = await getFlag<boolean>("test");
+
+    expect(idToken).toStrictEqual(false);
+  });
+
+  it("string", async () => {
+    await storage.setSessionItem(
+      StorageKeys.accessToken,
+      createMockAccessToken({
+        ["x-hasura-feature-flags"]: {
+          test: {
+            v: "hello",
+            t: "s",
+          },
+        },
+      }),
+    );
+    const idToken = await getFlag<string>("test");
+
+    expect(idToken).toStrictEqual("hello");
+  });
+
+  it("integer", async () => {
+    await storage.setSessionItem(
+      StorageKeys.accessToken,
+      createMockAccessToken({
+        feature_flags: {
+          test: {
+            v: 5,
+            t: "i",
+          },
+        },
+      }),
+    );
+    const idToken = await getFlag<number>("test");
+
+    expect(idToken).toStrictEqual(5);
+  });
+
+  it("no existing flag", async () => {
+    await storage.setSessionItem(
+      StorageKeys.accessToken,
+      createMockAccessToken({
+        ["x-hasura-feature-flags"]: {
+          test: {
+            v: 5,
+            t: "i",
+          },
+        },
+      }),
+    );
+    const idToken = await getFlag<number>("noexist");
+
+    expect(idToken).toStrictEqual(null);
+  });
+});

lib/utils/token/getPermissions.ts

@@ -14,10 +14,11 @@ export const getPermissions = async <T = string>(): Promise<Permissions<T>> => {
       permissions: [],
     };
   }
+  const permissions = token.permissions || token["x-hasura-permissions"] || [];
+  const orgCode = token.org_code || token["x-hasura-org-code"];
 
-  const permissions = token.permissions || [];
   return {
-    orgCode: token.org_code,
+    orgCode,
     permissions: permissions as T[],
   };
 };

lib/utils/token/getPermissionsHasura.test.ts

@@ -0,0 +1,66 @@
+import { describe, expect, it, beforeEach } from "vitest";
+import { MemoryStorage, StorageKeys } from "../../sessionManager";
+import { setActiveStorage } from ".";
+import { createMockAccessToken } from "./testUtils";
+import { getPermissions } from ".";
+
+const storage = new MemoryStorage();
+
+enum PermissionEnum {
+  canEdit = "canEdit",
+}
+
+describe("getPermissions - Hasura", () => {
+  beforeEach(() => {
+    setActiveStorage(storage);
+  });
+
+  it("when no token", async () => {
+    await storage.setSessionItem(StorageKeys.idToken, null);
+    const idToken = await getPermissions();
+
+    expect(idToken).toStrictEqual({
+      orgCode: null,
+      permissions: [],
+    });
+  });
+
+  it("with value", async () => {
+    await storage.setSessionItem(
+      StorageKeys.accessToken,
+      createMockAccessToken({ "x-hasura-permissions": ["canEdit"] }),
+    );
+    const idToken = await getPermissions();
+
+    expect(idToken).toStrictEqual({
+      orgCode: "org_123456789",
+      permissions: ["canEdit"],
+    });
+  });
+
+  it("with value and typed permissions", async () => {
+    await storage.setSessionItem(
+      StorageKeys.accessToken,
+      createMockAccessToken({ permissions: ["canEdit"] }),
+    );
+    const idToken = await getPermissions<PermissionEnum>();
+
+    expect(idToken).toStrictEqual({
+      orgCode: "org_123456789",
+      permissions: [PermissionEnum.canEdit],
+    });
+  });
+
+  it("no permissions array", async () => {
+    await storage.setSessionItem(
+      StorageKeys.accessToken,
+      createMockAccessToken({ permissions: null }),
+    );
+    const idToken = await getPermissions<PermissionEnum>();
+
+    expect(idToken).toStrictEqual({
+      orgCode: "org_123456789",
+      permissions: [],
+    });
+  });
+});

lib/utils/token/getRoles.ts

@@ -1,4 +1,3 @@
-import { JWTDecoded } from "@kinde/jwt-decoder";
 import { getDecodedToken } from ".";
 
 export type Permissions<T> = { orgCode: string | null; permissions: T[] };
@@ -7,18 +6,18 @@ export type Permissions<T> = { orgCode: string | null; permissions: T[] };
  * @returns { Promise<Permissions> }
  */
 export const getRoles = async (): Promise<string[]> => {
-  const token = await getDecodedToken<JWTDecoded & { roles: string[] }>();
+  const token = await getDecodedToken();
 
   if (!token) {
     return [];
   }
 
-  if (!token.roles) {
+  if (!token.roles && !token["x-hasura-roles"]) {
     console.warn(
       "No roles found in token, ensure roles have been included in the token customisation within the application settings",
     );
     return [];
   }
 
-  return token.roles;
+  return token.roles || token["x-hasura-roles"] || [];
 };

lib/utils/token/getRolesHarura.test.ts

@@ -0,0 +1,54 @@
+import { describe, expect, it, beforeEach, vi } from "vitest";
+import { MemoryStorage, StorageKeys } from "../../sessionManager";
+import { setActiveStorage } from ".";
+import { createMockAccessToken } from "./testUtils";
+import { getRoles } from ".";
+
+const storage = new MemoryStorage();
+
+describe("getRoles - Hasura", () => {
+  beforeEach(() => {
+    setActiveStorage(storage);
+  });
+
+  it("when no token", async () => {
+    await storage.setSessionItem(StorageKeys.idToken, null);
+    const idToken = await getRoles();
+
+    expect(idToken).toStrictEqual([]);
+  });
+
+  it("with token no roles", async () => {
+    await storage.setSessionItem(
+      StorageKeys.accessToken,
+      createMockAccessToken({ roles: undefined }),
+    );
+    const idToken = await getRoles();
+    expect(idToken).toStrictEqual([]);
+  });
+
+  it("warns when token no roles", async () => {
+    const consoleMock = vi
+      .spyOn(console, "warn")
+      .mockImplementation(() => undefined);
+
+    await storage.setSessionItem(
+      StorageKeys.accessToken,
+      createMockAccessToken({ "x-hasura-roles": undefined }),
+    );
+    await getRoles();
+    expect(consoleMock).toHaveBeenCalledWith(
+      "No roles found in token, ensure roles have been included in the token customisation within the application settings",
+    );
+  });
+
+  it("with value and typed permissions", async () => {
+    await storage.setSessionItem(
+      StorageKeys.accessToken,
+      createMockAccessToken({ "x-hasura-roles": ["admin"] }),
+    );
+    const idToken = await getRoles();
+
+    expect(idToken).toStrictEqual(["admin"]);
+  });
+});

lib/utils/token/getUserOrganistaions.ts

@@ -5,11 +5,13 @@ import { getDecodedToken } from ".";
  * @returns { Promise<string[] | null> }
  */
 export const getUserOrganizations = async (): Promise<string[] | null> => {
-  return (
-    (
-      await getDecodedToken<{
-        org_codes: string[];
-      }>("idToken")
-    )?.org_codes || null
-  );
+  const token = await getDecodedToken<{
+    org_codes: string[];
+  }>("idToken");
+
+  if (!token) {
+    return null;
+  }
+
+  return token.org_codes || token["x-hasura-org-codes"] || null;
 };