mirror of
https://github.com/twentyhq/twenty.git
synced 2025-01-07 09:17:31 +03:00
feat: add env security in dynamic resolvers (#1812)
* feat: add env security in dynamic resolvers * fix: tests
This commit is contained in:
parent
09684ef6cc
commit
d3b39cad97
@ -1,6 +1,7 @@
|
|||||||
import { Test, TestingModule } from '@nestjs/testing';
|
import { Test, TestingModule } from '@nestjs/testing';
|
||||||
|
|
||||||
import { DataSourceService } from 'src/tenant/metadata/data-source/data-source.service';
|
import { DataSourceService } from 'src/tenant/metadata/data-source/data-source.service';
|
||||||
|
import { EnvironmentService } from 'src/integrations/environment/environment.service';
|
||||||
|
|
||||||
import { EntityResolverService } from './entity-resolver.service';
|
import { EntityResolverService } from './entity-resolver.service';
|
||||||
|
|
||||||
@ -15,6 +16,10 @@ describe('EntityResolverService', () => {
|
|||||||
provide: DataSourceService,
|
provide: DataSourceService,
|
||||||
useValue: {},
|
useValue: {},
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
provide: EnvironmentService,
|
||||||
|
useValue: {},
|
||||||
|
},
|
||||||
],
|
],
|
||||||
}).compile();
|
}).compile();
|
||||||
|
|
||||||
|
@ -1,15 +1,23 @@
|
|||||||
import { BadRequestException, Injectable } from '@nestjs/common';
|
import {
|
||||||
|
BadRequestException,
|
||||||
|
ForbiddenException,
|
||||||
|
Injectable,
|
||||||
|
} from '@nestjs/common';
|
||||||
|
|
||||||
import { GraphQLResolveInfo } from 'graphql';
|
import { GraphQLResolveInfo } from 'graphql';
|
||||||
import graphqlFields from 'graphql-fields';
|
import graphqlFields from 'graphql-fields';
|
||||||
|
|
||||||
import { DataSourceService } from 'src/tenant/metadata/data-source/data-source.service';
|
import { DataSourceService } from 'src/tenant/metadata/data-source/data-source.service';
|
||||||
|
import { EnvironmentService } from 'src/integrations/environment/environment.service';
|
||||||
|
|
||||||
import { convertFieldsToGraphQL } from './entity-resolver.util';
|
import { convertFieldsToGraphQL } from './entity-resolver.util';
|
||||||
|
|
||||||
@Injectable()
|
@Injectable()
|
||||||
export class EntityResolverService {
|
export class EntityResolverService {
|
||||||
constructor(private readonly dataSourceService: DataSourceService) {}
|
constructor(
|
||||||
|
private readonly dataSourceService: DataSourceService,
|
||||||
|
private readonly environmentService: EnvironmentService,
|
||||||
|
) {}
|
||||||
|
|
||||||
async findAll(
|
async findAll(
|
||||||
entityName: string,
|
entityName: string,
|
||||||
@ -18,6 +26,10 @@ export class EntityResolverService {
|
|||||||
info: GraphQLResolveInfo,
|
info: GraphQLResolveInfo,
|
||||||
fieldAliases: Record<string, string>,
|
fieldAliases: Record<string, string>,
|
||||||
) {
|
) {
|
||||||
|
if (!this.environmentService.isFlexibleBackendEnabled()) {
|
||||||
|
throw new ForbiddenException();
|
||||||
|
}
|
||||||
|
|
||||||
const workspaceDataSource =
|
const workspaceDataSource =
|
||||||
await this.dataSourceService.connectToWorkspaceDataSource(workspaceId);
|
await this.dataSourceService.connectToWorkspaceDataSource(workspaceId);
|
||||||
|
|
||||||
@ -62,6 +74,10 @@ export class EntityResolverService {
|
|||||||
info: GraphQLResolveInfo,
|
info: GraphQLResolveInfo,
|
||||||
fieldAliases: Record<string, string>,
|
fieldAliases: Record<string, string>,
|
||||||
) {
|
) {
|
||||||
|
if (!this.environmentService.isFlexibleBackendEnabled()) {
|
||||||
|
throw new ForbiddenException();
|
||||||
|
}
|
||||||
|
|
||||||
const workspaceDataSource =
|
const workspaceDataSource =
|
||||||
await this.dataSourceService.connectToWorkspaceDataSource(workspaceId);
|
await this.dataSourceService.connectToWorkspaceDataSource(workspaceId);
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user