feat: add env security in dynamic resolvers (#1812)

* feat: add env security in dynamic resolvers * fix: tests
2025-01-05 19:35:23 +03:00 · 2023-10-02 17:17:42 +02:00 · 2023-10-02 17:17:42 +02:00 · d3b39cad97
commit d3b39cad97
parent 09684ef6cc
2 changed files with 23 additions and 2 deletions
--- a/server/src/tenant/entity-resolver/entity-resolver.service.spec.ts
+++ b/server/src/tenant/entity-resolver/entity-resolver.service.spec.ts
@ -1,6 +1,7 @@
 import { Test, TestingModule } from '@nestjs/testing';
 import { DataSourceService } from 'src/tenant/metadata/data-source/data-source.service';
 import { EnvironmentService } from 'src/integrations/environment/environment.service';
 import { EntityResolverService } from './entity-resolver.service';
@ -15,6 +16,10 @@ describe('EntityResolverService', () => {
          provide: DataSourceService,
          useValue: {},
        },
        {
          provide: EnvironmentService,
          useValue: {},
        },
      ],
    }).compile();
--- a/server/src/tenant/entity-resolver/entity-resolver.service.ts
+++ b/server/src/tenant/entity-resolver/entity-resolver.service.ts
@ -1,15 +1,23 @@
-import { BadRequestException, Injectable } from '@nestjs/common';
+import {
  BadRequestException,
  ForbiddenException,
  Injectable,
 } from '@nestjs/common';
 import { GraphQLResolveInfo } from 'graphql';
 import graphqlFields from 'graphql-fields';
 import { DataSourceService } from 'src/tenant/metadata/data-source/data-source.service';
 import { EnvironmentService } from 'src/integrations/environment/environment.service';
 import { convertFieldsToGraphQL } from './entity-resolver.util';
@Injectable()
 export class EntityResolverService {
-  constructor(private readonly dataSourceService: DataSourceService) {}
+  constructor(
    private readonly dataSourceService: DataSourceService,
    private readonly environmentService: EnvironmentService,
  ) {}
  async findAll(
    entityName: string,
@ -18,6 +26,10 @@ export class EntityResolverService {
    info: GraphQLResolveInfo,
    fieldAliases: Record<string, string>,
  ) {
    if (!this.environmentService.isFlexibleBackendEnabled()) {
      throw new ForbiddenException();
    }
    const workspaceDataSource =
      await this.dataSourceService.connectToWorkspaceDataSource(workspaceId);
@ -62,6 +74,10 @@ export class EntityResolverService {
    info: GraphQLResolveInfo,
    fieldAliases: Record<string, string>,
  ) {
    if (!this.environmentService.isFlexibleBackendEnabled()) {
      throw new ForbiddenException();
    }
    const workspaceDataSource =
      await this.dataSourceService.connectToWorkspaceDataSource(workspaceId);