Skip to content

Commit

Permalink
down to multiple-schemas.md
Browse files Browse the repository at this point in the history
  • Loading branch information
@jemgillam
jemgillam committed Feb 17, 2025
1 parent 241e6b4 commit 192e644
Show file tree
Hide file tree
Showing 16 changed files with 81 additions and 66 deletions.
2 changes: 2 additions & 0 deletions postgraphile/website/postgraphile/introspection.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,8 @@
title: Introspection?
---

# Introspection

PostgreSQL has a powerful introspection API which allows us to ask it all about
a database — what schemas, tables, columns, constraints, indexes, functions,
comments, etc it has — and we use this information to construct the GraphQL
Expand Down
35 changes: 19 additions & 16 deletions postgraphile/website/postgraphile/jwk-verification.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,11 +11,13 @@ This documentation is copied from Version 4 and has not been updated to Version

:::

This guide is an adaption of the official quickstart tutorial for Node (Express)
# PostGraphile JWT/JWK verification quick-start

This guide is an adaption of the official quick-start tutorial for Node (Express)
provided by
[Auth0](https://auth0.com/docs/quickstart/backend/nodejs/01-authorization). The
code illustrates how to intercept and verify a
[JWT Access Token](https://auth0.com/docs/tokens/concepts/jwts) via a
[JWT access token](https://auth0.com/docs/tokens/concepts/jwts) via a
[JWKS (JSON Web Key Set)](https://auth0.com/docs/jwks) using
[Auth0](https://auth0.com/).

Expand All @@ -28,7 +30,7 @@ This guide uses the [`express`](https://www.npmjs.com/package/express) HTTP
framework and supporting Node packages authored and maintained by Auth0:

- [`express-jwt`](https://github.com/auth0/express-jwt) - _Middleware that
validates a JWT and copies its contents to `req.user`_
validates a JWT and copies its contents to `req.auth`_
- [`jwks-rsa`](https://github.com/auth0/node-jwks-rsa) - _A library to retrieve
RSA public keys from a JWKS (JSON Web Key Set) endpoint_

Expand All @@ -38,21 +40,21 @@ yarn add express express-jwt jwks-rsa
npm install --save express express-jwt jwks-rsa
```

### Prior Knowledge & Context
### Prior knowledge & context

As a developer, the three essential aspects of Auth0 are:

- [_APIs_](https://auth0.com/docs/apis) and
[_Applications_](https://auth0.com/docs/applications)
- [_JWT types_](https://auth0.com/docs/tokens) (e.g. _ID Token_ vs. _Access
Token_)
- Authentication and Authorization [_Flows_](https://auth0.com/docs/flows)
[_applications_](https://auth0.com/docs/applications)
- [_JWT types_](https://auth0.com/docs/tokens) (e.g. _ID token_ vs. _access
token_)
- [Authentication and Authorization Flows](https://auth0.com/docs/flows)

To keep it simple, in this guide we will be dealing with an
[Access Token](https://auth0.com/docs/tokens/overview-access-tokens) granted by
[access token](https://auth0.com/docs/tokens/overview-access-tokens) granted by
an API which we will need to verify.

## Getting Started
## Getting started

You will need two values from your Auth0 configuration: The Auth0 _tenant domain
name_, and the API _identifier._
Expand All @@ -64,10 +66,10 @@ const jwksRsa = require("jwks-rsa");
// ...

// Authentication middleware. When used, the
// Access Token must exist and be verified against
// access token must exist and be verified against
// the Auth0 JSON Web Key Set.
// On successful verification, the payload of the
// decrypted Access Token is appended to the
// decrypted access token is appended to the
// request (`req`) as a `user` parameter.
const checkJwt = jwt({
// Dynamically provide a signing key
Expand All @@ -88,14 +90,15 @@ const checkJwt = jwt({
```

(note: if we were processing an
[ID Token](https://auth0.com/docs/tokens/id-token) instead of an Access Token,
[ID token](https://auth0.com/docs/tokens/id-token) instead of an access token,
the _audience_ would be the _Client ID_ instead)

Remember that a JWT has
[three _period-separated_ sections](https://jwt.io/introduction/): header,
payload, and signature. On successful verification, the payload will be
available for us to save inside the PostGraphile request via the
[`pgSettings`](./config#pgsettings) function.
[`pgSettings`](./usage-library#exposing-http-request-data-to-postgresql)
function.

Let's look at an example payload:

Expand Down Expand Up @@ -161,13 +164,13 @@ app.use(
```

PostGraphile applies everything returned by
[`pgSettings`](./config#pgsettings) to the
[pgSettings](./usage-library#pgsettings-function) to the
[current session](https://www.postgresql.org/docs/current/functions-admin.html#FUNCTIONS-ADMIN-SET)
with `set_config($key, $value, true)`. So inside Postgres we can read the
current value of `user.permissions` by
`select current_setting('user.permissions', true)::text;`.

## Basic Error Handling
## Basic error handling

By default, if there is an error in the JWT verification process, the
`express-jwt` package will send a 401 status with an HTML-formatted error
Expand Down
4 changes: 2 additions & 2 deletions postgraphile/website/postgraphile/jwt-guide.mdx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -81,7 +81,7 @@ set local jwt.claims.role to 'user';
set local jwt.claims.user_id to 2;
```

### A Note on `local`
### A note on `local`

Using `local` for [`SET`][set] and [`SET ROLE`][set-role] is not required,
however it is recommended. This is so that every transaction block (beginning
Expand All @@ -98,7 +98,7 @@ commit;
-- Does not have access to `jwt.claims.user_id`
```

### Retrieving Claims in PostgreSQL
### Retrieving claims in PostgreSQL

In order to retrieve a claim set by the serialization of a JSON Web Token as
defined in this spec, either the `current_setting` function or the
Expand Down
6 changes: 3 additions & 3 deletions postgraphile/website/postgraphile/make-extend-schema-plugin.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -639,7 +639,7 @@ export const MyProductReviewsPlugin = makeExtendSchemaPlugin((build) => {
});
```

## Mutation Example
## Mutation example

You might want to add a custom `registerUser` mutation which inserts the new
user into the database and also sends them an email:
Expand Down Expand Up @@ -735,7 +735,7 @@ export const MyRegisterUserMutationPlugin = makeExtendSchemaPlugin((build) => {
});
```

## Mutation Example with Node ID
## Mutation example with Node ID

In this example we’ll use a GraphQL Global Object Identifier (aka Node ID) to
soft-delete an entry from our `app_public.items` table. We’re also going to
Expand Down Expand Up @@ -993,7 +993,7 @@ async function sendEmail(email: string, message: string) {
}
```

## Plugin SQL Privileges
## Plugin SQL privileges

Plugins access the database with the same privileges as everything else — they
are subject to RLS/RBAC/etc. If your database user does not have privileges to
Expand Down
2 changes: 1 addition & 1 deletion postgraphile/website/postgraphile/multiple-schemas.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
title: Multiple GraphQL schemas
---

# Multiple GraphQL Schemas with PostGraphile
# Multiple GraphQL schemas with PostGraphile

Each PostGraphile instance only creates a single GraphQL schema — you don't get
one schema per user based on permissions, for example. Typically, in GraphQL, a
Expand Down
2 changes: 2 additions & 0 deletions postgraphile/website/versioned_docs/version-4/introspection.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,8 @@
title: Introspection?
---

# Introspection

PostgreSQL has a powerful introspection API which allows us to ask it all about
a database - what schemas, tables, columns, constraints, indexes, functions,
comments, etc it has - and we use this information to construct the GraphQL
Expand Down
28 changes: 14 additions & 14 deletions postgraphile/website/versioned_docs/version-4/jwk-verification.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,13 +2,13 @@
title: JWK verification (e.g. Auth0)
---

# PostGraphile JWT/JWK Verification Quickstart
# PostGraphile JWT/JWK verification quick-start

This guide is an adaption of the official quickstart tutorial for Node (Express)
This guide is an adaption of the official quick-start tutorial for Node (Express)
provided by
[Auth0](https://auth0.com/docs/quickstart/backend/nodejs/01-authorization). The
code illustrates how to intercept and verify a
[JWT Access Token](https://auth0.com/docs/tokens/concepts/jwts) via a
[JWT access token](https://auth0.com/docs/tokens/concepts/jwts) via a
[JWKS (JSON Web Key Set)](https://auth0.com/docs/jwks) using
[Auth0](https://auth0.com/).

Expand All @@ -31,21 +31,21 @@ yarn add express express-jwt jwks-rsa
npm install --save express express-jwt jwks-rsa
```

### Prior Knowledge & Context
### Prior knowledge & context

As a developer, the three essential aspects of Auth0 are:

- [_APIs_](https://auth0.com/docs/apis) and
[_Applications_](https://auth0.com/docs/applications)
- [_JWT types_](https://auth0.com/docs/tokens) (e.g. _ID Token_ vs. _Access
Token_)
- Authentication and Authorization [_Flows_](https://auth0.com/docs/flows)
[_applications_](https://auth0.com/docs/applications)
- [_JWT types_](https://auth0.com/docs/tokens) (e.g. _ID token_ vs. _access
token_)
- [Authentication and Authorization Flows](https://auth0.com/docs/flows)

To keep it simple, in this guide we will be dealing with an
[Access Token](https://auth0.com/docs/tokens/overview-access-tokens) granted by
[access token](https://auth0.com/docs/tokens/overview-access-tokens) granted by
an API which we will need to verify.

## Getting Started
## Getting started

You will need two values from your Auth0 configuration: The Auth0 _tenant domain
name_, and the API _identifier._
Expand All @@ -57,10 +57,10 @@ const jwksRsa = require("jwks-rsa");
// ...

// Authentication middleware. When used, the
// Access Token must exist and be verified against
// access token must exist and be verified against
// the Auth0 JSON Web Key Set.
// On successful verification, the payload of the
// decrypted Access Token is appended to the
// decrypted access token is appended to the
// request (`req`) as a `user` parameter.
const checkJwt = jwt({
// Dynamically provide a signing key
Expand All @@ -81,7 +81,7 @@ const checkJwt = jwt({
```

(note: if we were processing an
[ID Token](https://auth0.com/docs/tokens/id-token) instead of an Access Token,
[ID token](https://auth0.com/docs/tokens/id-token) instead of an access token,
the _audience_ would be the _Client ID_ instead)

Remember that a JWT has
Expand Down Expand Up @@ -161,7 +161,7 @@ with `set_config($key, $value, true)`. So inside Postgres we can read the
current value of `user.permissions` by
`select current_setting('user.permissions', true)::text;`.

## Basic Error Handling
## Basic error handling

By default, if there is an error in the JWT verification process, the
`express-jwt` package will send a 401 status with an HTML-formatted error
Expand Down
4 changes: 2 additions & 2 deletions postgraphile/website/versioned_docs/version-4/jwt-guide.mdx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -81,7 +81,7 @@ set local jwt.claims.role to 'user';
set local jwt.claims.user_id to 2;
```

### A Note on `local`
### A note on `local`

Using `local` for [`SET`][set] and [`SET ROLE`][set-role] is not required,
however it is recommended. This is so that every transaction block (beginning
Expand All @@ -98,7 +98,7 @@ commit;
-- Does not have access to `jwt.claims.user_id`
```

### Retrieving Claims in PostgreSQL
### Retrieving claims in PostgreSQL

In order to retrieve a claim set by the serialization of a JSON Web Token as
defined in this spec, either the `current_setting` function or the
Expand Down
8 changes: 4 additions & 4 deletions postgraphile/website/versioned_docs/version-4/make-extend-schema-plugin.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -353,7 +353,7 @@ subquery so that we can add conditions to it's `WHERE` clause.
In most cases you're only dealing with one or two tables so you won't need this
level of complexity.

### Query Example
### Query example

The below is a simple example which would have been better served by
[Custom Query SQL Procedures](./custom-queries#custom-query-sql-procedures);
Expand Down Expand Up @@ -439,7 +439,7 @@ app.use(
app.listen(3030);
```

### Mutation Example
### Mutation example

For example, you might want to add a custom `registerUser` mutation which
inserts the new user into the database and also sends them an email:
Expand Down Expand Up @@ -602,7 +602,7 @@ resolvers: {
}
```

## Mutation Example with Node ID
## Mutation example with Node ID

In this example we'll use a GraphQL Global Object Identifier (aka Node ID) to
soft-delete an entry from our `app_public.items` table. We're also going to
Expand Down Expand Up @@ -794,7 +794,7 @@ Notes:
You can see more examples of these use cases
[in the tests](https://github.com/graphile/graphile-engine/blob/49259c291d651ab8b70d1f1785cf273bdd97fcf1/packages/graphile-utils/__tests__/ExtendSchemaPlugin-pg.test.js#L713-L832).

## Plugin SQL Privileges
## Plugin SQL privileges

Plugins access the database with the same privileges as everything else - they
are subject to RLS/RBAC/etc. If your user does not have privileges to perform
Expand Down
2 changes: 1 addition & 1 deletion postgraphile/website/versioned_docs/version-4/plugin-gallery/inflector.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
sidebar_position: 1
---

# Inflector Plugins
# Inflector plugins

Below you'll find some small plugins that people have written. Larger plugins likely have their own dedicated repositories, these are typically just examples of how to achieve a small goal.

Expand Down
4 changes: 3 additions & 1 deletion postgraphile/website/versioned_docs/version-5/community-plugins.md
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,9 @@
---
title: PostGraphile community plugins
title: Community plugins
---

# PostGraphile community plugins

Community members can write plugins for PostGraphile that extends its
functionality; this page lists some of them. Issues with these plugins should be
directed to the plugin authors, not to this project. This page is maintained by
Expand Down
2 changes: 2 additions & 0 deletions postgraphile/website/versioned_docs/version-5/introspection.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,8 @@
title: Introspection?
---

# Introspection

PostgreSQL has a powerful introspection API which allows us to ask it all about
a database - what schemas, tables, columns, constraints, indexes, functions,
comments, etc it has - and we use this information to construct the GraphQL
Expand Down
Loading

0 comments on commit 192e644

Please sign in to comment.