feat:

* added disable playground functionality * added toggle button for playground in dashboard
2023-08-28 19:51:42 +05:30
parent 9ae616b6b5
commit 9795ba9097
18 changed files with 1585 additions and 1444 deletions
--- a/server/constants/env.go
+++ b/server/constants/env.go
@@ -158,6 +158,9 @@ const (
 	// EnvKeyDisableMultiFactorAuthentication is key for env variable DISABLE_MULTI_FACTOR_AUTHENTICATION
 	// this variable is used to completely disable multi factor authentication. It will have no effect on profile preference
 	EnvKeyDisableMultiFactorAuthentication = "DISABLE_MULTI_FACTOR_AUTHENTICATION"
+	// EnvKeyDisablePlayGround is key for env variable DISABLE_PLAYGROUND
+	// this variable will disable or enable playground use in dashboard
+	EnvKeyDisablePlayGround = "DISABLE_PLAYGROUND"

 	// Slice variables
 	// EnvKeyRoles key for env variable ROLES
@@ -181,8 +184,8 @@ const (
 	EnvKeyDisablePhoneVerification = "DISABLE_PHONE_VERIFICATION"

 	// Twilio env variables
-	EnvKeyTwilioAPIKey = "TWILIO_API_KEY"
-	EnvKeyTwilioAPISecret = "TWILIO_API_SECRET"
+	EnvKeyTwilioAPIKey     = "TWILIO_API_KEY"
+	EnvKeyTwilioAPISecret  = "TWILIO_API_SECRET"
 	EnvKeyTwilioAccountSID = "TWILIO_ACCOUNT_SID"
 	EnvKeyTwilioSenderFrom = "TWILIO_SENDER_FROM"
 )
--- a/server/env/env.go
+++ b/server/env/env.go
@@ -104,6 +104,7 @@ func InitAllEnv() error {
 	osDisableStrongPassword := os.Getenv(constants.EnvKeyDisableStrongPassword)
 	osEnforceMultiFactorAuthentication := os.Getenv(constants.EnvKeyEnforceMultiFactorAuthentication)
 	osDisableMultiFactorAuthentication := os.Getenv(constants.EnvKeyDisableMultiFactorAuthentication)
+	osDisablePlayground := os.Getenv(constants.EnvKeyDisablePlayGround)

 	// os slice vars
 	osAllowedOrigins := os.Getenv(constants.EnvKeyAllowedOrigins)
@@ -145,7 +146,7 @@ func InitAllEnv() error {
 	if val, ok := envData[constants.EnvAwsRegion]; !ok || val == "" {
 		envData[constants.EnvAwsRegion] = osAwsRegion
 	}
-	
+
 	if osAwsRegion != "" && envData[constants.EnvAwsRegion] != osAwsRegion {
 		envData[constants.EnvAwsRegion] = osAwsRegion
 	}
@@ -789,17 +790,17 @@ func InitAllEnv() error {
 		envData[constants.EnvKeyTwilioAccountSID] = osTwilioAccountSid
 	}

-    if osTwilioSenderFrom != "" && envData[constants.EnvKeyTwilioSenderFrom] != osTwilioSenderFrom {
+	if osTwilioSenderFrom != "" && envData[constants.EnvKeyTwilioSenderFrom] != osTwilioSenderFrom {
 		envData[constants.EnvKeyTwilioSenderFrom] = osTwilioSenderFrom
 	}

 	if _, ok := envData[constants.EnvKeyDisablePhoneVerification]; !ok {
 		envData[constants.EnvKeyDisablePhoneVerification] = osDisablePhoneVerification == "false"
 	}
-	
+
 	if osDisablePhoneVerification != "" {
 		boolValue, err := strconv.ParseBool(osDisablePhoneVerification)
-		
+
 		if err != nil {
 			return err
 		}
@@ -808,6 +809,19 @@ func InitAllEnv() error {
 		}
 	}

+	if _, ok := envData[constants.EnvKeyDisablePlayGround]; !ok {
+		envData[constants.EnvKeyDisablePlayGround] = osDisablePlayground == "true"
+	}
+	if osDisablePlayground != "" {
+		boolValue, err := strconv.ParseBool(osDisablePlayground)
+		if err != nil {
+			return err
+		}
+		if boolValue != envData[constants.EnvKeyDisablePlayGround].(bool) {
+			envData[constants.EnvKeyDisablePlayGround] = boolValue
+		}
+	}
+
 	err = memorystore.Provider.UpdateEnvStore(envData)
 	if err != nil {
 		log.Debug("Error while updating env store: ", err)
--- a/server/env/persist_env.go
+++ b/server/env/persist_env.go
@@ -200,7 +200,7 @@ func PersistEnv() error {
 				envValue := strings.TrimSpace(os.Getenv(key))
 				if envValue != "" {
 					switch key {
-					case constants.EnvKeyIsProd, constants.EnvKeyDisableBasicAuthentication, constants.EnvKeyDisableMobileBasicAuthentication, constants.EnvKeyDisableEmailVerification, constants.EnvKeyDisableLoginPage, constants.EnvKeyDisableMagicLinkLogin, constants.EnvKeyDisableSignUp, constants.EnvKeyDisableRedisForEnv, constants.EnvKeyDisableStrongPassword, constants.EnvKeyIsEmailServiceEnabled, constants.EnvKeyEnforceMultiFactorAuthentication, constants.EnvKeyDisableMultiFactorAuthentication, constants.EnvKeyAdminCookieSecure, constants.EnvKeyAppCookieSecure, constants.EnvKeyDisablePhoneVerification:
+					case constants.EnvKeyIsProd, constants.EnvKeyDisablePlayGround, constants.EnvKeyDisableBasicAuthentication, constants.EnvKeyDisableMobileBasicAuthentication, constants.EnvKeyDisableEmailVerification, constants.EnvKeyDisableLoginPage, constants.EnvKeyDisableMagicLinkLogin, constants.EnvKeyDisableSignUp, constants.EnvKeyDisableRedisForEnv, constants.EnvKeyDisableStrongPassword, constants.EnvKeyIsEmailServiceEnabled, constants.EnvKeyEnforceMultiFactorAuthentication, constants.EnvKeyDisableMultiFactorAuthentication, constants.EnvKeyAdminCookieSecure, constants.EnvKeyAppCookieSecure, constants.EnvKeyDisablePhoneVerification:
 						if envValueBool, err := strconv.ParseBool(envValue); err == nil {
 							if value.(bool) != envValueBool {
 								storeData[key] = envValueBool
--- a/server/graph/generated/generated.go
+++ b/server/graph/generated/generated.go
@@ -96,6 +96,7 @@ type ComplexityRoot struct {
 		DisableLoginPage                 func(childComplexity int) int
 		DisableMagicLinkLogin            func(childComplexity int) int
 		DisableMultiFactorAuthentication func(childComplexity int) int
+		DisablePlayground                func(childComplexity int) int
 		DisableRedisForEnv               func(childComplexity int) int
 		DisableSignUp                    func(childComplexity int) int
 		DisableStrongPassword            func(childComplexity int) int
@@ -683,6 +684,13 @@ func (e *executableSchema) Complexity(typeName, field string, childComplexity in

 		return e.complexity.Env.DisableMultiFactorAuthentication(childComplexity), true

+	case "Env.DISABLE_PLAYGROUND":
+		if e.complexity.Env.DisablePlayground == nil {
+			break
+		}
+
+		return e.complexity.Env.DisablePlayground(childComplexity), true
+
 	case "Env.DISABLE_REDIS_FOR_ENV":
 		if e.complexity.Env.DisableRedisForEnv == nil {
 			break
@@ -2334,6 +2342,7 @@ type Env {
  ADMIN_COOKIE_SECURE: Boolean!
  DEFAULT_AUTHORIZE_RESPONSE_TYPE: String
  DEFAULT_AUTHORIZE_RESPONSE_MODE: String
+  DISABLE_PLAYGROUND: Boolean!
 }

 type ValidateJWTTokenResponse {
@@ -2451,6 +2460,7 @@ input UpdateEnvInput {
  ORGANIZATION_LOGO: String
  DEFAULT_AUTHORIZE_RESPONSE_TYPE: String
  DEFAULT_AUTHORIZE_RESPONSE_MODE: String
+  DISABLE_PLAYGROUND: Boolean
 }

 input AdminLoginInput {
@@ -6698,6 +6708,50 @@ func (ec *executionContext) fieldContext_Env_DEFAULT_AUTHORIZE_RESPONSE_MODE(ctx
 	return fc, nil
 }

+func (ec *executionContext) _Env_DISABLE_PLAYGROUND(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) {
+	fc, err := ec.fieldContext_Env_DISABLE_PLAYGROUND(ctx, field)
+	if err != nil {
+		return graphql.Null
+	}
+	ctx = graphql.WithFieldContext(ctx, fc)
+	defer func() {
+		if r := recover(); r != nil {
+			ec.Error(ctx, ec.Recover(ctx, r))
+			ret = graphql.Null
+		}
+	}()
+	resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (interface{}, error) {
+		ctx = rctx // use context from middleware stack in children
+		return obj.DisablePlayground, nil
+	})
+	if err != nil {
+		ec.Error(ctx, err)
+		return graphql.Null
+	}
+	if resTmp == nil {
+		if !graphql.HasFieldError(ctx, fc) {
+			ec.Errorf(ctx, "must not be null")
+		}
+		return graphql.Null
+	}
+	res := resTmp.(bool)
+	fc.Result = res
+	return ec.marshalNBoolean2bool(ctx, field.Selections, res)
+}
+
+func (ec *executionContext) fieldContext_Env_DISABLE_PLAYGROUND(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) {
+	fc = &graphql.FieldContext{
+		Object:     "Env",
+		Field:      field,
+		IsMethod:   false,
+		IsResolver: false,
+		Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) {
+			return nil, errors.New("field of type Boolean does not have child fields")
+		},
+	}
+	return fc, nil
+}
+
 func (ec *executionContext) _Error_message(ctx context.Context, field graphql.CollectedField, obj *model.Error) (ret graphql.Marshaler) {
 	fc, err := ec.fieldContext_Error_message(ctx, field)
 	if err != nil {
@@ -10585,6 +10639,8 @@ func (ec *executionContext) fieldContext_Query__env(ctx context.Context, field g
 				return ec.fieldContext_Env_DEFAULT_AUTHORIZE_RESPONSE_TYPE(ctx, field)
 			case "DEFAULT_AUTHORIZE_RESPONSE_MODE":
 				return ec.fieldContext_Env_DEFAULT_AUTHORIZE_RESPONSE_MODE(ctx, field)
+			case "DISABLE_PLAYGROUND":
+				return ec.fieldContext_Env_DISABLE_PLAYGROUND(ctx, field)
 			}
 			return nil, fmt.Errorf("no field named %q was found under type Env", field.Name)
 		},
@@ -16766,7 +16822,7 @@ func (ec *executionContext) unmarshalInputUpdateEnvInput(ctx context.Context, ob
 		asMap[k] = v
 	}

-	fieldsInOrder := [...]string{"ACCESS_TOKEN_EXPIRY_TIME", "ADMIN_SECRET", "CUSTOM_ACCESS_TOKEN_SCRIPT", "OLD_ADMIN_SECRET", "SMTP_HOST", "SMTP_PORT", "SMTP_USERNAME", "SMTP_PASSWORD", "SMTP_LOCAL_NAME", "SENDER_EMAIL", "SENDER_NAME", "JWT_TYPE", "JWT_SECRET", "JWT_PRIVATE_KEY", "JWT_PUBLIC_KEY", "ALLOWED_ORIGINS", "APP_URL", "RESET_PASSWORD_URL", "APP_COOKIE_SECURE", "ADMIN_COOKIE_SECURE", "DISABLE_EMAIL_VERIFICATION", "DISABLE_BASIC_AUTHENTICATION", "DISABLE_MAGIC_LINK_LOGIN", "DISABLE_LOGIN_PAGE", "DISABLE_SIGN_UP", "DISABLE_REDIS_FOR_ENV", "DISABLE_STRONG_PASSWORD", "DISABLE_MULTI_FACTOR_AUTHENTICATION", "ENFORCE_MULTI_FACTOR_AUTHENTICATION", "ROLES", "PROTECTED_ROLES", "DEFAULT_ROLES", "JWT_ROLE_CLAIM", "GOOGLE_CLIENT_ID", "GOOGLE_CLIENT_SECRET", "GITHUB_CLIENT_ID", "GITHUB_CLIENT_SECRET", "FACEBOOK_CLIENT_ID", "FACEBOOK_CLIENT_SECRET", "LINKEDIN_CLIENT_ID", "LINKEDIN_CLIENT_SECRET", "APPLE_CLIENT_ID", "APPLE_CLIENT_SECRET", "TWITTER_CLIENT_ID", "TWITTER_CLIENT_SECRET", "MICROSOFT_CLIENT_ID", "MICROSOFT_CLIENT_SECRET", "MICROSOFT_ACTIVE_DIRECTORY_TENANT_ID", "ORGANIZATION_NAME", "ORGANIZATION_LOGO", "DEFAULT_AUTHORIZE_RESPONSE_TYPE", "DEFAULT_AUTHORIZE_RESPONSE_MODE"}
+	fieldsInOrder := [...]string{"ACCESS_TOKEN_EXPIRY_TIME", "ADMIN_SECRET", "CUSTOM_ACCESS_TOKEN_SCRIPT", "OLD_ADMIN_SECRET", "SMTP_HOST", "SMTP_PORT", "SMTP_USERNAME", "SMTP_PASSWORD", "SMTP_LOCAL_NAME", "SENDER_EMAIL", "SENDER_NAME", "JWT_TYPE", "JWT_SECRET", "JWT_PRIVATE_KEY", "JWT_PUBLIC_KEY", "ALLOWED_ORIGINS", "APP_URL", "RESET_PASSWORD_URL", "APP_COOKIE_SECURE", "ADMIN_COOKIE_SECURE", "DISABLE_EMAIL_VERIFICATION", "DISABLE_BASIC_AUTHENTICATION", "DISABLE_MAGIC_LINK_LOGIN", "DISABLE_LOGIN_PAGE", "DISABLE_SIGN_UP", "DISABLE_REDIS_FOR_ENV", "DISABLE_STRONG_PASSWORD", "DISABLE_MULTI_FACTOR_AUTHENTICATION", "ENFORCE_MULTI_FACTOR_AUTHENTICATION", "ROLES", "PROTECTED_ROLES", "DEFAULT_ROLES", "JWT_ROLE_CLAIM", "GOOGLE_CLIENT_ID", "GOOGLE_CLIENT_SECRET", "GITHUB_CLIENT_ID", "GITHUB_CLIENT_SECRET", "FACEBOOK_CLIENT_ID", "FACEBOOK_CLIENT_SECRET", "LINKEDIN_CLIENT_ID", "LINKEDIN_CLIENT_SECRET", "APPLE_CLIENT_ID", "APPLE_CLIENT_SECRET", "TWITTER_CLIENT_ID", "TWITTER_CLIENT_SECRET", "MICROSOFT_CLIENT_ID", "MICROSOFT_CLIENT_SECRET", "MICROSOFT_ACTIVE_DIRECTORY_TENANT_ID", "ORGANIZATION_NAME", "ORGANIZATION_LOGO", "DEFAULT_AUTHORIZE_RESPONSE_TYPE", "DEFAULT_AUTHORIZE_RESPONSE_MODE", "DISABLE_PLAYGROUND"}
 	for _, k := range fieldsInOrder {
 		v, ok := asMap[k]
 		if !ok {
@@ -17189,6 +17245,14 @@ func (ec *executionContext) unmarshalInputUpdateEnvInput(ctx context.Context, ob
 			if err != nil {
 				return it, err
 			}
+		case "DISABLE_PLAYGROUND":
+			var err error
+
+			ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("DISABLE_PLAYGROUND"))
+			it.DisablePlayground, err = ec.unmarshalOBoolean2ᚖbool(ctx, v)
+			if err != nil {
+				return it, err
+			}
 		}
 	}

@@ -18151,6 +18215,13 @@ func (ec *executionContext) _Env(ctx context.Context, sel ast.SelectionSet, obj

 			out.Values[i] = ec._Env_DEFAULT_AUTHORIZE_RESPONSE_MODE(ctx, field, obj)

+		case "DISABLE_PLAYGROUND":
+
+			out.Values[i] = ec._Env_DISABLE_PLAYGROUND(ctx, field, obj)
+
+			if out.Values[i] == graphql.Null {
+				invalids++
+			}
 		default:
 			panic("unknown field " + strconv.Quote(field.Name))
 		}
--- a/server/graph/model/models_gen.go
+++ b/server/graph/model/models_gen.go
@@ -120,7 +120,7 @@ type Env struct {
 	AdminCookieSecure                bool     `json:"ADMIN_COOKIE_SECURE"`
 	DefaultAuthorizeResponseType     *string  `json:"DEFAULT_AUTHORIZE_RESPONSE_TYPE"`
 	DefaultAuthorizeResponseMode     *string  `json:"DEFAULT_AUTHORIZE_RESPONSE_MODE"`
-	SmsCodeExpiryTime				 *string  `json:"SMS_CODE_EXPIRY_TIME"`
+	DisablePlayground                bool     `json:"DISABLE_PLAYGROUND"`
 }

 type Error struct {
@@ -375,6 +375,7 @@ type UpdateEnvInput struct {
 	OrganizationLogo                 *string  `json:"ORGANIZATION_LOGO"`
 	DefaultAuthorizeResponseType     *string  `json:"DEFAULT_AUTHORIZE_RESPONSE_TYPE"`
 	DefaultAuthorizeResponseMode     *string  `json:"DEFAULT_AUTHORIZE_RESPONSE_MODE"`
+	DisablePlayground                *bool    `json:"DISABLE_PLAYGROUND"`
 }

 type UpdateProfileInput struct {
--- a/server/graph/schema.graphqls
+++ b/server/graph/schema.graphqls
@@ -175,6 +175,7 @@ type Env {
  ADMIN_COOKIE_SECURE: Boolean!
  DEFAULT_AUTHORIZE_RESPONSE_TYPE: String
  DEFAULT_AUTHORIZE_RESPONSE_MODE: String
+  DISABLE_PLAYGROUND: Boolean!
 }

 type ValidateJWTTokenResponse {
@@ -292,6 +293,7 @@ input UpdateEnvInput {
  ORGANIZATION_LOGO: String
  DEFAULT_AUTHORIZE_RESPONSE_TYPE: String
  DEFAULT_AUTHORIZE_RESPONSE_MODE: String
+  DISABLE_PLAYGROUND: Boolean
 }

 input AdminLoginInput {
--- a/server/handlers/playground.go
+++ b/server/handlers/playground.go
@@ -1,15 +1,44 @@
 package handlers

 import (
+	"net/http"
+
 	"github.com/99designs/gqlgen/graphql/playground"
 	"github.com/gin-gonic/gin"
+
+	log "github.com/sirupsen/logrus"
+
+	"github.com/authorizerdev/authorizer/server/constants"
+	"github.com/authorizerdev/authorizer/server/memorystore"
+	"github.com/authorizerdev/authorizer/server/token"
 )

 // PlaygroundHandler is the handler for the /playground route
 func PlaygroundHandler() gin.HandlerFunc {
-	h := playground.Handler("GraphQL", "/graphql")
-
 	return func(c *gin.Context) {
+		var h http.HandlerFunc
+
+		disablePlayground, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyDisablePlayGround)
+		if err != nil {
+			log.Debug("error while getting disable playground value")
+			return
+		}
+
+		// if env set to false, then check if logged in as super admin, if logged in then return graphql else 401 error
+		// if env set to true, then disabled the playground with 404 error
+		if !disablePlayground {
+			if token.IsSuperAdmin(c) {
+				h = playground.Handler("GraphQL", "/graphql")
+			} else {
+				log.Debug("not logged in as super admin")
+				c.JSON(http.StatusUnauthorized, gin.H{"error": "not logged in as super admin"})
+				return
+			}
+		} else {
+			log.Debug("playground is disabled")
+			c.JSON(http.StatusNotFound, gin.H{"error": "playground is disabled"})
+			return
+		}
 		h.ServeHTTP(c.Writer, c.Request)
 	}
 }
--- a/server/memorystore/memory_store.go
+++ b/server/memorystore/memory_store.go
@@ -37,6 +37,7 @@ func InitMemStore() error {
 		constants.EnvKeyDisableMultiFactorAuthentication: false,
 		constants.EnvKeyAppCookieSecure:                  true,
 		constants.EnvKeyAdminCookieSecure:                true,
+		constants.EnvKeyDisablePlayGround:                true,
 	}

 	requiredEnvs := RequiredEnvStoreObj.GetRequiredEnv()
--- a/server/memorystore/providers/redis/store.go
+++ b/server/memorystore/providers/redis/store.go
@@ -143,7 +143,7 @@ func (c *provider) GetEnvStore() (map[string]interface{}, error) {
 		return nil, err
 	}
 	for key, value := range data {
-		if key == constants.EnvKeyDisableBasicAuthentication || key == constants.EnvKeyDisableMobileBasicAuthentication || key == constants.EnvKeyDisableEmailVerification || key == constants.EnvKeyDisableLoginPage || key == constants.EnvKeyDisableMagicLinkLogin || key == constants.EnvKeyDisableRedisForEnv || key == constants.EnvKeyDisableSignUp || key == constants.EnvKeyDisableStrongPassword || key == constants.EnvKeyIsEmailServiceEnabled || key == constants.EnvKeyEnforceMultiFactorAuthentication || key == constants.EnvKeyDisableMultiFactorAuthentication || key == constants.EnvKeyAppCookieSecure || key == constants.EnvKeyAdminCookieSecure {
+		if key == constants.EnvKeyDisableBasicAuthentication || key == constants.EnvKeyDisableMobileBasicAuthentication || key == constants.EnvKeyDisableEmailVerification || key == constants.EnvKeyDisableLoginPage || key == constants.EnvKeyDisableMagicLinkLogin || key == constants.EnvKeyDisableRedisForEnv || key == constants.EnvKeyDisableSignUp || key == constants.EnvKeyDisableStrongPassword || key == constants.EnvKeyIsEmailServiceEnabled || key == constants.EnvKeyEnforceMultiFactorAuthentication || key == constants.EnvKeyDisableMultiFactorAuthentication || key == constants.EnvKeyAppCookieSecure || key == constants.EnvKeyAdminCookieSecure || key == constants.EnvKeyDisablePlayGround {
 			boolValue, err := strconv.ParseBool(value)
 			if err != nil {
 				return res, err
--- a/server/resolvers/env.go
+++ b/server/resolvers/env.go
@@ -202,6 +202,7 @@ func EnvResolver(ctx context.Context) (*model.Env, error) {
 	res.DisableMultiFactorAuthentication = store[constants.EnvKeyDisableMultiFactorAuthentication].(bool)
 	res.AdminCookieSecure = store[constants.EnvKeyAdminCookieSecure].(bool)
 	res.AppCookieSecure = store[constants.EnvKeyAppCookieSecure].(bool)
+	res.DisablePlayground = store[constants.EnvKeyDisablePlayGround].(bool)

 	return res, nil
 }