[DPLT-1042] Add support for backend only mutations from Runner #109
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
morgsmccauley
force-pushed
the
DPLT-1042-add-support-for-backend-only-mutations
branch
from
40c9b8f to
331d8d2
Compare
morgsmccauley
commented
Jun 27, 2023
| @@ -13,5 +13,9 @@ pub(crate) async fn auth(req: HttpRequest) -> impl Responder { | |||
| None => std::env::var("DEFAULT_HASURA_ROLE").unwrap(), | |||
| }; | |||
|
|
|||
| if role_header == "admin" { | |||
There was a problem hiding this comment.
Prior to this, it was possible to assume the admin role by specifying it on the headers. This disables that functionality so that it is not possible to workaround the Backend Only Mutations.
Note that assuming admin is still possible by passing the specifying the X-Hasura-Admin-Secret header.
morgsmccauley
commented
Jun 27, 2023
| 'X-Hasura-Use-Backend-Only-Permissions': 'true', | ||
| ...(hasuraRoleName && { | ||
| 'X-Hasura-Role': hasuraRoleName, | ||
| 'X-Hasura-Admin-Secret': process.env.HASURA_ADMIN_SECRET |
There was a problem hiding this comment.
Only attach the admin secret if a role is specified - if this were attached without specifying a role, admin would be used, granting the request access to everything.
morgsmccauley
commented
Jun 27, 2023
| @@ -354,7 +354,12 @@ export default class Indexer { | |||
| method: 'POST', | |||
| headers: { | |||
| 'Content-Type': 'application/json', | |||
| ...(hasuraRoleName && { 'X-Hasura-Role': hasuraRoleName }) | |||
| 'X-Hasura-Use-Backend-Only-Permissions': 'true', | |||
There was a problem hiding this comment.
This won't affect requests to tables without this flag enabled on the role.
morgsmccauley
changed the title
morgsmccauley
deleted the
DPLT-1042-add-support-for-backend-only-mutations
branch
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR adds support for Backend Only Mutations in the Lambda Runner.
To mark a mutation as Backend Only, the flag must be set for the relevant Role. This makes the mutation hidden by default, and only accessible when the
X-Hasura-Use-Backend-Only-Permissions, relevantX-Hasura-Role, andX-Hasura-Admin-Secretheaders are present on the request. As the secret is secret, the mutation is mostly inaccessible to frontends, but not it is still possible to call it if you have the secret.Backend Only Mutations are only hidden for the relevant role. So if another role has unrestricted access to the mutation it will be able to execute it. This means that supplying the
X-Hasura-Admin-Secretalone, therefore assuming theadminrole which has access to everything, is enough to call the 'Backend Only Mutation'. This shouldn't be a concern as we are only ones with the secret.