dgraph-io · JatinDev543 · Aug 13, 2020 · Jul 20, 2020 · Aug 12, 2020 · Aug 12, 2020
diff --git a/go.mod b/go.mod
@@ -18,6 +18,7 @@ require (
 	github.com/codahale/hdrhistogram v0.0.0-20161010025455-3a0bb77429bd
 	github.com/dgraph-io/badger/v2 v2.0.1-rc1.0.20200718033852-37ee16d8ad1c
 	github.com/dgraph-io/dgo/v200 v200.0.0-20200401175452-e463f9234453
+	github.com/dgraph-io/graphql-transport-ws v0.0.0-20200715131837-c0460019ead2
 	github.com/dgraph-io/ristretto v0.0.3-0.20200630154024-f66de99634de
 	github.com/dgrijalva/jwt-go v3.2.0+incompatible
 	github.com/dgrijalva/jwt-go/v4 v4.0.0-preview1
@@ -36,7 +37,7 @@ require (
 	github.com/google/uuid v1.0.0
 	github.com/gorilla/websocket v1.4.1
 	github.com/graph-gophers/graphql-go v0.0.0-20200309224638-dae41bde9ef9
-	github.com/graph-gophers/graphql-transport-ws v0.0.0-20190611222414-40c048432299
+	github.com/graph-gophers/graphql-transport-ws v0.0.0-20190611222414-40c048432299 // indirect
 	github.com/hashicorp/vault/api v1.0.4
 	github.com/minio/minio-go/v6 v6.0.55
 	github.com/mitchellh/panicwrap v1.0.0
@@ -62,7 +63,7 @@ require (
 	golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550
 	golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e
 	golang.org/x/sync v0.0.0-20190423024810-112230192c58
-	golang.org/x/sys v0.0.0-20200420163511-1957bb5e6d1f
+	golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9
 	golang.org/x/text v0.3.2
 	google.golang.org/genproto v0.0.0-20190516172635-bb713bdc0e52 // indirect
 	google.golang.org/grpc v1.23.0

diff --git a/go.sum b/go.sum
@@ -82,6 +82,8 @@ github.com/dgraph-io/badger/v2 v2.0.1-rc1.0.20200718033852-37ee16d8ad1c h1:LoEZf
 github.com/dgraph-io/badger/v2 v2.0.1-rc1.0.20200718033852-37ee16d8ad1c/go.mod h1:26P/7fbL4kUZVEVKLAKXkBXKOydDmM2p1e+NhhnBCAE=
 github.com/dgraph-io/dgo/v200 v200.0.0-20200401175452-e463f9234453 h1:DTgOrw91nMIukDm/WEvdobPLl0LgeDd/JE66+24jBks=
 github.com/dgraph-io/dgo/v200 v200.0.0-20200401175452-e463f9234453/go.mod h1:Co+FwJrnndSrPORO8Gdn20dR7FPTfmXr0W/su0Ve/Ig=
+github.com/dgraph-io/graphql-transport-ws v0.0.0-20200715131837-c0460019ead2 h1:NSl3XXyON9bgmBJSAvr5FPrgILAovtoTs7FwdtaZZq0=
+github.com/dgraph-io/graphql-transport-ws v0.0.0-20200715131837-c0460019ead2/go.mod h1:7z3c/5w0sMYYZF5bHsrh8IH4fKwG5O5Y70cPH1ZLLRQ=
 github.com/dgraph-io/ristretto v0.0.3-0.20200630154024-f66de99634de h1:t0UHb5vdojIDUqktM6+xJAfScFBsVpXZmqC9dsgJmeA=
 github.com/dgraph-io/ristretto v0.0.3-0.20200630154024-f66de99634de/go.mod h1:KPxhHT9ZxKefz+PCeOGsrHpl1qZ7i70dGTu2u+Ahh6E=
 github.com/dgrijalva/jwt-go v3.2.0+incompatible h1:7qlOGliEKZXTDg6OTjfoBKDXWrumCAMpl/TFQ4/5kLM=

diff --git a/graphql/authorization/auth.go b/graphql/authorization/auth.go
@@ -36,9 +36,11 @@ import (
 )
 
 type ctxKey string
+type authVariablekey string
 
 const (
 	AuthJwtCtxKey  = ctxKey("authorizationJwt")
+	AuthVariables  = authVariablekey("authVariable")
 	RSA256         = "RS256"
 	HMAC256        = "HS256"
 	AuthMetaHeader = "# Dgraph.Authorization "
@@ -208,22 +210,6 @@ func (c *CustomClaims) UnmarshalJSON(data []byte) error {
 	return nil
 }
 
-func ExtractAuthVariables(ctx context.Context) (map[string]interface{}, error) {
-	// Extract the jwt and unmarshal the jwt to get the auth variables.
-	md, ok := metadata.FromIncomingContext(ctx)
-	if !ok {
-		return nil, nil
-	}
-
-	jwtToken := md.Get(string(AuthJwtCtxKey))
-	if len(jwtToken) == 0 {
-		return nil, nil
-	} else if len(jwtToken) > 1 {
-		return nil, fmt.Errorf("invalid jwt auth token")
-	}
-	return validateToken(jwtToken[0])
-}
-
 func (c *CustomClaims) validateAudience() error {
 	// If there's no audience claim, ignore
 	if c.Audience == nil || len(c.Audience) == 0 {
@@ -250,7 +236,23 @@ func (c *CustomClaims) validateAudience() error {
 	return nil
 }
 
-func validateToken(jwtStr string) (map[string]interface{}, error) {
+func ExtractCustomClaims(ctx context.Context) (*CustomClaims, error) {
+	// return CustomClaims containing jwt and authvariables.
+	md, ok := metadata.FromIncomingContext(ctx)
+	if !ok {
+		return &CustomClaims{}, nil
+	}
+
+	jwtToken := md.Get(string(AuthJwtCtxKey))
+	if len(jwtToken) == 0 {
+		return &CustomClaims{}, nil
+	} else if len(jwtToken) > 1 {
+		return nil, fmt.Errorf("invalid jwt auth token")
+	}
+	return validateJWTCustomClaims(jwtToken[0])
+}
+
+func validateJWTCustomClaims(jwtStr string) (*CustomClaims, error) {
 	if metainfo.Algo == "" {
 		return nil, fmt.Errorf(
 			"jwt token cannot be validated because verification algorithm is not set")
@@ -290,6 +292,5 @@ func validateToken(jwtStr string) (map[string]interface{}, error) {
 	if err := claims.validateAudience(); err != nil {
 		return nil, err
 	}
-
-	return claims.AuthVariables, nil
+	return claims, nil
 }
diff --git a/graphql/e2e/auth/auth_test.go b/graphql/e2e/auth/auth_test.go
@@ -25,6 +25,7 @@ import (
 	"os"
 	"strings"
 	"testing"
+	"time"
 
 	"github.com/dgraph-io/dgraph/graphql/authorization"
 	"github.com/dgraph-io/dgraph/graphql/e2e/common"
@@ -177,7 +178,7 @@ func getJWT(t *testing.T, user, role string) http.Header {
 		metaInfo.AuthVars["ROLE"] = role
 	}
 
-	jwtToken, err := metaInfo.GetSignedToken("./sample_private_key.pem")
+	jwtToken, err := metaInfo.GetSignedToken("./sample_private_key.pem", 300*time.Second)
 	require.NoError(t, err)
 
 	h := make(http.Header)

diff --git a/graphql/e2e/common/query.go b/graphql/e2e/common/query.go
@@ -1284,9 +1284,9 @@ func querynestedOnlyTypename(t *testing.T) {
 		  },
                   {
 			"__typename": "Post"
-		  },  
+		  },
 		  {
-			
+
 			"__typename": "Post"
 		  }
 		]
@@ -1312,8 +1312,8 @@ func onlytypenameForInterface(t *testing.T) {
 						eq: [EMPIRE]
 					}
 				}) {
-					
-					
+
+
 					... on Human {
 						__typename
 			                }
@@ -1327,7 +1327,7 @@ func onlytypenameForInterface(t *testing.T) {
 		expected := `{
 		"queryCharacter": [
 		  {
-                      "__typename": "Human"			
+                      "__typename": "Human"
 		  },
 		  {
 	             "__typename": "Droid"

diff --git a/graphql/e2e/common/subscription.go b/graphql/e2e/common/subscription.go
@@ -58,19 +58,18 @@ type GraphQLSubscriptionClient struct {
 }
 
 // NewGraphQLSubscription returns graphql subscription client.
-func NewGraphQLSubscription(url string, req *schema.Request) (*GraphQLSubscriptionClient, error) {
+func NewGraphQLSubscription(url string, req *schema.Request, subscriptionPayload string) (*GraphQLSubscriptionClient, error) {
 	header := http.Header{
 		"Sec-WebSocket-Protocol": []string{protocolGraphQLWS},
 	}
 	conn, _, err := websocket.DefaultDialer.Dial(url, header)
 	if err != nil {
 		return nil, err
 	}
-
 	// Initialize subscription.
 	init := operationMessage{
 		Type:    initMsg,
-		Payload: []byte(`{}`),
+		Payload: []byte(subscriptionPayload),
 	}
 
 	// Send Intialization message to the graphql server.

diff --git a/graphql/e2e/custom_logic/custom_logic_test.go b/graphql/e2e/custom_logic/custom_logic_test.go
@@ -168,7 +168,7 @@ func TestCustomQueryShouldForwardHeaders(t *testing.T) {
 				 secretHeaders: ["Github-Api-Token"]
 		 })
 	 }
-	 
+
 		 # Dgraph.Secret Github-Api-Token "random-fake-token"
 		 # Dgraph.Secret app "should-be-overriden"
 	 `
@@ -247,7 +247,7 @@ func TestSchemaIntrospectionForCustomQueryShouldForwardHeaders(t *testing.T) {
 			code: String!
 			name: String!
 		}
-		
+
 		type Query {
 			myCustom(yo: CountryInput!): [Country!]!
 			  @custom(
@@ -331,7 +331,7 @@ func TestCustomFieldsInSubscription(t *testing.T) {
 			  name
 			}
 		  }`,
-	})
+	}, `{}`)
 	require.NoError(t, err)
 	_, err = client.RecvMsg()
 	require.Contains(t, err.Error(), "Custom field `name` is not supported in graphql subscription")
@@ -370,7 +370,7 @@ func TestSubscriptionInNestedCustomField(t *testing.T) {
 				}
 			 }
 		  }`,
-	})
+	}, `{}`)
 	require.NoError(t, err)
 	_, err = client.RecvMsg()
 	require.Contains(t, err.Error(), "Custom field `anotherName` is not supported in graphql subscription")
@@ -1257,7 +1257,7 @@ func TestCustomLogicGraphql(t *testing.T) {
       code: String
       name: String
 	}
-	
+
 	type Query {
 		getCountry1(id: ID!): Country!
 		  @custom(
@@ -1292,7 +1292,7 @@ func TestCustomLogicGraphqlWithArgumentsOnFields(t *testing.T) {
       code(size: Int!): String
       name: String
 	}
-	
+
 	type Query {
 		getCountry2(id: ID!): Country!
 		  @custom(
@@ -1378,7 +1378,7 @@ func TestCustomLogicGraphQLValidArrayResponse(t *testing.T) {
       code: String
       name: String
 	}
-	
+
 	type Query {
 		getCountries(id: ID!): [Country]
 		  @custom(
@@ -2071,7 +2071,7 @@ func TestCustomGraphqlMissingRequiredArgument(t *testing.T) {
       code: String!
       name: String!
 	}
-	
+
 	type Mutation {
 		addCountry1(input: CountryInput!): Country! @custom(http: {
 										url: "http://mock:8888/setCountry",
@@ -2134,7 +2134,7 @@ func TestCustomGraphqlMutation1(t *testing.T) {
       code: String!
       name: String!
 	}
-	
+
 	type Mutation {
 		addCountry1(input: CountryInput!): Country! @custom(http: {
 					url: "http://mock:8888/setCountry"
@@ -2224,7 +2224,7 @@ func TestCustomGraphqlMutation2(t *testing.T) {
         code: String!
         name: String!
 	  }
-	  
+
 	type Mutation {
 		updateCountries(name: String, std: Int): [Country!]! @custom(http: {
 								url: "http://mock:8888/updateCountries",
@@ -2279,7 +2279,7 @@ func TestForValidInputArgument(t *testing.T) {
       code: String!
       name: String!
 	}
-	
+
 	type Query {
 		myCustom(yo: CountryInput!): [Country!]!
 		  @custom(