[auth] Add RequestCache.clearForContext and export RequestCache class

If the scope initializer loads data that may change during a request for example due to a new user session or permission change then we need a way to clear the cache such that the scope initializer can be re-executed based on the new context state.
hayes · Apr 16, 2024 · c78380d · c78380d
1 parent c67d1c8
commit c78380d
Show file tree

Hide file tree

Showing 7 changed files with 87 additions and 12 deletions.
diff --git a/.changeset/clever-numbers-jog.md b/.changeset/clever-numbers-jog.md
@@ -0,0 +1,5 @@
+---
+'@pothos/plugin-scope-auth': minor
+---
+
+[auth] Allow clearing/resetting scope cache in the middle of a request
diff --git a/packages/plugin-scope-auth/src/index.ts b/packages/plugin-scope-auth/src/index.ts
@@ -17,6 +17,7 @@ import SchemaBuilder, {
   SchemaTypes,
 } from '@pothos/core';
 import { isTypeOfHelper } from './is-type-of-helper';
+import RequestCache from './request-cache';
 import { resolveHelper } from './resolve-helper';
 import {
   createFieldAuthScopesStep,
@@ -27,6 +28,7 @@ import {
 } from './steps';
 import { ResolveStep, TypeAuthScopes, TypeGrantScopes } from './types';
 
+export { RequestCache };
 export * from './errors';
 export * from './types';
 

diff --git a/packages/plugin-scope-auth/src/request-cache.ts b/packages/plugin-scope-auth/src/request-cache.ts
@@ -57,6 +57,10 @@ export default class RequestCache<Types extends SchemaTypes> {
     return requestCache.get(context)!;
   }
 
+  static clearForContext<T extends SchemaTypes>(context: T['Context']): void {
+    requestCache.delete(context);
+  }
+
   getScopes(): MaybePromise<ScopeLoaderMap<Types>> {
     if (!this.scopes) {
       const scopes = this.builder.options.authScopes(this.context);

diff --git a/packages/plugin-scope-auth/tests/__snapshots__/index.test.ts.snap b/packages/plugin-scope-auth/tests/__snapshots__/index.test.ts.snap
@@ -111,6 +111,7 @@ type Post {
 }
 
 type Query {
+  ClearCache: ObjForSyncPermFn
   IfaceBooleanFn(result: Boolean!): IfaceBooleanFn
   IfaceForAdmin: IfaceForAdmin
   ObjAdminIface: ObjAdminIface

diff --git a/packages/plugin-scope-auth/tests/caching.test.ts b/packages/plugin-scope-auth/tests/caching.test.ts
@@ -226,4 +226,40 @@ describe('caching', () => {
       `);
     });
   });
+
+  it('clears cache during request', async () => {
+    const query = gql`
+      query {
+        obj: ClearCache {
+          field
+        }
+      }
+    `;
+
+    const counter = new Counter();
+
+    const result = await execute({
+      schema,
+      document: query,
+      contextValue: {
+        count: counter.count,
+        user: new User({
+          'x-user-id': '1',
+          'x-permissions': 'a',
+        }),
+      },
+    });
+
+    expect(counter.counts.get('authScopes')).toBe(2);
+
+    expect(result).toMatchInlineSnapshot(`
+        {
+          "data": {
+            "obj": {
+              "field": "ok",
+            },
+          },
+        }
+      `);
+  });
 });
diff --git a/packages/plugin-scope-auth/tests/example/builder.ts b/packages/plugin-scope-auth/tests/example/builder.ts
@@ -42,20 +42,28 @@ const builder = new SchemaBuilder<{
     authorizeOnSubscribe: true,
     defaultStrategy: 'all',
   },
-  authScopes: async (context) => ({
-    loggedIn: !!context.user,
-    admin: !!context.user?.roles.includes('admin'),
-    syncPermission: (perm) => {
-      context.count?.('syncPermission');
+  authScopes: async (context) => {
+    context.count?.('authScopes');
 
-      return !!context.user?.permissions.includes(perm);
-    },
-    asyncPermission: async (perm) => {
-      context.count?.('asyncPermission');
+    // locally reference use to simulate data loaded in this authScopes fn that depends on incoming
+    // context data and is not modifiable from resolvers
+    const { user } = context;
 
-      return !!context.user?.permissions.includes(perm);
-    },
-  }),
+    return {
+      loggedIn: !!user,
+      admin: !!user?.roles.includes('admin'),
+      syncPermission: (perm) => {
+        context.count?.('syncPermission');
+
+        return !!user?.permissions.includes(perm);
+      },
+      asyncPermission: async (perm) => {
+        context.count?.('asyncPermission');
+
+        return !!user?.permissions.includes(perm);
+      },
+    };
+  },
 });
 
 export default builder;
diff --git a/packages/plugin-scope-auth/tests/example/schema/index.ts b/packages/plugin-scope-auth/tests/example/schema/index.ts
@@ -1,7 +1,9 @@
 /* eslint-disable @typescript-eslint/require-await */
 import './custom-errors';
 import './with-auth';
+import { RequestCache } from '../../../src';
 import builder from '../builder';
+import User from '../user';
 
 builder.queryField('currentId', (t) =>
   t.authField({
@@ -847,6 +849,23 @@ builder.queryType({
 
       resolve: () => ({}),
     }),
+    ClearCache: t.field({
+      type: ObjForSyncPermFn,
+      nullable: true,
+      authScopes: {
+        syncPermission: 'a',
+      },
+      resolve: (parent, args, context) => {
+        context.user = new User({
+          'x-user-id': '1',
+          'x-permissions': 'b',
+        });
+
+        RequestCache.clearForContext(context);
+
+        return { permission: 'b' };
+      },
+    }),
   }),
 });