feat: allow to conditionally block mutation via expressions (#1480)

Co-authored-by: Ludwig <ludwig.bedacht@gmail.com>
wundergraph · Jan 3, 2025 · 750f7dc · 750f7dc
1 parent 8a7d8cf
commit 750f7dc
Show file tree

Hide file tree

Showing 26 changed files with 1,112 additions and 265 deletions.
diff --git a/router-tests/authentication_test.go b/router-tests/authentication_test.go
@@ -18,29 +18,13 @@ import (
 )
 
 const (
-	jwksName                      = "my-jwks-server"
 	employeesQuery                = `{"query":"{ employees { id } }"}`
 	employeesQueryRequiringClaims = `{"query":"{ employees { id startDate } }"}`
 	employeesExpectedData         = `{"data":{"employees":[{"id":1},{"id":2},{"id":3},{"id":4},{"id":5},{"id":7},{"id":8},{"id":10},{"id":11},{"id":12}]}}`
 	unauthorizedExpectedData      = `{"errors":[{"message":"unauthorized"}]}`
 	xAuthenticatedByHeader        = "X-Authenticated-By"
 )
 
-func configureAuth(t *testing.T) ([]authentication.Authenticator, *jwks.Server) {
-	authServer, err := jwks.NewServer(t)
-	require.NoError(t, err)
-	t.Cleanup(authServer.Close)
-	tokenDecoder, _ := authentication.NewJwksTokenDecoder(zap.NewNop(), authServer.JWKSURL(), time.Second*5)
-	authOptions := authentication.HttpHeaderAuthenticatorOptions{
-		Name:         jwksName,
-		URL:          authServer.JWKSURL(),
-		TokenDecoder: tokenDecoder,
-	}
-	authenticator, err := authentication.NewHttpHeaderAuthenticator(authOptions)
-	require.NoError(t, err)
-	return []authentication.Authenticator{authenticator}, authServer
-}
-
 func TestAuthentication(t *testing.T) {
 	t.Parallel()
 
@@ -750,7 +734,7 @@ func TestAuthenticationMultipleProviders(t *testing.T) {
 	t.Cleanup(authServer2.Close)
 
 	tokenDecoder1, _ := authentication.NewJwksTokenDecoder(zap.NewNop(), authServer1.JWKSURL(), time.Second*5)
-	authenticator1HeaderValuePrefixes := []string{"Bearer"}
+	authenticator1HeaderValuePrefixes := []string{"Provider1"}
 	authenticator1, err := authentication.NewHttpHeaderAuthenticator(authentication.HttpHeaderAuthenticatorOptions{
 		Name:                "1",
 		HeaderValuePrefixes: authenticator1HeaderValuePrefixes,
@@ -760,7 +744,7 @@ func TestAuthenticationMultipleProviders(t *testing.T) {
 	require.NoError(t, err)
 
 	tokenDecoder2, _ := authentication.NewJwksTokenDecoder(zap.NewNop(), authServer2.JWKSURL(), time.Second*5)
-	authenticator2HeaderValuePrefixes := []string{"", "Bearer", "Token"}
+	authenticator2HeaderValuePrefixes := []string{"", "Provider2"}
 	authenticator2, err := authentication.NewHttpHeaderAuthenticator(authentication.HttpHeaderAuthenticatorOptions{
 		Name:                "2",
 		HeaderValuePrefixes: authenticator2HeaderValuePrefixes,
@@ -771,7 +755,7 @@ func TestAuthenticationMultipleProviders(t *testing.T) {
 	authenticators := []authentication.Authenticator{authenticator1, authenticator2}
 	accessController := core.NewAccessController(authenticators, false)
 
-	t.Run("authenticate with first provider", func(t *testing.T) {
+	t.Run("authenticate with first provider due to matching prefix", func(t *testing.T) {
 		t.Parallel()
 
 		testenv.Run(t, &testenv.Config{
@@ -800,7 +784,7 @@ func TestAuthenticationMultipleProviders(t *testing.T) {
 		})
 	})
 
-	t.Run("authenticate with second provider", func(t *testing.T) {
+	t.Run("authenticate with second provider due to matching prefix", func(t *testing.T) {
 		t.Parallel()
 
 		testenv.Run(t, &testenv.Config{