Event Handlers
The earlier sections of the book covered a great many options for customizing the behavior of Warpgrapher, including input validation, request context, custom endpoints, and dynamic properties and relationships. Warpgrapher offers an additional API, the event handling API, to modify Warpgrapher's behavior at almost every point in the lifecycle of a request. Event handlers may be added before Engine creation, before or after request handling, and before or after nodes or relationships are created, read, updated, or deleted. This section will introduce the event handling API using an extended example of implementing a very simple authorization model. Each data record will be owned by one user, and only that user is entitled to read or modify that record.
Configuration
Unlike some of the other customization points in the Warpgrapher engine, no special configuration is required for event handlers. They are created and added to the Engine using only Rust code. The data model used for this section's example is as follows.
version: 1
model:
- name: Record
props:
- name: content
type: String
Implementation
The example introduces four event hooks illustrating different lifecycle events. One event handler is set up for before the engine is built. It takes in the configuration and modifies it to insert an additional property allowing the system to track the owner of a given Record. A second event handler runs before every request, inserting the current username into a request context so that the system can determine who is making a request, and thus whether that current user matches the ownership of the records being affected. The remaining event handlers run after node read events and before node modification events, in order to enforce the access control rules.
Before Engine Build
The following function is run before the engine is built. It takes in a mutable copy of the configuration to be used to set up Warpgrapher Engine. This allows before engine build event handlers to make any concievable modification to the configuration. They can add or remove endpoints, types, properties, relationships, dynamic resolvers, validation, or anything else that can be included in a configuration.
/// before_build_engine event hook
/// Adds owner meta fields to all types in the model (though in this example, there's only one,
/// the record type)
fn add_owner_field(config: &mut Configuration) -> Result<(), Error> {
for t in config.model.iter_mut() {
let mut_props: &mut Vec<Property> = t.mut_props();
mut_props.push(Property::new(
"owner".to_string(),
UsesFilter::none(),
"String".to_string(),
false,
false,
None,
None,
));
}
Ok(())
}
In this example, the handler is iterating through the configuration, finding every type declared in the data model. To each type, the handler is adding a new owner property that will record the identity of the owner of the record. This will later be used to validate that only the owner can read and modify the data.
Before Request Processing
The following event hook function is run before every request that is processed by the Warpgrapher engine. In a full system implementation, it would likely pull information from the metadata parameter, such as request headers like a JWT, that might be parsed to pull out user identity information. That data might then be used to look up a user profile in the database. In this case, the example simply hard-codes a username. It does, however, demonstrate the use of an application-specific request context as a means of passing data in for use by other event handlers or by custom resolvers.
/// This event handler executes at the beginning of every request and attempts to insert the
/// current user's profile into the request context.
fn insert_user_profile(
mut rctx: Rctx,
mut _ef: EventFacade<Rctx>,
_metadata: HashMap<String, String>,
) -> BoxFuture<Result<Rctx, Error>> {
Box::pin(async move {
// A real implementation would likely pull a user identity from an authentication token in
// metadata, or use that token to look up a full user profile in a database. In this
// example, the identify is hard-coded.
rctx.username = "user-from-JWT".to_string();
Ok(rctx)
})
}
Before Node Creation
The insert_owner event hook is run prior to the creation of any new nodes. The Value passed to the function is the GraphQL input type in the form of a Warpgrapher Value. In this case, the function modifies the input value to insert an additional property, the owner of the node about to be created, which is set to be the username of the current user.
/// before_create event hook
/// Inserts an owner meta property into every new node containing the id of the creator
fn insert_owner(mut v: Value, ef: EventFacade<'_, Rctx>) -> BoxFuture<Result<Value, Error>> {
Box::pin(async move {
if let CrudOperation::CreateNode(_) = ef.op() {
if let Value::Map(ref mut input) = v {
let user_name = ef
.context()
.request_context()
.expect("Expect context")
.username
.to_string();
input.insert("owner".to_string(), Value::String(user_name));
}
}
Ok(v)
})
}
The modified input value is returned from the event hook, and when Warpgrapher continues executing the node creation operation, the owner property is included in the node creation operation, alongside all the other input properties.
After Node Read
The enforce_read_access event hook, defined below, is set to run after each node read operation. The Rust function is passed a Vec of nodes that that were read. The event hook function iterates through the nodes that were read, pulling out their owner property. That owner property is compared with the current logged in username. If the two match, the node belongs to the user, and the node is retained in the results list. If the two do not match, then the current logged in user is not the owner of the record, and the node is discarded from the results list without ever being passed back to the user.
/// after_read event hook
/// Filters the read nodes to those that are authorized to be read
fn enforce_read_access(
mut nodes: Vec<Node<Rctx>>,
ef: EventFacade<'_, Rctx>,
) -> BoxFuture<Result<Vec<Node<Rctx>>, Error>> {
Box::pin(async move {
nodes.retain(|node| {
let node_owner: String = node
.fields()
.get("owner")
.unwrap()
.clone()
.try_into()
.expect("Expect to find owner field.");
node_owner
== ef
.context()
.request_context()
.expect("Context expected")
.username
});
Ok(nodes)
})
}
Before Node Update and Delete
The enforce_write_access event hook, shown below, is set to run before each node update or delete operation. The Rust function is passed the input value that corresponds to the GraphQL schema input argument type for the update or delete operation. In this example implementation, the function executes the MATCH portion of the update or delete query, reading all the nodes that are intended to be modified. For each of the nodes read, the event handler tests whether the owner attribute is the current logged in username. If the two match, the node belongs to the current user, and it is kept in the result set. If the username does not match the owner property on the object, then the node is discarded.
Once the node list is filtered, the event handler constructs a new MATCH query that will match the unique identifiers of all the nodes remaining in the filtered list. This new MATCH query is returned from the event handler and used subsequently in Warpgrapher's automatically generated resolvers to do the update or deletion operation.
/// before_update event hook
/// Filters out nodes that the user is not authorized to modify
fn enforce_write_access(
v: Value,
mut ef: EventFacade<'_, Rctx>,
) -> BoxFuture<Result<Value, Error>> {
Box::pin(async move {
if let Value::Map(mut m) = v.clone() {
if let Some(input_match) = m.remove("MATCH") {
let nodes = &ef
.read_nodes("Record", input_match, Options::default())
.await?;
// filter nodes that are authorized
let filtered_node_ids: Vec<Value> = nodes
.iter()
.filter(|n| {
let node_owner: String =
n.fields().get("owner").unwrap().clone().try_into().unwrap();
node_owner
== ef
.context()
.request_context()
.expect("Expect context.")
.username
})
.map(|n| Ok(n.id()?.clone()))
.collect::<Result<Vec<Value>, Error>>()?;
// replace MATCH input with filtered nodes
m.insert(
"MATCH".to_string(),
Value::Map(hashmap! {
"id".to_string() => Value::Map(hashmap! {
"IN".to_string() => Value::Array(filtered_node_ids)
})
}),
);
// return modified input
Ok(Value::Map(m))
} else {
// Return original input unmodified
Ok(v)
}
} else {
// Return original input unmodified
Ok(v)
}
Although not necessary for this use case, the event handler could have just east as easily modified the SET portion of the update query as the MATCH, in some way adjusting the values used to update an existing node.
Add Handlers to the Engine
The event handlers are all added to an EventHandlerBag which is then passed to the Warpgrapher engine. The registration function determines where in the life cycle the hook will be called, and in some cases, such as before and after node and relationship CRUD operation handlers, there are arguments to specify which nodes or relationships should be affected.
.expect("Failed to create cypher database pool");
let mut ehb = EventHandlerBag::new();
ehb.register_before_request(insert_user_profile);
ehb.register_before_engine_build(add_owner_field);
ehb.register_before_node_create(vec!["Record".to_string()], insert_owner);
ehb.register_after_node_read(vec!["Record".to_string()], enforce_read_access);
ehb.register_before_node_update(vec!["Record".to_string()], enforce_write_access);
ehb.register_before_node_delete(vec!["Record".to_string()], enforce_write_access);
// create warpgrapher engine
let engine: Engine<Rctx> = Engine::new(config, db)
.with_event_handlers(ehb)
Example API Call
The following GraphQL query triggers at least the first several event handlers in the call. Other queries and mutations would be needed to exercise all of them.
.expect("Failed to build engine");
let query = "
mutation {
RecordCreate(input: {
content: \"Test Content\"
}) {
id
name
}
}
"
.to_string();
Full Example Source
See below for the full source code to the example above.
use maplit::hashmap;
use std::collections::HashMap;
use std::convert::TryFrom;
use std::convert::TryInto;
use warpgrapher::engine::config::{Configuration, Property, UsesFilter};
use warpgrapher::engine::context::RequestContext;
use warpgrapher::engine::database::cypher::CypherEndpoint;
use warpgrapher::engine::database::CrudOperation;
use warpgrapher::engine::database::DatabaseEndpoint;
use warpgrapher::engine::events::{EventFacade, EventHandlerBag};
use warpgrapher::engine::objects::{Node, Options};
use warpgrapher::engine::value::Value;
use warpgrapher::juniper::BoxFuture;
use warpgrapher::{Engine, Error};
static CONFIG: &str = "
version: 1
model:
- name: Record
props:
- name: content
type: String
";
#[derive(Clone, Debug)]
pub struct Rctx {
pub username: String,
}
impl Rctx {}
impl RequestContext for Rctx {
type DBEndpointType = CypherEndpoint;
fn new() -> Self {
Rctx {
username: String::new(),
}
}
}
/// This event handler executes at the beginning of every request and attempts to insert the
/// current user's profile into the request context.
fn insert_user_profile(
mut rctx: Rctx,
mut _ef: EventFacade<Rctx>,
_metadata: HashMap<String, String>,
) -> BoxFuture<Result<Rctx, Error>> {
Box::pin(async move {
// A real implementation would likely pull a user identity from an authentication token in
// metadata, or use that token to look up a full user profile in a database. In this
// example, the identify is hard-coded.
rctx.username = "user-from-JWT".to_string();
Ok(rctx)
})
}
/// before_build_engine event hook
/// Adds owner meta fields to all types in the model (though in this example, there's only one,
/// the record type)
fn add_owner_field(config: &mut Configuration) -> Result<(), Error> {
for t in config.model.iter_mut() {
let mut_props: &mut Vec<Property> = t.mut_props();
mut_props.push(Property::new(
"owner".to_string(),
UsesFilter::none(),
"String".to_string(),
false,
false,
None,
None,
));
}
Ok(())
}
/// before_create event hook
/// Inserts an owner meta property into every new node containing the id of the creator
fn insert_owner(mut v: Value, ef: EventFacade<'_, Rctx>) -> BoxFuture<Result<Value, Error>> {
Box::pin(async move {
if let CrudOperation::CreateNode(_) = ef.op() {
if let Value::Map(ref mut input) = v {
let user_name = ef
.context()
.request_context()
.expect("Expect context")
.username
.to_string();
input.insert("owner".to_string(), Value::String(user_name));
}
}
Ok(v)
})
}
/// after_read event hook
/// Filters the read nodes to those that are authorized to be read
fn enforce_read_access(
mut nodes: Vec<Node<Rctx>>,
ef: EventFacade<'_, Rctx>,
) -> BoxFuture<Result<Vec<Node<Rctx>>, Error>> {
Box::pin(async move {
nodes.retain(|node| {
let node_owner: String = node
.fields()
.get("owner")
.unwrap()
.clone()
.try_into()
.expect("Expect to find owner field.");
node_owner
== ef
.context()
.request_context()
.expect("Context expected")
.username
});
Ok(nodes)
})
}
/// before_update event hook
/// Filters out nodes that the user is not authorized to modify
fn enforce_write_access(
v: Value,
mut ef: EventFacade<'_, Rctx>,
) -> BoxFuture<Result<Value, Error>> {
Box::pin(async move {
if let Value::Map(mut m) = v.clone() {
if let Some(input_match) = m.remove("MATCH") {
let nodes = &ef
.read_nodes("Record", input_match, Options::default())
.await?;
// filter nodes that are authorized
let filtered_node_ids: Vec<Value> = nodes
.iter()
.filter(|n| {
let node_owner: String =
n.fields().get("owner").unwrap().clone().try_into().unwrap();
node_owner
== ef
.context()
.request_context()
.expect("Expect context.")
.username
})
.map(|n| Ok(n.id()?.clone()))
.collect::<Result<Vec<Value>, Error>>()?;
// replace MATCH input with filtered nodes
m.insert(
"MATCH".to_string(),
Value::Map(hashmap! {
"id".to_string() => Value::Map(hashmap! {
"IN".to_string() => Value::Array(filtered_node_ids)
})
}),
);
// return modified input
Ok(Value::Map(m))
} else {
// Return original input unmodified
Ok(v)
}
} else {
// Return original input unmodified
Ok(v)
}
})
}
#[tokio::main]
async fn main() {
// parse warpgrapher config
let config = Configuration::try_from(CONFIG.to_string()).expect("Failed to parse CONFIG");
// define database endpoint
let db = CypherEndpoint::from_env()
.expect("Failed to parse cypher endpoint from environment")
.pool()
.await
.expect("Failed to create cypher database pool");
let mut ehb = EventHandlerBag::new();
ehb.register_before_request(insert_user_profile);
ehb.register_before_engine_build(add_owner_field);
ehb.register_before_node_create(vec!["Record".to_string()], insert_owner);
ehb.register_after_node_read(vec!["Record".to_string()], enforce_read_access);
ehb.register_before_node_update(vec!["Record".to_string()], enforce_write_access);
ehb.register_before_node_delete(vec!["Record".to_string()], enforce_write_access);
// create warpgrapher engine
let engine: Engine<Rctx> = Engine::new(config, db)
.with_event_handlers(ehb)
.build()
.expect("Failed to build engine");
let query = "
mutation {
RecordCreate(input: {
content: \"Test Content\"
}) {
id
name
}
}
"
.to_string();
let metadata = HashMap::new();
let result = engine.execute(query, None, metadata).await.unwrap();
println!("result: {:#?}", result);
}