-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathproxy.js
More file actions
114 lines (98 loc) · 3.4 KB
/
proxy.js
File metadata and controls
114 lines (98 loc) · 3.4 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
const express = require('express');
const { createProxyMiddleware } = require('http-proxy-middleware');
const { parse } = require('graphql');
var bodyParser = require('body-parser')
const fs = require('fs');
const app = express();
const PORT = 8001;
const DESTINATION_HOST = process.env.PII_REVERSE_PROXY_FORWARD_HOST;
console.log('DESTINATION_HOST:', DESTINATION_HOST);
const handleRequest = async (req, _, next) => {
try {
if (req && req.body && req.body.query) {
const gqlQuery = req.body.query;
const parsedQuery = parse(gqlQuery);
const isHealthRecordsQuery = parsedQuery.definitions.some(def => def.kind === 'OperationDefinition' && def.operation === 'query' && def.selectionSet.selections.some(sel => sel.name.value.includes('health_records')));
if (isHealthRecordsQuery) {
try {
logAudit(req);
} catch (error) {
console.error(error);
}
}
}
} catch (error) {
console.error(error);
}
next();
};
function parseJwt(token) {
return JSON.parse(Buffer.from(token.split('.')[1], 'base64').toString());
}
const logAudit = (req) => {
// console.log(req.headers);
let logRow;
const timestamp = new Date().toISOString();
const request = req.body;
if (req && req.headers && req.headers.authorization) {
const token = req.headers.authorization.split(' ')[1];
const parsedToken = parseJwt(token);
const accessByUserId = parsedToken['https://hasura.io/jwt/claims']['x-hasura-user-id'];
const accessByUserRole = parsedToken['https://hasura.io/jwt/claims']['x-hasura-default-role'];
const accessByOrganizationId = parsedToken['https://hasura.io/jwt/claims']['x-hasura-organization-id'];
logRow = { timestamp, request, accessByUserId, accessByUserRole, accessByOrganizationId };
}
else {
logRow = { timestamp, request, accessByUserRole: 'system' };
}
// append the log row to a file
fs.appendFile('audit.log', JSON.stringify(logRow) + '\n', (err) => {
if (err) {
console.error(err);
}
});
}
// function dynamicTarget(req) {
// console.log(`x-hasura-env: ${req.headers['x-hasura-env']}`);
// switch (req.headers['x-hasura-env']) {
// case 'local':
// return LOCAL_DESTINATION_HOST;
// case 'development':
// return DEV_DESTINATION_HOST;
// case 'staging':
// return STAGE_DESTINATION_HOST;
// case 'production':
// return PROD_DESTINATION_HOST;
// default:
// const error = new Error('Invalid [x-hasura-env] header!');
// error.stack = undefined;
// throw error;
// break;
// }
// }
const graphqlProxy = createProxyMiddleware({
target: DESTINATION_HOST,
changeOrigin: true,
onProxyReq: (proxyReq, req, res) => {
if (!req.body || !Object.keys(req.body).length) {
return;
}
const contentType = proxyReq.getHeader('Content-Type');
const writeBody = (bodyData) => {
proxyReq.setHeader('Content-Length', Buffer.byteLength(bodyData));
proxyReq.write(bodyData);
};
if (contentType === 'application/json') {
writeBody(JSON.stringify(req.body));
}
if (contentType === 'application/x-www-form-urlencoded') {
writeBody(querystring.stringify(req.body));
}
},
});
app.use(bodyParser.urlencoded({ extended: false }))
app.use(bodyParser.json())
app.use('/*', handleRequest, graphqlProxy);
app.listen(PORT, () => {
console.log(`Server listening on port http://localhost:${PORT}`);
});