1616
1717package com .networknt .graphql .security ;
1818
19+ import com .networknt .audit .AuditHandler ;
1920import com .networknt .config .Config ;
21+ import com .networknt .graphql .common .GraphqlUtil ;
2022import com .networknt .handler .MiddlewareHandler ;
2123import com .networknt .security .JwtHelper ;
2224import com .networknt .status .Status ;
2325import com .networknt .utility .Constants ;
2426import com .networknt .exception .ExpiredTokenException ;
2527import com .networknt .utility .ModuleRegistry ;
28+ import com .sun .xml .internal .bind .v2 .runtime .reflect .opt .Const ;
2629import io .undertow .Handlers ;
2730import io .undertow .server .HttpHandler ;
2831import io .undertow .server .HttpServerExchange ;
3538import org .slf4j .Logger ;
3639import org .slf4j .LoggerFactory ;
3740
41+ import java .util .HashMap ;
3842import java .util .List ;
3943import java .util .Map ;
4044
@@ -62,8 +66,6 @@ public class JwtVerifyHandler implements MiddlewareHandler {
6266 static final String STATUS_SCOPE_TOKEN_EXPIRED = "ERR10004" ;
6367 static final String STATUS_AUTH_TOKEN_SCOPE_MISMATCH = "ERR10005" ;
6468 static final String STATUS_SCOPE_TOKEN_SCOPE_MISMATCH = "ERR10006" ;
65- static final String STATUS_INVALID_REQUEST_PATH = "ERR10007" ;
66- static final String STATUS_METHOD_NOT_ALLOWED = "ERR10008" ;
6769
6870 static final Map <String , Object > config = Config .getInstance ().getJsonMapConfig (JwtHelper .SECURITY_CONFIG );
6971
@@ -79,10 +81,11 @@ public void handleRequest(final HttpServerExchange exchange) throws Exception {
7981 if (jwt != null ) {
8082 try {
8183 JwtClaims claims = JwtHelper .verifyJwt (jwt );
82- // put claims into request header so that scope can be verified per endpoint.
83- headerMap .add (new HttpString (Constants .CLIENT_ID ), claims .getStringClaimValue (Constants .CLIENT_ID ));
84- headerMap .add (new HttpString (Constants .USER_ID ), claims .getStringClaimValue (Constants .USER_ID ));
85- headerMap .add (new HttpString (Constants .SCOPE ), claims .getStringListClaimValue (Constants .SCOPE ).toString ());
84+ Map <String , Object > auditInfo = new HashMap <>();
85+ auditInfo .put (Constants .ENDPOINT , GraphqlUtil .config .getPath ());
86+ auditInfo .put (Constants .CLIENT_ID , claims .getStringClaimValue (Constants .CLIENT_ID ));
87+ auditInfo .put (Constants .USER_ID , claims .getStringClaimValue (Constants .USER_ID ));
88+ exchange .putAttachment (AuditHandler .AUDIT_INFO , auditInfo );
8689 if (config != null && (Boolean )config .get (ENABLE_VERIFY_SCOPE )) {
8790 // need a way to figure out this is query or mutation, is it possible to have multiple queries
8891 // and mutations? If yes, then each one will have a scope with operation_name.r or operation_name.w
@@ -96,7 +99,7 @@ public void handleRequest(final HttpServerExchange exchange) throws Exception {
9699 try {
97100 JwtClaims scopeClaims = JwtHelper .verifyJwt (scopeJwt );
98101 secondaryScopes = scopeClaims .getStringListClaimValue ("scope" );
99- headerMap . add ( new HttpString ( Constants .SCOPE_CLIENT_ID ) , scopeClaims .getStringClaimValue (Constants .CLIENT_ID ));
102+ auditInfo . put ( Constants .SCOPE_CLIENT_ID , scopeClaims .getStringClaimValue (Constants .CLIENT_ID ));
100103 } catch (InvalidJwtException | MalformedClaimException e ) {
101104 logger .error ("InvalidJwtException" , e );
102105 Status status = new Status (STATUS_INVALID_SCOPE_TOKEN );
0 commit comments