feat: Keycloak service as wrapper (#1508)

Co-authored-by: Enda <ephelan@redhat.com>
Co-authored-by: Manyanda Chitimbo <manyanda.chitimbo@gmail.com>

Author: 3 people

docs/authentication/introduction.md

@@ -0,0 +1,18 @@
+---
+id: authinto
+title: Authentication and authorization for Graphback
+sidebar_label: Introduction
+---
+
+Graphback abstracts from the authentication mechanism.
+By default Graphback templates come without authentication, but it is easy to retrofit any existing authentication mechanism 
+on top of Graphback.
+
+With the `GraphbackCRUDService` abstraction developers can add any rules and implement various different authorization policies.
+Graphback developers recomend following libraries:
+
+- [Passport.js](http://www.passportjs.org/) if you looking for in application authorization and authentication mechanisms.
+- [Keycloak](https://www.keycloak.org/) SSO - Standalone SSO server offering integration with various social OAuth logins and federating users.
+
+Graphback provides out of the box support for Keycloak SSO thanks to @graphback/keycloak-authz that utilizes
+https://github.com/aerogear/keycloak-connect-graphql library

docs/authentication/keycloak.md

@@ -0,0 +1,114 @@
+---
+id: keycloak
+title: Out of the box Keycloak based authentication
+sidebar_label: Keycloak Auth
+---
+
+## Graphback Keycloak Authz
+
+Graphback Keycloak Authz enables [Keycloak](https://www.keycloak.org/) integration in [Graphback](https://graphback.dev) based applications. This enables you to declaratively add authorization capabilities like role based access on top of the CRUD model that is used within Graphback.
+
+
+This package is designed to work with [`keycloak-connect`](https://www.npmjs.com/package/keycloak-connect) and [`keycloak-connect-graphql`](https://www.npmjs.com/package/keycloak-connect-graphql). `keycloak-connect` is the official Keycloak middleware for Express applications. `keycloak-connect-graphql` provides deeper Keycloak integration into GraphQL servers.
+
+> NOTE: This package is an early alpha and not officially supported by Graphback
+
+## Getting Started
+
+This module requires you to install the following dependencies into your application.
+
+```bash
+npm install keycloak-connect
+npm install keycloak-connect-graphql
+```
+
+Then follow the [Getting started instructions for `keycloak-connect-graphql`](https://github.com/aerogear/keycloak-connect-graphql#getting-started)
+
+Once the getting started instructions are covered, you must create a configuration that defines the authorization rules for each model within your Graphback application.
+
+Here is an example configuration.
+
+```ts
+const authConfig = {
+  Task: {
+    create: {},
+    read: {},
+    update: { roles: ['admin'] },
+    delete: { roles: ['admin'] },
+  },
+  Report: {
+    create: { roles: ['admin'] },
+    read: {},
+    update: { roles: ['admin'] },
+    delete: { roles: ['admin'] },
+  },
+};
+```
+
+With this configuration the following rules are in place.
+
+- All users can create and read `Task` types but only admins can update and delete them.
+- Admin users can create, update and delete `Report` types, and all users can read them.
+
+## Example with Graphback Runtime
+
+During server initialization, use the `createKeycloakCRUDService` function to initialize the KeycloakCrudService instances for each model.
+
+The following example shows just the necessary parts to set up the runtime services in Graphback.
+
+```ts
+import { ApolloServer } from 'apollo-server-express'
+import { createKeycloakCRUDService } from '@graphback/keycloak-authz'
+import { KnexDbDataProvider } from '@graphback/runtime-knex'
+import { PubSub } from 'graphql-subscriptions'
+import * as Knex from 'knex'
+import { buildGraphbackAPI, createCRUDService } from 'graphback'
+
+// the application model
+const model = `
+"""
+@model
+"""
+type Task {
+  id: ID!
+  title: String!
+  description: String!
+}`
+
+// the auth rules for the application
+const authConfig = {
+  Task: {
+    create: {},
+    read: {},
+    update: { roles: ["admin"] },
+    delete: { roles: ["admin"] }
+  }
+}
+
+// set up the Knex database client
+const db = Knex({...})
+
+// standard Graphback runtime setup
+const pubSub = new PubSub()
+
+const keycloakService = createKeycloakCRUDService(authConfig, createCRUDService({
+  pubSub: new PubSub()
+}));
+const { typeDefs, resolvers, contextCreator } = buildGraphbackAPI(modelDefs, {
+  serviceCreator: keycloakService,
+  dataProviderCreator: createKnexDbProvider(db)
+});
+
+const server = new ApolloServer({
+  typeDefs,
+  resolvers,
+  context: (context) => {
+    return {
+      ...contextCreator(context),
+      kauth: new KeycloakContext({ req: context.req })
+    }
+  }
+})
+```
+
+The above example shows runtime set up using the KnexDbDataProvider, but other data providers such as the `MongoDBDataProvider` can also be passed.

docs/releases.md

@@ -36,6 +36,13 @@ becomes:
 """
 ```
 
+### @graphback/runtime package is removed
+
+Runtime package should no longer be used in top level API.
+All functionalities were moved to the @graphback/core package.
+
+> NOTE: Users should never have runtime or core packages imported in their 
+applications and interact with graphback package as aggregator
 
 #### API code generation is no longer supported
 

docs/subscriptions/introduction.md

@@ -0,0 +1,46 @@
+---
+id: subintro
+title: Live Updates for Graphback
+sidebar_label: Live Updates
+---
+
+Graphback provides out of the box subscriptions support by providing one of the `PubSubEngines` 
+from https://github.com/apollographql/graphql-subscriptions library. 
+Thanks to that developers can connect to any publish subscribe mechanism they have available.
+Our templates target to be minimal and unopiniated are using `InMemoryPubSubEngine`
+
+We recomend following engines:
+
+- AMQ (MQTT) using https://github.com/aerogear/graphql-mqtt-subscriptions
+- Redis - using https://github.com/davidyaha/graphql-redis-subscriptions
+
+## Subscriptions explained
+
+Graphback provides subscriptions for every type of the operation that is happening on the server. 
+This means that developers can explicitly subscribe to create, update and delete operations for particular resource.
+
+Subscriptions can be also suppressed by developers by enabling or disabling subscription CRUD flags when initializing Graphback server 
+
+```js
+    {
+        ...
+        subCreate: true
+        subUpdate: true
+        subDelete: true
+    }
+```
+
+## Changing Subscription Topics
+
+Some of the pub sub mechanism will require different format of the topic. 
+Graphback CRUD services expose method that can be used to override how topics are build.
+For example for AMQ we can create extension of the CRUD service as follows
+
+```ts
+export class AMQCRUDService extends CrudService {
+    protected subscriptionTopicMapping(triggerType: GraphbackOperationType, objectName: string) {
+        // Support AMQ topic creation format
+        return `graphql/${objectName}_${triggerType}`
+    }
+}
+```

package.json

@@ -54,7 +54,6 @@
     "codegen-offix-workspace": "yarn workspace @graphback/codegen-offix",
     "codegen-client-workspace": "yarn workspace @graphback/codegen-client",
     "codegen-schema-workspace": "yarn workspace @graphback/codegen-schema",
-    "runtime-workspace": "yarn workspace @graphback/runtime",
     "datasync-workspace": "yarn workspace @graphback/datasync",
     "runtime-knex-workspace": "yarn workspace @graphback/runtime-knex",
     "runtime-mongo-workspace": "yarn workspace @graphback/runtime-mongo",

packages/graphback-core/README.md

@@ -12,34 +12,11 @@
 
 ## Graphback-Core 
 
-Codegen core package is an abstraction that provides common entry point to all graphback generators:
-- Client generator
-- Schema generator
-- Various resolver generators
-- Various Service layer generators
-- Various DBLayer generators
+Core package is an abstraction that provides common entry point to all graphback concepts:
 
-`InputProcessor` abstraction provides seamless way for providing valid input for generators. 
+- Plugins
+- Helpers for building https://graphqlcrud.org schema
+- GraphbackCRUDService abstraction
+- DataProvider abstraction
 
-> Note: This package is not designed to be used directly.
-
-
-## Adding support for new inputs types
-
-Graphback-Codegen-Input by default relies on GraphQL schema model as input. 
-However it can support any type of inputs like json schema, database or OpenAPI definitions.
-
-Developers can extend functionality by using `InputProcessor` abstraction.
-
-## Generator config
-
-Each individual type will contain individual config. Developers can pass global configuration that will be applied to every type
-
-See `GraphbackCRUDGeneratorConfig` for more information.
-
-Config can be modified directly in the schema by utilizing [`graphql-metadata`](graphql-metadata):
-
-## Contributing
-
-`./api` folder contains all types required for creating input processors
-`./graphql` folder contains implementation that builds GraphQL based processors
+> NOTE: This package is not designed to be used directly.

packages/graphback-core/package.json

@@ -43,7 +43,9 @@
     "graphql-fields-list": "2.1.3",
     "graphql-metadata": "0.7.0",
     "pino": "6.3.2",
-    "pluralize": "8.0.0"
+    "pluralize": "8.0.0",
+    "dataloader": "2.0.0",
+    "graphql-subscriptions": "1.1.0"
   },
   "peerDependencies": {
     "graphql": "^14.0.0 || ^15.0.0"

packages/graphback-core/src/index.ts

@@ -8,12 +8,15 @@ export * from './plugin/GraphbackGlobalConfig'
 export * from './plugin/GraphbackCRUDGeneratorConfig';
 export * from './plugin/ModelDefinition'
 export * from './plugin/getSelectedFieldsFromResolverInfo';
-export * from './utils/printSchemaWithDirectives';
-export * from './utils/metadataAnnotations';
 export * from './plugin/GraphbackCoreMetadata'
+
 export * from './relationships/RelationshipMetadataBuilder';
 export * from './relationships/relationshipHelpers';
-export * from './runtime'
-export * from './db';
 export * from './annotations/DefaultValueAnnotation';
 
+export * from './utils/printSchemaWithDirectives';
+export * from './utils/metadataAnnotations';
+export * from './utils/fieldTransformHelpers';
+
+export * from './runtime';
+export * from './db';

…hback-runtime/src/service/CRUDService.ts …raphback-core/src/runtime/CRUDService.tspackages/graphback-runtime/src/service/CRUDService.ts renamed to packages/graphback-core/src/runtime/CRUDService.ts packages/graphback-runtime/src/service/CRUDService.ts renamed to packages/graphback-core/src/runtime/CRUDService.ts

@@ -1,6 +1,7 @@
-import { GraphbackOperationType, upperCaseFirstChar, GraphbackDataProvider, GraphbackCRUDGeneratorConfig, GraphbackCRUDService, ResultList, GraphbackOrderBy, GraphbackPage, GraphbackContext } from "@graphback/core"
 import * as DataLoader from "dataloader";
 import { PubSubEngine } from 'graphql-subscriptions';
+import { GraphbackCRUDGeneratorConfig, GraphbackOperationType, upperCaseFirstChar } from '..';
+import { GraphbackCRUDService, GraphbackDataProvider, GraphbackContext, GraphbackOrderBy, GraphbackPage, ResultList } from '.';
 
 /**
  * Configurations necessary to create a CRUDService