fix(jwt): JWT now extracted when jwtPublicKey || jwtSecret set (#1537)

src/postgraphile/http/__tests__/createPostGraphileHttpRequestHandler-test.js

@@ -639,16 +639,18 @@ for (const { name, createServerFromHandler, subpath = '' } of toTest) {
       expect(pgClient.release.mock.calls).toEqual([[]]);
     });
 
-    test('adds properties from the JWT to the session', async () => {
-      pgPool.connect.mockClear();
-      pgClient.query.mockClear();
-      pgClient.release.mockClear();
-      const jwtSecret = 'secret';
-      const pgDefaultRole = 'pg_default_role';
-      const server = await createServer({ jwtSecret, pgDefaultRole });
-      await request(server)
-        .post(`${subpath}/graphql`)
-        /*
+    test.each([['jwtSecret'], ['jwtPublicKey']])(
+      'adds properties from the JWT to the session (keyType: %s)',
+      async keyType => {
+        pgPool.connect.mockClear();
+        pgClient.query.mockClear();
+        pgClient.release.mockClear();
+        const jwtSecret = 'secret';
+        const pgDefaultRole = 'pg_default_role';
+        const server = await createServer({ [keyType]: jwtSecret, pgDefaultRole });
+        await request(server)
+          .post(`${subpath}/graphql`)
+          /*
           {
             "aud": "postgraphile",
             "role": "johndoe",
@@ -661,48 +663,49 @@ for (const { name, createServerFromHandler, subpath = '' } of toTest) {
             "array": {"n": 7, "a":"fred", "c":21}
           }
         */
-        .set(
-          'Authorization',
-          'Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJwb3N0Z3JhcGhpbGUiLCJyb2xlIjoiam9obmRvZSIsImlhdCI6MTUxNjIzOTAyMiwidXNlcl9pZCI6MjkzNDA4NSwibnVtYmVyIjoyNywiYm9vbF90cnVlIjp0cnVlLCJib29sX2ZhbHNlIjpmYWxzZSwibnVsbCI6bnVsbCwiYXJyYXkiOnsibiI6NywiYSI6ImZyZWQiLCJjIjoyMX19.MjMRJynCi1ZwiYiLduRxOQeK2FjWtT8IvSVc1_IanEg',
-        )
-        .send({ query: '{query}' })
-        .expect(200)
-        .expect('Content-Type', /json/)
-        .expect({ data: { query: null } });
-      expect(pgPool.connect.mock.calls).toEqual([[]]);
-      expect(pgClient.query.mock.calls).toEqual([
-        ['begin'],
-        [
-          {
-            text:
-              'select set_config($1, $2, true), set_config($3, $4, true), set_config($5, $6, true), set_config($7, $8, true), set_config($9, $10, true), set_config($11, $12, true), set_config($13, $14, true), set_config($15, $16, true), set_config($17, $18, true)',
-            values: [
-              'role',
-              'johndoe',
-              'jwt.claims.aud',
-              'postgraphile',
-              'jwt.claims.role',
-              'johndoe',
-              'jwt.claims.iat',
-              '1516239022',
-              'jwt.claims.user_id',
-              '2934085',
-              'jwt.claims.number',
-              '27',
-              'jwt.claims.bool_true',
-              'true',
-              'jwt.claims.bool_false',
-              'false',
-              'jwt.claims.array',
-              JSON.stringify({ n: 7, a: 'fred', c: 21 }),
-            ],
-          },
-        ],
-        ['EXECUTE'],
-        ['commit'],
-      ]);
-      expect(pgClient.release.mock.calls).toEqual([[]]);
-    });
+          .set(
+            'Authorization',
+            'Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJwb3N0Z3JhcGhpbGUiLCJyb2xlIjoiam9obmRvZSIsImlhdCI6MTUxNjIzOTAyMiwidXNlcl9pZCI6MjkzNDA4NSwibnVtYmVyIjoyNywiYm9vbF90cnVlIjp0cnVlLCJib29sX2ZhbHNlIjpmYWxzZSwibnVsbCI6bnVsbCwiYXJyYXkiOnsibiI6NywiYSI6ImZyZWQiLCJjIjoyMX19.MjMRJynCi1ZwiYiLduRxOQeK2FjWtT8IvSVc1_IanEg',
+          )
+          .send({ query: '{query}' })
+          .expect(200)
+          .expect('Content-Type', /json/)
+          .expect({ data: { query: null } });
+        expect(pgPool.connect.mock.calls).toEqual([[]]);
+        expect(pgClient.query.mock.calls).toEqual([
+          ['begin'],
+          [
+            {
+              text:
+                'select set_config($1, $2, true), set_config($3, $4, true), set_config($5, $6, true), set_config($7, $8, true), set_config($9, $10, true), set_config($11, $12, true), set_config($13, $14, true), set_config($15, $16, true), set_config($17, $18, true)',
+              values: [
+                'role',
+                'johndoe',
+                'jwt.claims.aud',
+                'postgraphile',
+                'jwt.claims.role',
+                'johndoe',
+                'jwt.claims.iat',
+                '1516239022',
+                'jwt.claims.user_id',
+                '2934085',
+                'jwt.claims.number',
+                '27',
+                'jwt.claims.bool_true',
+                'true',
+                'jwt.claims.bool_false',
+                'false',
+                'jwt.claims.array',
+                JSON.stringify({ n: 7, a: 'fred', c: 21 }),
+              ],
+            },
+          ],
+          ['EXECUTE'],
+          ['commit'],
+        ]);
+        expect(pgClient.release.mock.calls).toEqual([[]]);
+      },
+    );
 
     test('will respect an operation name', async () => {
       const server = await createServer();

src/postgraphile/http/createPostGraphileHttpRequestHandler.ts

@@ -126,10 +126,12 @@ function withPostGraphileContextFromReqResGenerator(
     pgSettings: pgSettingsGenerator,
     allowExplain: allowExplainGenerator,
     jwtSecret,
+    jwtPublicKey,
     additionalGraphQLContextFromRequest,
   } = options;
   return async (req, res, moreOptions, fn) => {
-    const jwtToken = jwtSecret ? getJwtToken(req) : null;
+    const jwtVerificationSecret = jwtPublicKey || jwtSecret;
+    const jwtToken = jwtVerificationSecret ? getJwtToken(req) : null;
     const additionalContext =
       typeof additionalGraphQLContextFromRequest === 'function'
         ? await additionalGraphQLContextFromRequest(req, res)