From d3b39cad9720b032a7946e79fcbdb5332916f3d4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A9r=C3=A9my=20M?= <jeremy.magrin@gmail.com>
Date: Mon, 2 Oct 2023 17:17:42 +0200
Subject: [PATCH] feat: add env security in dynamic resolvers (#1812)

* feat: add env security in dynamic resolvers

* fix: tests
---
 .../entity-resolver.service.spec.ts           |  5 +++++
 .../entity-resolver.service.ts                | 20 +++++++++++++++++--
 2 files changed, 23 insertions(+), 2 deletions(-)

diff --git a/server/src/tenant/entity-resolver/entity-resolver.service.spec.ts b/server/src/tenant/entity-resolver/entity-resolver.service.spec.ts
index a75ba34c3..96bb0b254 100644
--- a/server/src/tenant/entity-resolver/entity-resolver.service.spec.ts
+++ b/server/src/tenant/entity-resolver/entity-resolver.service.spec.ts
@@ -1,6 +1,7 @@
 import { Test, TestingModule } from '@nestjs/testing';
 
 import { DataSourceService } from 'src/tenant/metadata/data-source/data-source.service';
+import { EnvironmentService } from 'src/integrations/environment/environment.service';
 
 import { EntityResolverService } from './entity-resolver.service';
 
@@ -15,6 +16,10 @@ describe('EntityResolverService', () => {
           provide: DataSourceService,
           useValue: {},
         },
+        {
+          provide: EnvironmentService,
+          useValue: {},
+        },
       ],
     }).compile();
 
diff --git a/server/src/tenant/entity-resolver/entity-resolver.service.ts b/server/src/tenant/entity-resolver/entity-resolver.service.ts
index 1bd331e0c..e8e189890 100644
--- a/server/src/tenant/entity-resolver/entity-resolver.service.ts
+++ b/server/src/tenant/entity-resolver/entity-resolver.service.ts
@@ -1,15 +1,23 @@
-import { BadRequestException, Injectable } from '@nestjs/common';
+import {
+  BadRequestException,
+  ForbiddenException,
+  Injectable,
+} from '@nestjs/common';
 
 import { GraphQLResolveInfo } from 'graphql';
 import graphqlFields from 'graphql-fields';
 
 import { DataSourceService } from 'src/tenant/metadata/data-source/data-source.service';
+import { EnvironmentService } from 'src/integrations/environment/environment.service';
 
 import { convertFieldsToGraphQL } from './entity-resolver.util';
 
 @Injectable()
 export class EntityResolverService {
-  constructor(private readonly dataSourceService: DataSourceService) {}
+  constructor(
+    private readonly dataSourceService: DataSourceService,
+    private readonly environmentService: EnvironmentService,
+  ) {}
 
   async findAll(
     entityName: string,
@@ -18,6 +26,10 @@ export class EntityResolverService {
     info: GraphQLResolveInfo,
     fieldAliases: Record<string, string>,
   ) {
+    if (!this.environmentService.isFlexibleBackendEnabled()) {
+      throw new ForbiddenException();
+    }
+
     const workspaceDataSource =
       await this.dataSourceService.connectToWorkspaceDataSource(workspaceId);
 
@@ -62,6 +74,10 @@ export class EntityResolverService {
     info: GraphQLResolveInfo,
     fieldAliases: Record<string, string>,
   ) {
+    if (!this.environmentService.isFlexibleBackendEnabled()) {
+      throw new ForbiddenException();
+    }
+
     const workspaceDataSource =
       await this.dataSourceService.connectToWorkspaceDataSource(workspaceId);