Reputation: 5854
GraphQL scheme based permissions
I am building a GraphQL Server in Node and am tackling the permission subject. I made a research and most of the recommendations is to place this logic somewhere in resolvers.
I would rather like it to be able to place the permission checking as a middleware step, that is, before it reaches a corresponding resolver(s). This would have several advantages, like: - authorisation logic is centralised and reused by all resolvers - resolver logic is much cleaner and straight forward
Opinions about this approach? Any existing libraries to support GraphQL scheme-based permission validation
Upvotes: 0
Views: 152
Answers (2)
Reputation: 84657
GraphQL.js doesn't natively support "middleware" for resolvers -- since they're functions, you can just wrap them with whatever additional functions to add logic without repeating yourself. That said, you can add graphql-middleware for a nicer API for adding logic to multiple resolvers. If you use graphql-middleware, you can add graphql-shield which specifically deals with authorization.
Upvotes: 1
Reputation: 2799
you can use schema-directives which are more natural to graphql
here is a package that might help you graphql-directive-auth
Upvotes: 0
Related Questions
- Graphql shield returns Not Authorised for allowed mutation
- Graphql - universal permission guards
- GraphQL implement "not permitted"
- Implementing custom user permissions in GraphQL and Hasura
- graphql role based authorization
- Permissions in GraphQL
- GraphQL Authorization / Permission
- GraphQL permissions documentation
- How to check permissions and other conditions in GraphQL query?
- What is a good pattern for implementing access control in a GraphQL server?