-
Notifications
You must be signed in to change notification settings - Fork 54
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
5 changed files
with
128 additions
and
15 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,38 @@ | ||
# GraphQL Middleware - Logging example | ||
|
||
This example illustrates basic usage of GraphQL Middleware. The idea is to log every field that has been requested by user. | ||
|
||
## Code | ||
|
||
> Mind the following parts | ||
### Import | ||
|
||
This is where we import `graphql-middleware`. | ||
|
||
```js | ||
const { applyMiddleware } = require('graphql-middleware') | ||
``` | ||
|
||
### Middleware | ||
|
||
Because we want every field of our schema to make a log once it's requested, we use `schema` wide middleware definition. | ||
|
||
```js | ||
const logMiddleware = async (resolve, parent, args, ctx, info) => { | ||
console.log(args, info) | ||
return resolve() | ||
} | ||
``` | ||
|
||
### Applying middleware | ||
|
||
This is the part where we modify the schema to reflect the changed middleware introduce. | ||
|
||
```js | ||
const analysedSchema = applyMiddleware(schema, logMiddleware) | ||
``` | ||
|
||
## License | ||
|
||
MIT |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,59 @@ | ||
# GraphQL Middleware - Permissions example | ||
|
||
This example illustrates how to use GraphQL Middleware to handle user permissions. Do take into consideration that this is a low level implementation with no optimizations. We recommend using `graphql-shield` for production usage. | ||
|
||
## Code | ||
|
||
> Mind the following parts | ||
### Import | ||
|
||
This is where we import `graphql-middleware`. | ||
|
||
```js | ||
const { applyMiddleware } = require('graphql-middleware') | ||
``` | ||
|
||
### Permission function | ||
|
||
This is where we decide whether the user should or shouldn't access the information. The following implementation preassumes that the secret is passed as the query header using `Authorization: <token>` format. | ||
|
||
```js | ||
const isLoggedIn = async (resolve, parent, args, ctx, info) => { | ||
// Include your agent code as Authorization: <token> header. | ||
const permit = ctx.request.get('Authorization') === code | ||
|
||
if (!permit) { | ||
throw new Error(`Not authorised!`) | ||
} | ||
|
||
return resolve() | ||
} | ||
``` | ||
|
||
### Middleware | ||
|
||
The following middleware implements one field-scoped and one type-scoped middleware. We use `field` scoped middleware with `secured` field to ensure only `secured` field of `Query` requires authorisation. Furthermore, we also use `type` middleware to make sure every field of `Me` type requires authorisation. | ||
|
||
There is no need to apply permissions to `me` field of `Query` as requesting any of type `Me` fields already requires authentication. | ||
|
||
```js | ||
const permissions = { | ||
Query: { | ||
secured: isLoggedIn, | ||
}, | ||
Me: isLoggedIn, | ||
} | ||
``` | ||
|
||
### Applying middleware | ||
|
||
This is the part where we modify the schema to reflect the changed middleware introduce. | ||
|
||
```js | ||
const protectedSchema = applyMiddleware(schema, permissions) | ||
``` | ||
|
||
## License | ||
|
||
MIT |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters