-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[feature]/event hook - Schema Directives #39
Comments
sounds perfect to me too
…On Tue, 6 Mar 2018 at 04:07 misko_lee ***@***.***> wrote:
how to make authorzation layer when i generated a graphql server.
i think we need a event call before call each query/mutation.
for:
1. authorization layer (Before* event)
2. access log (After* event)
3. common control logic
its like:
type Event interface{
BeforeQuery(ctx context.Context)
BeforeEachQuery(ctx context.Context,opName string,opParams map[string]interface{})
BeforeEachMutation(ctx context.Context,opName string,opParams map[string]interface{})
AfterQuery(ctx context.Context)
AfterEachQuery(ctx context.Context,opName string,opParams map[string]interface{},output interface{})
AfterEachMutation(ctx context.Context,opName string,opParams map[string]interface{},output interface{})
}
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#39>, or mute the thread
<https://github.com/notifications/unsubscribe-auth/ATuCwo6yMv70gZNHemM7XnpxIFOyE9I8ks5tbf1VgaJpZM4SeCHo>
.
|
I'm not a fan of for example: directive @hasRole(role: String) on FIELD | FIELD_DEFINITION
type Mutation {
updateAskingPrice(id: ID!, newPrice: Float!): Vehicle! @hasRole(role: "MANAGER")
} could generate resolver methods func (r *Resolvers) Directive_Vehicle_hasRole(ctx context.Context, next func(ctx context.Context) *Vehicle, role string) *Vehicle {
if !UserForCtx(ctx).HasRole(role) {
return nil
}
return next(ctx)
} |
Agree with @vektah, directives are the way to go! I'm also following progress on graphql/graphql-spec#300 to expose directives via introspection, that way the client can know what they have access to. |
yes. i think directive better than. i has some case for directive:
@vektah who work on it ? |
The blocker on this is that the parser gqlgen uses (https://github.com/graph-gophers/graphql-go/tree/master/internal/schema) doesn't currently support schema directives, only query directives. @tonyghita has recently started maintaining it again and has been pushing the parser forward so I am reluctant to make too many changes here until we see which way he takes it. I think there was talk in the gophers slack around bringing in a new lexer which would be a pretty large change. Good directive support is also required to validate against https://github.com/graphql-cats/graphql-cats |
@vektah Are we any further forward on this? The parser library hasn't received any updates in a few months now 😥 |
This has kinda progressed on two fronts, Firstly, most of the hooks described above can be achieved using middleware, I haven't documented it yet but take a look at the opentracing for some ideas. Secondly, work on a new parser is well under way, currently working through setting up the validation logic in a way thats maintainable going forward. There was a bit of related chatter in #100 |
Closed in favour of #156 |
how to make authorzation layer when i generated a graphql server.
i think we need a event call before call each query/mutation.
for:
its like:
The text was updated successfully, but these errors were encountered: