refactor(graph-gateway): add query selector extractor and auth check (I)

edgeandnode · Jan 25, 2024 · 6542b59 · 6542b59
1 parent 5328670
commit 6542b59
Showing 1 changed file with 13 additions and 10 deletions.
diff --git a/graph-gateway/src/client_query.rs b/graph-gateway/src/client_query.rs
@@ -83,19 +83,22 @@ pub async fn handle_query(
     let start_time = Instant::now();
     let timestamp = unix_timestamp();
 
-    // Check if the query selector is authorized by the user
+    // Check if the query selector is authorized by the auth token
     match &selector {
-        QuerySelector::Subgraph(id) if !auth.is_subgraph_authorized(id) => {
-            return graphql::error_response(Error::Auth(anyhow!(
-                "Subgraph not authorized by user"
-            )));
+        QuerySelector::Subgraph(id) => {
+            if !auth.is_subgraph_authorized(id) {
+                return graphql::error_response(Error::Auth(anyhow!(
+                    "Subgraph not authorized by user"
+                )));
+            }
         }
-        QuerySelector::Deployment(id) if !auth.is_deployment_authorized(id) => {
-            return graphql::error_response(Error::Auth(anyhow!(
-                "Deployment not authorized by user"
-            )));
+        QuerySelector::Deployment(id) => {
+            if !auth.is_deployment_authorized(id) {
+                return graphql::error_response(Error::Auth(anyhow!(
+                    "Deployment not authorized by user"
+                )));
+            }
         }
-        _ => (),
     }
 
     let resolved_deployments = resolve_subgraph_deployments(&ctx.network, &selector).await;