I may be going about this all wrong, but I'd like a middleware piece that can read the graphql request. If it is for login mutation only, I can let it through without a valid session, else require a valid session. I could keep a whitelist of queries and mutations that are allowed through.I can't figure out where in Request the graphql is actually being stored.I'm using express. Any advice?I'll update this as I figure out more.const config = require('../config/config.js') const fs = require('fs') const path = require('path') const express = require('express') const expressGraphql = require('express-graphql') const expressJwt = require('express-jwt') const {schema} = require('./schema') const {root} = require('./root') const app = express() // JWT, applies a user to the req if the jwt is valid, req.user app.use('/graphql', expressJwt({ secret: config.sessions.jwtsecret, credentialsRequired: false }), function(err, req, res, next) { console.log('123') if (err.name === 'UnauthorizedError') { res.status(401).send('invalid token') } // currently, authorization happens at the resolver level. // Resolvers check that the session is still in the session store // This allows functions like login to run without a token // But will automatically reject bad tokens } ) // Test Middleware var logger = function (req, res, next) { console.log('\n\n\nLOGGED') console.log(req.user) console.log(req) next() } app.use(logger) // ================== This is the part I'm trying to figure out =================== // I want to make a peice of middleware that inspects the graphql request. // if it is for login only, pass it through // anything else, get the jwt, req.user, verify that the session is active // If they have an active session pass it through // Apply graphql to the App app.use('/graphql', expressGraphql({ schema: schema, rootValue: root // graphiql: true //pretty much limited to login because you can't modify header to include jwt })) // Start the server const server = require('https').createServer({ key: fs.readFileSync(path.join(__dirname, '../cert/key.pem')), cert: fs.readFileSync(path.join(__dirname, '../cert/certificate.pem')) }, app) const port = process.env.port || config.app.port server.listen(port, function () { console.log('Server started. Listening on port %d in %s mode', port, config.mode) })
Submitted February 22, 2019 at 08:19PM by sleepyj222
No comments:
Post a Comment