laravel-graphql
laravel-graphql copied to clipboard
folkloreinc
How to use different middleware for different queries, mutation ?
I am developing an web app, in which users can view the products with out authentication but while adding products to the server, I must include authentication .
You should use authorize for a mutation instead a middleware
public function authorize() { return TRUE; }
However the package is not including parameters so far, it would be better if they use:
public function authorize($root, $args), may be in the future...
well, actually using authorize is about the authorization and the permissions to access which Query. The result of this action would be on status codes 200 (ok) or 403 (forbidden).
But since the question here is related to authentication I think the use of authenticate method would be a better choice. Which is about whether or not a client has signed in to the system.
Here is a simple implementation of this method using laravel passport
public function authenticated($root, $args, $context)
{
return $this->requiresAuthentication ? auth('api')->check() : true;
}
In the meantime I should add that, failure in authentication should normally result in the status code of 401 (unauthenticated) but laravelgraphql wouldn't do that and return 200 (ok) in both cases.
In the meantime I should add that, failure in authentication should normally result in the status code of 401 (unauthenticated) but laravelgraphql wouldn't do that and return 200 (ok) in both cases.
But it will also include an errors array with the Unauthorized text or something (text from the exception internally thrown).
I find it it unexpected too but it might be something with the GraphQL spec, haven't checked in detail yet.
@mfn yes, it returns the error, no doubt, But It would be a lot better if we could have had the status code as well. I don't know about the GraphQL specs, but It would make client side code easier if an status code for unauthenticated requests is returned