You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am trying to wrap a remote graphql api (saleor's) and enforce some custom authorization rules on top of it, and i would like to modify the incoming queries according to the user's access level.
My first step was to test if i was able to expose only parts of the saleor's graphql endpoint, that went well with FilterRootFields. Then my next step was to test if could read and modify passed arguments to those exposed operations, so far i have achieved this using TransformObjectFields but i think i am not using it the way it is supposed to. Do i need to create a custom Transform for this ? or maybe use stitched schemas ?
So any guidance in the right direction would be appreciated
importfetchfrom'node-fetch'import{print,StringValueNode,ArgumentNode}from'graphql'import{ExecutionParams}from'@graphql-tools/utils'import{introspectSchema,wrapSchema,TransformObjectFields,FilterRootFields}from'@graphql-tools/wrap'importconfigfrom'lib/config'constexecutor=async({ document, variables }: ExecutionParams)=>{constquery=print(document)constfetchResult=awaitfetch(config.saleor.admin_endpoint,{method: 'POST',headers: {'Content-Type': 'application/json',Authorization: `Bearer ${config.saleor.admin_api_token}`,},body: JSON.stringify({ query, variables }),})returnfetchResult.json()}exportdefaultasync()=>{constschema=wrapSchema({schema: awaitintrospectSchema(executor),transforms: [newFilterRootFields((operationName,fieldName)=>{// Expose only Query.products and Mutation.productCreateif(operationName==='Query'&&fieldName==='products')returntrueif(operationName==='Mutation'&&fieldName==='productCreate')returntruereturnfalse}),newTransformObjectFields(// (typeName,fieldName,fieldConfig)=>{returnfieldConfig},(typeName,fieldName,fieldConfig)=>{// Modify Query.products graphQL Requestif(typeName==='Query'&&fieldName==='products'){// modify Query.products arguments// Find the first channel argumentconstchannelArg=fieldConfig.arguments?.find((arg)=>arg.name.value==='channel')if(channelArg){constvalueArg=channelArg?.valueasunknownasStringValueNodeconstnewArgument={kind: 'Argument',name: channelArg.name,value: {kind: 'StringValue',value: 'test-retailer',// 13 charactersblock: false,loc: {start: valueArg.loc?.start,end: valueArg.loc?.start||0+2+13}// confused here, i just manually sum the value characters length since it seems to be doing that}}asArgumentNode// Filter out all possible instances of a channel argumentconstnewArguments=fieldConfig.arguments?.filter((arg)=>arg.name.value!=='channel').slice(0)newArguments?.push(newArgument)return{kind: 'Field',arguments: newArguments,name: fieldConfig.name,selectionSet: fieldConfig.selectionSet,}astypeoffieldConfig}}returnfieldConfig}),],
executor,})returnschema}
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Hi All!
I am trying to wrap a remote graphql api (saleor's) and enforce some custom authorization rules on top of it, and i would like to modify the incoming queries according to the user's access level.
My first step was to test if i was able to expose only parts of the saleor's graphql endpoint, that went well with FilterRootFields. Then my next step was to test if could read and modify passed arguments to those exposed operations, so far i have achieved this using TransformObjectFields but i think i am not using it the way it is supposed to. Do i need to create a custom Transform for this ? or maybe use stitched schemas ?
So any guidance in the right direction would be appreciated
Beta Was this translation helpful? Give feedback.
All reactions