GraphQL Middlewares
Casbin follows the officially suggested way to provide authorization for GraphQL endpoints by having a single source of truth for authorization: https://graphql.org/learn/authorization/. In other words, Casbin should be placed between the GraphQL layer and your business logic.
// Casbin authorization logic lives inside postRepository
var postRepository = require('postRepository');
var postType = new GraphQLObjectType({
name: 'Post',
fields: {
body: {
type: GraphQLString,
resolve: (post, args, context, { rootValue }) => {
return postRepository.getBody(context.user, post);
}
}
}
});
Supported GraphQL Middlewares
A complete list of Casbin GraphQL middlewares is provided below. Any third-party contributions on a new GraphQL middleware are welcomed. Please inform us, and we will add it to this list:)
- Go
- Node.js
- Python
| Middleware | GraphQL Implementation | Author | Description |
|---|---|---|---|
| graphql-authz | graphql | Casbin | An authorization middleware for graphql-go |
| graphql-casbin | graphql | @esmaeilpour | An implementation of using Graphql and Casbin together |
| gqlgen_casbin_RBAC_example | gqlgen | @WenyXu | (empty) |
| Middleware | GraphQL Implementation | Author | Description |
|---|---|---|---|
| graphql-authz | GraphQL.js | Casbin | A Casbin authorization middleware for GraphQL.js |
| Middleware | GraphQL Implementation | Author | Description |
|---|---|---|---|
| graphql-authz | GraphQL-core 3 | @Checho3388 | A Casbin authorization middleware for GraphQL-core 3 |