GraphQL Middleware
Per GraphQL’s authorization guidance, authorization should live in one place—between the GraphQL layer and your resolvers. Use Casbin in resolvers (or a thin wrapper) to enforce access on types, fields, or operations.
// Casbin authorization logic lives inside postRepository
var postRepository = require('postRepository');
var postType = new GraphQLObjectType({
name: 'Post',
fields: {
body: {
type: GraphQLString,
resolve: (post, args, context, { rootValue }) => {
return postRepository.getBody(context.user, post);
}
}
}
});
Available GraphQL Middlewares
Available Casbin GraphQL integrations:
| Middleware | Implementazione GraphQL | Autore | Descrizione |
|---|---|---|---|
| graphql-authz | graphql | Casbin | Authorization middleware for graphql-go |
| graphql-casbin | graphql | @esmaeilpour | GraphQL and Casbin integration example |
| gqlgen_casbin_RBAC_example | gqlgen | @WenyXu | (vuoto) |
| Middleware | Implementazione GraphQL | Autore | Descrizione |
|---|---|---|---|
| graphql-authz | GraphQL.js | Casbin | Casbin authorization middleware for GraphQL.js |
| Middleware | Implementazione di GraphQL | Autore | Descrizione |
|---|---|---|---|
| graphql-authz | GraphQL-core 3 | @Checho3388 | Casbin authorization middleware for GraphQL-core 3 |