-
-
Notifications
You must be signed in to change notification settings - Fork 677
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Make FieldResolver scoped #675
Comments
Please describe your issue with more details. What do you do in your code, what you expect the schema to look like, what is the reality. |
Say for example I have a public resolver: @injectable()
@Resolver(() => PublicProfile)
export class PublicProfileResolver {
...
} And here's how I build the public schema: const schema = await TypeGraphQL.buildSchema({
resolvers: values([PublicProfileResolver]),
container: containerGetter,
emitSchemaFile: {
path: path.join(__dirname, '../../schema.public.gql'),
commentDescriptions: true,
},
}); And I also have a private resolver: @injectable()
@Resolver(() => PrivateProfile)
export class PrivateProfileResolver {
...
} Here's how I build the private schema: const schema = await TypeGraphQL.buildSchema({
resolvers: values([PrivateProfileResolver]),
container: containerGetter,
emitSchemaFile: {
path: path.join(__dirname, '../../schema.private.gql'),
commentDescriptions: true,
},
}); Ideally I want I'm also using |
This also happens to type PublicProfile {
...
accessToken: Token! # this comes from PrivateProfile @FieldResolver(() => Token) which I don't want to expose
...
} |
@xinghul Please describe more what is your public and private profile... is this the same class, just aliased in the import clause? |
Closing for a housekeeping purposes 🔒 |
Hey sorry for the late reply, I only have one class @ObjectType()
class Profile {
@Field(() => String)
public name: string;
@Field(() => String)
public email: string;
} And it's being used by two resolvers, one public and one private, the private one has a @Resolver(() => Profile)
export class PublicProfileResolver {
...
}
@Resolver(() => Profile)
export class PrivateProfileResolver {
...
@FieldResolver(() => Token)
public async accessToken(@Root() profile: Profile): Promise<Token> {
return getTokenForProfile(profile);
}
} And here's how I build the public and private schema: // public
const schema = await TypeGraphQL.buildSchema({
resolvers: values([PublicProfileResolver]),
container: containerGetter,
emitSchemaFile: {
path: path.join(__dirname, '../../schema.public.gql'),
commentDescriptions: true,
},
}); // private
const schema = await TypeGraphQL.buildSchema({
resolvers: values([PrivateProfileResolver]),
container: containerGetter,
emitSchemaFile: {
path: path.join(__dirname, '../../schema.private.gql'),
commentDescriptions: true,
},
}); And as a result both type Profile {
name: String!
email: String!
accessToken: Token!
} Ideally Let me know if this makes sense, thanks :) |
@xinghul - Ideally, JWT tokens should be worked with outside of GraphQL. If a user is authenticated or not should be known before they even get to the GraphQL API, as it is common practice to have the information about the user inside the context object of the resolvers. This tutorial covers the subject very well. https://www.youtube.com/watch?v=25GS0MLT8JU Also, there is no real way to "privatize" schema output or rather introspection. It's all or nothing. So, either someone should be authorized to see the schema/ the docs, or they aren't (assuming that is what you are also looking for). What you can also do is put in an Authorization decorator on the field resolver, if you want to hide the data from prying eyes, (but this shouldn't be used for JWTs). https://typegraphql.com/docs/authorization.html Scott |
@xinghul Thanks for the clarify. I can reproduce this issue but unfortunately, it's too hardcorded in the codebase: type-graphql/src/metadata/metadata-storage.ts Lines 251 to 267 in 7ff22f6
So without rewriting the pipeline (#183) I can't quickly fix that issue 😞 |
@MichalLytek @smolinari thank you guys, this is helpful! |
Hey there, I was asking earlier about making the resolver methods scoped so that I can have public/private schemas based on resolvers passed in, and after upgrading the package to
1.0.0-rc.2
as you suggested, now the problem is solved, which is great.But I noticed the
FieldResolver
s (and@Resolver()
s in general) are still global, is there a plan to also make those scoped?Thank you and it's been amazing using
type-graphql
!The text was updated successfully, but these errors were encountered: