search

apollographql / graphql-subscriptions

:newspaper: A small module that implements GraphQL subscriptions for Node.js
MIT License
1.59k stars 133 forks source link

User specific publish #166

Closed deathg0d closed 6 years ago

deathg0d commented 6 years ago

Here's a small issue I faced and couldn't find much info in the documentation. I am trying to create private chat messages. We have the following code to subscribe a user to a topic:

export const resolvers = {
  Subscription: {
    somethingChanged: {
      subscribe: () => pubsub.asyncIterator('chat_messages'),
    },
  },
}

and to publish

pubsub.publish('chat_messages', { somethingChanged: { sender_id: 1, receiver_id: 2, message: 'test' }});

I have used onConnect to verify that the user is authenticated

const server = new ApolloServer({
    typeDefs,
    resolvers,
    subscriptions: {
        onConnect: (connectionParams, webSocket) => {
            ...
            if (!authenticated) throw error
            ...
        },
    },
   ...
})

This works well when I want to subscribe users to a particular topic for example. But how do I implement, private user to user communication? I have tried the withFilter but can't seem to implement user specific authorization(with respect to a message) checks.

grantwwu commented 6 years ago

You need some way to identify which user is making the request. This isn't really part of the GraphQL spec, as far as I know. Perhaps https://medium.com/the-graphqlhub/graphql-and-authentication-b73aed34bbeb might help?

deathg0d commented 6 years ago

Please review https://github.com/apollographql/apollo-server/issues/1553