Gen2: Support @constraint directive to validate requests

[straygar]

Describe the feature you'd like to request

Using GraphQL mutations, users can perform write operations against the Datastore. However, there is currently no simple way to perform field validation before the data is written.

Describe the solution you'd like

A zod-like interface in Gen2 in combination with graphql-constraint-directive used in the GraphQL schema is a good fit for this:

Post: a
  .model({
    title: a.string().max(30).pattern('my awesome regex'),
    content: a.string().max(255),
    mood: a.string().emoji(),
    comments: a.hasMany(a.ref('Comment')).max(20),
   })

Describe alternatives you've considered

• A validator function invoked on every mutation, which either succeeds or returns an error message

  Post: a.model({}).validator((event: unknown) => ...);

• workaround: Writing a custom mutation to do this validation

Additional context

No response

Is this something that you'd be interested in working on?

• [ ] 👋 I may be able to implement this feature request

Would this feature include a breaking change?

• [ ] ⚠️ This feature might incur a breaking change

[straygar]

Related issues for reference:

• https://github.com/aws-amplify/amplify-category-api/issues/1571
• https://github.com/aws/aws-appsync-community/issues/203
• https://github.com/aws-amplify/amplify-cli/issues/2499

[AnilMaktala]

Hey @straygar, Thank you for requesting this. We are marking this as a feature request for the team to evaluate futher.

[TheRealBenForce]

@straygar , I'm still a pretty new dev and learning all of this. I thought I had a handle on how to securely validate data before I moved to amplify. Now I'm not so sure.

Why would this be an issue just for mutations? Why not also for something like:

await client.models.Posts.create(data)

[straygar]

@TheRealBenForce is a creation also not a mutation in graphql land?

• query - read-only operations
• mutation - everything else

[TheRealBenForce]

@TheRealBenForce is a creation also not a mutation in graphql land?

• query - read-only operations
• mutation - everything else

I agree. The gen 2 docs have a separate section for mutations but I see now it is for custom mutations