Closed danny-xx closed 1 year ago
Hi @danny-xx
I would recommend declarative authorization whenever possible. Luckily, it is already possible to do this in the master branch. Check this directive example.
In addition to that in v1.7.0
it will be possible to access the AST of the query and see all the fields and operations there.
The func for parsing query string is located under
/internal
package: https://github.com/graph-gophers/graphql-go/blob/master/internal/query/query.go#L18-L28Is there any concern for exposing this functionality to consumers?
Here's my example use case for justification:
I want to skip authorization validation in middleware for any "public" queries. For example:
In order to do this, I want to
Is this the proper way for checking specific query groups? I would appreciate it if anyone has better ideas!
Thanks in advance!