search

jaydenwindle / graphene-subscriptions

A plug-and-play GraphQL subscription implementation for Graphene + Django built using Django Channels.
MIT License
115 stars 15 forks source link

Fixed work with graphql_jwt.decorators #16

Closed YuriyKrasilnikov closed 2 years ago

YuriyKrasilnikov commented 4 years ago

Replaced AttrDict class to AsgiRequest Added auth from JWT Fixed work with graphql_jwt.decorators for subscription in schema

jaydenwindle commented 4 years ago

Hey @YuriyKrasilnikov!

Thanks so much for the PR, I really appreciate it :D I'm definitely a fan of adding support for authentication to this package (see the discussion in #14).

I do have a couple of questions about this approach that I'd love your thoughts on:

  1. Is there a way to make this compatible with Channels' built-in Django Authentication middleware instead of modifying the consumer directly? This seems like it might be a cleaner approach to take, and we would be able to rely on some Django built-in functionality to do the heavy lifting.
  2. If 1. isn't a possible, could you migrate this logic into a Custom Authentication Middleware for Channels? This way it's opt-in for users and doesn't require them to use graphql_jwt if they've got another auth system set up.

Would love to get this merged once we chat about those things. Thanks again!

YuriyKrasilnikov commented 4 years ago

Hey @YuriyKrasilnikov!

Thanks so much for the PR, I really appreciate it :D I'm definitely a fan of adding support for authentication to this package (see the discussion in #14).

I do have a couple of questions about this approach that I'd love your thoughts on:

  1. Is there a way to make this compatible with Channels' built-in Django Authentication middleware instead of modifying the consumer directly? This seems like it might be a cleaner approach to take, and we would be able to rely on some Django built-in functionality to do the heavy lifting.
  2. If 1. isn't a possible, could you migrate this logic into a Custom Authentication Middleware for Channels? This way it's opt-in for users and doesn't require them to use graphql_jwt if they've got another auth system set up.

Would love to get this merged once we chat about those things. Thanks again!

It's premature to commit, but a sketch with autorization through django:

def receive_connection_init(self, request):
    self.user = self.scope['user']

def receive_start(self, request):
    payload = request["payload"]
    self.scope["method"] = self.scope["type"]
    context = AsgiRequest(self.scope, BytesIO(b""))
    context.user = self.user
    context.id = request.get("id")
    schema = graphene_settings.SCHEMA