search

nuwave / lighthouse

A framework for serving GraphQL from Laravel
https://lighthouse-php.com
MIT License
3.36k stars 438 forks source link

Problem with subscription middleware #2519

Closed ivanhuk closed 7 months ago

ivanhuk commented 7 months ago

I have a problem with laravel passport:

type Subscription @middleware(checks: ["auth:api"]) {    
    taskUpdated(projectId: ID!, id: ID!): Task 
        @subscription(class: "App\\GraphQL\\Subscriptions\\TaskUpdated")
}

$subscriber->context->user always returns null 

final class TaskUpdated extends GraphQLSubscription
{
    public function authorize(Subscriber $subscriber, Request $request): bool
    {

        dd($subscriber->context->user);

        return true;
    }
}

here front-end part

import LocalStorage from '@config/localStorage';
import { setContext } from '@apollo/client/link/context';
import { ApolloClient, InMemoryCache } from '@apollo/client';
import { createUploadLink } from 'apollo-upload-client';
import { ApolloLink } from "apollo-link";
import Pusher from "pusher-js";
import PusherLink from 'apollo-pusher-link';

const pusherLink = new PusherLink({
    pusher: new Pusher('---------', {
        cluster: 'eu',
        authEndpoint: `/graphql/subscriptions/auth`,
        auth: {
            headers: {
                Authorization: `Bearer ${localStorage.getItem(LocalStorage.token)}`
            },
        },

    })
})

const authLink = setContext((_, { headers }) => {

    const token = localStorage.getItem(LocalStorage.token);

    return {
        headers: {
            ...headers,
            authorization: token ? `Bearer ${token}` : "",
            'Content-Language': _sharedData.locale
        }
    }
});

const uploadLink = createUploadLink({
    uri: (operation) => '/graphql?' + operation.operationName,
    headers: { "keep-alive": "true" }
});

const client = new ApolloClient({
    cache: new InMemoryCache({ addTypename: false }),
    link: ApolloLink.from([authLink,
        pusherLink,
        uploadLink]),
});

export default client;

here result of requests:

Screenshot 2024-02-26 at 22 14 09 Screenshot 2024-02-26 at 22 14 17
stayallive commented 7 months ago

How have you set your guards config option? I'm assuming from the @middleware that you don't have that set or it's not set to api. Try changing it to api so Ligthouse uses the correct guard.

I would also advise you to use @guard (instead of @middleware) to make sure only authenticated users are accessing the field, read more about this here: https://lighthouse-php.com/6/security/authentication.html#configure-the-guard.

ivanhuk commented 7 months ago

How have you set your guards config option? I'm assuming from the @middleware that you don't have that set or it's not set to api. Try changing it to api so Ligthouse uses the correct guard.

I would also advise you to use @guard (instead of @middleware) to make sure only authenticated users are accessing the field, read more about this here: https://lighthouse-php.com/6/security/authentication.html#configure-the-guard.

I solved the problem. this is due to the fact that I used multytenancy, and the system searched for an authorization token in the central database, but it should have searched in the tenant database, because of this, I could not understand why the user was not authorized when sending the token