Closed mitoop closed 4 years ago
Hi! try putting that middleware in the config
Hi @enzonotario. Middleware in the config will runs before the GraphQL execution phase. And the expected guard cant be got.
class Authenticate
{
/**
* The authentication factory instance.
*
* @var \Illuminate\Contracts\Auth\Factory
*/
protected $auth;
/**
* Create a new middleware instance.
*
* @param \Illuminate\Contracts\Auth\Factory $auth
* @return void
*/
public function __construct(Auth $auth)
{
$this->auth = $auth;
}
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @param string[] ...$guards
* @return mixed
*
* @throws \Illuminate\Auth\AuthenticationException
*/
public function handle($request, Closure $next, ...$guards)
{
$this->authenticate($request, $guards); // $guard will always `[ ]` and at last will use default guard
return $next($request);
}
This seems related to #880 and is yet another testament to how @middleware
is flawed.
@spawnia Maybe it is just the naming which is flawed, because it acts like a normal http middleware, but it actually isn't.
You can create a custom GraphQLContext
, see https://github.com/nuwave/lighthouse/pull/1105, and utilize the correct guards.
Additionally, how about we add a config option that allows specifying the default guard that is used within Lighthouse functionality that touches authentication?
This can now be solved by using the new AttemptAuthenticate
middleware, see https://github.com/nuwave/lighthouse/pull/1197
Environment
Lighthouse Version: 4.3.0 Laravel Version: 6.0.4
I use multi guards in Laravel. And My Schema demo is
In my situation, I found that the
Nuwave\Lighthouse\Schema\Context@construct
is always act before the middleware (checks: ["auth:app"]
), even I dont use@auth
or@can
directive in the schema.Nuwave\Lighthouse\Schema\Context
use\Illuminate\Http\Request@user
method to load user, and due to the middleware (checks: ["auth:app"]
) act after the method which will result in that the$request->user()
will always use default guard. But in fact I wanna use theapp
guard.I feel puzzled that why the
middleware
act after user loaded and whyContext
always loads user.