Are you trusting client information here? - Githubissues

oshalygin / gqlgen-pg-todo-example

This a simple gqlgen repository example which includes basic models and interactions with a pg database

MIT License

158 stars 31 forks source link

Are you trusting client information here? #2

Closed frederikhors closed 4 years ago

frederikhors commented 4 years ago

Are you trusting client information here?

Shouldn't we use server-side authentication info?

https://github.com/oshalygin/gqlgen-pg-todo-example/blob/master/resolvers/todo.go#L46

oshalygin commented 4 years ago

Oh yes certainly @frederikhors , but that would dive far into the complexity side of things and I am refraining from that. Surely we can mint tokens and set it on the request context, but I want to keep this repo as lean as possible.

frederikhors commented 4 years ago

Ok.