Closed lifeiscontent closed 4 years ago
We're using Devise for authentication and forced GraphiQL to authenticate with the following monkey patch:
GraphiQL::Rails::EditorsController.class_eval do
before_action :authenticate_user!
end
Not quite relevant to this issue, but I can't find a better issue to post it in:
I'm using Doorkeeper to handle API authentication and this is how I made GraphiQL work in development:
# config/initializers/graphiql.rb
# Only enable these in development, GraphiQL isn't enabled in production.
if Rails.env.development?
GraphiQL::Rails.config.headers['X-GraphiQL-Request'] = ->(_context) { "true" }
end
And then the context
looks like this in the execute
method:
# app/controllers/graphql_controller.rb
context = {
current_user: current_user || doorkeeper_user,
doorkeeper_scopes: doorkeeper_token&.scopes&.to_a,
graphiql_override: false
}
# Set graphiql_override to true if in development mode and the request
# has the GraphiQL Request header. This is used to allow GraphiQL
# requests to skip the Doorkeeper token checks.
context[:graphiql_override] = true if Rails.env.development? && request.headers['X-GraphiQL-Request'] == 'true'
Then I modify the base object and base mutation classes to not raise if the graphql_override
context variable is true
.
# app/graphql/types/base_object.rb
def self.authorized?(_object, context)
raise GraphQL::ExecutionError, "You must be logged in to use the API." if context[:current_user].nil?
if !context[:doorkeeper_scopes]&.include?('read') && !context[:graphiql_override]
raise GraphQL::ExecutionError, "Your token must have the 'read' scope to perform a query."
end
return true
end
# app/graphql/mutations/base_mutation.rb
def ready?(**_args)
raise GraphQL::ExecutionError, "Your token must have the 'write' scope to perform a mutation." if !context[:doorkeeper_scopes]&.include?('write') && !context[:graphiql_override]
return true
end
There might be better ways to do this, but it's how I'm handling it. :)
We're using Devise for authentication and forced GraphiQL to authenticate with the following monkey patch:
GraphiQL::Rails::EditorsController.class_eval do before_action :authenticate_user! end
Hi @jturkel, where did you add this code? in an initializer?
@andredantasrocha - We do have that code in an initializer. At some point we had to wrap it in a to_prepare
to get things working properly in development with the Rails code reloader though:
Rails.configuration.to_prepare do
GraphiQL::Rails::EditorsController.class_eval do
before_action :authenticate_user!
end
end
Thanks @jturkel, it worked perfectly!
Just dropping into this old thread because I found it doing my own searching.
If you're looking for a devise alternative to the initializer you can use authenticated
with your routes
# config/routes.rb
authenticated :user do
mount GraphiQL::Rails::Engine, at: "/graphiql", graphql_path: "/graphql"
end
If there's more that you need to check you can also pass a lambda:
# config/routes.rb
authenticated :user, -> { GraphiQLPolicy.new(_1).manage? } do
mount GraphiQL::Rails::Engine, at: "/graphiql", graphql_path: "/graphql"
end
is there a way to hook into the GET route and redirect if there is no auth token / cookie?