search

rmosolgo / graphiql-rails

Mount the GraphiQL query editor in a Rails app
MIT License
447 stars 135 forks source link

conditionally render route #69

Closed lifeiscontent closed 4 years ago

lifeiscontent commented 5 years ago

is there a way to hook into the GET route and redirect if there is no auth token / cookie?

jturkel commented 5 years ago

We're using Devise for authentication and forced GraphiQL to authenticate with the following monkey patch:

GraphiQL::Rails::EditorsController.class_eval do
  before_action :authenticate_user!
end
connorshea commented 4 years ago

Not quite relevant to this issue, but I can't find a better issue to post it in:

I'm using Doorkeeper to handle API authentication and this is how I made GraphiQL work in development:

# config/initializers/graphiql.rb

# Only enable these in development, GraphiQL isn't enabled in production.
if Rails.env.development?
  GraphiQL::Rails.config.headers['X-GraphiQL-Request'] = ->(_context) { "true" }
end

And then the context looks like this in the execute method:

# app/controllers/graphql_controller.rb

context = {
  current_user: current_user || doorkeeper_user,
  doorkeeper_scopes: doorkeeper_token&.scopes&.to_a,
  graphiql_override: false
}

# Set graphiql_override to true if in development mode and the request
# has the GraphiQL Request header. This is used to allow GraphiQL
# requests to skip the Doorkeeper token checks.
context[:graphiql_override] = true if Rails.env.development? && request.headers['X-GraphiQL-Request'] == 'true'

Then I modify the base object and base mutation classes to not raise if the graphql_override context variable is true.

# app/graphql/types/base_object.rb

def self.authorized?(_object, context)
  raise GraphQL::ExecutionError, "You must be logged in to use the API." if context[:current_user].nil?

  if !context[:doorkeeper_scopes]&.include?('read') && !context[:graphiql_override]
    raise GraphQL::ExecutionError, "Your token must have the 'read' scope to perform a query." 
  end

  return true
end
# app/graphql/mutations/base_mutation.rb

def ready?(**_args)
  raise GraphQL::ExecutionError, "Your token must have the 'write' scope to perform a mutation." if !context[:doorkeeper_scopes]&.include?('write') && !context[:graphiql_override]

  return true
end

There might be better ways to do this, but it's how I'm handling it. :)

andredantasrocha commented 4 years ago

We're using Devise for authentication and forced GraphiQL to authenticate with the following monkey patch:

GraphiQL::Rails::EditorsController.class_eval do
  before_action :authenticate_user!
end

Hi @jturkel, where did you add this code? in an initializer?

jturkel commented 4 years ago

@andredantasrocha - We do have that code in an initializer. At some point we had to wrap it in a to_prepare to get things working properly in development with the Rails code reloader though:

Rails.configuration.to_prepare do
  GraphiQL::Rails::EditorsController.class_eval do
    before_action :authenticate_user!
  end 
end
andredantasrocha commented 4 years ago

Thanks @jturkel, it worked perfectly!

tylerwillingham commented 5 months ago

Just dropping into this old thread because I found it doing my own searching.

If you're looking for a devise alternative to the initializer you can use authenticated with your routes

# config/routes.rb

authenticated :user do
  mount GraphiQL::Rails::Engine, at: "/graphiql", graphql_path: "/graphql"
end

If there's more that you need to check you can also pass a lambda:

# config/routes.rb

authenticated :user, -> { GraphiQLPolicy.new(_1).manage? } do
  mount GraphiQL::Rails::Engine, at: "/graphiql", graphql_path: "/graphql"
end