This page is not created by, affiliated with, or supported by Slack Technologies, Inc.
2018-02-12
Channels
- # aws (3)
- # beginners (28)
- # boot (3)
- # cider (28)
- # clara (5)
- # cljs-dev (107)
- # cljsrn (1)
- # clojure (40)
- # clojure-austin (2)
- # clojure-brasil (5)
- # clojure-canada (1)
- # clojure-italy (1)
- # clojure-spec (39)
- # clojure-uk (38)
- # clojurescript (33)
- # community-development (11)
- # cursive (11)
- # datomic (43)
- # duct (6)
- # emacs (7)
- # flambo (1)
- # fulcro (68)
- # graphql (11)
- # jobs (1)
- # jobs-discuss (8)
- # leiningen (16)
- # luminus (2)
- # lumo (1)
- # off-topic (38)
- # om (2)
- # onyx (15)
- # parinfer (32)
- # portkey (5)
- # re-frame (50)
- # reagent (50)
- # reitit (1)
- # shadow-cljs (63)
- # spacemacs (10)
- # sql (27)
- # unrepl (6)
- # yada (2)
How to deal with auth on lacinia?
There is some way to process app-context before it come to "handler/resolver"?
I think you need to add some custom interceptor then, https://github.com/walmartlabs/lacinia/issues/99
The ideas in lacinia-pedestal can be adapted to other frameworks, such as Ring. Internally, we use pedestal so that's what we're prepared to develop and maintain.
What we do is we have a standard ring middleware stack including JWT auth, and the handler that calls (lacinia/execute) is wrapped underneath that
The other thing we do is that when a user is authenticated, we add a key to the app-context that corresponds to the logged-in user, then in the resolvers we access that if we need to restrict access to some fields based on what user is requesting it
It's all based on adding stuff to the request object in middleware in standard Ring fashion. I imagine you'd use interceptors for the same thing in pedestal, we aren't using lacinia-pedestal ourselves
Our code looks roughly like:
(defn create-context [request]
(let [db (dlib/get-db)
user (dlib/db-entity db (:identity request) :person/slug)]
{:ocp.lacinia/db db
:ocp.lacinia/user user
:ocp.lacinia/request-id (d/squuid)}))
(defn query-handler
[request]
(let [query (get-in request [:params :query])
variables (get-in request [:params :variables])
context (create-context request)
result (lacinia/execute (ocl/load-schema) query variables context)]
[...]
The interceptor complexity in lacinia-pedestal is driven by the desire to get default behavior, and allow for the "slotting" of additional logic, such as auth, between the established steps. Internally, we also do odd things such as rewriting the query to support older clients that submit invalid GraphQL (that pre-release versions of Lacinia accepted as valid). That's why, for example, we extract the query, variables, and operation name in one step, parse it in a second step, and execute it in a third.