This page is not created by, affiliated with, or supported by Slack Technologies, Inc.
2020-11-13
Channels
- # aleph (1)
- # announcements (18)
- # babashka (11)
- # beginners (112)
- # business (1)
- # calva (19)
- # cider (8)
- # clj-kondo (63)
- # cljsrn (10)
- # clojure (188)
- # clojure-australia (1)
- # clojure-dev (38)
- # clojure-europe (112)
- # clojure-nl (3)
- # clojure-provo (1)
- # clojure-spec (22)
- # clojure-uk (108)
- # clojurescript (37)
- # cryogen (4)
- # cursive (8)
- # data-science (1)
- # datomic (13)
- # emacs (9)
- # events (1)
- # fulcro (26)
- # funcool (3)
- # graalvm (2)
- # graphql (11)
- # helix (8)
- # jobs (1)
- # jobs-discuss (7)
- # nrepl (3)
- # off-topic (72)
- # pathom (10)
- # pedestal (1)
- # reagent (6)
- # reitit (7)
- # remote-jobs (1)
- # shadow-cljs (28)
- # xtdb (12)
@emccue Got a chance to start a project, this prints the correct stuff out for me https://gist.github.com/DanielStephens/c3cf076e574afd30fcf48cc9b8bd554e
okay so now I am slightly confused as to what exactly the interceptors are handling if not an http request
This probably has some inaccuracies but my understanding is, a WebSocket is a protocol that uses multiple http requests, there's one at the start which asks to initialise the connection, the payload passed along with this is what ends up as connection-params as far as I can tell, lacinia.pedestal (by default) just acknowledges this init request as long as it's readable and has the correct upgrade protocol. This seems potentially insecure but you can swap these pieces out with some work I believe. Once that acknowledgement/upgrade cycle has finished, another http request will be made which contains the graphql subscription body that you want to actually listen to. Technically you can send headers on each of those requests but from what I can see it's tricky with the Apollo SubscriptionClient which lacinia uses for GraphiQL. So I think connectionParams are part of the body of the ServletUpgradeRequest, which you managed to get ahold of earlier.
Once the connection is established it's going over tcp, but not as http, https://tools.ietf.org/html/rfc6455. So if you want to do something with headers and such you need to do this on the initial call. But there is no standard way to do authentication for this. You could also do a query to fetch some token or something. I don't think that's insecure, as in it's just open for anyone to make a request. Just as query/mutation by default is open over https.
thanks for the clarifications 👍
The subscription interceptors handle the bit after the initial connection which contains a graphql subscription body https://github.com/walmartlabs/lacinia-pedestal/blob/master/src/com/walmartlabs/lacinia/pedestal/subscriptions.clj#L151