I'm writing a authorization component to validate GraphQL queries.
Using the ValidationContextobject I manage to get the operation type (mutation/query), operation name and the non-scalar field names contained in the query.
What I need is to get the GraphQL type of these non-scalar fields.
Here is the code I'm using for the validator (using Typescript):
let entitiesArray:Array<string> = new Array<string>()
function getRecursiveSelectionSetNodes (selSetNode:SelectionSetNode) {
selSetNode.selections.forEach ((node:FieldNode, index, array) => {
if (node.selectionSet) {
entitiesArray.push(node.name.value) // I could push the whole node, and make an array of nodes if necessary
getRecursiveSelectionSetNodes (node.selectionSet)
}
})
}
export const authorizeQuery = function authorizeQuery (context: ValidationContext): any {
let opNode:OperationDefinitionNode = getOperationAST(context.getDocument())
let opType = opNode.operation
console.log ('_________________ AUTH OPERATION TYPE: ', opType)
let opFieldNode:FieldNode = <FieldNode>opNode.selectionSet.selections[0]
let opName = opFieldNode.name.value
console.log ('_________________ AUTH OPERATION NAME: ', opName)
let selSetUser:SelectionSetNode = opFieldNode.selectionSet
// Selected fields by the user
// Here, first-level nodes will be objects requested by the query
// The nodes without a nested "SelectionSet" node will be scalar
// Nodes with a nested "SelectionSet" are non-scalar that need to be checked
getRecursiveSelectionSetNodes (selSetUser)
console.log ('_________________ AUTH ENTITIES: ', JSON.stringify(entitiesArray))
return []
}
This code returns the field names, not the type, so I need to map the field name "users" with the graphQL type "User[]", and so on, so I can perform authorization based on the graphql type being requested.
Any ideas?
via Carlos Delgado
No comments:
Post a Comment