Type-graphql: `@Authorized` in subscriptions
Right now @Authorized in subscriptions cause that the autorization checker is called only when pubsub emit new event in selected topic (when subscription method body is called). But it should be called only during subscribe phase to reject unauthorized clients.
This would require some changes in creating middlewares stack that is applied only for resolvers. For now I will handle that case manually without exposing different kind of middlewares.
MichalLytek
All 3 comments
I would like to suggest a workaround for refusing connections in resolvers @19majkel94 :
first you make authorization in onConnect
(but don't reject the socket yet, just return the status)
const subscriptionServer = new SubscriptionServer({
schema,
execute,
subscribe,
onConnect(connectionParams) {
// ... do authorization
return { authorized: false }; // or true
}
...
next off, when declaring your topic in subscribtion you can access the .authorized field:
@Subscription({
topics: ({ args, context, payload }) => {
if (!context.authorized )
{
// this gives user error response and cancels subsribtion
throw new AuthenticationError(`Unauthorized user cannot receive info from this socket`);
}
return SOME_TOPIC;
}
})
accountBalanceChangeTopic(
//...
}
throwing error inside topics ( or filters) results in socket connection being closed (and send a desired error to user).
nudabagana
on 18 Mar 2019
Just wondering if I could get some information about whether this is still an issue and if so where it is in the pipeline?
Adam-Burke
on 18 Nov 2019
It's related to #200 and will be handled in the 1.0.0 milestone.
MichalLytek
on 21 Nov 2019
Related issues
winuxue
路
4Comments
Janushan
路
3Comments
Asim13se
路
3Comments
tafelito
路
3Comments
robertchung97
路
3Comments
Most helpful comment
It's related to #200 and will be handled in the 1.0.0 milestone.