Skip to content
This repository has been archived by the owner on Sep 3, 2021. It is now read-only.

Conflicting Auth Directives & Middleware Context Config Patterns #242

Open
Phylodome opened this issue May 13, 2019 · 2 comments
Open

Conflicting Auth Directives & Middleware Context Config Patterns #242

Phylodome opened this issue May 13, 2019 · 2 comments

Comments

@Phylodome
Copy link

Phylodome commented May 13, 2019
edited
Loading

I am confused as to how an example such as this, found in your documentation, is compatible with graphql-auth-directives:

const server = new ApolloServer({
  schema: augmentedSchema,
  context: ({ req }) => {
    return {  /* Note: We return a context object containing both `driver` and `req` fields */
      driver,
      req
    };
  }
});

Given that graphql-auth-directives usage effectively co-opts the entire context object via returning only one sub-field of the context object it processes:

const server = new ApolloServer({
  schema,
  context: ({ req }) => { /* Here we pluck the variable `req` from context, via a destructured fn param */
    return req; /* Here we substitute req for the entire context object from which it came */
  }
});

And if we inspect graphql-auth-directives, we find that the verifyAndDecodeToken function takes for granted that the context object is the req:

var verifyAndDecodeToken = function verifyAndDecodeToken(_ref) {
  var context = _ref.context; /* <-- Note: I *will not* find the headers on "_ref.context.req" */
  if (
    !context ||
    !context.headers ||
    (!context.headers.authorization && !context.headers.Authorization)
  ) {
    throw new _errors.AuthorizationError({
      message: "No authorization token."
    });
  }

Thus we end up in a situation where whenever an authDirective is used, we get the error message "No authorization token.", regardless of whether there's a valid auth header in the req.headers.authorization field of the object returned by the handler we've assigned to the ApolloServer constructor's config.context.

Yet the usage pattern is officially documented.

Am I overlooking something simple here? Perhaps I've been staring at the screen for too long, but on my end changing the code in verifyAndDecodeToken such that it expects a context object possessing a req field fixes the issue and makes my directives behave as expected, given the usage pattern documented in the neo4j-graphql-js docs.
@Phylodome Phylodome changed the title Conflicting isAuthenticated & Middleware Context req Patterns Conflicting Auth Directives & Middleware Context Config Patterns May 13, 2019
@Phylodome Phylodome mentioned this issue May 13, 2019
Open
@johnymontana
Copy link
Contributor

See this comment for how to use graphql-auth-directives with neo4j-graphql.js

@michaeldgraham
Copy link
Collaborator

#608

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Phylodome @johnymontana @michaeldgraham