GithubHelp home page GithubHelp logo

Comments (5)

mongkok avatar mongkok commented on May 26, 2024 11

Hi @kavink,

I have not seen similar projects for Flask and Graphene but there is a Flask library that could be a perfect toolkit to make it yourself.
https://github.com/vimalloc/flask-jwt-extended

flask-jwt-extended has functions to develop all mutations included in Django-graphql-jwt.

and you could use the @jwt_required decorator to limit access to data.

import graphene
import graphene_sqlalchemy
from flask_jwt_extended import current_user, jwt_required


class UserType(graphene_sqlalchemy.SQLAlchemyObjectType):

    class Meta:
        model = UserModel


class Query(graphene.ObjectType):
    viewer = graphene.Field(UserType)
    users = graphene.List(UserType)

    @jwt_required
    def resolve_viewer(self, info, **kwargs):
        return current_user

    @jwt_required
    # TODO: @superuser_required
    def resolve_users(self, info, **kwargs):
        return info.context['session'].query(UserModel).all()


class UpdateUser(graphene.Mutation):
    user = graphene.Field(UserType)

    class Arguments:
        email = graphene.String()

    @classmethod
    @jwt_required
    def mutate(cls, root, info, email):
        # TODO: update current_user
        return cls(user=current_user)

from django-graphql-jwt.

danielkolesnik avatar danielkolesnik commented on May 26, 2024 1

Alternatively to limit access to data some can use a middleware and validate token on your own. In this way you don't need to decorate all of your resolvers with jwt_required

from flask_jwt_extended import verify_jwt_in_request

class AuthMiddleware(object):
    def resolve(self, next, root, info, **kwargs):
        # This will only be called once for a request
        if root is None:
            # verify jwt if requested resource is not public
            if info.field_name not in ['tokenAuth', 'verifyToken']:
                verify_jwt_in_request()

                return next(root, info, **kwargs)

        return next(root, info, **kwargs)

And then:

auth_middleware = AuthMiddleware()
app.add_url_rule("/graphql", view_func=GraphQLView.as_view(
    "graphql", 
    schema=schema, 
    graphiql=True, 
    middleware=[auth_middleware]
))

from django-graphql-jwt.

gj1118 avatar gj1118 commented on May 26, 2024

@kavink - were you able to get it working with Flask - can you please provide me with an example code or point me to the correct direction , please ?

thank you

from django-graphql-jwt.

hardntrash avatar hardntrash commented on May 26, 2024

thx for answer. I tryed to use Flask-GraphQL-Auth, but your variant is best way.

Hi @kavink,

I have not seen similar projects for Flask and Graphene but there is a Flask library that could be a perfect toolkit to make it yourself.
https://github.com/vimalloc/flask-jwt-extended

flask-jwt-extended has functions to develop all mutations included in Django-graphql-jwt.

* `tokenAuth(username, password)`: [create_access_token()](http://flask-jwt-extended.readthedocs.io/en/latest/api.html#flask_jwt_extended.create_access_token)

* `verifyToken(token)`: [get_jwt_identity()](http://flask-jwt-extended.readthedocs.io/en/latest/api.html#flask_jwt_extended.get_jwt_identity)

* `refreshToken(token)`: [create_refresh_token()](http://flask-jwt-extended.readthedocs.io/en/latest/api.html#flask_jwt_extended.create_refresh_token)

and you could use the @jwt_required decorator to limit access to data.

import graphene
import graphene_sqlalchemy
from flask_jwt_extended import current_user, jwt_required


class UserType(graphene_sqlalchemy.SQLAlchemyObjectType):

    class Meta:
        model = UserModel


class Query(graphene.ObjectType):
    viewer = graphene.Field(UserType)
    users = graphene.List(UserType)

    @jwt_required
    def resolve_viewer(self, info, **kwargs):
        return current_user

    @jwt_required
    # TODO: @superuser_required
    def resolve_users(self, info, **kwargs):
        return info.context['session'].query(UserModel).all()


class UpdateUser(graphene.Mutation):
    user = graphene.Field(UserType)

    class Arguments:
        email = graphene.String()

    @classmethod
    @jwt_required
    def mutate(cls, root, info, email):
        # TODO: update current_user
        return cls(user=current_user)

from django-graphql-jwt.

isakal avatar isakal commented on May 26, 2024

This works beautifully, appreciate it

from django-graphql-jwt.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.