Comments (6)
@andredantasrocha - We do have that code in an initializer. At some point we had to wrap it in a to_prepare
to get things working properly in development with the Rails code reloader though:
Rails.configuration.to_prepare do
GraphiQL::Rails::EditorsController.class_eval do
before_action :authenticate_user!
end
end
from graphiql-rails.
We're using Devise for authentication and forced GraphiQL to authenticate with the following monkey patch:
GraphiQL::Rails::EditorsController.class_eval do
before_action :authenticate_user!
end
from graphiql-rails.
Not quite relevant to this issue, but I can't find a better issue to post it in:
I'm using Doorkeeper to handle API authentication and this is how I made GraphiQL work in development:
# config/initializers/graphiql.rb
# Only enable these in development, GraphiQL isn't enabled in production.
if Rails.env.development?
GraphiQL::Rails.config.headers['X-GraphiQL-Request'] = ->(_context) { "true" }
end
And then the context
looks like this in the execute
method:
# app/controllers/graphql_controller.rb
context = {
current_user: current_user || doorkeeper_user,
doorkeeper_scopes: doorkeeper_token&.scopes&.to_a,
graphiql_override: false
}
# Set graphiql_override to true if in development mode and the request
# has the GraphiQL Request header. This is used to allow GraphiQL
# requests to skip the Doorkeeper token checks.
context[:graphiql_override] = true if Rails.env.development? && request.headers['X-GraphiQL-Request'] == 'true'
Then I modify the base object and base mutation classes to not raise if the graphql_override
context variable is true
.
# app/graphql/types/base_object.rb
def self.authorized?(_object, context)
raise GraphQL::ExecutionError, "You must be logged in to use the API." if context[:current_user].nil?
if !context[:doorkeeper_scopes]&.include?('read') && !context[:graphiql_override]
raise GraphQL::ExecutionError, "Your token must have the 'read' scope to perform a query."
end
return true
end
# app/graphql/mutations/base_mutation.rb
def ready?(**_args)
raise GraphQL::ExecutionError, "Your token must have the 'write' scope to perform a mutation." if !context[:doorkeeper_scopes]&.include?('write') && !context[:graphiql_override]
return true
end
There might be better ways to do this, but it's how I'm handling it. :)
from graphiql-rails.
We're using Devise for authentication and forced GraphiQL to authenticate with the following monkey patch:
GraphiQL::Rails::EditorsController.class_eval do before_action :authenticate_user! end
Hi @jturkel, where did you add this code? in an initializer?
from graphiql-rails.
Thanks @jturkel, it worked perfectly!
from graphiql-rails.
Just dropping into this old thread because I found it doing my own searching.
If you're looking for a devise alternative to the initializer you can use authenticated
with your routes
# config/routes.rb
authenticated :user do
mount GraphiQL::Rails::Engine, at: "/graphiql", graphql_path: "/graphql"
end
If there's more that you need to check you can also pass a lambda:
# config/routes.rb
authenticated :user, -> { GraphiQLPolicy.new(_1).manage? } do
mount GraphiQL::Rails::Engine, at: "/graphiql", graphql_path: "/graphql"
end
from graphiql-rails.
Related Issues (20)
- der
- Graphql query execute is getting freeze from model callbacks HOT 1
- Build issue when bumping graphiql-rails from 1.8.0 to 1.9.0 HOT 7
- doesn't work with propshaft HOT 2
- Using themes/custom CSS
- uninitialized constant GraphiQL (NameError) HOT 1
- Add Basic Auth option HOT 1
- hsla error
- AssetNotPrecompiled error with Sprockets 4.0 HOT 27
- How to use this gem with graphql subscription? HOT 1
- default context variables HOT 1
- GraphiQL::Rails::EditorsController#show raising on new Rails 6 app HOT 3
- Question about request header configuration with initializer HOT 1
- Using GraphiQL in your Rails app without this gem HOT 7
- uninitialized constant GraphqlController::GraphQLIntroSchema Did you mean? GraphQlIntroSchema HOT 1
- Is this gem dead? HOT 1
- Support for subscriptions HOT 3
- headerEditorEnabled config HOT 1
- sass not needed anymore? HOT 2
- Your application has sessions disabled HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from graphiql-rails.