Graphql shield 返回 Not Authorized for allowed mutation
Posted
技术标签:
【中文标题】Graphql shield 返回 Not Authorized for allowed mutation【英文标题】:Graphql shield returns Not Authorised for allowed mutation 【发布时间】:2021-10-30 10:03:40 【问题描述】:我正在尝试使用 apollo-server-express 实现 GraphQL API。我想通过 graphql-shield 中间件管理权限,但我在允许执行突变时遇到问题。我的目标是拥有基于 JWT 的身份验证,但允许对注册/登录突变所需的未经身份验证的用户执行一些查询/突变。我在那里使用默认的allow
规则。但是当我尝试运行登录突变时,我收到 Not Authorised! 错误。我不知道为什么会这样。该规则适用于查询。
谢谢你的回答。
服务器
import express from "express";
import cors from "cors";
import ApolloServer, makeExecutableSchema from "apollo-server-express";
import config from "./config";
import mockResolver from "./resolvers/mockResolver";
import typeDefs from "./graphql/typeDefs";
import applyMiddleware from "graphql-middleware";
import permissions from "./graphql/permissions";
const app = express();
app.use(cors());
const server = new ApolloServer(
schema: applyMiddleware(
makeExecutableSchema( typeDefs, resolvers: mockResolver ),
permissions
),
playground: true,
introspection: true,
);
server.applyMiddleware( app, path: "/graphql" );
app.listen(config.PORT, () =>
console.log("Server listening at http://localhost:%s", config.PORT)
);
TypeDefs
import gql from "apollo-server";
const typeDefs = gql`
type User
id: Int!
email: String!
password: String!
type LoginResponse
id: String
email: String
token: String
type Query
user(id: Int!): User
users: [User]
type Mutation
login(email: String!, password: String!): LoginResponse
`;
权限
import shield, allow from "graphql-shield";
const permissions = shield(
Query:
users: allow,
,
Mutation:
login: allow,
,
);
export default permissions;
【问题讨论】:
【参考方案1】:const permissions = shield(
Query:
users: allow,
,
Mutation:
login: allow,
,
);
到
const permissions = shield(
Query:
users: allow,
,
Mutation:
login: allow,
,
,
debug: true
);
并跟踪错误消息。
【讨论】:
以上是关于Graphql shield 返回 Not Authorized for allowed mutation的主要内容,如果未能解决你的问题,请参考以下文章
Graphql shield 要求在 express 服务器上启用 cors
为啥使用 libnfc 和 PN532 SHIELD “未找到 NFC 设备”
GraphQL,Dataloader,[ORM or not],有很多关系理解
使用 angular-apollo graphql 客户端获取 404 Not Found
PubSub 在客户端页面中不起作用,但在 Graphql 游乐场中起作用 - TypeError: data.getPosts is not iterable