How to inject some input fields from auth context

[dilipkk-foyernet]

This is a question so removed the default template.
We have a use case, based on the logged user and their permissions, we want to set some filter params before querying the database, I am wondering if we can inject these filter values to graqphql input types before sending to resolvers. Please guide me on how to achieve this with this library.

Thanks a lot for this great library.

[luisgarciaalanis]

Are these query params?

func GetQueryHandler() httprouter.Handle {
	config := generated.Config{Resolvers: &gql.Resolver{}}
	srv := handler.NewDefaultServer(generated.NewExecutableSchema(config))

	return func(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
		// 1) I am using github.com/julienschmidt/httprouter, so the Params are available on the request function.
		// 2) you can take them put them on the Context and pass them to the srv.ServeHTTP(w, r)
		//    in the r variable.

		// HERE

		srv.ServeHTTP(w, r)
	}
}

[dilipkk-foyernet]

@luisgarciaalanis both for query and mutation. You suggestion requires parsing of graphql query in the request body right?

[luisgarciaalanis]

What are these filter params you talk about? I thought they were query params

[dilipkk-foyernet]

yes, I mean query params only, graphql query is not simple query right, we need to inject based on the context of the query execution so requires parsing etc.

For example: if I am querying in the following way:

query users {
  users {
     status: "active"
  }
}

Let we have different projects and for each project, we have a set of users and when a particular project admin (projectId: XYZ) calls this query then I want to inject projectId: XYZ param to the query so that he/she sees only users of XYZ project.

[roelofjan-elsinga]

I'm not sure if you're still dealing with this, but it could be helpful to others.

To inject things like authentication, you could use the dataloader as described in the documentation.

You'll have the request context available there while resolving the data you need. The request context should know, through some type of middleware, which user is requesting the information. GraphQL itself is just an abstraction layer, so you shouldn't try to inject any authentication in the queries.

I hope this helps!