javascript - Graphql shield 返回 Not Authorized for allowed mutation

问题描述

我正在尝试使用 apollo-server-express 实现 GraphQL API。我想通过 graphql-shield 中间件管理权限，但我在允许执行突变时遇到问题。我的目标是拥有基于 JWT 的身份验证，但允许对注册/登录突变所需的未经身份验证的用户执行一些查询/突变。我在那里使用默认allow规则。但是当我尝试运行登录突变时，我收到未授权！错误。我不知道为什么会这样。该规则适用于查询。

谢谢你的回答。

服务器

import express from "express";
import cors from "cors";
import { ApolloServer, makeExecutableSchema } from "apollo-server-express";
import config from "./config";
import mockResolver from "./resolvers/mockResolver";
import typeDefs from "./graphql/typeDefs";
import { applyMiddleware } from "graphql-middleware";
import permissions from "./graphql/permissions";

const app = express();
app.use(cors());

const server = new ApolloServer({
  schema: applyMiddleware(
    makeExecutableSchema({ typeDefs, resolvers: mockResolver }),
    permissions
  ),
  playground: true,
  introspection: true,
});

server.applyMiddleware({ app, path: "/graphql" });
app.listen(config.PORT, () =>
  console.log("Server listening at http://localhost:%s", config.PORT)
);

类型定义

import { gql } from "apollo-server";

const typeDefs = gql`
  type User {
    id: Int!
    email: String!
    password: String!
  }

  type LoginResponse {
    id: String
    email: String
    token: String
  }

  type Query {
    user(id: Int!): User
    users: [User]
  }

  type Mutation {
    login(email: String!, password: String!): LoginResponse
  }
`;

权限

import { shield, allow } from "graphql-shield";

const permissions = shield({
  Query: {
    users: allow,
  },
  Mutation: {
    login: allow,
  },
});

export default permissions;

标签： javascriptnode.jsexpressgraphqlapollo-server