Skip to content
Permalink
Browse files

fix(docs): Add OpenCollective

  • Loading branch information...
maticzav committed May 6, 2018
1 parent 30575cf commit 9e85657e1f71241eefc6552c6f6abdf6c0c8b230
Showing with 87 additions and 80 deletions.
  1. +87 −80 README.md
167 README.md
@@ -12,12 +12,12 @@ GraphQL Shield helps you create permission layer for your application. The idea

## Features

- __Super Flexible:__ It supports everything GraphQL server does.
- __Super easy to use:__ Just add a wrapper function around your `resolvers` and you are ready to go!
- __Compatible:__ Works with all GraphQL Servers.
- __Super efficient:__ Caches results of previous queries to make your database more responsive.
- __Per-Type:__ Write permissions for your type specifically (check the example below).
- __Tested:__ Very well [tested](https://github.com/maticzav/graphql-shield/tree/master/tests) functionalities!
* **Super Flexible:** It supports everything GraphQL server does.
* **Super easy to use:** Just add a wrapper function around your `resolvers` and you are ready to go!
* **Compatible:** Works with all GraphQL Servers.
* **Super efficient:** Caches results of previous queries to make your database more responsive.
* **Per-Type:** Write permissions for your type specifically (check the example below).
* **Tested:** Very well [tested](https://github.com/maticzav/graphql-shield/tree/master/tests) functionalities!

## Install

@@ -28,32 +28,36 @@ npm install graphql-shield
## Example

```js
const { GraphQLServer } = require('graphql-yoga')
const { shield } = require('graphql-shield')
const { GraphQLServer } = require("graphql-yoga");
const { shield } = require("graphql-shield");
const verify = ctx => {
const Authorization = ctx.request.get('Authorization')
const Authorization = ctx.request.get("Authorization");
if (Authorization) {
const token = Authorization.replace('Bearer ', '')
return token === 'supersecret'
const token = Authorization.replace("Bearer ", "");
return token === "supersecret";
}
return false
}
const users = [{
id: '1',
name: 'Mathew',
secret: 'I love strawberies!'
}, {
id: '2',
name: 'Geroge',
secret: 'I love tacos!'
}, {
id: '3',
name: 'Jack',
secret: 'I love swimming!'
}]
return false;
};
const users = [
{
id: "1",
name: "Mathew",
secret: "I love strawberies!"
},
{
id: "2",
name: "Geroge",
secret: "I love tacos!"
},
{
id: "3",
name: "Jack",
secret: "I love swimming!"
}
];
const typeDefs = `
type Query {
@@ -66,34 +70,34 @@ const typeDefs = `
name: String!
secret: String!
}
`
`;
const resolvers = {
Query: {
hello: () => 'Hello world!',
users: () => users
},
}
Query: {
hello: () => "Hello world!",
users: () => users
}
};
const permissions = {
Query: {
hello: () => true,
Query: {
hello: () => true
// users: () => true (no need for this - we are blacklisting)
},
User: {
secret: (_, args, ctx) => verify(ctx)
}
}
},
User: {
secret: (_, args, ctx) => verify(ctx)
}
};
const server = new GraphQLServer({
typeDefs,
resolvers: shield(resolvers, permissions, { debug: true }),
context: req => ({
...req
})
})
server.start(() => console.log('Server is running on http://localhost:4000'))
typeDefs,
resolvers: shield(resolvers, permissions, { debug: true }),
context: req => ({
...req
})
});
server.start(() => console.log("Server is running on http://localhost:4000"));
```

## API
@@ -109,37 +113,32 @@ GraphQL resolvers.
A permission-function must return a boolean.

```ts
type IPermission = (
parent,
args,
ctx,
info,
) => boolean | Promise<boolean>
type IPermission = (parent, args, ctx, info) => boolean | Promise<boolean>;
```

- same arguments as for any GraphQL resolver.
- can be a promise or synchronous function
- blacklisting permissions (you have to explicitly prevent access)
* same arguments as for any GraphQL resolver.
* can be a promise or synchronous function
* blacklisting permissions (you have to explicitly prevent access)

```js
const auth = (parent, args, ctx, info) => {
const userId = getUserId(ctx)
const userId = getUserId(ctx);
if (userId) {
return true
return true;
}
return false
}
return false;
};
const owner = async (parent, {id}, ctx: Context, info) => {
const userId = getUserId(ctx)
const owner = async (parent, { id }, ctx: Context, info) => {
const userId = getUserId(ctx);
const exists = await ctx.db.exists.Post({
id,
author: {
id: userId
}
})
return exists
}
});
return exists;
};
const permissions = {
Query: {
@@ -149,16 +148,16 @@ const permissions = {
Mutation: {
createDraft: auth,
publish: owner,
deletePost: owner,
},
}
deletePost: owner
}
};
const options = {
debug: false,
cache: true
}
};
export default shield(resolvers, permissions, options)
export default shield(resolvers, permissions, options);
```

#### Options
@@ -167,8 +166,8 @@ Optionally disable caching or use debug mode to find your bugs faster.

```ts
interface Options {
debug: boolean
cache: boolean
debug: boolean;
cache: boolean;
}
```

@@ -181,15 +180,15 @@ GraphQL shield has `cache` enabled by default. Cache is used to prevent multiple
In order to use `cache`, you have to define a separate permission-function - a function with a name.

```ts
const auth = () => authorise
const auth = () => authorise;
const permissions = {
Query: {
user: auth,
user: auth
},
User: {
secret: auth
},
}
}
};
```

```gql
@@ -204,9 +203,17 @@ The following query resolves with a `User` type. `User` type has multiple fields

### Requirements

- Permission functions shouldn't rely on any external variables, but the resolver arguments themselves to prevent unpredited behaviour.
- Permission functions with the same name are considered to have the same output.
* Permission functions shouldn't rely on any external variables, but the resolver arguments themselves to prevent unpredited behaviour.
* Permission functions with the same name are considered to have the same output.

## Sponsors

<object type="image/svg+xml" data="https://opencollective.com/graphql-shield/tiers/sponsor.svg?avatarHeight=36&width=600"></object>

## Backers

<object type="image/svg+xml" data="https://opencollective.com/graphql-shield/tiers/backer.svg?avatarHeight=36&width=600"></object>

## License

MIT
MIT @ Matic Zavadlal

0 comments on commit 9e85657

Please sign in to comment.
You can’t perform that action at this time.