You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
import{ValidationPipe}from'@nestjs/common';import{NestFactory}from'@nestjs/core';import{AppModule}from'./app.module';import{CanActivate,ExecutionContext,Injectable,Logger,}from'@nestjs/common';import{GqlExecutionContext}from'@nestjs/graphql';
@Injectable()exportclassTestGuardimplementsCanActivate{publiccanActivate(context: ExecutionContext): boolean{constctx=GqlExecutionContext.create(context);Logger.verbose('guard text');returntrue;}}asyncfunctionbootstrap(){constapp=awaitNestFactory.create(AppModule);app.useGlobalGuards(newTestGuard());app.useGlobalPipes(newValidationPipe());awaitapp.listen(3000);console.log(`Application is running on: ${awaitapp.getUrl()}`);}bootstrap();
npm start
Run localhost:3000/graphql
There will be no 'guard text' printed when you enter Playground nor when you call query.
Expected behavior
The playground endpoint is really secondary problem, the worst case here is that the endpoint for requesting the whole data is not guarded at all.
So you can POST /graphql with any query without any authorization.
Is there an existing issue for this?
Current behavior
When you register GraphQL module with ApolloServer, Guards are not launched against Playground endpoints.
Minimum reproduction code
https://github.com/nestjs/nest/tree/master/sample/12-graphql-schema-first
Steps to reproduce
You can use your own code from samples.
npm install --force
npm start
localhost:3000/graphql
There will be no 'guard text' printed when you enter Playground nor when you call query.
Expected behavior
The playground endpoint is really secondary problem, the worst case here is that the endpoint for requesting the whole data is not guarded at all.
So you can POST /graphql with any query without any authorization.
Package version
12.0.9
Graphql version
graphql
: 16.8.1"@apollo/server": "^4.9.4",
"@nestjs/apollo": "^12.0.11",
NestJS version
16.8.1
Node.js version
10.3.1
In which operating systems have you tested?
Other
Tried to get some help on Discord:
(https://discord.com/channels/520622812742811698/1025199348096700476/threads/1199825254697148457)
The text was updated successfully, but these errors were encountered: