You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently the vertx-web io.vertx.ext.web.handler.graphql.ws.Message interface does not have a webUser() method to retrieve the Vert.x User value for security and identity purposes. This should be added in a similar fashion to the SocketJS webUser() functionality so that identity checks and personalization can be performed in GraphQL data fetchers.
Use cases
I am building a Quarkus web application that uses the vertx-web GraphQL feature directly instead of using Smallrye GraphQL. When I setup the the Vert.x GraphQL routes:
GraphQLHandlerOptions gqlOptions = new GraphQLHandlerOptions().setRequestMultipartEnabled(true);
router.route("/graphql").handler(GraphQLHandler.create(graphQL, gqlOptions).beforeExecute(execBuilder));
router.route("/graphql-ws").handler(GraphQLWSHandler.create(graphQL).beforeExecute(wsExecBuilder));
I have GraphQL context builders that copy Vert.x routing context values into the GraphQL context for reference in the GraphQL data fetchers. The standard GraphQLHandler is straight forward:
However, the GraphQLWSHandler cannot retrieve the Vert.x User identity via the Message interface currently:
Handler<ExecutionInputBuilderWithContext<Message>> wsExecBuilder = routingContext -> {
Consumer<GraphQLContext.Builder> contextBuilder = b -> {
/*routingContext.context().message().webUser() does not exist so there is no way to retrieve the
Vert.x identity at the time the HTTP connection is upgraded to a websocket.
QuarkusHttpUser user = (QuarkusHttpUser) routingContext.context().message().webUser();
SecurityIdentity identity = user.getSecurityIdentity();
b.put(QUARKUS_IDENTITY, identity);
The Quarkus cookie is available and can be used to rebuild the identity with significant effort*/
String quarkusCookie = routingContext.context().socket().headers().getAll("cookie").stream().filter(c ->
c.startsWith(COOKIE_NAME)).findFirst().get().substring(COOKIE_NAME+ 1);
};
routingContext.builder().graphQLContext(contextBuilder).build();
};
Adding the full Vert.x RoutingContext reference to the Message interface would be another alternative.
Contribution
I will try to create a pull request for this feature if it is approved by the maintainers.
The text was updated successfully, but these errors were encountered:
I think it is better to provide the RoutingContext in the GraphQlContext, as it's already done in the GraphQLHandler implementation. I've created #2474 for this.
I think this would solve your problem, without being too specific.
Describe the feature
Currently the vertx-web io.vertx.ext.web.handler.graphql.ws.Message interface does not have a webUser() method to retrieve the Vert.x User value for security and identity purposes. This should be added in a similar fashion to the SocketJS webUser() functionality so that identity checks and personalization can be performed in GraphQL data fetchers.
Use cases
I am building a Quarkus web application that uses the vertx-web GraphQL feature directly instead of using Smallrye GraphQL. When I setup the the Vert.x GraphQL routes:
I have GraphQL context builders that copy Vert.x routing context values into the GraphQL context for reference in the GraphQL data fetchers. The standard GraphQLHandler is straight forward:
However, the GraphQLWSHandler cannot retrieve the Vert.x User identity via the Message interface currently:
Adding the full Vert.x RoutingContext reference to the Message interface would be another alternative.
Contribution
I will try to create a pull request for this feature if it is approved by the maintainers.
The text was updated successfully, but these errors were encountered: