Add webUser() method to io.vertx.ext.web.handler.graphql.ws.Message

[aaronanderson]

Describe the feature

Currently the vertx-web io.vertx.ext.web.handler.graphql.ws.Message interface does not have a webUser() method to retrieve the Vert.x User value for security and identity purposes. This should be added in a similar fashion to the SocketJS webUser() functionality so that identity checks and personalization can be performed in GraphQL data fetchers.

Use cases

I am building a Quarkus web application that uses the vertx-web GraphQL feature directly instead of using Smallrye GraphQL. When I setup the the Vert.x GraphQL routes:

GraphQLHandlerOptions gqlOptions = new GraphQLHandlerOptions().setRequestMultipartEnabled(true);
router.route("/graphql").handler(GraphQLHandler.create(graphQL, gqlOptions).beforeExecute(execBuilder));
router.route("/graphql-ws").handler(GraphQLWSHandler.create(graphQL).beforeExecute(wsExecBuilder));

I have GraphQL context builders that copy Vert.x routing context values into the GraphQL context for reference in the GraphQL data fetchers. The standard GraphQLHandler is straight forward:

Handler<ExecutionInputBuilderWithContext<RoutingContext>> execBuilder = routingContext -> {
     Consumer<GraphQLContext.Builder> contextBuilder = b -> {
        QuarkusHttpUser user = (QuarkusHttpUser) routingContext.context().user();
        SecurityIdentity identity = user.getSecurityIdentity();
        b.put(QUARKUS_IDENTITY, identity);
        b.put(CUSTOM_VALUE, routingContext.context().get(CUSTOM_VALUE));
    };
    routingContext.builder().graphQLContext(contextBuilder).build();
};

However, the GraphQLWSHandler cannot retrieve the Vert.x User identity via the Message interface currently:

Handler<ExecutionInputBuilderWithContext<Message>> wsExecBuilder = routingContext -> {
    Consumer<GraphQLContext.Builder> contextBuilder = b -> {
        /*routingContext.context().message().webUser() does not exist so there is no way to retrieve the
        Vert.x identity at the time the HTTP connection is upgraded to a websocket. 

        QuarkusHttpUser user = (QuarkusHttpUser) routingContext.context().message().webUser();
        SecurityIdentity identity = user.getSecurityIdentity();
        b.put(QUARKUS_IDENTITY, identity);

       The Quarkus cookie is available and can be used to rebuild the identity with significant effort*/
                                 
       String quarkusCookie = routingContext.context().socket().headers().getAll("cookie").stream().filter(c -> 
       c.startsWith(COOKIE_NAME)).findFirst().get().substring(COOKIE_NAME+ 1);

    };
    routingContext.builder().graphQLContext(contextBuilder).build();
};

Adding the full Vert.x RoutingContext reference to the Message interface would be another alternative.

Contribution

I will try to create a pull request for this feature if it is approved by the maintainers.

[tsegismont]

Thanks for reporting this @aaronanderson

I think it is better to provide the RoutingContext in the GraphQlContext, as it's already done in the GraphQLHandler implementation. I've created #2474 for this.

I think this would solve your problem, without being too specific.

[tsegismont]

@aaronanderson closing in favor of #2476