Missing classes while upgrading to GraphQL.Server.All from GraphQL.Server.* libraries about server HOT 11 CLOSED

You should not need to add InstrumentFieldsMiddleware as it is already done by UseApolloTracing.

Yes, the AddGraphQL call will register the relay types automatically, regardless of whether AddGraphTypes is called.

from server.

Last comment: since your configuration setting is known when your application starts, this code provides a further optimization so that the InstrumentFieldsMiddleware is not loaded in production:

services.AddGraphQL(b => {
    b.AddSystemTextJson();
    b.AddSchema<MySchema>();
    b.AddGraphTypes();
    b.AddValidationRule(NoIntrospection.Instance);
    if (configuration.GetValue<bool>("GraphQL:EnableMetrics"))
    {
        b.UseApolloTracing();
    }
    b.AddAuthorization(...); // for the GraphQL.Authorization nuget package
});

This would perform most similarly to your prior code.

from server.

DefaultGraphQLExecuter and GraphQLOptions are not present with latest GraphQL.Server.All library.

IGraphQLExecuter<TSchema> was replaced with IDocumentExecuter<TSchema>. See the default implementation here.

However, your code can likely be replaced with a call to .UseApolloTracing such as this snippet:

services.AddGraphQL(b => b
    // other configuration stuff here

    // always-on sample
    .UseApolloTracing()

    // sample controlled by appsettings.json
    .UseApolloTracing(opts => {
        var myOptions = opts.RequestedServices.GetRequiredService<IOptions<MyAppConfig>>().Value;
        return myOptions.EnableApolloTracing;
    })
);

In addition to a custom implementation of IDocumentLExecuter<TSchema>, there are two other ways to implement custom code such as your prior implementation:

1. Within the AddGraphQL call, call ConfigureExecution. This approach can be layered, and is suggested over a custom implementation of IDocumentExecuter<TSchema>. See https://graphql-dotnet.github.io/docs/migrations/migration7/#4-add-code-classlanguage-textconfigureexecutioncode-builder-method-added-in-530

2. Override one or methods in the middleware (such as ExecuteRequestAsync) - see https://github.com/graphql-dotnet/server#graphqlhttpmiddleware . But again, ConfigureExecution is recommended.

IOperationMessageListener and MessageHandlingContext are not present with latest GraphQL.Server.All library

While there is no direct replacement for the prior code, there is a new interface IWebSocketAuthenticationService for authorization of Websocket requests. See: https://github.com/graphql-dotnet/server#authentication-for-websocket-requests for a sample code snippet.

There is also a complete sample of JWT authorization including for subscription requests:

• https://github.com/graphql-dotnet/server/tree/master/samples/Samples.Jwt

from server.

I would like to note that .UseApolloTracing() always installs InstrumentFieldsMiddleware. This is because when you have a singleton schema (which is recommended), the field middleware is built with the schema when the schema is initialized, which only occurs once. The UseApolloTracing method does not know if delegate passed to it (which executes at runtime) will be returning true or false so it has to assume that it may be true. So, the field middleware is always installed.

If you have a scoped schema, there is a potential performance enhancement available -- but changing to a singleton schema would be MUCH more effective.

And if you can make the determination within your Startup.cs code, you can simply use an if block around the call to UseApolloTracing() as shown below to prevent the middleware from being installed:

// make determination in any way; this demonstrates using compile-time flag
#if DEBUG
var enableApolloTracing = false;
#else
var enableApolloTracing = true;
#endif

services.AddGraphQL(b => {
    // other configuration stuff here

    if (enableApolloTracing)
    {
        b.UseApolloTracing();
    }
});

from server.

Hi @Shane32 ,

Thanks for your quick response and suggestions. For ApolloTracing issue, I have done the below changes based on your suggestions by using UseApolloTracing().

public static IServiceCollection AddCustomGraphQL(this IServiceCollection services,
                                                     IWebHostEnvironment hostingEnvironment, IConfiguration configuration) =>
services.AddGraphQL(
         (options) =>
         {
           options.UseApolloTracing(x =>
           {
             x.EnableMetrics = configuration.GetValue<bool>("GraphQL:EnableMetrics");
             if (x.EnableMetrics)
             {
               x.Schema.FieldMiddleware.Use(new InstrumentFieldsMiddleware());
             }
             x.ValidationRules = DocumentValidator.CoreRules.Concat(new[] { NoIntrospection.Instance });
             return x.EnableMetrics;
           })
		   });

I have one more question. Is there any replacement for AddRelayGraphTypes() or it is handled as a part of AddGraphTypes() ? Please confirm.

from server.

As for NoIntrospection.Instance you probably want this instead:

.AddValidationRule(NoIntrospection.Instance)

from server.

So your AddGraphQL call might look like this:

services.AddGraphQL(b => b
    .AddSystemTextJson()
    .AddSchema<MySchema>()
    .AddGraphTypes()
    .AddValidationRule(NoIntrospection.Instance)
    .UseApolloTracing(configuration.GetValue<bool>("GraphQL:EnableMetrics"))
    .AddAuthorization(...) // for the GraphQL.Authorization nuget package
);

from server.

Using AddValidationRule can be important because your code overwrites any previously added validation rules, making it necessary to run that code prior to AddAuthorization or else the authorization rule would get dropped.

from server.

@Shane32 thanks a lot for your help.

I think I just have one last question related to below code and it is related GraphQL.Authorization library. IProvideClaimsPrincipal interface is not available in latest GraphQL.Authorization library. Please help me on this.

public class GraphQLUserContext : IProvideClaimsPrincipal
  {
    /// <summary>
    ///   Gets the current users claims principal.
    /// </summary>
    public ClaimsPrincipal User { get; set; }
  }

from server.

This is pulled from IResolveFieldContext.User now, which is pulled from ExecutionOptions.User. The server library automatically sets this value to HttpContext.User. If you wish differently, you could do this:

services.AddGraphQL(b => b
    .ConfigureExecutionOptions(options => {
        options.User = /* your code here */;
    })
);

Keep in mind that services, such as IHttpContextAccessor, can be pulled from DI within that method via options.RequestServices. The delegate can be synchronous or asynchronous. And finally, note that the transport-level authorization capabilities within the server repo will not recognize such a change; please see the readme file if you plan to use those options.

If you want to retain your existing code structure, you can either (a) implement IConfigureExecution instead, or (b) copy in the old IProvideClaimsPrincipal definition and write an IConfigureExecution implementation that pulls IProvideClaimsPrincipal from DI and applies the User to the execution options. Let me know if you have any questions on this.

I would like to note that the authorization rule included with the server repo (AddAuthorizationRule builder method) supports a number of new features over the GraphQL.Authorization nuget package, such as:

• Supports role-based authorization as well as policy-based authorization
• Supports 'must be authenticated' rule
• Supports 'allow anonymous' for specified fields (so that requests for only the specified field within a type are allowed when it would otherwise require authorization)
• Correctly handles following of fragments
• Faster with less memory requirements
• Better support
• Easy OOP design if you want to change how the rules/policies are checked
• But does not support authorization rules set on input object graph types

If you choose to use the new authorization rule, you may remove the GraphQL.Authorization nuget package from your project.

from server.

Sure @Shane32 , I will try out these options and get back to you if I face any issues. Thanks for all your help.

from server.