Comments (12)
Can you create a small example to reproduce? Thanks
from auth.
Ciao Matteo,
here you are my minimum reproducible repo
https://github.com/artecoop/mercurius-auth-issue
toggle @auth(requires: administrator)
inside src/modules/business/schema.ts to view the error.
I've tested it with postman
Note: cert keys are throwaway so don't worry
from auth.
I think you might want to control the statusCode for the response. If you do not set it it's 500.
const err = new mercurius.ErrorWithProps('UNAUTHORIZED');
err.statusCode = 200
throw err
I think we might want to add an optional statusCode
property in https://github.com/mercurius-js/mercurius/blob/b671de31178395ea53f2ea39c19cc3f8d80be8eb/lib/errors.js#L7 to better control this.
from auth.
We should probably document this somewhere. Would you like to send a PR?
from auth.
I saw you merged my changes into the docs and they're now live. However, the changes it refers are not yet released in mercurius...
from auth.
Why do you say so? I'm pretty sure it should work as expected.
from auth.
Because if I use
const err = new mercurius.ErrorWithProps('UNAUTHORIZED');
err.statusCode = 200
throw err
it throws Property 'statusCode' does not exist on type 'ErrorWithProps'
Both js and typedefs in fact does not reference any statusCode property (and the base class Error does not have one)
from auth.
I saw you guys published [email protected] that brings what discussed here.
However, my code still returns 500 as http status
app.register(mercuriusAuth, {
authContext(context) {
return {
authorization: context.reply.request.headers.authorization
};
},
async applyPolicy(authDirectiveAST, _parent, _args, context) {
if (!context.auth?.authorization) {
const err = new mercurius.ErrorWithProps('UNAUTHENTICATED');
err.statusCode = 200
throw err
}
const { roles } = context.app.jwt.verify(context.auth.authorization);
if (authDirectiveAST.arguments && authDirectiveAST.arguments.length > 0) {
const role = authDirectiveAST.arguments[0].value as EnumValueNode;
return roles.includes(role.value);
}
const err = new mercurius.ErrorWithProps('UNAUTHORIZED');
err.statusCode = 200
throw err
},
authDirective: 'auth'
});
Is worth nothing to say that using
throw new mercurius.ErrorWithProps('UNAUTHORIZED', undefined, 200);
does not change the result.
"fastify": "3.22.0"
"fastify-jwt": "3.1.0"
"mercurius": "8.6.0"
"mercurius-auth": "1.2.1"
from auth.
Will take a look this evening!
from auth.
@artecoop the work to fix this has been merged and released in mercurius v9.0.0, can you confirm that it is working as expected? mercurius-js/mercurius#599
from auth.
@jonnydgreen yes, i can confim it work as expected now. Sorry for being late to answer. I'll close this issue as resolved
from auth.
no worries at all! And thanks
from auth.
Related Issues (16)
- Review process and initial plan HOT 3
- Not compatible with mercurius 12.0.0 HOT 2
- Directive filterSchema: true -- directive to prevent "message" HOT 11
- Is there a way to make schema filtering work with external policy? HOT 4
- Subscription authentication HOT 2
- How I can set custom directives to the current field? HOT 14
- auth directive on type not being processed, federated service HOT 9
- feature: multiple directive HOT 3
- feature: filtered schema HOT 2
- Typescript support HOT 6
- support repeatable directive HOT 1
- Improving the documentation HOT 5
- Tests fail upon a fresh install HOT 6
- Allow multiple roles per query. HOT 4
- Auth directive on Union type ignores the applyPolicy function HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from auth.