/field-guard

Adding security layer to GraphQL schema

Primary LanguagePHPMIT LicenseMIT

Field Guard

Middleware for adding security layer to GraphQL schema

unit tests codecov

Getting Started

Install this package via Composer

composer require x-graphql/field-guard

Usages

Create permissions array mapping object type name, and it fields with rule, rule can be boolean or instance of XGraphQL\FieldGuard\RuleInterface:

use GraphQL\Type\Definition\ResolveInfo;
use XGraphQL\FieldGuard\RuleInterface;

$isAdminRule = new class implements RuleInterface {
    public function allows(mixed $value, array $args, mixed $context, ResolveInfo $info) : bool{
        return $context->isAdmin();
    }
    
    public function shouldRemember(mixed $value,array $args,mixed $context,ResolveInfo $info) : bool{
        return true;
    }
};

$permissions = [
    'Query' => [
        'getUser' => true, /// all user can get user.
        'getBook' => false, /// deny all user to get book.
    ],
    'Mutation' => [
        'createUser' => $isAdminRule, /// only admin user can create user.
    ]   
];

Then create middleware with $permissions above and apply to schema:

use XGraphQL\FieldMiddleware\FieldMiddleware;
use XGraphQL\FieldGuard\FieldGuardMiddleware;

$schema = ...
$guardMiddleware = new FieldGuardMiddleware($permissions);

FieldMiddleware::apply($schema, [$guardMiddleware]);

Credits

Created by Minh Vuong