Is it possible run a middleware for all query/mutation except any one?

Question

I want to call a http middleware for all mutation/query call in GraphQL, but do not want to call for one query ? Is that possible ?

Edit : I want to send user deactivated response, for all api which needs user to be logged-in, if user is soft deleted. But I do not want this for api to restore the user again.

How do you identify this "one query" ? is there any get parameters or url pattern ? — ml59, Jan 25 '22 at 11:13
Well, this is what, I am looking for. I have single endpoint for all graphQL apis. So ot sure how to achieve that. I have edited my question for what I want to do. — Gaurav, Jan 25 '22 at 11:19

score 0 · Answer 1 · answered Jan 25 '22 at 11:37

0

No, this is not possible. I will not add such a feature to Lighthouse.

If you need specific logic based on which GraphQL fields are used, that belongs in field middleware. HTTP and GraphQL are two separate layers and must not be conflated.

answered Jan 25 '22 at 11:37

spawnia

879
6
13

score 0 · Accepted Answer · answered Jan 25 '22 at 12:53

No this is not possible in Lighthouse.

I would recommend solving this with @guard directive. https://lighthouse-php.com/5/security/authentication.html#attemptauthentication-middleware

So basically do something like

extend type Query {
    restore(email: String!, password: String!): User
}

And then for all other queries

extend type Query @guard {
    viewer: User! @auth
}

By default if a user is soft deleted, then auth:api would not allow it to log in, so no reason to do any changes to the guard.

I have added some mechanism to allow soft delete users to be logged in, and send some customized response, if logged in user is soft deleted. — Gaurav, Jan 25 '22 at 13:19

Is it possible run a middleware for all query/mutation except any one?

2 Answers2