There are no recipes for this which is surprising as it seems like a pretty basic use case.
If a request does not have a valid token, we want to return a 403 to the user. But trying to do that results in an empty response and "missing response context" error.
So this is currently the middleware:
func (auth \*Auth) Middleware() gin.HandlerFunc {
return func(c \*gin.Context) {
_, err := auth.Validate(c.Request.Context(), c.Request)
if (err != nil) {
c.AbortWithError(http.StatusForbidden, err)
return
}
c.Next()
}
}
Using it here in server.go
func Register(config \*viper.Viper, broker \*broker.Broker, metrics \*metrics.Metrics, clients *clients.Clients, auth \*auth.Auth) {
//...
r.Use(auth.Middleware())
//...
r.POST("/query", graphqlHandler(broker, clients, metrics))
r.GET("/query", graphqlHandler(broker, clients, metrics))
r.GET("/", playgroundHandler())
_ = r.Run()
}
There is no response returned in the event of an invalid token and you get:
missing response context
I was thinking I could use graphql.WithResponseContext but since that's immutable and we are aborting so there is no "next", there is no place for that context to go.
