I have a user object, where i have created an ObjectType to ignore the Password field as it is genearlly not a good idea to expose that in my API :) However HotChocolate still returns the password field in the response.
Account.cs
public class Account {
[Key]
public string Id { get; set; }
[Required]
[StringLength(250)]
public string Email { get; set; }
[Required]
[StringLength(512)]
public string Password { get; set; }
[Required]
[Range(0, 2)]
// 0 = Landlord, 1 = Tenant, 2 = Maintenace
public int AccountType { get; set; }
[Required]
[StringLength(150)]
public string Name { get; set; }
[Required]
public long CreatedMilliseconds { get; set; }
[Required]
public long UpdatedMilliseconds { get; set; }
[Required]
public long LastSeenMilliseconds { get; set; }
}
public class AccountType : ObjectType<Account>
{
protected override void Configure(IObjectTypeDescriptor<Account> descriptor)
{
descriptor.Ignore(f => f.Password);
}
}
AccountQuery.cs
[ExtendObjectType(typeof(Query))]
public class AccountQuery {
private readonly Logger log = LogManager.GetCurrentClassLogger();
[Authorize]
public Account GetMe(ClaimsPrincipal claimsPrincipal, [Service] DataContext context) {
string userId = AuthHelper.GetUserId(claimsPrincipal);
return context.Accounts.Where(x => userId == x.Id).FirstOrDefault();
}
}
My program.cs
// Add GraphQL services
builder.Services
.AddHttpContextAccessor()
.AddDbContext<DataContext>()
.AddGraphQLServer()
.AddAuthorization()
.AddQueryType<Query>()
.AddMutationType<Mutations>()
.AddTypeExtension<AccountMutations>()
.AddTypeExtension<AccountQuery>();
