@graphql-directive/auth - npm Package Compare versions

Comparing version 1.0.1 to 1.0.2

CHANGELOG.md

		@@ -6,2 +6,10 @@ # Change Log

		## [1.0.2](https://github.com/ktutnik/graphql-directive/compare/@graphql-directive/auth@1.0.1...@graphql-directive/auth@1.0.2) (2023-04-09)

		### Bug Fixes

		- auth: Mutation should always throw error ([#40](https://github.com/ktutnik/graphql-directive/issues/40)) ([0869a38](https://github.com/ktutnik/graphql-directive/commit/0869a385c1259443dec3d72d1a45947be84b6976))
		- auth: Query resolution Filter doesn't followed properly on mutation result ([#38](https://github.com/ktutnik/graphql-directive/issues/38)) ([8fc73ac](https://github.com/ktutnik/graphql-directive/commit/8fc73ac74a28c8e4719797b007400ff8ed51f690))
		- Fix thrown GraphQLError error message ([#39](https://github.com/ktutnik/graphql-directive/issues/39)) ([9d52b52](https://github.com/ktutnik/graphql-directive/commit/9d52b521fb9e759f6824b8e0f5ceee5d43e20f31))

		## [1.0.1](https://github.com/ktutnik/graphql-directive/compare/@graphql-directive/auth@1.0.0...@graphql-directive/auth@1.0.1) (2023-04-08)
		@@ -8,0 +16,0 @@

lib/index.js

		@@ -7,2 +7,3 @@ "use strict";
		const graphql_1 = require("graphql");
		const errorCode = "GRAPHQL_AUTHORIZATION_FAILED";
		const typeDefs = /* GraphQL */ `
		@@ -45,4 +46,5 @@ directive @authorize(
		]);
		const getError = (paths) => new graphql_1.GraphQLError(`Unauthorized to access ${path}`, { extensions: { code: errorCode, paths } });
		if (inputError.length > 0) {
		throw new graphql_1.GraphQLError("AUTHORIZATION_ERROR", { extensions: { paths: inputError } });
		throw getError(inputError);
		}
		@@ -53,6 +55,6 @@ if (fieldError.length === 0) {
		if (operation === graphql_1.OperationTypeNode.MUTATION) {
		throw new graphql_1.GraphQLError("AUTHORIZATION_ERROR", { extensions: { paths: fieldError } });
		throw getError(fieldError);
		}
		if (options.queryResolution === "ThrowError") {
		throw new graphql_1.GraphQLError("AUTHORIZATION_ERROR", { extensions: { paths: fieldError } });
		throw getError(fieldError);
		}
		@@ -59,0 +61,0 @@ return undefined;

package.json

		{
		"name": "@graphql-directive/auth",
		"version": "1.0.1",
		"version": "1.0.2",
		"description": "GraphQL authorization directive",
		@@ -26,3 +26,3 @@ "main": "lib/index.js",
		"dependencies": {
		"@graphql-directive/core": "^1.0.1"
		"@graphql-directive/core": "^1.0.2"
		},
		@@ -50,3 +50,3 @@ "funding": [
		},
		"gitHead": "2ab9b1bc3d03fcead54d1ae6ef4b56e71c684a35"
		"gitHead": "3ec0b9b70ec8e23cc5a21ff20de39a1c6cf19186"
		}

readme.md

		@@ -24,3 +24,3 @@ # GraphQL Authorization Directive

		input User {
		type User {
		id: String!
		@@ -111,37 +111,2 @@ name: String!

		## Query Resolution
		Query resolution is how the query resolved based on user authorization. There are two resolution logic provided: `ThrowError` and `Filter`.

		By default the query resolution used is `Filter`, its mean that if a user doesn't have access to protected field, server will filter the value by returning `null`. Based on example above, below query will behave differently based on user role.

		```graphql
		query {
		users { name, email, role }
		}
		```

		For `Admin`, above query will return a complete result including the `role`. But for other user the `role` field will be `null`.

		> Important to note that when query resolution set to `Filter`, make sure the data type of the filed where the directive applied must be nullable. An informative error will be thrown if its not satisfied.

		`ThrowError` provide stricter authorization resolution by throwing an error when user doesn't have access to specific field. This is the best option when you strictly not allowed `null` in your schema. Based on previous example query, non admin user will get `GraphQLError` when requesting the `role` field. The error returned contains information of forbidden field path.

		```json
		{
		"data": {},
		"errors": [
		{
		"message": "AUTHORIZATION_ERROR",
		"extensions": {
		"paths": [
		"users.role"
		],
		"code": "INTERNAL_SERVER_ERROR",
		"stacktrace": [ ]
		}
		}
		]
		}
		```

		## API Documentation
		@@ -152,4 +117,2 @@



		#### Arguments
		@@ -183,1 +146,37 @@ * `options` (optional): An object that can contain the following properties:
		* `directiveArgs`: Object that is passed into the directive, for example if the directive is `@authorize(policy: "Admin, User")`, the value is `{ policy: "Admin, User" }`


		### Query Resolution
		Query resolution is how the query resolved based on user authorization. There are two resolution logic provided: `ThrowError` and `Filter`.

		By default the query resolution used is `Filter`, its mean that if a user doesn't have access to protected field, server will filter the value by returning `null`. Based on example above, below query will behave differently based on user role.

		```graphql
		query {
		users { name, email, role }
		}
		```

		For `Admin`, above query will return a complete result including the `role`. But for other user the `role` field will be `null`.

		> Important to note that when query resolution set to `Filter`, make sure the data type of the filed where the directive applied must be nullable. An informative error will be thrown if its not satisfied.

		`ThrowError` provide stricter authorization resolution by throwing an error when user doesn't have access to specific field. This is the best option when you strictly not allowed `null` in your schema. Based on previous example query, non admin user will get `GraphQLError` when requesting the `role` field. The error returned contains information of forbidden field path.

		```json
		{
		"data": {},
		"errors": [
		{
		"message": "AUTHORIZATION_ERROR",
		"extensions": {
		"paths": [
		"users.role"
		],
		"code": "INTERNAL_SERVER_ERROR",
		"stacktrace": [ ]
		}
		}
		]
		}
		```

lib/index.d.ts.map

Sorry, the diff of this file is not supported yet

lib/index.js.map

Sorry, the diff of this file is not supported yet

@graphql-directive/auth - npm Package Compare versions

Improved metrics

Worsened metrics

Dependency changes