I'm using graphql-shield on a subgraph and rover-cli to generate the schema.
I've set the fallback rule to deny everything as I don't want anything to be accessible by default. But now rover-cli fails when introspecting the subgraph. I'm aware that you can pass a token to rover but I'm unable to do so during my build process.
I've already looked at this issue: Apollo Server Federation with graphql-shield and on both graphql-shield & rover GitHub repository but not luck so far.
I've also tried to explicitly add SubgraphIntrospectQuery like so:
export const permissions = shield(
{
Query: {
SubgraphIntrospectQuery: allow,
},
},
{
fallbackRule: deny,
debug: true,
allowExternalErrors: true,
}
);
Thanks for your help!
Try this:
export const permissions = shield({
Query: {
_service: allow,
},
_Service: {
sdl: allow
}
},{
fallbackRule: deny,
debug: true,
allowExternalErrors: true,
});
This seems to be what Apollo uses when performing the introspection. You might also need to allow: "Query._entities", "Query._service", "_Entity.*", "_Service.*", "_Any.*" since these are also used by Apollo.
You should probably implement some form of security rather than using "allow" for these, but I hope this answers your question...
Related
I have a need to implement this api in loopback nodejs
https://myapi.com/part_numbers?part_number=1245,6787,89490,940044...
Any ideas on how to go about it ?
The path after part_number should accept atleast 100 partnumbers and then return me the result.
All the documentation that i have looked at in loopback talks abut only sending a get request to something like https://myapi.com/part_numbers?part_number=1245
but not about sending for multiple comma separated values
Any ideas on how do i build this endpoint using loopback and nodejs I am using mysql as the backend datastore.
Disclaimer: I am a maintainer of LoopBack and co-author of the pull request adding support for character-delimited arrays in input arguments.
LoopBack provides a feature flag to enable comma-delimited array values in input arguments, this flag was added by https://github.com/strongloop/strong-remoting/pull/142. (Unfortunately it's not documented yet.)
How to use it:
1) Configure allowed delimiters in your server/config.json:
{
"restApiRoot": "/api",
// ...
"rest": {
"handleErrors": false,
// ADD THE FOLLOWING LINE
"arrayItemDelimiters": [","],
// original content - keep it around:
"normalizeHttpPath": false,
"xml": false
},
// ...
}
2) Define a custom remote method (see docs) accepting an argument of type "array of numbers". For example, assuming you have a model called PartNumbers already defined:
PartNumbers.get = function(numbers) {
// replace this code with your implementation
// here, we simply return back the parsed array
return Promise.resolve(numbers);
};
PartNumbers.remoteMethod('get', {
accepts: {
arg: 'part_numbers',
type: ['number'],
required: true,
},
// modify "returns" to match your actual response format
returns: {
arg: 'data',
type: 'object',
root: true,
},
http: {verb: 'GET', path: '/'},
});
3) Start you application, open API Explorer at http://localhost:3000/explorer and give your new method a ride!
Hello I have model users, in which there is a foreign key of Orders model.
Now sails will automatically generate route /users/:id/orders. I have to disable this route. How to do this ? I have already tried to disable all routes of orders using: _config : { actions: false, rest: false, shortcuts: false } but it still doen't work
You can achieve this by adding custom routes, which will overwrite the blueprint action.
Use http://sailsjs.org/documentation/concepts/routes/custom-routes#?response-target-syntax
'/users/:id/orders': {response: 'forbidden'}
or http://sailsjs.org/documentation/concepts/routes/custom-routes#?function-target-syntax
'/users/:id/orders': function(req, res) {res.forbidden();}
You could control the access to this model through policies.
For blocking everything put the code below inside your /config/policies.js file:
Orders : {
'*': false
},
You could also overwrite the route
In /config/routes.js:
'/:collection/:id/:model': {response: 'forbidden'}
Or you could do the way you've done, disabling the rest routes on this model
Just make sure you put the whole block, including the export line:
module.exports = {
_config: {
rest: false
}
};
When creating a site with KeystoneJS, how might I add some site-wide configuration variables that are stored in the database - that can preferably be manipulated via the admin - in the vein of Craft CMS's 'globals'?
I can't find anything in the Keystone database documentation about this, and would prefer not to use a singleton with a Keystone list (e.g. by implementing a list that has only one item) if at all possible.
I've just had a chat with one of the Keystone developers about this. It's been widely discussed on ProductPains, and as it turns out, having a singleton with a list is currently (as of 0.3.x) the only way to do this:
Define a new model in e.g. models/Configuration.js:
const keystone = require('keystone');
const Types = keystone.Field.Types;
const Configuration = new keystone.List('Configuration', {
nocreate: true,
nodelete: true,
label: 'Configuration',
path: 'configuration',
});
Configuration.add({
siteName: { type: String },
siteDescription: { type: Types.Textarea },
});
Configuration.defaultColumns = 'siteName, siteDescription';
Configuration.register();
Add an update e.g. updates/0.0.2-configuration.js:
exports.create = {
Configuration: [
{ 'siteName': 'My site', 'siteDescription': 'TODO' }
]
};
I am beginner in sailsjs, i have multiple databases but table structure is same. So i would like to use single model and controller for all these databases.
I know we can set connection attribute in model like this
module.exports = {
connection: 'mysqlServer1',
attributes: {
userid: {
type: 'integer',
primaryKey: true
},
fbid: {
type: 'string'
},
source: {
type: 'string'
}
}
}
};
But how can we set connection dynamically runtime?
Thanks
I know this is old, but I stumbled on it looking for a solution to different problem, thought I'd answer.
The simplest way is to just set environment variables and use defaults.
For example, if you put MODELA_CONN="mysqlServer1" in your .bash_profile, or lift sails with an export like export MODELA_CONN="mysqlServer1" && sails lift, then you can just use that:
module.exports = {
connection: process.env.MODELA_CONN || "defaultMysql",
...
}
I am afraid this isn't possible yet. The closest thing you can get to a dynamic connection is using the following npm package https://github.com/sgress454/sails-hook-autoreload.
This will automatically reload sailjs with the changed connection config, without to lift sails again. But it won't cover your problem during runtime.
I have the following code in my 'user.js' model in ember-data:
export default DS.Model.extend({
organization: DS.belongsTo('organization'),
//other stuff
});
The CRUD for the website is working as expected, and in MongoDB I can see the following for the organization field of User:
"organization" : ObjectId("571974742ce868d575b79d6a"),
BUT, and I'm not sure if this is an error in my code or me not understanding how Ember-data works, I cannot access that ID from a model hook like so:
model(){
return this.store.findRecord("user", this.get("session.currentUser.id"))
.then(user => this.store.findRecord("location", {organization: user.organization}));
}
And if I go to the Ember inspector to observe the belongsTo attribute of the User object, I see:
organization: <(subclass of Ember.ObjectProxy):ember956>
But clicking through I see content: null
What am I doing wrong? Could it be a server-side error?
Edit including JSON response from server for the above findRecord("user") call:
{
"links":{
"self":"/users/5719749a2ce868d575b79d6b"
},
"included":[
{
"type":"organizations",
"id":"571974742ce868d575b79d6a",
"links":{
"self":"/organizations/571974742ce868d575b79d6a"
},
"attributes":{
"creation-date":"2016-04-22T00:46:44.779Z"
}
}
],
"jsonapi":{
"version":"1.0"
},
"data":{
"type":"users",
"id":"5719749a2ce868d575b79d6b",
"links":{
"self":"/users/5719749a2ce868d575b79d6b"
},
"attributes":{
"email":"danthwa#gmail.com",
"first-name":"Daniel",
"last-name":"Thompson",
"registration-date":"2016-04-22T00:47:22.534Z"
},
"relationships":{
"organization":{
"type":"organizations",
"id":"571974742ce868d575b79d6a"
}
}
}
}
Confirmed. As stated by Kingpin2k,
the relationships isn't being built up correctly, I think the type and id inside of organization need to be within a data object.
This applies to Ember sites expecting a JSON API spec payload, meaning they have been configured to use JSONAPISerializer for incoming payloads.