x-graphql / field-guard
Managing access control of object fields
Installs: 11 642
Dependents: 0
Suggesters: 0
Security: 0
Stars: 0
Watchers: 0
Forks: 0
Open Issues: 0
Requires
- php: >=8.2
- webonyx/graphql-php: ^15.9
- x-graphql/field-middleware: ^0.1.0
Requires (Dev)
- phpunit/phpunit: ^11.0
- symplify/easy-coding-standard: ^12.1
README
Middleware for adding security layer to GraphQL schema
Getting Started
Install this package via Composer
composer require x-graphql/field-guard
Usages
Create permissions array mapping object type name, and it fields with rule, rule can be
boolean or instance of XGraphQL\FieldGuard\RuleInterface
:
use GraphQL\Type\Definition\ResolveInfo; use XGraphQL\FieldGuard\RuleInterface; $isAdminRule = new class implements RuleInterface { public function allows(mixed $value, array $args, mixed $context, ResolveInfo $info) : bool{ return $context->isAdmin(); } public function shouldRemember(mixed $value,array $args,mixed $context,ResolveInfo $info) : bool{ return true; } }; $permissions = [ 'Query' => [ 'getUser' => true, /// all user can get user. 'getBook' => false, /// deny all user to get book. ], 'Mutation' => [ 'createUser' => $isAdminRule, /// only admin user can create user. ] ];
Then create middleware with $permissions
above and apply to schema:
use XGraphQL\FieldMiddleware\FieldMiddleware; use XGraphQL\FieldGuard\FieldGuardMiddleware; $schema = ... $guardMiddleware = new FieldGuardMiddleware($permissions); FieldMiddleware::apply($schema, [$guardMiddleware]);
Credits
Created by Minh Vuong