没有不值得去解决的问题,也没有不值得去学习的技术!

The process of implementing security authentication in Laravel 6, Module, and Lighthouse (using the @Rules directive, using the EXISTS rule)

测试验证规则是否有效,确定有效

1. The structure when the request responds successfully. as shown in Figure 1

当请求响应成功时的结构
Figure 1


mutation {
  onlineStoreThemePreviewCodeGenerate(themeId: "vogue") {
    themePreviewCode
  }
}




{
  "data": {
    "onlineStoreThemePreviewCodeGenerate": {
      "themePreviewCode": "eyJpdiI6IjZlZ3RpZzlyZmp6S3BzQWJcL0N1NVR3PT0iLCJ2YWx1ZSI6IkNGdVwvdGJMZFI2MWJPRXFMbTNhdmVOUVVCVDhzb1ZnSzFNQzd2Y1RoSElGMmw4VkxOWFppbnlNbmtjaFNnbG9FXC9Oa1hYSndRU1hlcmpFMktneFNkQmVoMjhENnoxb3dQY0lxNHZnemJrNXlLTlpNKzJmbEU4RTFXNnFza2dyVG4iLCJtYWMiOiI0NzcwZjllYjIxZDliOGFkMTU2OTdiZmVmYWViN2I2OTI5NWE0ZDFjOTBmOGU1MGMyZjI3MzBjNTQxMWE3ODQ2In0="
    }
  }
}


2. However, at this stage, there is no security verification for the request parameters. Reference:https://lighthouse-php.com/master/security/validation.html#single-arguments. Lighthouse allows you to use Laravel’s validation in queries and changes.

3. The change of this GraphQL API has only one request parameter, that is, themeID, and only need to verify whether this field exists in the table.

4. The easiest way to use the built-in validation rules is to use the @Rules instruction. Use EXISTS rules


extend type Mutation {
    "生成主题预览代码"
    onlineStoreThemePreviewCodeGenerate(themeId: ID! @rules(apply: ["exists:theme_asset,theme_id"])): OnlineStoreThemePreviewCodeGeneratePayload @field(resolver: "Modules\\ThemeStore\\Resolver\\ThemePreview\\GenerateThemePreviewCodeResolver")
}


5. Test whether the rules are valid and determine whether it is valid. as shown in Figure 2

测试验证规则是否有效,确定有效
Figure 2


mutation {
  onlineStoreThemePreviewCodeGenerate(themeId: "vogue1") {
    themePreviewCode
  }
}




{
  "errors": [
    {
      "message": "Validation failed for the field [onlineStoreThemePreviewCodeGenerate].",
      "extensions": {
        "validation": {
          "themeId": [
            "The selected theme id is invalid."
          ]
        },
        "category": "validation"
      },
      "locations": [
        {
          "line": 2,
          "column": 3
        }
      ],
      "path": [
        "onlineStoreThemePreviewCodeGenerate"
      ],
      "trace": ...
    }
  ],
  "data": {
    "onlineStoreThemePreviewCodeGenerate": null
  }
}


6. Check the SQL statement in the request in Laravel Telescope.


select
  count(*) as aggregate
from
  `theme_asset`
where
  `theme_id` = 'vogue1'


7. However, there is still a problem at this stage, because the prefix of the table name happens to be, if set toObject_, there may be problems. Requested again, found an error, in line with expectations. It means that the table prefix is automatically read in the verification rules. No need to adjust. as shown in Figure 3

但是,现阶段还存在一个问题,因为表名称的前缀恰好是 '',如果设置为 'object_',可能会有问题。再次请求,发现报错,符合预期。说明验证规则中会自动读取表前缀的。无需要调整
Figure 3

        'mysql' => [
            ...
            'prefix' => 'object_',
        ],



{
  "errors": [
    {
      "debugMessage": "SQLSTATE[42S02]: Base table or view not found: 1146 Table 'object_store.object_theme_asset' doesn't exist (SQL: select count(*) as aggregate from `object_theme_asset` where `theme_id` = vogue1)",
      "message": "Internal server error",
      "extensions": {
        "category": "internal"
      },
      "locations": [
        {
          "line": 2,
          "column": 3
        }
      ],
      "path": [
        "onlineStoreThemePreviewCodeGenerate"
      ],
      "trace": [
        ...
      ]
    }
  ],
  "data": {
    "onlineStoreThemePreviewCodeGenerate": null
  }
}


需要长期技术维护或远程问题排查?

我是拥有 15+ 年经验的 PHP / Go 后端工程师,长期关注已有系统维护、Bug 修复、性能优化、服务器排查、WordPress 网站维护和小功能迭代。

如果你的项目遇到以下情况,可以先从一次小问题排查开始合作:

  • ✅ PHP / Laravel / Yii2 老项目无人维护
  • ✅ Go / Gin 后端接口需要排查或优化
  • ✅ WordPress 网站访问慢、报错或插件冲突
  • ✅ Nginx / MySQL / Redis / Linux 服务器异常
  • ✅ CDN / Cloudflare / DNS / HTTPS 配置问题
  • ✅ 需要长期远程技术支持或兼职维护

更多介绍请查看:关于我 & 合作

微信:13980074657
邮箱:shuijingwanwq@gmail.com
Telegram:@shuijingwan
GitHub:https://github.com/shuijingwan

评论

发表回复

您的邮箱地址不会被公开。 必填项已用 * 标注

这个站点使用 Akismet 来减少垃圾评论。了解你的评论数据如何被处理