The process of implementing security authentication in Laravel 6, Module, and Lighthouse (using the @Rules directive, using the EXISTS rule)
1. The structure when the request responds successfully. as shown in Figure 1
Figure 1
mutation {
onlineStoreThemePreviewCodeGenerate(themeId: "vogue") {
themePreviewCode
}
}
{
"data": {
"onlineStoreThemePreviewCodeGenerate": {
"themePreviewCode": "eyJpdiI6IjZlZ3RpZzlyZmp6S3BzQWJcL0N1NVR3PT0iLCJ2YWx1ZSI6IkNGdVwvdGJMZFI2MWJPRXFMbTNhdmVOUVVCVDhzb1ZnSzFNQzd2Y1RoSElGMmw4VkxOWFppbnlNbmtjaFNnbG9FXC9Oa1hYSndRU1hlcmpFMktneFNkQmVoMjhENnoxb3dQY0lxNHZnemJrNXlLTlpNKzJmbEU4RTFXNnFza2dyVG4iLCJtYWMiOiI0NzcwZjllYjIxZDliOGFkMTU2OTdiZmVmYWViN2I2OTI5NWE0ZDFjOTBmOGU1MGMyZjI3MzBjNTQxMWE3ODQ2In0="
}
}
}
2. However, at this stage, there is no security verification for the request parameters. Reference:https://lighthouse-php.com/master/security/validation.html#single-arguments. Lighthouse allows you to use Laravel’s validation in queries and changes.
3. The change of this GraphQL API has only one request parameter, that is, themeID, and only need to verify whether this field exists in the table.
4. The easiest way to use the built-in validation rules is to use the @Rules instruction. Use EXISTS rules
extend type Mutation {
"生成主题预览代码"
onlineStoreThemePreviewCodeGenerate(themeId: ID! @rules(apply: ["exists:theme_asset,theme_id"])): OnlineStoreThemePreviewCodeGeneratePayload @field(resolver: "Modules\\ThemeStore\\Resolver\\ThemePreview\\GenerateThemePreviewCodeResolver")
}
5. Test whether the rules are valid and determine whether it is valid. as shown in Figure 2
Figure 2
mutation {
onlineStoreThemePreviewCodeGenerate(themeId: "vogue1") {
themePreviewCode
}
}
{
"errors": [
{
"message": "Validation failed for the field [onlineStoreThemePreviewCodeGenerate].",
"extensions": {
"validation": {
"themeId": [
"The selected theme id is invalid."
]
},
"category": "validation"
},
"locations": [
{
"line": 2,
"column": 3
}
],
"path": [
"onlineStoreThemePreviewCodeGenerate"
],
"trace": ...
}
],
"data": {
"onlineStoreThemePreviewCodeGenerate": null
}
}
6. Check the SQL statement in the request in Laravel Telescope.
select
count(*) as aggregate
from
`theme_asset`
where
`theme_id` = 'vogue1'
7. However, there is still a problem at this stage, because the prefix of the table name happens to be, if set toObject_, there may be problems. Requested again, found an error, in line with expectations. It means that the table prefix is automatically read in the verification rules. No need to adjust. as shown in Figure 3
Figure 3
'mysql' => [
...
'prefix' => 'object_',
],
{
"errors": [
{
"debugMessage": "SQLSTATE[42S02]: Base table or view not found: 1146 Table 'object_store.object_theme_asset' doesn't exist (SQL: select count(*) as aggregate from `object_theme_asset` where `theme_id` = vogue1)",
"message": "Internal server error",
"extensions": {
"category": "internal"
},
"locations": [
{
"line": 2,
"column": 3
}
],
"path": [
"onlineStoreThemePreviewCodeGenerate"
],
"trace": [
...
]
}
],
"data": {
"onlineStoreThemePreviewCodeGenerate": null
}
}
