New middleware to limit visibility of schema elements · sangria-graphql/sangria#417

(0 comments) (1 reaction) (0 assignees)Scala (1,961 stars) (219 forks)batch import

featurehelp wanted

Description

The idea is to provide a middleware that allows to hide specific fields and types based on arbitrary logic. There hidden parts of the schema should be unavailable:

During the execution
During input value coercion (it should be possible to hide input as well as output types)
During validation
In the introspection results

The validation might be tricky since it is not aware of the middleware right now. On the other had, if for example a field is hidden, GraphQL query that uses the field should produce a violation during the validation phase. So maybe this feature needs to implemented as a new concept in the library and not necessarily as a middleware.

It should be possible to "hide" following elements of the schema:

Type (input and output)
Field (input and output)
Argument
Enum value

This idea is inspired by "Limiting Visibility" feature in graphql-ruby:

http://graphql-ruby.org/schema/limiting_visibility.html

Contributor guide

Tech stack: scala
Domain: backendsecurity
Issue type: feature
Difficulty: 4
Estimated time: over 1 week
Activity status: stale
Clarity: mostly clear
Prerequisites: GraphQL schema designsangria middleware systemScala
Newbie friendliness: 25
Research direction: Review the current middleware implementation in sangria (e.g., Middleware.scala) to understand how middleware hooks into execution and validation. Study the graphql ruby visibility feature for design patterns. Investigate the validation phase (ValidationRule.scala) to see how to propagate visibility restrictions. Propose a design that integrates with the existing schema traits.