Casbin follows the officially suggested way to provide authorization for GraphQL endpoints by having a single source of truth for authorization: https://graphql.org/learn/authorization/ . In another word, Casbin should be placed between GraphQL layer and your business logic.
// Casbin authorization logic lives inside postRepository var postRepository = require('postRepository'); var postType = new GraphQLObjectType({ name: ‘Post’, fields: { body: { type: GraphQLString, resolve: (post, args, context, { rootValue }) => { return postRepository.getBody(context.user, post); } } } });
A complete list of Casbin GraphQL middlewares is provided as below. Any 3rd-party contribution on a new GraphQL middleware is welcomed, please inform us and we will put it in this list:)
| Middleware | GraphQL Implementation | Author | Description |
|---|---|---|---|
| graphql-authz | graphql | Casbin | An authorization middleware for graphql-go |
| graphql-casbin | graphql | @esmaeilpour | An Implementation of using Graphql and Casbin together |
| gqlgen_casbin_RBAC_example | gqlgen | @WenyXu | (empty) |
| Middleware | GraphQL Implementation | Author | Description |
|---|---|---|---|
| graphql-authz | GraphQL.js | Casbin | A Casbin authorization middleware for GraphQL.js |