docs/GraphQLMiddlewares.md

id: graphql-middlewares title: GraphQL Middlewares

Casbin follows the officially suggested way to provide authorization for GraphQL endpoints by having a single source of truth for authorization: https://graphql.org/learn/authorization/ . In another word, Casbin should be placed between GraphQL layer and your business logic.

// Casbin authorization logic lives inside postRepository
var postRepository = require('postRepository');
 
var postType = new GraphQLObjectType({
  name: ‘Post’,
  fields: {
    body: {
      type: GraphQLString,
      resolve: (post, args, context, { rootValue }) => {
        return postRepository.getBody(context.user, post);
      }
    }
  }
});

Supported GraphQL middlewares

A complete list of Casbin GraphQL middlewares is provided as below. Any 3rd-party contribution on a new GraphQL middleware is welcomed, please inform us and we will put it in this list:)

Middleware	GraphQL Implementation	Author	Description
graphql-authz	graphql	Casbin	An authorization middleware for graphql-go
graphql-casbin	graphql	@esmaeilpour	An Implementation of using Graphql and Casbin together
gqlgen_casbin_RBAC_example	gqlgen	@WenyXu	(empty)

Middleware	GraphQL Implementation	Author	Description
graphql-authz	GraphQL.js	Casbin	A Casbin authorization middleware for GraphQL.js

Middleware	GraphQL Implementation	Author	Description
graphql-authz	GraphQL-core 3	@Checho3388	A Casbin authorization middleware for GraphQL-core 3