Use Rover with graphql-shield

Question

Use Rover with graphql-shield

262 views Asked by LilTits At 03 February 2022 at 08:06

I'm using graphql-shield on a subgraph and rover-cli to generate the schema.

I've set the fallback rule to deny everything as I don't want anything to be accessible by default. But now rover-cli fails when introspecting the subgraph. I'm aware that you can pass a token to rover but I'm unable to do so during my build process.

I've already looked at this issue: Apollo Server Federation with graphql-shield and on both graphql-shield & rover GitHub repository but not luck so far.

I've also tried to explicitly add SubgraphIntrospectQuery like so:

export const permissions = shield(
  {
    Query: {
      SubgraphIntrospectQuery: allow,
    },

  },
  {
    fallbackRule: deny,
    debug: true,
    allowExternalErrors: true,
  }
);

Thanks for your help!

Original Q&A

There are 1 answers

**Namyts** · Accepted Answer · 2022-03-02 12:46:09

Try this:

export const permissions = shield({
    Query: {
        _service: allow,
    },
    _Service: {
        sdl: allow
    }
},{
    fallbackRule: deny,
    debug: true,
    allowExternalErrors: true,
});

This seems to be what Apollo uses when performing the introspection. You might also need to allow: "Query._entities", "Query._service", "_Entity.*", "_Service.*", "_Any.*" since these are also used by Apollo.

You should probably implement some form of security rather than using "allow" for these, but I hope this answers your question...

TechQA.

Use Rover with graphql-shield

There are 1 answers

Related Questions in NODE.JS

Related Questions in GRAPHQL

Related Questions in APOLLO-FEDERATION

Related Questions in GRAPHQL-SHIELD

Popular Questions

Popular Tags

Trending Questions