collegeimprovements · August 7, 2018 18:34
diff --git a/gistfile1.txt b/gistfile1.txt
 Hey team :wave::skin-tone-5: , would anyone have an example of using field metadata with middleware for auth?
 Say something to take in roles allowed for a field

 rhnonose [10:33 PM]
 I do that in the resolver, but would be interested if there's a good way of doing it with middlewares

 wackyzacck [10:39 PM]
 @rhnonose yeah so someone gave the the solution a few weeks here,  you can do it in the middleware I expect its a case of using the metadata (edited)

 avotre [11:01 PM]
 We do most of our auth in resolvers also, but you can add it to a middle where like this
 Auth Middleware 
 defmodule App.Schema
 …
 def middleware(middleware, _field, %Absinthe.Type.Object{identifier: identifier})
 when identifier in [:query, :subscription] do
  [{{Authorize, :call}, [:passed_in_arg]} | middleware]
 end
 …
 end

 defmodule App.Middleware.Authorize do
 @behaviour Absinthe.Middleware

 @spec call(Absinthe.Resolution.t(), list) :: Absinthe.Resolution.t()
 def call(resolution, passed_in_arg_from_above) do
  with %{current_user: user} <- resolution.context,
     true <- some_assertion(user)
   resolution
  else
   _ ->
    resolution
    |> Absinthe.Resolution.put_result({:error, :unauthorized})
  end
 end
 Collapse 

 avotre [11:02 PM]
 That way you can apply the middleware by pattern matching - does anyone have an alternative way to do that?

 rhnonose [11:03 PM]
 :thinking_face:

 avotre [11:03 PM]
 In that example, the `:passed_in_arg` would be a role, or some way to determine if they are allowed to see it
 you can apply that to a single field too -
 ```field :field_name, :return_type do
      arg(:id, non_null(:id))
      middleware(Authorize, [:admin])
      resolve(&fnx/2)
    end```

 rhnonose [11:13 PM]
 well that definitely looks cleaner

 avotre [11:16 PM]
 Truth. The benefit of the first way is, if you want to apply that middleware everywhere you only write it once. Or you want to access the field before applying the middleware. Slightly more flexible I think, but more verbose

 skinnygeek1010 [4:47 AM]
 Does anyone know what the best error logging service for Elixir and Absinthe is? I'm currently using Rollbar with Absinthe 1.3.2 and my error logs are really useless sometimes. This one is somewhat helpful because it has the resolver function to narrow it down but a lot of times I have no clue what the input params were so I can't pull up any other data

 Example:
 ```subject line
 #1125 #PID<0.7602.0> running MyApp.Api.Endpoint (cowboy_protocol) terminated

 stacktrace
 #PID<0.7602.0> running Foo.Api.Endpoint (cowboy_protocol) terminated
 Server: myapp-prod.herokuapp.com:80 (http)
 Request: POST /graphql
 ** (exit) an exception was raised:
    ** (KeyError) key :id not found in: %{__absinthe_plug__: %{uploads: %{}}}
        (api) lib/resolvers/whitelabel.ex:202: Api.WhitelabelResolver.create_thing/2
        (absinthe) lib/absinthe/resolution.ex:145: Absinthe.Resolution.call/2
        (absinthe) lib/absinthe/phase/document/execution/resolution.ex:191: Absinthe.Phase.Document.Execution.Resolution.reduce_resolution/1
        (absinthe) lib/absinthe/phase/document/execution/resolution.ex:161: Absinthe.Phase.Document.Execution.Resolution.do_resolve_field/4
        (absinthe) lib/absinthe/phase/document/execution/resolution.ex:147: Absinthe.Phase.Document.Execution.Resolution.do_resolve_fields/6
        (absinthe) lib/absinthe/phase/document/execution/resolution.ex:87: Absinthe.Phase.Document.Execution.Resolution.walk_result/5
        (absinthe) lib/absinthe/phase/document/execution/resolution.ex:57: Absinthe.Phase.Document.Execution.Resolution.perform_resolution/3
        (absinthe) lib/absinthe/phase/document/execution/resolution.ex:25: Absinthe.Phase.Document.Execution.Resolution.resolve_current/3```

 rhnonose [6:27 AM]
 I'm pretty satisfied with apollo engine
 the UI is amazing
 what sucks is that free tier only has 1 day retention and alerts are premium only and the cheapest plan is 99 USD

 skinnygeek1010 [7:23 AM]
 @rhnonose ah ok great i'll check that out, I didn't realize it worked with Elixir/non node apps!

 rhnonose [7:27 AM]
 well, you've gotta setup a proxy, but it's fine
	Hey team :wave::skin-tone-5: , would anyone have an example of using field metadata with middleware for auth?
	Say something to take in roles allowed for a field

	rhnonose [10:33 PM]
	I do that in the resolver, but would be interested if there's a good way of doing it with middlewares

	wackyzacck [10:39 PM]
	@rhnonose yeah so someone gave the the solution a few weeks here, you can do it in the middleware I expect its a case of using the metadata (edited)

	avotre [11:01 PM]
	We do most of our auth in resolvers also, but you can add it to a middle where like this
	Auth Middleware
	defmodule App.Schema
	…
	def middleware(middleware, _field, %Absinthe.Type.Object{identifier: identifier})
	when identifier in [:query, :subscription] do
	[{{Authorize, :call}, [:passed_in_arg]} \| middleware]
	end
	…
	end

	defmodule App.Middleware.Authorize do
	@behaviour Absinthe.Middleware

	@spec call(Absinthe.Resolution.t(), list) :: Absinthe.Resolution.t()
	def call(resolution, passed_in_arg_from_above) do
	with %{current_user: user} <- resolution.context,
	true <- some_assertion(user)
	resolution
	else
	_ ->
	resolution
	\|> Absinthe.Resolution.put_result({:error, :unauthorized})
	end
	end
	Collapse

	avotre [11:02 PM]
	That way you can apply the middleware by pattern matching - does anyone have an alternative way to do that?

	rhnonose [11:03 PM]
	:thinking_face:

	avotre [11:03 PM]
	In that example, the `:passed_in_arg` would be a role, or some way to determine if they are allowed to see it
	you can apply that to a single field too -
	```field :field_name, :return_type do
	arg(:id, non_null(:id))
	middleware(Authorize, [:admin])
	resolve(&fnx/2)
	end```

	rhnonose [11:13 PM]
	well that definitely looks cleaner

	avotre [11:16 PM]
	Truth. The benefit of the first way is, if you want to apply that middleware everywhere you only write it once. Or you want to access the field before applying the middleware. Slightly more flexible I think, but more verbose

	skinnygeek1010 [4:47 AM]
	Does anyone know what the best error logging service for Elixir and Absinthe is? I'm currently using Rollbar with Absinthe 1.3.2 and my error logs are really useless sometimes. This one is somewhat helpful because it has the resolver function to narrow it down but a lot of times I have no clue what the input params were so I can't pull up any other data

	Example:
	```subject line
	#1125 #PID<0.7602.0> running MyApp.Api.Endpoint (cowboy_protocol) terminated

	stacktrace
	#PID<0.7602.0> running Foo.Api.Endpoint (cowboy_protocol) terminated
	Server: myapp-prod.herokuapp.com:80 (http)
	Request: POST /graphql
	** (exit) an exception was raised:
	** (KeyError) key :id not found in: %{__absinthe_plug__: %{uploads: %{}}}
	(api) lib/resolvers/whitelabel.ex:202: Api.WhitelabelResolver.create_thing/2
	(absinthe) lib/absinthe/resolution.ex:145: Absinthe.Resolution.call/2
	(absinthe) lib/absinthe/phase/document/execution/resolution.ex:191: Absinthe.Phase.Document.Execution.Resolution.reduce_resolution/1
	(absinthe) lib/absinthe/phase/document/execution/resolution.ex:161: Absinthe.Phase.Document.Execution.Resolution.do_resolve_field/4
	(absinthe) lib/absinthe/phase/document/execution/resolution.ex:147: Absinthe.Phase.Document.Execution.Resolution.do_resolve_fields/6
	(absinthe) lib/absinthe/phase/document/execution/resolution.ex:87: Absinthe.Phase.Document.Execution.Resolution.walk_result/5
	(absinthe) lib/absinthe/phase/document/execution/resolution.ex:57: Absinthe.Phase.Document.Execution.Resolution.perform_resolution/3
	(absinthe) lib/absinthe/phase/document/execution/resolution.ex:25: Absinthe.Phase.Document.Execution.Resolution.resolve_current/3```

	rhnonose [6:27 AM]
	I'm pretty satisfied with apollo engine
	the UI is amazing
	what sucks is that free tier only has 1 day retention and alerts are premium only and the cheapest plan is 99 USD

	skinnygeek1010 [7:23 AM]
	@rhnonose ah ok great i'll check that out, I didn't realize it worked with Elixir/non node apps!

	rhnonose [7:27 AM]
	well, you've gotta setup a proxy, but it's fine