I’m setting up a GraphQL API on an internal application. I have an existing pipeline which requires a valid API token for all requests, and I want GraphQL requests to go through that.
However, I’d like to make /graphiql
available for users to explore the API (if they have a valid token).
(Tell me if that’s a bad idea.)
The solution I have at the moment is to provide a BogusSchema
to Absinthe.Plug.GraphiQL
:
# Actual GraphQL requests come here and require a token
scope "/" do
pipe_through [:api_token_auth, :set_graphql_context]
forward "/graphql", Absinthe.Plug, schema: MyAppWeb.GraphQL.Schema
end
scope "/" do
# no token is needed to load this page, but to run queries, you have to add a
# token header in the interface
forward "/graphiql", Absinthe.Plug.GraphiQL,
# BogusSchema is a valid but empty schema
schema: MyAppWeb.GraphQL.BogusSchema,
# advanced interface allows setting a valid token header
interface: :advanced,
# actual queries will be sent here
default_url: "/graphql"
end
I defined BogusSchema
as:
defmodule MyAppWeb.GraphQL.BogusSchema do
use Absinthe.Schema
query do
# nothing
end
end
This works but is a hack.
Is there a better solution I’m missing?