GraphQL2 min read

Extensions

Extensions - bu types konfiguratsiyasida ixtiyoriy ma'lumotlarni belgilash imkonini beradigan ilg'or, past darajadagi xususiyat. Muayyan fieldlarga custom metadatani biriktirish si

Warning

Bu bob faqat code first yondashuviga tegishli.

Extensions - bu types konfiguratsiyasida ixtiyoriy ma'lumotlarni belgilash imkonini beradigan ilg'or, past darajadagi xususiyat. Muayyan fieldlarga custom metadatani biriktirish sizga yanada murakkab, umumiy yechimlar yaratish imkonini beradi. Masalan, extensions yordamida muayyan fieldlarga kirish uchun talab qilinadigan rollarni belgilashingiz mumkin. Bu rollar runtime da aks ettirilib, chaqiruvchi muayyan fieldni olish uchun yetarli ruxsatga ega-emasligini aniqlashga yordam beradi.

Custom metadata qo'shish

Field uchun custom metadatani biriktirish uchun @nestjs/graphql paketidan eksport qilinadigan @Extensions() dekoratoridan foydalaning.

TypeScript
1@Field()
2@Extensions({ role: Role.ADMIN })
3password: string;

Yuqoridagi misolda role metadata xossasiga Role.ADMIN qiymatini berdik. Role - bu tizimimizdagi barcha foydalanuvchi rollarini guruhlaydigan oddiy TypeScript enum.

Eslatma: fieldlarga metadata o'rnatishdan tashqari, @Extensions() dekoratorini klass va metod darajasida ham qo'llashingiz mumkin (masalan, query handlerda).

Custom metadatadan foydalanish

Custom metadatadan foydalanadigan mantiq kerak bo'lsa, u istalgan darajada murakkab bo'lishi mumkin. Masalan, har bir metod chaqirig'i uchun hodisalarni saqlaydigan/loglaydigan oddiy interceptor yoki fieldga kirish uchun talab qilingan rollarni chaqiruvchining ruxsatlari bilan solishtiradigan field middleware yaratishingiz mumkin (field darajasidagi ruxsat tizimi).

Ko'rsatish uchun checkRoleMiddleware yaratamiz; u foydalanuvchi rolini (bu yerda qattiq kodlangan) maqsad fieldga kirish uchun talab qilinadigan rol bilan solishtiradi:

TypeScript
1export const checkRoleMiddleware: FieldMiddleware = async (
2  ctx: MiddlewareContext,
3  next: NextFn,
4) => {
5  const { info } = ctx;
6  const { extensions } = info.parentType.getFields()[info.fieldName];
7
8  /**
9   * In a real-world application, the "userRole" variable
10   * should represent the caller's (user) role (for example, "ctx.user.role").
11   */
12  const userRole = Role.USER;
13  if (userRole === extensions.role) {
14    // or just "return null" to ignore
15    throw new ForbiddenException(
16      `User does not have sufficient permissions to access "${info.fieldName}" field.`,
17    );
18  }
19  return next();
20};

Shu bilan, password fieldi uchun middleware ni quyidagicha ro'yxatdan o'tkazishimiz mumkin:

TypeScript
1@Field({ middleware: [checkRoleMiddleware] })
2@Extensions({ role: Role.ADMIN })
3password: string;

Previous

Murakkablik

Next

CLI plagin