Node.js 测试安全graphql订阅
我正在尝试测试一种配置,以确保应用程序中graphql订阅的安全 这是我在阿波罗服务器构造函数中的配置:Node.js 测试安全graphql订阅,node.js,express,graphql,apollo-server,graphql-subscriptions,Node.js,Express,Graphql,Apollo Server,Graphql Subscriptions,我正在尝试测试一种配置,以确保应用程序中graphql订阅的安全 这是我在阿波罗服务器构造函数中的配置: const app = express(); const jwt_authentication = jwt({ secret: JWT_SECRET, credentialsRequired: false }) const server = new ApolloServer({ typeDefs, resolvers, intros
const app = express();
const jwt_authentication = jwt({
secret: JWT_SECRET,
credentialsRequired: false
})
const server = new ApolloServer({
typeDefs,
resolvers,
introspection: true,
playground: true,
formatError: error => {
console.log(error);
},
context: async ({req, connection }) => {
if (connection) {
return connection.context;
} else {
return some_method_to_return_user_info;
}
},
subscriptions: {
onConnect: async (connectionParams, webSocket, context) => {
const user = await jsonwebtoken.verify(connectionParams.jwt, JWT_SECRET);
const userInfo= some_method_to_return_user_info;
if (userInfo) {
return { user: userInfo };
}
throw new Error("Unauthorized subscription");
}
}
});
app.use(GRAPHQL_PATH, jwt_authentication);
//...
在GraphQL游乐场中运行订阅时,出现以下错误:
jwt must be provided
我测试了标题“Authorization”:“Bearer MY_TOKEN”
,然后测试了“jwt”:“MY_TOKEN”
,但我认为它并没有那么简单
有没有可能在不实现客户端代码的情况下测试我的订阅?我通过这样添加HTTP头在GraphQL游乐场中工作:
{
"jwt": "MY_TOKEN"
}