https://www.prisma.io/ logo
Join Slack
Powered by
From a @nexus/schema / nexus-plugin-prisma standpo...
# graphql-nexus
a
From a @nexus/schema / nexus-plugin-prisma standpoint, what is a recommended way to do field level authorisation / permission checks? Field authorize plugin, graphql-shield, other? I’m in the process of upgrading a project to prisma 2, latest nexus etc and are coming from an older nexus setup where we’re using graphql-shield in combination with graphql-middleware to do this today. With the breaking changes in nexus@0.16 of upgrading to graphql@15 I’m getting peer dependency warnings about graphql from graphql-middleware (running the latest version). There is an issue created back in April about graphql@15 support for graphql-middleware (https://github.com/prisma-labs/graphql-middleware/issues/254) with not much info on whether this is planned to be addressed with or not.  So far things seems to work for me regardless of this warning but given that its not yet supported by graphql-middleware I’d like to collect some info on whether I should look at some other authorisation solution to replace graphql-shield. Any input here that would help me decide the way forward is appreciated 🙂
r
Hey @andreas 👋 I think updating GraphQL Shield and Nexus should work fine with 
graphql
version 15 if you’re using the latest version of Apollo Server. I personally have used shield and it works well with field-resolvers.
l
This one works nicely
💯 1
a
Hey @Ryan, I’m already running the latest version of 
graphql-shield
, 
nexus
and 
apollo-server
and thats when I’m seeing these warnings. We’ve been using shield for quite some time and it has worked well for us I would say. However, in this upgrade process, I guess I’m more interested in finding out whether one can expect an updated version of 
graphql-middleware
with 
graphql@15
support or if I should look at some alternative solution. 🙂 Too me, looking at the activity in 
graphql-middleware
I’m starting to think that the project might be dead. Given that is a prisma-labs project I figured I could ask here in case someone got some insights into this. 🙂 
graphql-shield
though seems to be maintained still so I guess it would be unfortunate for all non yoga users if the middleware project is not anymore as this is the way to use it with other graphql servers AFAIK..
Thx @lewebsimple, I’ll have a look at that. 🙂
r
I have a sample project setup here currently if you would like to take a look at. I use this same config in most of my projects where I do not get any 
graphql
version mismatch issues 🙂
a
Ok, I’ll do some comparison between that and my project then to see what might be different dependency wise. Thx 🙂
👍 1
@Ryan I’m seeing the same peer dependency warnings in your sample project.
Copy code
npm WARN graphql-middleware@4.0.2 requires a peer of graphql@^0.12.0 || ^0.13.0 || ^14.0.0 but none is installed. You must install peer dependencies yourself.
npm WARN nexus-plugin-prisma@0.23.1 requires a peer of @nexus/schema@^0.15.0 || ^0.16.0 || ^0.17.0 but none is installed. You must install peer dependencies yourself.
npm WARN nexus-plugin-prisma@0.23.1 requires a peer of @prisma/client@2.10.0 but none is installed. You must install peer dependencies yourself.
npm WARN graphql-subscriptions@1.1.0 requires a peer of graphql@^0.10.5 || ^0.11.3 || ^0.12.0 || ^0.13.0 || ^14.0.0 but none is installed. You must install peer dependencies yourself.
npm WARN graphql-upload@8.1.0 requires a peer of graphql@0.13.1 - 14 but none is installed. You must install peer dependencies yourself.
npm WARN graphql-auth@ No repository field.
d
I wish https://github.com/ryands17/nexus-auth was in the offical documentation, that would be so much more helpful
Open in Slack
PreviousNext
Powered by