GraphQL Golang 身份验证与 JWT

Question

I have a GraphQL API that I've been writing in go and wondering how to manage JWT authentication when you already are using context to pass around data sources.

So an abbreviated version of my main function is:

import (
    "net/http"
    "github.com/graphql-go/graphql"
    gqlhandler "github.com/graphql-go/handler"
)

func queryHandler(ds *sources.DataSources, gql *gqlhandler.Handler) http.Handler {
    return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
        ctx := context.WithValue(context.Background(), sources.CtxSourcesKey, ds)
        gql.ContextHandler(ctx, w, r)
    })
}

func main() {
    apiSchema, _ := schema.CompileSchema(schema.QueryType, schema.MutationType)
    gql := gqlhandler.New(&gqlhandler.Config{
        Schema:     &apiSchema,
        GraphiQL:   !isDeployed,
        Pretty:     false,
        Playground: false,
    })
    http.ListenAndServe(":41000", util.CreateChiRouter(healthCheckHandler(), queryHandler(ctxSources, gql)))
}

As you can see, I'm already creating a new context instance to store and pass a map of my various data sources to the query resolution functions, but also need to be able to parse out the Authorization header for a possible JWT to be passed down for authenticated routes.

What's the best way to go about this given my current situation? (Combine the JWT with the data sources context? Handle data sources differently to free up context ?)

Answer 1

A common way of dealing with such authentication headers is to use a middleware to deal with authentication, and add the authentication info to the current context.

Currently, you're creating a new context. I suggest using the existing HTTP context and adding to that, so you can chain things:

ctx := context.WithValue(r.Context(), sources.CtxSourcesKey, ds)
newReq:=r.WithContext(ctx)
gql.ContextHandler(ctx, w, newReq)

And you can install a middleware that does the same:

type autoInfoKeyType int

const authInfoKey authInfoKeyType=iota

func GetAuthInfo(ctx context.Context) *AuthInfo {
   if v:=ctx.Value(authInfoKey); v!=nil {
     return v.(*AuthInfo)
   }
   return nil
}

func AuthMiddleware(next http.Handler) http.Handler {
  return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
    authInfo:=processJWT(...)
    if authInfo!=nil {
       ctx := context.WithValue(r.Context(), authInfoKey, authInfo)
       r=r.WithContext(ctx)
    }
    next.ServeHTTP(w,r)
  }
}

This way, you can check if the context has authentication info, and if so, use it.

if authInfo:=GetAuthInfo(req.Context()); authInfo!=nil {
  ...
}