Moving On

We covered quite a bit in this chapter! We delved into how the client can request a token from the server and how that token is used in subsequent requests. You discovered the Absinthe context and how values placed inside of it are available in resolution functions. We also had an opportunity to see how middleware can be used ahead of resolvers to prevent unauthorized resolution, and how the structure of our schema itself can be used to manage authorization in a more user-friendly way.

Before moving to the next chapter:

  1. We’ve added some basic authorization to the API; review the rest of the schema and add authorization rules on the remaining mutations. Lock them down!
  2. Imagine that you want to create a way for employees to look up the order history of a customer. How would you do it? How could you secure it?
  3. We updated the new_order subscription to prevent security holes. Make similar updates to the other subscription fields to prevent customers from subscribing to orders that don’t belong to them.

With our API secured, we’re about ready to expose it to the Internet as a whole. Before we do so, though, we need to look at the tools and patterns Absinthe provides to support high-performance data access.

Footnotes

[26]

https://hex.pm

[27]

https://hexdocs.pm/absinthe_phoenix/Absinthe.Phoenix.Socket.html#put_options/2

[28]

https://facebook.github.io/relay/

Copyright © 2018, The Pragmatic Bookshelf.
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.189.171.153