我使用谷框架建设GraphQL API,我试图实现第三方快递中间件(express-rate-limit和express-slow-down)到一些查询和突变。
问题是所有graphql突变和查询使用相同的终点,所以我不能明确地告诉应适用哪个查询或突变中间件,因为你只能做的是使用路由的路径(这是整个API相同)。
import { Module, NestModule, MiddlewareConsumer, RequestMethod } from '@nestjs/common'
import * as rateLimit from 'express-rate-limit'
import * as RedisStore from 'rate-limit-redis'
import { RedisClient } from 'redis'
@Module({
providers: [],
exports: [],
})
export default class SecurityModule implements NestModule
{
constructor(protected readonly redisClient: RedisClient)
{
}
configure(consumer: MiddlewareConsumer)
{
consumer.apply(
new rateLimit({
max: 300,
windowMs: 15 * 60 * 1000,
store: new RedisStore({ client: this.redisClient }),
})).forRoutes({ path: '/graphql', method: RequestMethod.ALL }) // this would apply the middleware to all queries and mutations
}
}
于是,我就用这两个警卫和拦截器为目的,但悲惨地失败了。
这是一个失败的一个明显的原因。该Error: Can't set headers after they are sent被抛出。
/* !!! My Interceptor would like quite identical */
import { ExecutionContext, Injectable, CanActivate } from '@nestjs/common'
import * as speedLimit from 'express-slow-down'
import { Request, Response } from 'express'
@Injectable()
export default class SpeedLimitGuard implements CanActivate
{
constructor(
protected readonly options: speedLimit.Options,
) {
}
async canActivate(context: ExecutionContext): Promise<boolean> {
const { req, res }: { req: Request, res: Response } = context.getArgs()[2]
speedLimit({ ...this.options })(req, res, req.next)
return true
}
}
import { NestInterceptor, ExecutionContext, Injectable, INestApplication, INestExpressApplication } from '@nestjs/common'
import { Observable } from 'rxjs'
import * as speedLimit from 'express-slow-down'
// import { Request, Response } from 'express'
import { ApplicationReferenceHost } from '@nestjs/core'
import { RedisClient } from 'redis'
import * as RedisStore from 'rate-limit-redis'
@Injectable()
export default class SpeedLimitInterceptor implements NestInterceptor
{
constructor(private readonly appRefHost: ApplicationReferenceHost,
private readonly redisClient: RedisClient, )
{}
intercept<T>(context: ExecutionContext, call$: Observable<T>): Observable<T>
{
// const { req: request, res: response }: { req: Request, res: Response } = context.getArgs()[2]
const httpServer = this.appRefHost.applicationRef
const app: INestApplication & INestExpressApplication = httpServer.getInstance()
app.use(speedLimit({
delayAfter: 1,
store: new RedisStore({
prefix: 'test_',
client: this.redisClient,
}),
}))
app.use((req, res, next) => {
console.log('is middleware triggered', { req, res })
next()
})
return call$
}
}
有什么办法申请第三方快递中间件到GraphQL突变/查询明确?
因此,从底部,警卫工作,因为我是活人豆可以证明这一点:
@Query('getHome')
@UseGuards(GraphqlGuard)
async findOneById(@Args('id') id: string): Promise<HomeEntity> {
return await this.homeService.findOneById(id);
}
它只是工作。
这是GraphqlGuard.ts
import {ExecutionContext, Injectable} from '@nestjs/common';
import {GqlExecutionContext} from '@nestjs/graphql';
import {AuthGuard} from '@nestjs/passport';
import {ExecutionContextHost} from '@nestjs/core/helpers/execution-context.host';
import {Observable} from 'rxjs';
@Injectable()
export class GraphqlGuard extends AuthGuard('jwt') {
canActivate(context: ExecutionContext): boolean | Promise<boolean> | Observable<boolean> {
const ctx = GqlExecutionContext.create(context);
const {req} = ctx.getContext();
return super.canActivate(new ExecutionContextHost([req]));
}
}
但是一起生活情境,你必须让你的作品,所以,无论你正在传递graphql配置,有一个背景callback,对我来说是这样的:
context: (context) => {
let req = context.req;
if (context.connection) {
req = context.connection.context.req;
}
return {req};
}
我在这里检查从WebSocket的上下文连接。即时通讯使用全球拦截器的话,他们的工作就像一个魅力。但你仍然可以使用@UseInterceptors(SomeInterceptor)装饰,它也适用。顺便说一句和中间件,到了最后,我不需要任何人看守,管,校验器和拦截器对我来说是完全够用。
问候。