Block unauthorized requests when 'anon' role is not defined

2019-11-02 17:13:17 -04:00
parent 0deb3596c5
commit 77a51924a7
14 changed files with 80 additions and 82 deletions
--- a/config/allow.list
+++ b/config/allow.list
@ -159,7 +159,6 @@ query {
  }
 }

-
 variables {
 	"data": {
 		"email": "gfk@myspace.com",
@ -272,4 +271,20 @@ query {
  }
 }

+query {
+  users {
+    id
+    email
+    picture: avatar
+    password
+    full_name
+    products(limit: 2, where: {price: {gt: 10}}) {
+      id
+      name
+      description
+      price
+    }
+  }
+}
+

--- a/config/dev.yml
+++ b/config/dev.yml
@ -12,8 +12,7 @@ log_level: "debug"
 use_allow_list: false

 # Throw a 401 on auth failure for queries that need auth
-# valid values: always, per_query, never
-auth_fail_block: never
+auth_fail_block: false

 # Latency tracing for database queries and remote joins
 # the resulting latency information is returned with the
--- a/config/prod.yml
+++ b/config/prod.yml
@ -16,8 +16,7 @@ log_level: "info"
 use_allow_list: true

 # Throw a 401 on auth failure for queries that need auth
-# valid values: always, per_query, never
-auth_fail_block: always
+auth_fail_block: true

 # Latency tracing for database queries and remote joins
 # the resulting latency information is returned with the