Run middleware on a per-field basis

config/config.php

@@ -33,10 +33,16 @@
     | Additional configuration for the route group.
     | Check options here https://lumen.laravel.com/docs/routing#route-groups
     |
+    | Beware that middleware defined here runs before the GraphQL execution phase.
+    | This means that errors will cause the whole query to abort and return a
+    | response that is not spec-compliant. It is preferable to use directives
+    | to add middleware to single fields in the schema.
+    | Read more about this in the docs https://lighthouse-php.netlify.com/docs/auth.html#apply-auth-middleware
+    |
     */
     'route' => [
         'prefix' => '',
-        // 'middleware' => ['web','api'],    // [ 'loghttp']
+        // 'middleware' => ['loghttp']
     ],
 
     /*

src/Execution/ContextFactory.php

@@ -18,6 +18,6 @@ class ContextFactory implements CreatesContext
      */
     public function generate(Request $request): GraphQLContext
     {
-        return new Context($request, $request->user());
+        return new Context($request);
     }
 }

src/GraphQL.php

@@ -17,7 +17,6 @@
 use Nuwave\Lighthouse\Schema\AST\ASTBuilder;
 use Nuwave\Lighthouse\Schema\AST\DocumentAST;
 use Nuwave\Lighthouse\Schema\DirectiveRegistry;
-use Nuwave\Lighthouse\Schema\MiddlewareRegistry;
 use GraphQL\Validator\Rules\DisableIntrospection;
 use Nuwave\Lighthouse\Execution\DataLoader\BatchLoader;
 use Nuwave\Lighthouse\Schema\Source\SchemaSourceProvider;
@@ -326,16 +325,6 @@ public function schema(): TypeRegistry
         return $this->types();
     }
 
-    /**
-     * @return MiddlewareRegistry
-     *
-     * @deprecated Use resolve() instead, will be removed in v3
-     */
-    public function middleware(): MiddlewareRegistry
-    {
-        return resolve(MiddlewareRegistry::class);
-    }
-
     /**
      * @return NodeRegistry
      *

src/Providers/LighthouseServiceProvider.php

@@ -10,7 +10,6 @@
 use Nuwave\Lighthouse\Schema\TypeRegistry;
 use Nuwave\Lighthouse\Execution\ContextFactory;
 use Nuwave\Lighthouse\Schema\DirectiveRegistry;
-use Nuwave\Lighthouse\Schema\MiddlewareRegistry;
 use Nuwave\Lighthouse\Execution\GraphQLValidator;
 use Nuwave\Lighthouse\Schema\Source\SchemaStitcher;
 use Nuwave\Lighthouse\Schema\Factories\ValueFactory;
@@ -67,7 +66,6 @@ public function register()
         $this->app->singleton(DirectiveRegistry::class);
         $this->app->singleton(ExtensionRegistry::class);
         $this->app->singleton(NodeRegistry::class);
-        $this->app->singleton(MiddlewareRegistry::class);
         $this->app->singleton(TypeRegistry::class);
         $this->app->singleton(CreatesContext::class, ContextFactory::class);
 

src/Schema/Context.php

@@ -3,43 +3,42 @@
 namespace Nuwave\Lighthouse\Schema;
 
 use Illuminate\Http\Request;
-use Illuminate\Contracts\Auth\Authenticatable as User;
+use Illuminate\Contracts\Auth\Authenticatable;
 use Nuwave\Lighthouse\Support\Contracts\GraphQLContext;
 
 class Context implements GraphQLContext
 {
     /**
-     * Http request.
+     * An instance of the incoming HTTP request.
      *
      * @var Request
      */
     public $request;
 
     /**
-     * Authenticated user.
+     * An instance of the currently authenticated user.
      *
-     * May be null since some fields may be accessible without authentication.
-     *
-     * @var User|null
+     * @var Authenticatable|null
      */
     public $user;
 
     /**
      * Create new context.
      *
      * @param Request   $request
-     * @param User|null $user
      */
-    public function __construct(Request $request, User $user = null)
+    public function __construct(Request $request)
     {
         $this->request = $request;
-        $this->user = $user;
+        $this->user = $request->user();
     }
 
     /**
-     * Get instance of authorized user.
+     * Get instance of authenticated user.
+     *
+     * May be null since some fields may be accessible without authentication.
      *
-     * @return User|null
+     * @return Authenticatable|null
      */
     public function user()
     {

src/Schema/Directives/Fields/MiddlewareDirective.php

@@ -2,19 +2,55 @@
 
 namespace Nuwave\Lighthouse\Schema\Directives\Fields;
 
+use Illuminate\Http\Request;
+use Illuminate\Routing\Router;
+use GraphQL\Language\AST\Node;
+use GraphQL\Language\AST\NodeList;
+use Illuminate\Support\Collection;
+use Nuwave\Lighthouse\Support\Pipeline;
+use GraphQL\Type\Definition\ResolveInfo;
+use Nuwave\Lighthouse\Schema\AST\ASTHelper;
+use Nuwave\Lighthouse\Schema\AST\DocumentAST;
+use GraphQL\Language\AST\FieldDefinitionNode;
+use Illuminate\Routing\MiddlewareNameResolver;
+use Nuwave\Lighthouse\Schema\AST\PartialParser;
 use Nuwave\Lighthouse\Schema\Values\FieldValue;
-use Nuwave\Lighthouse\Schema\MiddlewareRegistry;
+use Nuwave\Lighthouse\Exceptions\ParseException;
+use GraphQL\Language\AST\ObjectTypeExtensionNode;
+use GraphQL\Language\AST\ObjectTypeDefinitionNode;
+use Nuwave\Lighthouse\Exceptions\DirectiveException;
 use Nuwave\Lighthouse\Schema\Directives\BaseDirective;
+use Nuwave\Lighthouse\Support\Contracts\CreatesContext;
+use Nuwave\Lighthouse\Support\Contracts\GraphQLContext;
+use Nuwave\Lighthouse\Support\Contracts\NodeManipulator;
 use Nuwave\Lighthouse\Support\Contracts\FieldMiddleware;
 
-class MiddlewareDirective extends BaseDirective implements FieldMiddleware
+class MiddlewareDirective extends BaseDirective implements FieldMiddleware, NodeManipulator
 {
+    /** @var string todo remove as soon as name() is static itself */
+    const NAME = 'middleware';
+
+    /** @var Pipeline */
+    protected $pipeline;
+    /** @var CreatesContext */
+    protected $createsContext;
+
+    /**
+     * @param Pipeline $pipeline
+     * @param CreatesContext $createsContext
+     */
+    public function __construct(Pipeline $pipeline, CreatesContext $createsContext)
+    {
+        $this->pipeline = $pipeline;
+        $this->createsContext = $createsContext;
+    }
+
     /**
      * Name of the directive.
      *
      * @return string
      */
-    public function name()
+    public function name(): string
     {
         return 'middleware';
     }
@@ -27,52 +63,114 @@ public function name()
      *
      * @return FieldValue
      */
-    public function handleField(FieldValue $value, \Closure $next)
+    public function handleField(FieldValue $value, \Closure $next): FieldValue
     {
-        $checks = $this->getChecks($value);
-
-        if ($checks) {
-            $middlewareRegistry = resolve(MiddlewareRegistry::class);
-
-            if ('Query' === $value->getNodeName()) {
-                $middlewareRegistry->registerQuery(
-                    $value->getFieldName(),
-                    $checks
-                );
-            } elseif ('Mutation' === $value->getNodeName()) {
-                $middlewareRegistry->registerMutation(
-                    $value->getFieldName(),
-                    $checks
-                );
-            }
-        }
+        $middleware = $this->getQualifiedMiddlewareNames(
+            $this->directiveArgValue('checks')
+        );
+        $resolver = $value->getResolver();
 
-        return $next($value);
+        return $next(
+            $value->setResolver(
+                function ($root, array $args, GraphQLContext $context, ResolveInfo $resolveInfo) use ($resolver, $middleware) {
+                    return $this->pipeline
+                        ->send($context->request())
+                        ->through($middleware)
+                        ->then(function (Request $request) use ($resolver, $root, $args, $resolveInfo){
+                            return $resolver(
+                                $root,
+                                $args,
+                                $this->createsContext->generate($request),
+                                $resolveInfo
+                            );
+                        });
+                }
+            )
+        );
     }
 
     /**
-     * Get middleware checks.
+     * @param Node $node
+     * @param DocumentAST $documentAST
      *
-     * @param FieldValue $value
+     * @throws ParseException
+     * @throws DirectiveException
      *
-     * @return array|null
+     * @return DocumentAST
      */
-    protected function getChecks(FieldValue $value)
+    public function manipulateSchema(Node $node, DocumentAST $documentAST): DocumentAST
     {
-        if (! in_array($value->getNodeName(), ['Mutation', 'Query'])) {
-            return null;
+        return $documentAST->setDefinition(
+            self::addMiddlewareDirectiveToFields(
+                $node,
+                $this->directiveArgValue('checks')
+            )
+        );
+    }
+
+    /**
+     * @param ObjectTypeDefinitionNode|ObjectTypeExtensionNode $objectType
+     * @param array $middlewareArgValue
+     *
+     * @throws ParseException
+     * @throws DirectiveException
+     *
+     * @return ObjectTypeDefinitionNode|ObjectTypeExtensionNode
+     */
+    public static function addMiddlewareDirectiveToFields($objectType, $middlewareArgValue)
+    {
+        if ( ! $objectType instanceof ObjectTypeDefinitionNode
+            && ! $objectType instanceof ObjectTypeExtensionNode
+        ) {
+            throw new DirectiveException(
+                'The ' . self::NAME . ' directive may only be placed on fields or object types.'
+            );
         }
 
-        $checks = $this->directiveArgValue('checks');
+        $middlewareArgValue = collect($middlewareArgValue)
+            ->map(function(string $middleware){
+                // Add slashes, as re-parsing of the values removes a level of slashes
+                return addslashes($middleware);
+            })
+            ->implode('", "');
 
-        if (! $checks) {
-            return null;
-        }
+        $middlewareDirective = PartialParser::directive("@middleware(checks: [\"$middlewareArgValue\"])");
 
-        if (is_string($checks)) {
-            $checks = [$checks];
-        }
+        $objectType->fields = new NodeList(
+            collect($objectType->fields)
+                ->map(function (FieldDefinitionNode $fieldDefinition) use ($middlewareDirective) {
+                    // If the field already has middleware defined, skip over it
+                    // Field middleware are more specific then those defined on a type
+                    if (ASTHelper::directiveDefinition($fieldDefinition, MiddlewareDirective::NAME)){
+                        return $fieldDefinition;
+                    }
+
+                    $fieldDefinition->directives = $fieldDefinition->directives->merge([$middlewareDirective]);
+
+                    return $fieldDefinition;
+                })
+                ->toArray()
+        );
+
+        return $objectType;
+    }
+
+    /**
+     * @param $middlewareArgValue
+     *
+     * @return \Illuminate\Support\Collection
+     */
+    protected static function getQualifiedMiddlewareNames($middlewareArgValue): Collection
+    {
+        /** @var Router $router */
+        $router = resolve('router');
+        $middleware = $router->getMiddleware();
+        $middlewareGroups = $router->getMiddlewareGroups();
 
-        return $checks;
+        return collect($middlewareArgValue)
+            ->map(function (string $name) use ($middleware, $middlewareGroups) {
+                return (array) MiddlewareNameResolver::resolve($name, $middleware, $middlewareGroups);
+            })
+            ->flatten();
     }
 }

src/Schema/Directives/Fields/NamespaceDirective.php

@@ -19,13 +19,16 @@
  */
 class NamespaceDirective implements Directive
 {
+    /** @var string todo remove as soon as name() is static itself */
+    const NAME = 'namespace';
+
     /**
      * Name of the directive.
      *
      * @return string
      */
-    public function name()
+    public function name(): string
     {
-        return 'namespace';
+        return self::NAME;
     }
 }