2

Since Golang ent library will automatically generate the graphql schema base the struct , but it will also generate the whole schema include something you don't want to expose to client, for example like "hassedpassword" ,

type User implements Node {
  id: ID!
  userName: String!
  hassPassword: String!
  email: String!
}

type User struct {
    ID                int64             `json:"id"`
    UserName          string            `json:"userName"`
    HassPassword      string            `json:"hassPassword"`
    Email             string            `json:"email"`
}

due to it is automatically generated by library ent and gqlgen, you can't edit the schema , so I try to return a empty Hasspassword to client at resolver level ,it works well , but I found that users can see the hashed password structure , when they interact with the playground , though it return nothing , is this ok ? is there a way to prevent expose the hashed password to the client ?

Is there a way to prevent expose the hashed password structure to the client ? or you think this is totally fine ?

Michel Floyd
  • 18,793
  • 4
  • 24
  • 39
talpx
  • 21
  • 1

1 Answers1

0

I don't have any experience with golang, but in general if you don't want to expose some data to client it shouldn't be in the schema at the first place. So if you want to prevent from expose just remove hassPassword field from type User.

You mentioned that requesting hassPasswordreturns nothing. Do you mean it returns null?

If so there is something wrong going on, cause this field is non-nullable, which means it should throws an error in case of null value.

Fabian Kuriata
  • 1
  • 1