release-1721282306424
版本发布时间: 2024-07-18 13:58:26
dotansimha/graphql-yoga最新发布版本:release-1723761948464(2024-08-16 06:45:48)
@graphql-yoga/apollo-link@3.6.1
@graphql-yoga/urql-exchange@3.6.1
Patch Changes
-
#3345
c6f3900
Thanks @renovate! - dependencies updates:- Updated dependency
@urql/core@^5.0.0
↗︎ (from^3.0.0 || ^4.0.0
, inpeerDependencies
)
- Updated dependency
@graphql-yoga/graphiql@4.3.1
Patch Changes
-
#3338
4252e3d
Thanks @ardatan! - dependencies updates:- Added dependency
tslib@2.6.3
↗︎ (todependencies
)
- Added dependency
-
#3346
e98970a
Thanks @renovate! - dependencies updates:- Updated dependency
@graphiql/plugin-explorer@^3.0.0
↗︎ (from^1.0.3
, independencies
)
- Updated dependency
graphql-yoga@5.6.1
Patch Changes
-
#3338
4252e3d
Thanks @ardatan! - dependencies updates:- Updated dependency
@whatwg-node/server@^0.9.36
↗︎ (from^0.9.33
, independencies
)
- Updated dependency
@graphql-yoga/nestjs@3.6.1
Patch Changes
- Updated dependencies
[
4252e3d
]:
@graphql-yoga/nestjs-federation@3.6.1
Patch Changes
- Updated dependencies []:
- @graphql-yoga/nestjs@3.6.1
- @graphql-yoga/plugin-apollo-inline-trace@3.6.1
@graphql-yoga/plugin-apollo-inline-trace@3.6.1
Patch Changes
- Updated dependencies
[
4252e3d
]:
@graphql-yoga/apollo-managed-federation@0.3.1
Patch Changes
- Updated dependencies
[
4252e3d
]:
@graphql-yoga/plugin-apq@3.6.1
Patch Changes
- Updated dependencies
[
4252e3d
]:
@graphql-yoga/plugin-csrf-prevention@3.6.1
Patch Changes
- Updated dependencies
[
4252e3d
]:
@graphql-yoga/plugin-defer-stream@3.6.1
Patch Changes
- Updated dependencies
[
4252e3d
]:
@graphql-yoga/plugin-disable-introspection@2.6.1
Patch Changes
- Updated dependencies
[
4252e3d
]:
@graphql-yoga/plugin-graphql-sse@3.6.1
Patch Changes
- Updated dependencies
[
4252e3d
]:
@graphql-yoga/plugin-jwt@3.0.0
Major Changes
-
#3366
057ad06
Thanks @dotansimha! - Re-write for the JWT plugin. This plugin can be configured now with multiple providers, lookup locations, token verification, and more.The version has better version coverage, and it provides an improved API for configuring provider and custom behaviors.
Breaking Change: New Plugin Configuration
Signing key providers
❌ The
signingKey
option has be removed. ❌ ThejwksUri
+jwksOpts
options has been removed. ✅ Multiple signing key providers and support for fallbacks (singingKeyProviders[]
). ✅ Improved API for defining signing key configuration. ✅ Better defaults for caching and rate-limiting for remote JWKS providers.Before
useJWT({ signingKey: "...", // or jwksUri: "http://example.com/..." jwksOpts: { // ... } })
After
import { createInlineSigningKeyProvider, createRemoteJwksSigningKeyProvider, useJWT } from '@graphql-yoga/plugin-jwt' useJWT({ // Pass one or more providers singingKeyProviders: [ createRemoteJwksSigningKeyProvider({ // ... }) // This one also acts as a fallback in case of a fetching issue with the 1st provider createInlineSigningKeyProvider({ signingKey: "..."}) ] })
Improved Token Lookup
❌ Removed
getToken
option from the root config. ✅ Added support for autmatically extracting the JWT token from cookie or header. ✅ Easier setup for extracting from multiple locations. ✅getToken
is still available for advanced use-cases, you can pass a custom function tolookupLocations
.Before
useJWT({ getToken: payload => payload.request.headers.get('...') })
After
With built-in extractors:
imoprt { extractFromHeader, extractFromCookie, useJWT } from '@graphql-yoga/plugin-jwt' const yoga = createYoga({ // ... plugins: [ useCookies(), // Required if "extractFromCookie" is used. useJWT({ lookupLocations: [ extractFromHeader({ name: 'authorization', prefix: 'Bearer' }), extractFromHeader({ name: 'x-legacy-auth' }), extractFromHeader({ name: 'x-api-key', prefix: 'API-Access' }), extractFromCookie({ name: 'browserAuth' }) ] }) ] })
With a custom
getToken
:useJWT({ lookupLocations: [payload => payload.request.headers.get('...')] })
Improved Verification Options
❌ Removed root-level config
algorithms
+audience
+issuer
flags. ✅ Easy API for customizing token verifications (based onjsonwebtoken
library). ✅ Better defaults for token algorithm verification (before:RS256
, after:RS256
andHS256
)Before
useJWT({ algorithms: ['RS256'], audience: 'my.app', issuer: 'http://my-issuer' })
After
useJWT({ tokenVerification: { algorithms: ['RS256', 'HS256'], audience: 'my.app', issuer: 'http://my-issuer' // You can pass more options to `jsonwebtoken.verify("...", options)` here } })
Customized Token Rejection
✅ New config flag
reject: { ... }
for configuring how to handle a missing or invalid tokens (enbaled by default).useJWT({ reject: { missingToken: true, invalidToken: true } })
Flexible Context Injection
❌ Removed root-level config
extendContextField
flags. ✅ Added root-level configextendContext
(boolean
/string
) ✅ Token and payload are injected now to the context (structure:{ payload: {}, token: { value, prefix }}
)Before
useJWT({ reject: { extendContextField: true } })
After
// Can be a boolean. By default injects to "context.jwt" field useJWT({ reject: { extendContext: true } }) // Or an object to customize the field name useJWT({ reject: { extendContext: 'myJwt' } })
Patch Changes
-
#3366
057ad06
Thanks @dotansimha! - dependencies updates:- Added dependency
@whatwg-node/server-plugin-cookies@1.0.2
↗︎ (todependencies
)
- Added dependency
- Updated dependencies
[
4252e3d
]:
@graphql-yoga/plugin-persisted-operations@3.6.1
Patch Changes
-
#3339
f245472
Thanks @ziolekjj! - IncludeoperationName
in context params for persisted operations -
Updated dependencies [
4252e3d
]:
@graphql-yoga/plugin-prometheus@5.3.1
Patch Changes
- Updated dependencies
[
4252e3d
]:
@graphql-yoga/plugin-response-cache@3.8.1
Patch Changes
- Updated dependencies
[
4252e3d
]:
@graphql-yoga/plugin-sofa@3.6.1
Patch Changes
- Updated dependencies
[
4252e3d
]:
@graphql-yoga/render-graphiql@5.6.1
Patch Changes
- Updated dependencies
[
4252e3d
]: