I’m in the process of setting up an application where I cannot trust the clients to send legit data, and don’t want to expose some data to the clients. As such, some of the business logic will need to be executed on the serverside, and this logic will inject additional data into the individual queries.
This was solved in the graphql-asia-workshop demo, but there were issues with the schema in that code.
What is the current suggestion for implementation of such logic?
Furthermore, i also don’t want to expose the entire set of CRUD operations to all clients, but rather pick and choose what is exposed. This should also mitigate some security issues.