As much as I want this feature (not as much as basic @auth fixes, deep mutations / deletes, and nested filters), this is one of the ONLY good things with the Lambda Webooks (which is post, not pre processing).
https://dgraph.io/docs/graphql/lambda/webhook/
You could easily use:
async function addAuthorWebhook({event, dql, graphql, authHeader}) {
// add createdAt to to Author node
const createdAt = new Date().toISOString();
const results = await graphql('mutation { addAuthor { ... ')
return results.data.addAuthor.author;
}
async function updateAuthorWebhook({event, dql, graphql, authHeader}) {
// add updatedAt to Author node, will automatically replace anything
// if anyone tries to manually update this
const updatedAt = new Date().toISOString();
...etc
// I am lazy, so you have to do some more research for the specifics here...
// but hopefully you get this gist
}
While you can secure updatedAt, you cannot completely secure createdAt, as it can be changed by anyone at anytime.
Unfortunately, until the update-after-bug is taken seriously, this is yet another case where dgraph is lacking basic security functionality.
J