I’ve been working on a project for a
kinda social network application that has GO backend service and VUE+NUXT frontend service that was using MySQL but we have decided to migrate this to dgraph so graphql. When after we have decided to use vue nuxt apollo to connect dgraph from frontend to dgraph directly, we have thought that won’t expose the mutations/query endpoint + data to the users so they can mutate however they want.
Let’s say you are seeing a users profile;
- if you are a friend of him, you can see the whole profile so the query will call every information of the user
- if you are not a friend of him, you can see just name surname, and profile photo so the query will call just these data.
by putting if/else I can separate these queries in the frontend and calls to dgraph but users can call the query themselves (with token, endpoint, etc) and they will get all information?
How can I stop that kind of authorization problem?
Or it will be better to fetch the data from API that it fetches from the graphql ?