Bug: Cannot limit number of results using auth directive to prevent malicious queries

I’d really like this feature as I’d like to replicate functionality that exists in https://ghost.org/ blogs, where users have access to differing amounts of content depending on their logged in status and membership status.

What I’d like to do is:

  • If a user is not logged in, i.e. no JWT provided, then they can only query for the first 10 items
  • If a user is logged in, then they can query for the first 100 items
  • If a user is logged in and a member, then they can query for all items

EDIT: Created a feature request on Github: Feat: Limit results using @auth directive · Issue #8124 · dgraph-io/dgraph · GitHub

1 Like