No way to replicate MapGraphQL using MapGraphQLHttp/MapGraphQLWebSocket/MapGraphQLSchema/MapBananaCakePop

[cmeeren]

Product

Hot Chocolate

Version

14.0.0-p.32

Link to minimal reproduction

See below

Steps to reproduce

No repro because I'm not sure it's a bug, but given the documentation it is at least unclear, so perhaps the docs should be updated.

I want to my whole GraphQL API to require authentication. Additionally, I want the Banana Cape Pop and the schema to only be available to some privileged users. The docs on Global authorization says that I can split the MapGraphQL middleware. The page links to the docs on Endpoints, which says lists the available endpoints: MapGraphQLHttp, MapGraphQLWebSocket, MapGraphQLSchema, and MapBananaCakePop.

My naïve assumption would then be that to call MapGraphQL is equivalent to calling all of these four middlewares. However, the paths are different:

• When using MapGraphQL, the UI is available at /graphql. When using MapBananaCakePop, it is available at /graphql/ui. Passing /graphql to MapBananaCakePop does not seem to work.
• When using MapGraphQL, the websocket endpoint is at /graphql. When using MapGraphQLWebSocket, it is at /graphql/ws. This endpoint then needs to be explicitly configured in Banana Cake Pop, which assumes the websocket endpoint is available at /graphql.

There may be other discrepancies too, I haven't tested.

If this is not a bug, it would be nice if the docs specified how the MapGraphQL behavior can be exactly replicated using the for separate middlewares, so that we can have a baseline for further adjustments.

What is expected?

See above.

What is actually happening?

See above.

Relevant log output

No response

Additional context

No response

[michaelstaib]

This is not a bug but intended like it is.

[michaelstaib]

If this is not a bug, it would be nice if the docs specified how the MapGraphQL behavior can be exactly replicated using the for separate middlewares, so that we can have a baseline for further adjustments.

It cannot.

[cmeeren]

Thank you for your clarification! I have submitted #6898 to clarify this.

I can certainly live with having them at different endpoints. However, I have two questions about the websocket endpoint:

1. Banana Cake Pop seems to assume that it's available on the same URL as the HTTP endpoint. Would you consider adding an option when using MapBananaCakePop to set the default relative URL for the websocket endpoint, so that everyone who uses it doesn't have to configure that themselves?
2. As I understand it, in GraphQL the websocket endpoint is normally the same as the HTTP endpoint, just with a different protocol. Would you consider making it possible to have a MapGraphQLHttpAndWebSocket that maps both to a single endpoint? (This also fits with the authorization perspective, since I assume one would most likely always want to apply the same policies to the HTTP and websocket endpoints, since both are used for querying data at runtime.)

Let me know if you want me to make separate issues; I just didn't want to do that if they will be closed anyway, so I'm asking here first.