0
0
GraphQLquery~10 mins

Server middleware in GraphQL - Step-by-Step Execution

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Concept Flow - Server middleware
Client sends GraphQL request
Middleware intercepts request
Modify request
Forward to GraphQL resolver
Resolver processes query
Middleware intercepts response
Modify response if needed
Send response to client
The middleware sits between client and resolver, intercepting requests and responses to modify or check them.
Execution Sample
GraphQL
function middleware(request) {
  if (!request.auth) {
    throw new Error('Unauthorized');
  }
  request.headers['X-Trace'] = '123';
  const response = resolver(request);
  response.data.modified = true;
  return response;
}
This middleware checks authorization, adds a header, calls the resolver, modifies the response, then returns it.
Execution Table
StepActionInput StateOutput StateNotes
1Receive request{ auth: false, headers: {} }{ auth: false, headers: {} }Initial request without auth
2Check authauth: falseError thrownAuthorization fails, error stops flow
3Receive request{ auth: true, headers: {} }{ auth: true, headers: {} }New request with auth
4Add headerheaders: {}headers: { 'X-Trace': '123' }Middleware adds tracing header
5Call resolverrequest with auth and headerresponse { data: { original: true } }Resolver processes request
6Modify responseresponse { data: { original: true } }response { data: { original: true, modified: true } }Middleware adds modified flag
7Return responseresponse with modified dataresponse with modified dataFinal response sent to client
💡 Execution stops early if auth check fails; otherwise, request flows through middleware and resolver.
Variable Tracker
VariableStartAfter Step 2After Step 4After Step 5After Step 6Final
request.authfalse/truefalse (error) or truetruetruetruetrue
request.headers{}{}{ 'X-Trace': '123' }{ 'X-Trace': '123' }{ 'X-Trace': '123' }{ 'X-Trace': '123' }
response.datan/an/an/a{ original: true }{ original: true, modified: true }{ original: true, modified: true }
Key Moments - 3 Insights
Why does the middleware throw an error and stop execution when auth is missing?
Because in step 2 of the execution table, the auth check fails and throws an error, preventing further steps.
How does the middleware modify the request before sending it to the resolver?
At step 4, the middleware adds a header 'X-Trace' to the request headers, as shown in the execution table.
What happens to the response after the resolver returns it?
At step 6, the middleware adds a 'modified: true' flag to the response data before returning it to the client.
Visual Quiz - 3 Questions
Test your understanding
Look at the execution table, what happens at step 2 when auth is false?
AThe middleware throws an error and stops execution
BThe resolver processes the request
CThe middleware adds a header
DThe response is modified
💡 Hint
Check the 'Action' and 'Notes' columns for step 2 in the execution table.
At which step does the middleware add the 'X-Trace' header to the request?
AStep 1
BStep 3
CStep 4
DStep 6
💡 Hint
Look at the 'Action' and 'Output State' columns in the execution table for header changes.
If the auth check was removed, what would change in the execution table?
AStep 4 would be skipped
BStep 2 would no longer throw an error and execution would continue
CThe resolver would not be called
DThe response would not be modified
💡 Hint
Consider what happens at step 2 and how it affects the flow.
Concept Snapshot
Server middleware intercepts GraphQL requests and responses.
It can check authorization, modify requests, and change responses.
Middleware runs before and after resolvers.
Errors in middleware stop request processing.
Middleware helps add features like logging, auth, and tracing.
Full Transcript
Server middleware in GraphQL acts as a middle step between the client and the resolver. When a client sends a request, the middleware first checks if the request has authorization. If not, it throws an error and stops the process. If authorized, it can add extra information like headers to the request. Then it sends the request to the resolver, which processes the query and returns data. The middleware can then modify this response before sending it back to the client. This flow helps add security and extra features without changing the core resolver logic.