Set @auth(insecureReason) in init template (#8863)

fredzqm · web-flow · commit a5f9119336bf · 2025-07-24T20:13:29.000Z
* Set @auth(insecureReason) in init template

* fix

* Update mutations.gql
diff --git a/templates/init/dataconnect/mutations.gql b/templates/init/dataconnect/mutations.gql
@@ -2,7 +2,7 @@
 
 # # Create a movie based on user input
 # mutation CreateMovie($title: String!, $genre: String!, $imageUrl: String!)
-# @auth(level: USER_EMAIL_VERIFIED) {
+# @auth(level: USER_EMAIL_VERIFIED, insecureReason: "Any email verified users can create a new movie.") {
 #   movie_insert(data: { title: $title, genre: $genre, imageUrl: $imageUrl })
 # }
 
diff --git a/templates/init/dataconnect/queries.gql b/templates/init/dataconnect/queries.gql
@@ -2,7 +2,7 @@
 
 # # @auth() directives control who can call each operation.
 # # Anyone should be able to list all movies, so the auth level is set to PUBLIC
-# query ListMovies @auth(level: PUBLIC) {
+# query ListMovies @auth(level: PUBLIC, insecureReason: "Anyone can list all movies.") {
 #   movies {
 #     id
 #     title
@@ -40,7 +40,7 @@
 # }
 
 # # Get movie by id
-# query GetMovieById($id: UUID!) @auth(level: PUBLIC) {
+# query GetMovieById($id: UUID!) @auth(level: PUBLIC, insecureReason: "Anyone can get a movie by id.") {
 #   movie(id: $id) {
 #     id
 #     title
@@ -64,7 +64,7 @@
 # }
 
 # # Search for movies, actors, and reviews
-# query SearchMovie($titleInput: String, $genre: String) @auth(level: PUBLIC) {
+# query SearchMovie($titleInput: String, $genre: String) @auth(level: PUBLIC, insecureReason: "Anyone can search for movies.") {
 #   movies(
 #     where: {
 #       _and: [{ genre: { eq: $genre } }, { title: { contains: $titleInput } }]
