Last active
December 1, 2017 19:28
-
-
Save rwoody/e70b848c509134d6f9299ffd537e7b6e to your computer and use it in GitHub Desktop.
Graphql Auth
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| const checkScropeAndResolve = (scope, expectedScope, controller) => { | |
| const hasScope = scope.includes(expectedScope) | |
| if (! expectedScopes.length || hasScope) { | |
| return controller.apply(this) | |
| } | |
| } | |
| const controller = model.getArticles(context.user.id) | |
| const resolvers = { | |
| Query: { | |
| articlesByAuthor: (_, args, context) => | |
| checkScopeAndResolve( | |
| context.user.scope, | |
| ['read:articles'], | |
| controller | |
| ); | |
| } | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import { createError } from 'apollo-errors' | |
| import jwt from 'jsonwebtoken' | |
| const AuthorizationError = createError('AuthorizationError', { | |
| message: 'You are not authorized!' | |
| }) | |
| const checkScropeAndResolve = (context, expectedScope, controller) => { | |
| const token = context.headers.authorization | |
| try { | |
| const jwtPayload = jwt.verify(token.replace('Bearer ', ''), secretKey) | |
| const hasScope = jwtPayload.scope.includes(expectedScope) | |
| if (! expectedScopes.length || hasScope) { | |
| return controller.apply(this) | |
| } | |
| } catch (err) { | |
| throw new AuthorizationError() | |
| } | |
| } | |
| const controller = model.getArticles(context.user.id) | |
| const resolvers = { | |
| Query: { | |
| articlesByAuthor: (_, args, context) => | |
| checkScopeAndResolve( | |
| context, | |
| ['read:articles'], | |
| controller | |
| ); | |
| } | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // What if we want to limit access to certain fields like `email`, etc. | |
| // github.com/chenkie/graphql-auth | |
| const typeDefs = ` | |
| directive @isAuthenticated on QUERY | FIELD | |
| directive @hasScope(scope: [String]) on QUERY | FIELD | |
| type Article { | |
| id: ID! | |
| author: String! | |
| reviewerComments: [ReviewerComment] @hasScope(scope: ["read:comments"]) | |
| } | |
| type Query { | |
| allArticles: [Article] @isAuthenticated | |
| } | |
| ` | |
| const directiveResolvers = { | |
| isAuthenticated(result, source, args, context) { | |
| const token = context.headers.authorization | |
| // ... | |
| }, | |
| hasScope(result, source, args, context) { | |
| const token = context.headers.authorization | |
| // ... | |
| } | |
| } | |
| const attachDirectives = schema => { | |
| forEachField(schema, field => { | |
| const directives = field.astNode.directives | |
| directives.forEach(directive => { | |
| // ... | |
| }) | |
| }) | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment