user3690884
Reputation: 73
Authorization in graphql resolvers as middleware
I need to check is user authorized to do this or to do that in resolvers, but i don't want to write same codes in every resolvers. So it seems i should use decorators. But i don't know how to use decorators there without classes.
the decoded UserId from jwt token is there i req object with using context, and my resolver like this:
import { isAllowed } from 'somewhere';
export default {
Query: {
async q1(_, args, {req}) {
if (!isAllowed(req.userId,'action') throw new Error('Not Authorized!');
},
...
}
I've something like this in my mind:
export default {
Query: {
@isAllowed
async q1(_, args, {req}) {
// ...
},
// this method doesn't need authorization.
async q2(_,args, {req}) {
}
}```
But i don't know how to implement it.
Upvotes: 2
Views: 287
Answers (1)
user3690884
Reputation: 73
I found i should use Schema directives to handle authorization instead of resolver method decoration.
Upvotes: 1
Related Questions
- how to set a middleware only for a specific resolver in Graphql backend using Apollo Express?
- How to reuse graphQl resolvers
- Graphql - universal permission guards
- Getting session in resolvers using graphql and apollo-server
- Getting user agent access in the resolver in graphql
- How to pass request headers through to graphql resolvers
- GraphQL resolver middleware for auth check
- graphql server, resolver depended on another resolver
- NodeJs GraphQL fragments resolver
- How to write middleware for graphql which will be call before every resolver