npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

graphql-directive-auth

v0.3.2

Published

GraphQL directive auth

Downloads

182

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

czystylczystyl

Keywords

Readme

graphql-directive-auth

Version downloads PRs Welcome MIT License

Introduction

The graphql-directive-auth was created to help with common authentication tasks that is faced in almost every API.

Table of Contents

Installation

yarn add graphql-directive-auth

Usage

We are able to use directives in two different way:

Default

To use the default directive behaviour, you need to set APP_SECRET environment variable, and that's all.

What default means, and what do I need to do?

  • @isAuthenticated - Just after you set environment variables, you need to have a valid JWT token and send it by Authorization in the HTTP headers. That's all, the directive will check your token and throw an error if the token is invalid or expired.
  • @hasRole - Checks roles of an authenticated user. To use it correctly, inside your JWT token you should have the role property with the correct role. If the user role doesn't match with the provided role, then directive will throw an error.

@hasRole before checking role is doing authentication to get roles from JWT token.

Example:

import { AuthDirective } from 'graphql-directive-auth';
// or
const AuthDirective = require('graphql-directive-auth').AuthDirective;

// set environment variable, but in better way ;)
process.env.APP_SECRET = 'your_secret_key';

const schema = makeExecutableSchema({
  typeDefs,
  resolvers,
  schemaDirectives: {
    // to use @hasRole and @isAuthenticated directives
    ...AuthDirective(),
    // custom name for @isAuthenticated
    auth: AuthDirective().isAuthenticated,
    // custom name for @hasRole
    role: AuthDirective().hasRole,
  },
});

Custom behaviour of authentication functions

If you need custom Authentication you can pass your authentication function to the main AuthDirective functions. Your authentication function should return an object which will be available via context.auth.

Authentication function signature:

context => {
  // your logic here

  // you should return an object
  // this object will be passed inside your resolver
  // it is available inside context via auth property
  return {
    user: {
      id: 'your_user_id',
    },
  };
};

usage:

import { AuthDirective } from 'graphql-directive-auth';
// or
const AuthDirectives = require('graphql-directive-auth').AuthDirective;

const customAuth = AuthDirectives({
  authenticateFunc: authenticateCustomFunc,
  checkRoleFunc: checkRoleCustomFunc
});

const schema = makeExecutableSchema({
  typeDefs,
  resolvers,
  schemaDirectives: {
    // to use @hasRole and @isAuthenticated directives
    ...customAuth,
    // custom name for @isAuthenticated
    auth: customAuth().isAuthenticated,
    // custom name for @hasRole
    role: customAuth().hasRole,
  },

resolver:

export default {
  Query: {
    me() (root, args, ctx){
      const userId = ctx.auth.user.id; // your_user_id
    },
  },
};

Custom check role function

Same as with the authenticate function, you can add your own logic to checking roles.

How to create your own function

  • Function accepts two parameters, one is the context and the second is the value from the directive
  • To reject an access to the particular field, you need to throw an Error that will be caught by the directive and returned if required.
  • Function doesn't need to return anything special

Directive Parameters

  • '@isAuthenticated' - checks if user is authenticated
  • '@hasRole(role: "user, admin")' - checks if user is authenticated and has the specified roles

if you use graphql-import then you need to add this definition on top of the schema:

directive @isAuthenticated on FIELD | FIELD_DEFINITION
directive @hasRole(role: String) on FIELD | FIELD_DEFINITION

Contributing

I would love to see your contribution. ❤️

For local development (and testing), all you have to do is to run yarn and then yarn dev. This will start the Apollo server and you are ready to contribute :tada:

Run yarn test (try --watch flag) for unit tests (we are using Jest)

LICENSE

The MIT License (MIT) 2018 - Luke Czyszczonik - mailto:[email protected]