Can't be manage by GraphQL library, external component
Two main strategies:
#GraphlQL server
let allTasks = new GraphQLObjectType({
name: 'allTasks',
fields: () => ({
id: { type: GraphQLString },
name: { type: GraphQLString },
tasks: {
type: new GraphQLList(Task),
resolve: function(list){
return db.tasks.find({"id": list.id}).toArray();
}
})
});
};
#GraphlQL server
let query = new GraphQLObjectType({
name: 'Query',
fields: {
getTasksLists: {
type: allTasks,
description: "Get a specific task list",
args: {
id: { type: GraphQLID }
},
resolve: function(root, {id}, ctx){
return db.TaskLists.get(id)
.then( list => {
if(list.owner_id && list.owner_id != ctx.userId){
throw new Error("Not authorized to see this list");
} else {
return list;
}
});
}
}
}
});
Multiple edge lead a specific node!!!
So we have to keep calm and DRY so don't protect all the edge but the node directly
GraphQL doesn’t have got a type-level resolve/hook function
So we have to extract this logic yourself
In order to integrate authentification properly you have to use a pattern, and respect them. Thus, some compagny have began to create some library: CombineResolver which available bubbling up authentification errors