graphql authentication server side

--index.js
--schema.graphql
--utils
--resolvers
  --Feed.js
  --Mutation.js
  --Query.js

--------------------------------------

index.js

const { GraphQLServer } = require('graphql-yoga')

const { Prisma } = require('prisma-binding')

const Query = require('./resolvers/Query')

const Mutation = require('./resolvers/Mutation')

const Subscription = require('./resolvers/Subscription')

const Feed = require('./resolvers/Feed')

const resolvers = {

  Query,

  Mutation,

  Subscription,

  Feed,

}

const server = new GraphQLServer({

  typeDefs: './src/schema.graphql',

  resolvers,

  context: req => ({

    ...req,

    db: new Prisma({

      typeDefs: 'src/generated/prisma.graphql',

      endpoint: 'https://us1.prisma.sh/bob-722fd9/auth1/a1',

      secret: 'mysecret123',

      debug: true

    }),

  }),

})

server.start(() => console.log('Server is running on http://localhost:4000'))

--------------------------------------------------

schema.graphql

# import Link, Vote, LinkSubscriptionPayload, VoteSubscriptionPayload from "./generated/prisma.graphql"

type Query {

  feed(filter: String, skip: Int, first: Int, orderBy: LinkOrderByInput): Feed!

}

type Feed {

  links: [Link!]!

  count: Int!

}

type Mutation {

  post(url: String!, description: String!): Link!

  signup(email: String!, password: String!, name: String!): AuthPayload

  login(email: String!, password: String!): AuthPayload

  vote(linkId: ID!): Vote

}

type AuthPayload {

  token: String

  user: User

}

type User {

  id: ID!

  name: String!

  email: String!

}

type Subscription {

  newLink: LinkSubscriptionPayload

  newVote: VoteSubscriptionPayload

}

---------------------------------------------

utils.js

const jwt = require('jsonwebtoken')

const APP_SECRET = 'GraphQL-is-aw3some'

function getUserId(context) {

  const Authorization = context.request.get('Authorization')

  if (Authorization) {

    const token = Authorization.replace('Bearer ', '')

    const { userId } = jwt.verify(token, APP_SECRET)

    return userId

  }

  throw new Error('Not authenticated')

}

module.exports = {

  APP_SECRET,

  getUserId,

}

-------------------------------------------

Feed.js

function links(parent, args, context, info) {

  const { linkIds } = parent

  return context.db.query.links({ where: { id_in: linkIds } }, info)

}

module.exports = {

  links,

}

------------------------------------------------

Query.js

async function feed(parent, args, ctx, info) {

  const { filter, first, skip } = args // destructure input arguments

  const where = filter

    ? { OR: [{ url_contains: filter }, { description_contains: filter }] }

    : {}

  const allLinks = await ctx.db.query.links({})

  const count = allLinks.length

  const queriedLinkes = await ctx.db.query.links({ first, skip, where })

  return {

    linkIds: queriedLinkes.map(link => link.id),

    count

  }

}

module.exports = {

  feed,

}

-----------------------------------------------

Mutation.js

const bcrypt = require('bcryptjs')

const jwt = require('jsonwebtoken')

const { APP_SECRET, getUserId } = require('../utils')

function post(parent, { url, description }, ctx, info) {

    const userId = getUserId(ctx)

    return ctx.db.mutation.createLink(

        { data: { url, description, postedBy: { connect: { id: userId } } } },

        info,

    )

}

async function signup(parent, args, ctx, info) {

  const password = await bcrypt.hash(args.password, 10)

  const user = await ctx.db.mutation.createUser({

    data: { ...args, password },

  })

  const token = jwt.sign({ userId: user.id }, APP_SECRET)

  return {

    token,

    user,

  }

}

async function login(parent, args, ctx, info) {

  const user = await ctx.db.query.user({ where: { email: args.email } })

  if (!user) {

    throw new Error('No such user found')

  }

  const valid = await bcrypt.compare(args.password, user.password)

  if (!valid) {

    throw new Error('Invalid password')

  }

  return {

    token: jwt.sign({ userId: user.id }, APP_SECRET),

    user,

  }

}

async function vote(parent, args, ctx, info) {

  const { linkId } = args

  const userId = getUserId(ctx)

  const linkExists = await ctx.db.exists.Vote({

    user: { id: userId },

    link: { id: linkId },

  })

  if (linkExists) {

    throw new Error(`Already voted for link: ${linkId}`)

  }

  return ctx.db.mutation.createVote(

    {

      data: {

        user: { connect: { id: userId } },

        link: { connect: { id: linkId } },

      },

    },

    info,

  )

}

module.exports = {

  post,

  signup,

  login,

  vote,

}

--------------------------------
reference:
http://chuanshuoge2.blogspot.com/2018/08/how-to-graphql.html
https://chuanshuoge2.blogspot.com/2018/08/jwt-authentication.html