我是 graphql 新手,我正在尝试在我的项目中集成身份验证/授权系统。我在 Medium 上找到了一个例子,但我不明白守卫如何与解析器通信。如果有人知道,我将非常感激。
import { ApolloServer } from 'apollo-server';
import gql from 'graphql-tag';
import { tradeTokenForUser } from './auth-helpers';
const HEADER_NAME = 'authorization';
const typeDefs = gql`
type Query {
me: User
serverTime: String
}
type User {
id: ID!
username: String!
}
`;
const resolvers = {
Query: {
me: authenticated((root, args, context) => context.currentUser),
serverTime: () => new Date(),
},
User: {
id: user => user._id,
username: user => user.username,
},
};
const server = new ApolloServer({
typeDefs,
resolvers,
context: async ({ req }) => {
let authToken = null;
let currentUser = null;
try {
authToken = req.headers[HEADER_NAME];
if (authToken) {
currentUser = await tradeTokenForUser(authToken);
}
} catch (e) {
console.warn(`Unable to authenticate using auth token: ${authToken}`);
}
return {
authToken,
currentUser,
};
},
});
server.listen().then(({ url }) => {
console.log(`🚀 Server ready at ${url}`);
});
export const authenticated = next => (root, args, context, info) => {
if (!context.currentUser) {
throw new Error(`Unauthenticated!`);
}
return next(root, args, context, info);
};
我不明白“下一个”参数的作用以及为什么在调用此防护时作为参数我必须返回一个值?
最佳答案
authenticated 是使代码干燥的高阶函数。 next 是用作谓词的回调。
这是一种更干燥的写作方式:
...
me: (root, args, context) => {
if (!context.currentUser) {
throw new Error(`Unauthenticated!`);
}
return context.currentUser;
)
...
关于javascript - 如何在 graphql 解析器中实现守卫,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/56087652/