Skip to content
This repository has been archived by the owner on Oct 14, 2020. It is now read-only.

Latest commit

 

History

History
129 lines (94 loc) · 3.31 KB

README.md

File metadata and controls

129 lines (94 loc) · 3.31 KB

header

Contents

Installation

npm install nexus-plugin-jwt-auth

Example Usage

Find full examples using both the built in permissions system or by leveragering nexus-plugin-shield:

Setup

// app.ts

import { use } from 'nexus'
import { auth } from 'nexus-plugin-jwt-auth'

// Enables the JWT Auth plugin without permissions
use(auth({
  appSecret: "<YOUR SECRET>" // optional if using custom verify function
}))

You may now access the token object and it's properties on the Nexus context.

Permissions

Basic permissions can be added too.

// app.ts

import { use } from 'nexus'
import { auth } from 'nexus-plugin-jwt-auth'

// Define the paths you'd like to protect
const protectedPaths = [
    'Query.me',
    'Query.filterPosts',
    'Query.post',
    'Mutation.createDraft',
    'Mutation.deletePost',
    'Mutation.publish'
]

// Enables the JWT Auth plugin with permissions
use(auth({
  appSecret: "<YOUR SECRET>", // optional if using custom verify function
  protectedPaths // optional
}))

Stored Properties

You can also access properties stored in the token.

In this example I sign the token on signup or login then store the userId in the token to be accessed directly in a query or mutation to find the authed user.

// Query.ts

import { schema } from 'nexus'

schema.queryType({
  definition(t) {
    t.field('me', {
      type: 'User',
      async resolve(_root, _args, ctx) {
        const user = await ctx.db.user.findOne({
          where: {
            id: ctx.token.userId // This is the token object passed through the context
          }
        })

        if (!user) {
          throw new Error('No such user exists')
        }

        return user
      }
    })
  }
})

Use cookie instead of Authorization header

import { use, server } from "nexus"
import cookieParser from "cookie-parser" // Set esModuleInterop: true in tsconfig.json

// Add the cookie-parser middleware to Express
server.express.use(cookieParser())

// Enables the JWT Auth plugin with cookies
use(auth({
  // ...
  useCookie: true,
  cookieName: "token"
}))

Don't forget to set credentials: true in your GraphQL client or the cookie will not be sent to the server.

Contributing

Please read CONTRIBUTING.md

License

FOSSA Status