Auth variables access on custom resolver

I would a custom field to have access to auth variables, such that we don’t need to check for authorization at the front-end layer.

For the following schema

type User {
  id: ID!
  displayName: String!
  post: [Post] @hasInverse(field: owner)
}
type Post {
  id: ID!
  title: String!
  content: String!
  isEditable: Boolean # this should return whether the current user is the same as owner
  owner: User!
}

Is there a way to let isEditable resolve to true when the current user is the owner of the post and resolve to false otherwise?

I have checked @lambda but I don’t see how I can access the data of the current user

1 Like

In a custom lambda, you can access the authHeader directly, although I think they eventually plan to support @auth fields:

And you can repass the header to another graphql request like so:

J

2 Likes

Since the use of atob is deprecated (see here to see why), I am using Buffer instead to decode the JWT payload. Unfortunately, it seems that Dgraph Lambda does not support Buffer out of the box and thus you would have to deploy locally using webpack to include Buffer within the bundle. Here’s a snippet which works for me to decode the payload:

Install Buffer

yarn add buffer

Parsing token and returning the payload
Get the token from the authHeader param with const token = authHeader.value.

const parseJwt = ( token ) => {
  const base64Payload = headerValue.split('.')[1];
  const payload = base64Payload ? Buffer.from(base64Payload, 'base64') : 'No payload available!';

  return payload.toString();
}
1 Like