Refactor login/logout mutations a smidge
I decided that `setAuthToken` was the more appropriate server-level API, and that letting the login/logout mutations engage with the auth library made more sense to me!
This commit is contained in:
parent
39852c8297
commit
9982cbf93d
2 changed files with 24 additions and 28 deletions
|
@ -4,10 +4,7 @@ import { getUserIdFromToken as getUserIdFromTokenViaAuth0 } from "./auth";
|
|||
import connectToDb from "./db";
|
||||
import buildLoaders from "./loaders";
|
||||
import { plugin as cacheControlPluginFork } from "./lib/apollo-cache-control-fork";
|
||||
import {
|
||||
getAuthToken,
|
||||
getUserIdFromToken as getUserIdFromTokenViaDb,
|
||||
} from "./auth-by-db";
|
||||
import { getUserIdFromToken as getUserIdFromTokenViaDb } from "./auth-by-db";
|
||||
|
||||
const rootTypeDefs = gql`
|
||||
enum CacheScope {
|
||||
|
@ -86,25 +83,22 @@ const config = {
|
|||
return {
|
||||
db,
|
||||
currentUserId,
|
||||
login: async (params) => {
|
||||
const authToken = await getAuthToken(params, db);
|
||||
if (authToken == null) {
|
||||
return null;
|
||||
setAuthToken: (authToken) => {
|
||||
if (authToken != null) {
|
||||
// Set the auth token as a secure cookie, encoded as JSON! (We also
|
||||
// url-encode it, which is pretty standard for cookie-writing - to
|
||||
// the extent that `req.cookies` actually decodes it automatically.)
|
||||
const oneWeekFromNow = new Date();
|
||||
oneWeekFromNow.setDate(oneWeekFromNow.getDate() + 7);
|
||||
res.setHeader(
|
||||
"Set-Cookie",
|
||||
`DTIAuthToken=${encodeURIComponent(JSON.stringify(authToken))}; ` +
|
||||
`Max-Age=${60 * 60 * 24 * 7}; Secure; HttpOnly; SameSite=Strict`
|
||||
);
|
||||
} else {
|
||||
// Set a header to delete the cookie. (That is, empty and expired.)
|
||||
res.setHeader("Set-Cookie", `DTIAuthToken=; Max-Age=-1`);
|
||||
}
|
||||
const oneWeekFromNow = new Date();
|
||||
oneWeekFromNow.setDate(oneWeekFromNow.getDate() + 7);
|
||||
res.setHeader(
|
||||
"Set-Cookie",
|
||||
`DTIAuthToken=${encodeURIComponent(JSON.stringify(authToken))}; ` +
|
||||
`Max-Age=${60 * 60 * 24 * 7}; Secure; HttpOnly; SameSite=Strict`
|
||||
);
|
||||
return authToken;
|
||||
},
|
||||
logout: async () => {
|
||||
// NOTE: This function isn't actually async in practice, but we mark it
|
||||
// as such for consistency with `login`!
|
||||
// Set a header to delete the cookie. (That is, empty and expired.)
|
||||
res.setHeader("Set-Cookie", `DTIAuthToken=; Max-Age=-1`);
|
||||
},
|
||||
...buildLoaders(db),
|
||||
};
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
import { gql } from "apollo-server";
|
||||
|
||||
import { assertSupportSecretOrThrow } from "./MutationsForSupport";
|
||||
import { getAuthToken } from "../auth-by-db";
|
||||
|
||||
const typeDefs = gql`
|
||||
type User {
|
||||
|
@ -365,15 +366,16 @@ const resolvers = {
|
|||
},
|
||||
|
||||
Mutation: {
|
||||
login: async (_, { username, password }, { login }) => {
|
||||
const loginToken = await login({ username, password });
|
||||
if (loginToken == null) {
|
||||
login: async (_, { username, password }, { setAuthToken, db }) => {
|
||||
const authToken = await getAuthToken({ username, password }, db);
|
||||
if (authToken == null) {
|
||||
return null;
|
||||
}
|
||||
return { id: loginToken.userId };
|
||||
setAuthToken(authToken);
|
||||
return { id: authToken.userId };
|
||||
},
|
||||
logout: async (_, __, { currentUserId, logout }) => {
|
||||
await logout();
|
||||
logout: async (_, __, { currentUserId, setAuthToken }) => {
|
||||
setAuthToken(null);
|
||||
if (currentUserId == null) {
|
||||
return null;
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue