Refactor login/logout mutations a smidge
I decided that `setAuthToken` was the more appropriate server-level API, and that letting the login/logout mutations engage with the auth library made more sense to me!
This commit is contained in:
parent
39852c8297
commit
9982cbf93d
2 changed files with 24 additions and 28 deletions
|
@ -4,10 +4,7 @@ import { getUserIdFromToken as getUserIdFromTokenViaAuth0 } from "./auth";
|
||||||
import connectToDb from "./db";
|
import connectToDb from "./db";
|
||||||
import buildLoaders from "./loaders";
|
import buildLoaders from "./loaders";
|
||||||
import { plugin as cacheControlPluginFork } from "./lib/apollo-cache-control-fork";
|
import { plugin as cacheControlPluginFork } from "./lib/apollo-cache-control-fork";
|
||||||
import {
|
import { getUserIdFromToken as getUserIdFromTokenViaDb } from "./auth-by-db";
|
||||||
getAuthToken,
|
|
||||||
getUserIdFromToken as getUserIdFromTokenViaDb,
|
|
||||||
} from "./auth-by-db";
|
|
||||||
|
|
||||||
const rootTypeDefs = gql`
|
const rootTypeDefs = gql`
|
||||||
enum CacheScope {
|
enum CacheScope {
|
||||||
|
@ -86,11 +83,11 @@ const config = {
|
||||||
return {
|
return {
|
||||||
db,
|
db,
|
||||||
currentUserId,
|
currentUserId,
|
||||||
login: async (params) => {
|
setAuthToken: (authToken) => {
|
||||||
const authToken = await getAuthToken(params, db);
|
if (authToken != null) {
|
||||||
if (authToken == null) {
|
// Set the auth token as a secure cookie, encoded as JSON! (We also
|
||||||
return null;
|
// url-encode it, which is pretty standard for cookie-writing - to
|
||||||
}
|
// the extent that `req.cookies` actually decodes it automatically.)
|
||||||
const oneWeekFromNow = new Date();
|
const oneWeekFromNow = new Date();
|
||||||
oneWeekFromNow.setDate(oneWeekFromNow.getDate() + 7);
|
oneWeekFromNow.setDate(oneWeekFromNow.getDate() + 7);
|
||||||
res.setHeader(
|
res.setHeader(
|
||||||
|
@ -98,13 +95,10 @@ const config = {
|
||||||
`DTIAuthToken=${encodeURIComponent(JSON.stringify(authToken))}; ` +
|
`DTIAuthToken=${encodeURIComponent(JSON.stringify(authToken))}; ` +
|
||||||
`Max-Age=${60 * 60 * 24 * 7}; Secure; HttpOnly; SameSite=Strict`
|
`Max-Age=${60 * 60 * 24 * 7}; Secure; HttpOnly; SameSite=Strict`
|
||||||
);
|
);
|
||||||
return authToken;
|
} else {
|
||||||
},
|
|
||||||
logout: async () => {
|
|
||||||
// NOTE: This function isn't actually async in practice, but we mark it
|
|
||||||
// as such for consistency with `login`!
|
|
||||||
// Set a header to delete the cookie. (That is, empty and expired.)
|
// Set a header to delete the cookie. (That is, empty and expired.)
|
||||||
res.setHeader("Set-Cookie", `DTIAuthToken=; Max-Age=-1`);
|
res.setHeader("Set-Cookie", `DTIAuthToken=; Max-Age=-1`);
|
||||||
|
}
|
||||||
},
|
},
|
||||||
...buildLoaders(db),
|
...buildLoaders(db),
|
||||||
};
|
};
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
import { gql } from "apollo-server";
|
import { gql } from "apollo-server";
|
||||||
|
|
||||||
import { assertSupportSecretOrThrow } from "./MutationsForSupport";
|
import { assertSupportSecretOrThrow } from "./MutationsForSupport";
|
||||||
|
import { getAuthToken } from "../auth-by-db";
|
||||||
|
|
||||||
const typeDefs = gql`
|
const typeDefs = gql`
|
||||||
type User {
|
type User {
|
||||||
|
@ -365,15 +366,16 @@ const resolvers = {
|
||||||
},
|
},
|
||||||
|
|
||||||
Mutation: {
|
Mutation: {
|
||||||
login: async (_, { username, password }, { login }) => {
|
login: async (_, { username, password }, { setAuthToken, db }) => {
|
||||||
const loginToken = await login({ username, password });
|
const authToken = await getAuthToken({ username, password }, db);
|
||||||
if (loginToken == null) {
|
if (authToken == null) {
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
return { id: loginToken.userId };
|
setAuthToken(authToken);
|
||||||
|
return { id: authToken.userId };
|
||||||
},
|
},
|
||||||
logout: async (_, __, { currentUserId, logout }) => {
|
logout: async (_, __, { currentUserId, setAuthToken }) => {
|
||||||
await logout();
|
setAuthToken(null);
|
||||||
if (currentUserId == null) {
|
if (currentUserId == null) {
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue