Graphql-通用权限保护_Graphql_Apollo_Middleware_Apollo Server_Resolver

Graphql-通用权限保护

graphql

Graphql-通用权限保护,graphql,apollo,middleware,apollo-server,resolver,Graphql,Apollo,Middleware,Apollo Server,Resolver,我正在尝试使用在后端实现权限保护。以下代码有效：解析器 const Notification = require('../../database/models/notifications'); const Task = require('../../database/models/tasks'); notification: combineResolvers(isNotificationOwner, async (_, { id }) => { try { const no

我正在尝试使用在后端实现权限保护。以下代码有效：

解析器

const Notification = require('../../database/models/notifications');
const Task = require('../../database/models/tasks');

notification: combineResolvers(isNotificationOwner, async (_, { id }) => {
  try {
    const notification = await Notification.findById(id);
    return notification;
  } catch (error) {
    throw error;
  }
})

task: combineResolvers(isTaskOwner, async (_, { id }) => {
  try {
    const task = await Task.findById(id);
    return task;
  } catch (error) {
    throw error;
  }
})

const Notification = require('../../database/models/notifications');
const Task = require('../../database/models/tasks');

// userId is the id of the logged in user retrieved from the context
module.exports.isNotificationOwner = async (_, { id }, { userId }) => {
  try {
    const notification = await Notification.findById(id);
    if (notification.user.toString() !== userId) {
      throw new ForbiddenError('You are not the owner');
    }
    return skip;
  } catch (error) {
    throw error;
  }
}

module.exports.isTaskOwner = async (_, { id }, { userId }) => {
  try {
    const task = await Task.findById(id);
    if (task.user.toString() !== userId) {
      throw new ForbiddenError('You are not the owner');
    }
    return skip;
  } catch (error) {
    throw error;
  }
}

const Notification = require('../../database/models/notifications');
const Task = require('../../database/models/tasks');

notification: combineResolvers(isOwner, async (_, { id }) => {
  try {
    const notification = await Notification.findById(id);
    return notification;
  } catch (error) {
    throw error;
  }
})

task: combineResolvers(isOwner, async (_, { id }) => {
  try {
    const task = await Task.findById(id);
    return task;
  } catch (error) {
    throw error;
  }
})

解析器中间件（权限保护）

这样继续下去会产生大量重复的代码，而且不会感觉很枯燥。因此，我正在尝试创建一个更通用的解决方案，到目前为止没有任何评估。

我的尝试：

解析器

const Notification = require('../../database/models/notifications');
const Task = require('../../database/models/tasks');

notification: combineResolvers(isNotificationOwner, async (_, { id }) => {
  try {
    const notification = await Notification.findById(id);
    return notification;
  } catch (error) {
    throw error;
  }
})

task: combineResolvers(isTaskOwner, async (_, { id }) => {
  try {
    const task = await Task.findById(id);
    return task;
  } catch (error) {
    throw error;
  }
})

const Notification = require('../../database/models/notifications');
const Task = require('../../database/models/tasks');

// userId is the id of the logged in user retrieved from the context
module.exports.isNotificationOwner = async (_, { id }, { userId }) => {
  try {
    const notification = await Notification.findById(id);
    if (notification.user.toString() !== userId) {
      throw new ForbiddenError('You are not the owner');
    }
    return skip;
  } catch (error) {
    throw error;
  }
}

module.exports.isTaskOwner = async (_, { id }, { userId }) => {
  try {
    const task = await Task.findById(id);
    if (task.user.toString() !== userId) {
      throw new ForbiddenError('You are not the owner');
    }
    return skip;
  } catch (error) {
    throw error;
  }
}

const Notification = require('../../database/models/notifications');
const Task = require('../../database/models/tasks');

notification: combineResolvers(isOwner, async (_, { id }) => {
  try {
    const notification = await Notification.findById(id);
    return notification;
  } catch (error) {
    throw error;
  }
})

task: combineResolvers(isOwner, async (_, { id }) => {
  try {
    const task = await Task.findById(id);
    return task;
  } catch (error) {
    throw error;
  }
})

解析器中间件

const Notification = require('../../database/models/notifications');
const Task = require('../../database/models/tasks');

module.exports.isOwner = async (_, { id, collection }, { userId }) => {
  try {
    const document = await collection.findById(id);
    if (document.user.toString() !== userId) {
      throw new ForbiddenError('You are not the owner');
    }

    return skip;
  } catch (error) {
    throw error;
  }
}

我无法将集合名称作为参数传递给中间件解析程序。

我将非常感谢任何形式的帮助

根据您的代码，您似乎在寻找一个

isoowner

a，这样您就可以传入集合，它

返回当前方法
module.exports.isOwner=（集合）=>{
返回异步（{id}，{userId}）=>{
试一试{
const document=wait collection.findById（id）；
if（document.user.toString（）！==userId）{
抛出新的禁止错误（“您不是所有者”）；
}
回程箕斗；
}捕获（错误）{
投掷误差；
}
}
}

用法：
const解析器={
查询：{
任务：组合求解器（isOwner（任务），异步（{id}）=>{
试一试{
const task=wait task.findById（id）；
返回任务；
}捕获（错误）{
投掷误差；
}
})
},
};
正是我要搜索的！非常感谢你！！