You're reading from GraphQL Best Practices Gain hands-on experience with schema design, security, and error handling

Product type Paperback

Published in Oct 2024

Publisher Packt

ISBN-13 9781835467145

Length 422 pages

Edition 1st Edition

Languages

JavaScript

Tools

GraphQL

Concepts

Web Programming

Author (1):

Artur Czemiel

View More author details

Table of Contents (23) Chapters

Preface

1. Part 1 - Why GraphQL?

2. Chapter 1: Unveiling the Holy Grail of Communication – GraphQL FREE CHAPTER

3. Chapter 2: Applying an AI-Friendly Approach to GraphQL

4. Part 2 - Schema-First Design Patterns

5. Chapter 3: Crafting Effective GraphQL Schemas

6. Chapter 4: Building Pipes

7. Part 3 - Exploring Possible Ways to Use GraphQL

8. Chapter 5: Transitioning from REST to GraphQL

9. Chapter 6: Defining GraphQL Transformers

10. Chapter 7: Understanding GraphQL Federation

11. Part 4 - Advanced GraphQL

12. Chapter 8: Executing Schema-First Systems

13. Chapter 9: Working on the Frontend with GraphQL

14. Chapter 10: Keeping Data Secure

15. Chapter 11: Describing Errors in GraphQL

16. Chapter 12: Documenting your Schema

17. Chapter 13: Tackling Schemas with Visualization

18. Part 5 - From an Idea to a Working Project

19. Chapter 14: From an Idea to a Working Project – Backend Development with GraphQL and TypeScript

20. Chapter 15: From an Idea to a Working Project – Frontend Integration with GraphQL and TypeScript

21. Index

Why subscribe?

22. Other Books You May Enjoy

Handling user authorization and authentication

We have now prepared our schema to use standard username-password authentication together with JWT authorization, using pipes. We will now implement authentication resolvers and authorization mechanisms.

To begin, create a file called src/auth.ts – this is where we will keep all the functions connected to authentication and authorization.

Then, we will create some helper functions to keep our authorization mechanisms secure. To do so, we need to store the hashed password inside the database:

import crypto from 'node:crypto';
import jwt from "jsonwebtoken";
import { createResolvers } from '@/src/axolotl.js';
import { MongOrb } from '@/src/orm.js';
import { GraphQLError } from 'graphql';
const secretKey = 'your-secret-key';
const passwordSha512 = (password: string, salt: string) => {
  const hash = crypto.createHmac('sha512', salt);
 ...