Is there a good way to do auth on mutation resolvers?

Get Help and Help Others
1

I find myself doing something along the lines of the following on almost all mutations:

  const currentUser = context.currentUser
  if (!currentUser) throw new AuthenticationError('You are not logged in!')

  const recipeBasicInfo = await db.recipe.findUnique({
    where: { id },
    include: {
      chef: true,
    },
  })

  if (currentUser.id !== recipeBasicInfo!.chefId) {
    throw new AuthenticationError('You can only delete your own recipes!')
  }

Is there a better way of doing this and having less code repeated? Note that this logic is not just for recipes, but for any model with mutations.

Thanks!

1 Like
2

Have you looked at the @requireAuth directive?

Your use case of required an authenticated user in order to invoke a service that is a mutation is exactly what the directive should help with.

And no extra code needed in your service :slight_smile:

3

Ah! I had overlooked this, but it was exactly what I wanted :slight_smile: thank you so much!

1 Like