Is there a good way to do auth on mutation resolvers?

I find myself doing something along the lines of the following on almost all mutations:

  const currentUser = context.currentUser
  if (!currentUser) throw new AuthenticationError('You are not logged in!')

  const recipeBasicInfo = await db.recipe.findUnique({
    where: { id },
    include: {
      chef: true,

  if ( !== recipeBasicInfo!.chefId) {
    throw new AuthenticationError('You can only delete your own recipes!')

Is there a better way of doing this and having less code repeated? Note that this logic is not just for recipes, but for any model with mutations.


1 Like

Have you looked at the @requireAuth directive?

Your use case of required an authenticated user in order to invoke a service that is a mutation is exactly what the directive should help with.

And no extra code needed in your service :slight_smile:

Ah! I had overlooked this, but it was exactly what I wanted :slight_smile: thank you so much!

1 Like