Hi all, finally getting to implementing my strange use case in redwood, ported over to the new RC so I can use the custom auth. My use case is similar to dbAuth, the issue is my users come from a separate system that doesn’t have OAuth or any other protocols, so have to do it myself.
Basically, I’ve added a new auth.sdl with login, register, etc., and modified the authDecoder and the getCurrentUser functions. I made a custom client for the Web side, but that’s not my priority at the moment (seems to work, so far).
So I have register and login working, which return a token, however I now need my requireAuth to check for a token and I’d like to pass it as a cookie from the api side, so I don’t have to manually send it on web. I’ve been playing around with envelop, but can’t seem to figure out how to access the response headers.
This is my current login, to give context:
export const authLogin: MutationResolvers['authLogin'] = async ({ input }) => {
let user: User;
try {
user = await db.user.findUniqueOrThrow({ where: { email: input.email } });
} catch (e) {
if (e?.code === 'P2025') {
throw new RedwoodGraphQLError('User not found.');
}
logger.warn('Unknown error in Login', e);
}
console.log(user.passwordHash);
const match = await bcrypt.compare(input.password, user?.passwordHash);
if (!match) {
throw new RedwoodGraphQLError('Incorrect password.');
}
const token = jwt.sign({ id: user.id, roles: user.roles }, process.env.SESSION_SECRET, {
expiresIn: '7d',
});
return { id: user.id, token };
};
So the idea is that if I could set the token here as a cookie (in the same method dbAuth does), it would send automatically from the front end. Please correct me if I’m wrong, and I appreciate the help.
Thanks