Skip to content
/ ypsa Public

Simple GraphQL server with Yoga and Prisma using session-based directives-driven authentication

License

Notifications You must be signed in to change notification settings

artetecha/ypsa

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

23 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

YPSA stands for Yoga Prisma Session-based Authentication.

It is very common to find examples of GraphQL authentication implemented with JSON Web Tokens, not so common to find a standard session-based one. So, here we are.

This example was also a playground for me to play with GraphQL Yoga, Prisma and GraphQL directives. If you are only after the bit that implements the session-based authentication, I am sure you will have no trouble extracting it from this example.

You can likewise decide to play with example and change it to your likeness, swapping Prisma for another back-end, or rely on plain Apollo Server rather than Yoga, etc.

First things first

This example uses Prisma Enterprise Open Source package rather than the Prisma Cloud Service. I set up the my Prisma server with a Postgres DB using the official guide.

So you will need…

Docker

If you don't have Docker installed already, you can download it for your platform using the following links:

Prisma CLI

$ npm install -g prisma
# or
# yarn global add prisma

Get started

$ git checkout [email protected]:artetecha/ypsa.git
$ cd ypsa
$ docker-compose up -d # to stop the containers when you're done: docker-machine down
$ prisma deploy
$ yarn install # you can use npm, but bear in mind this repo provides no package-lock.json
$ yarn start # or yarn run dev if you want to start the app via nodemon and play with your changes

Enabling sessions in GraphQL Playground

Yoga comes with GraphQL Playground rather than the usual GraphiQL. Playground by default does not have sessions enabled, and Yoga doesn’t expose its options yet, so I couldn’t make the server start with different defaults. So there’s one more thing you have to do before you start authenticating:

  1. Go to the local server URL (http://localhost:4000/)
  2. Click on the cogwheel icon to access the settings
  3. Change the value of request.credentials from omit to include
  4. Save the settings

Default user

There’s a default user, because the server comes with the register mutation locked for authenticated user, i.e. you need to be logged-in in order to register more users. The default user’s credentials are:

username: nooneknows
password: nooneknows

Queries and Mutations

This server ships with the following queries:

Query Function Access
currentUser Shows the currently authenticated user All
users Shows a list of users Private (auth required)

and the following mutations:

Mutation Function Access
login Allows authentication via username and password Anonymous (must not be logged-in)
logout Log out Private (auth required)
register Sign a new user up Private (auth required)

Directives

I decided to use GraphQL directives to implement authentication. This means you can easily change the access level of a specific query/mutation by adding/removing one of the available directives. See src/schema/schema.graphql for more information.

About

Simple GraphQL server with Yoga and Prisma using session-based directives-driven authentication

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published