你好,我在如何使用graphql应用刷新令牌和身份验证令牌逻辑方面遇到了一些困难 我看到了很多有关的文章,但是在graphql或示例中都找不到任何内容 我不知道最好的选择是将令牌列入黑名单
有人可以帮助我如何开始吗?我是graphql的新手
我的代码:
解析器::
import {
Resolver,
Query,
Mutation,
Arg,
ObjectType,
Field
} from "type-graphql";
import { hash, compare } from "bcryptjs";
import { User } from "../../entity/User";
@Resolver()
export class UserResolver {
//get user
@Query(() => [User])
users() {
return User.find();
}
@Mutation(() => Boolean)
async register(
@Arg("login") login: string,
@Arg("password") password: string
) {
const hashedPassword = await hash(password, 12);
try {
await User.insert({
login,
password: hashedPassword
});
} catch (err) {
console.log(err);
return false;
}
return true;
}
@Mutation(() => String)
async Login(@Arg("login") login: string, @Arg("password") password: string) {
const user = await User.findOne({ where: { login } });
if (!user) {
throw new Error("Could not find user");
}
const verify = compare(password, user.password);
if (!verify) {
throw new Error("Bad password");
}
return {
accessToken: "jhfksjhdk"
};
}
}
我的index.ts:
const main = async () => {
await createConnection();
const schema = await createSchema();
const server = new ApolloServer({
schema,
context: ({ req, res }: any) => ({ req, res })
});
/*########## cors Configs ##########*/
const whiteList = [
process.env.CORS_APPROVED_ADDRESS,
`http://localhost:${process.env.SERVER_PORT}`
];
const corsOptionsDelegate = {
origin: (origin, cb) => {
whiteList.indexOf(origin) !== -1 || !origin
? cb(null, true)
: cb(new Error("Not allowed by CORS"));
}
};
/*########## cors Configs ##########*/
const app = express();
app.use(helmet());
app.use(cors(corsOptionsDelegate));
app.use(cookieParser());
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({ extended: true }));
app.use(xssFilter());
app.disable("x-powered-by");
// app.use(require("csurf")({ cookie: true }));
// app.use(csrf());
server.applyMiddleware({ app });
app.listen({ port: process.env.SERVER_PORT }, () =>
console.log(`? Server ready at http://localhost:4000${server.graphqlPath}`)
);
};
main();