Open tobiasdiez opened 3 years ago
Options are:
@Before(isAuthorized)
@After(isOwner)
function getBlogPost() {...}
This is similar to the Authorized decoration of type graphql (but more flexible) and in spirit similar to https://github.com/boltsource/apollo-resolvers and https://github.com/lucasconstantino/graphql-resolvers and https://www.graphql-tools.com/docs/resolvers-composition which allow to compose resolvers as well. For rest, this is implemented here: https://tsed.io/docs/authentication.html#usage (see also https://github.com/tsedio/tsed/blob/master/packages/common/src/mvc/decorators/method/useAfter.ts) https://stackoverflow.com/questions/36349158/call-typescript-decorator-method-when-the-underlying-function-is-executed
Problem with this approach: resolver functions need to be methods in a class (otherwise we cannot apply decorators). Workaround: https://github.com/microsoft/TypeScript/issues/7342
Implementation detail to ensure type checking: https://stackoverflow.com/questions/59992398/is-there-a-way-to-type-a-typescript-method-decorator-to-restrict-the-type-of-the and https://stackoverflow.com/questions/52961185/typescript-restrict-decorator-via-typedpropertydescriptor-on-decorator-factorie
Maybe worthwile to extract this to a new library graphql-compose
.
Decision: try the typescript way, and if that doesn't work manually authorize requests in resolver functions (at least for now)
Reason:
References:
First step toward this: https://github.com/JabRef/JabRefOnline/pull/159
Also add common features like sending registration email etc. Following might be helpful: