Can not SingUp if previous session is expired

the-road-to-graphql / fullstack-apollo-express-mongodb-boilerplate

💥A sophisticated GraphQL with Apollo, Express and MongoDB boilerplate project.

https://www.robinwieruch.de

MIT License

337 stars 104 forks source link

Can not SingUp if previous session is expired #9

Open animir opened 5 years ago

animir commented 5 years ago

If token is expired, there is no way to SignUp, as it tries to use current token.

See getMe method in index.js

rwieruch commented 5 years ago

Thanks for reporting! Do you have a suggestion how to fix it? :)

animir commented 5 years ago

@rwieruch Hi, I am not GraphQL expert, but I do have an idea. I'd do next check on the backend before getting me object:

      let me = {};
      if (req.body.operationName !== 'signUp' && req.body.operationName !== 'signIn') {
        me = await getMe(req);
      }

And those operations should be named on client:

const SIGN_UP = gql`
  mutation signUp( ...

What do you think?

syJSdev commented 4 years ago

I think we can fix this issue like this.

const getMe = async req => {
  const token = req.headers['x-token'];

  if (token) {
    try {
      return await jwt.verify(token, process.env.SECRET);
    } catch (e) {
      // throw new AuthenticationError(
      //   'Your session expired. Sign in again.',
      // );
    }
  }
  return null;
};

Why?

Many projects may have more public API. (as well as signUp and signIn )