How to use the apollo-server-express.ForbiddenError function in apollo-server-express
To help you get started, we’ve selected a few apollo-server-express examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
chnirt / nestjs-graphql-best-practice / src / config / graphql / schemaDirectives / permission.ts View on Github 
$map: {
input: '$permissions.code',
as: 'code',
in: '$$code'
}
},
_id: 0
}
}
])
.toArray()
console.log(userRoles[0].permissions)
if (userRoles[0].permissions.indexOf(permission) === -1) {
throw new ForbiddenError('You are not authorized for this resource.')
}
// console.log('userRole', userRole)
return resolve.apply(this, args)
}
}throw new AuthenticationError(
'Authentication token is invalid, please try again.'
)
}
// console.log(currentUser._id, permission)
const role = await getMongoRepository(Role).find({
where: {
userId: currentUser._id,
'permissions.code': permission
}
})
if (!role) {
throw new ForbiddenError('You are not authorized for this resource.')
}
// console.log('Role', role)
return resolve.apply(this, args)
}
}throw new AuthenticationError(
'Authentication token is invalid, please try again.'
)
}
// console.log(currentUser._id, path)
const role = await getMongoRepository(Role).find({
where: {
userId: currentUser._id,
path: { $regex: `.*${path}|${path.toLowerCase()}.*` },
},
})
if (!role) {
throw new ForbiddenError('You are not authorized for this resource.')
}
// console.log('Role', role)
return resolve.apply(this, args)
}
}utilities.checkLoggedInAndNotVerified = (user) => {
// User should be logged in at this stage
if (!user) {
throw new AuthenticationError('User is not logged in!');
}
if (user.emails[0].verified === true) {
throw new ForbiddenError('Email already verified!');
}
};field.resolve = async function (root, args, context, info) {
// must check for a validation error at runtime
// to ensure an appropriate message is sent back
log.info(`checking user is authorized to access ${field.name} on parent ${info.parentType.name}. Must have one of [${roles}]`)
if (error) {
log.error(`Invalid hasRole directive on field ${field.name} on parent ${info.parentType.name}`, error)
throw newInternalServerError(context)
}
if (!context.auth || !context.auth.isAuthenticated()) {
const AuthorizationErrorMessage = `Unable to find authentication. Authorization is required for field ${field.name} on parent ${info.parentType.name}. Must have one of the following roles: [${roles}]`
log.error({ error: AuthorizationErrorMessage })
throw new ForbiddenError(AuthorizationErrorMessage)
}
let foundRole = null // this will be the role the user was successfully authorized on
foundRole = roles.find((role) => {
return context.auth.hasRole(role)
})
if (!foundRole) {
const AuthorizationErrorMessage = `user is not authorized for field ${field.name} on parent ${info.parentType.name}. Must have one of the following roles: [${roles}]`
log.error({ error: AuthorizationErrorMessage, details: context.auth.getTokenContent() })
throw new ForbiddenError(AuthorizationErrorMessage)
}
log.info(`user successfully authorized with role: ${foundRole}`)utilities.checkLoggedInAndVerified = (user) => {
// User should be logged in at this stage
if (!user) {
throw new AuthenticationError('User is not logged in!');
}
// Make sure email is verified (in case of password service)
// TODO: use current loggedIn service instead
const isPasswordService = Object.keys(user.services).indexOf('password') !== -1;
const isEmailVerified = isPasswordService && user.emails[0].verified === true;
if (isPasswordService && !isEmailVerified) {
throw new ForbiddenError('Email is not verified!');
}
};export const isAdmin = (parent, args, { currentUser }) =>
authorization.isAuthenticated(currentUser)
? authorization.isAdmin(currentUser)
? skip
: new ForbiddenError('I call shenanigans.')
: new AuthenticationError('Not logged in.');> = async (root, args, context) => {
const viewer = getViewerOrThrowIfUnauthenticated(context);
const { id: channelId } = args;
const channel = await context.loaders.channelById.load(channelId);
if (!channel) {
throw new NotFoundError({ entity: NotFoundableEntity.Channel });
}
if (!channels.canSeeChannel(viewer, channel)) {
throw new ForbiddenError('forbidden');
}
return channel;
};const ensureAllowed = async (resources, permissions) => {
const isAllowed = await acl.isAllowed(user.id, resources, permissions);
if (!isAllowed) {
throw new ForbiddenError('Insufficient permissions');
}
};const { id: channelGlobalId } = args;
const channelId = Number.parseInt(channelGlobalId, 10);
if (!isViewerAuthenticated(context)) {
throw new AuthenticationError('unauthenticated');
}
const channel = await channels.getChannelById(channelId);
if (!channel) {
throw new NotFoundError('channel not found');
}
if (!channels.canSeeChannel(context.viewer, channel)) {
throw new ForbiddenError('forbidden');
}
return channel;
};apollo-server-express
Production-ready Node.js GraphQL server for Express
Package Health Score
70 / 100Popular apollo-server-express functions
- apollo-server-express.ApolloError
- apollo-server-express.ApolloServer
- apollo-server-express.AuthenticationError
- apollo-server-express.ForbiddenError
- apollo-server-express.gql
- apollo-server-express.graphiqlExpress
- apollo-server-express.graphqlExpress
- apollo-server-express.makeExecutableSchema
- apollo-server-express.mergeSchemas
- apollo-server-express.PubSub
- apollo-server-express.toApolloError
- apollo-server-express.UserInputError
- apollo-server-express.ValidationError
- apollo-server-express.withFilter
- apollo-server-express/dist/expressApollo.graphqlExpress