Added JWT based Authorization for any operation

2023-08-26 11:25:36 +02:00 · 2023-08-26 11:25:36 +02:00 · 2f40f3f5ac
commit 2f40f3f5ac
parent 52a6fa3005
7 changed files with 18 additions and 3 deletions
--- a/.wundergraph/wundergraph.config.ts
+++ b/.wundergraph/wundergraph.config.ts
@ -64,4 +64,7 @@ configureWunderGraphApplication({
 			],
 		},
 	},
+	authorization: {
+		roles: ['admin'],
+	},
 });
--- a/.wundergraph/wundergraph.operations.ts
+++ b/.wundergraph/wundergraph.operations.ts
@ -5,7 +5,7 @@ export default configureWunderGraphOperations<OperationsConfiguration>({
 	operations: {
 		defaultConfig: {
 			authentication: {
-				required: false,
+				required: true,
 			},
 		},
 		queries: (config) => ({
--- a/src/lib/Login.svelte
+++ b/src/lib/Login.svelte
@ -1,5 +1,6 @@
 <script>
  import Cookies from "js-cookie";
+
  async function login() {
    const response = await fetch("/api/auth", { method: "POST" });
    if (!response.ok) {
@ -8,6 +9,7 @@
      let { token } = await response.json();
      Cookies.set("token", token);
      alert(`Login Success: ${token}`);
+      console.log(token);
    }
  }
 </script>
--- a/src/lib/User.svelte
+++ b/src/lib/User.svelte
@ -21,6 +21,7 @@

 {#if user}
  <p>Welcome, {user.name}!</p>
+  <p>Your roles: {user.roles.join(", ")}</p>
 {:else}
  <p>Loading...</p>
 {/if}
--- a/src/lib/wundergraph/index.ts
+++ b/src/lib/wundergraph/index.ts
@ -7,4 +7,4 @@ const client = createClient();
 const { createFileUpload, createMutation, createQuery, createSubscription, getAuth, getUser, queryKey, prefetchQuery } =
 	createSvelteClient<Operations>(client);

-export { createFileUpload, createMutation, createQuery, createSubscription, getAuth, getUser, queryKey, prefetchQuery };
+export { createFileUpload, createMutation, createQuery, createSubscription, getAuth, getUser, queryKey, prefetchQuery, client };
--- a/src/routes/+layout.svelte
+++ b/src/routes/+layout.svelte
@ -1,8 +1,17 @@
 <script lang="ts">
  import { QueryClientProvider } from "@tanstack/svelte-query";
  import type { LayoutData } from "./$types";
+  import { client } from "$lib/wundergraph";
+  import Cookies from "js-cookie";

  export let data: LayoutData;
+
+  const token = Cookies.get("token");
+
+  // Set the Authorization header token
+  if (token) {
+    client.setAuthorizationToken(token);
+  }
 </script>

 <QueryClientProvider client={data.queryClient}>
--- a/src/routes/api/auth/+server.ts
+++ b/src/routes/api/auth/+server.ts
@ -5,7 +5,7 @@ import { error } from '@sveltejs/kit';
 const secretKey = 'mysecrettestkey';

 export async function POST() {
-  const token = jwt.sign({ name: 'Samuel', loggedIn: true }, secretKey);
+  const token = jwt.sign({ name: 'Samuel', loggedIn: true, roles: ['admin'] }, secretKey);
  if (!token) {
    throw error(400, 'No token created.');
  }