graphql api with jwt auth

Author: ItsWachira

.env

@@ -0,0 +1,2 @@
+MONGO_URI="mongodb+srv://user1:1234@cluster0.2r9byhz.mongodb.net/?retryWrites=true&w=majority"
+SECRET_KEY = 'mySecretKey';

.gitignore

@@ -0,0 +1,3 @@
+node_modules*/
+
+package-lock.json

graphql/resolvers.js

@@ -0,0 +1,95 @@
+const User = require("../models/user");
+const jwt = require('jsonwebtoken');
+const secretKey = process.env.SECRET_KEY;
+
+// Function to generate a JWT
+function generateToken(user) {
+  const token = jwt.sign({ id: user.id, role: user.role }, secretKey, { expiresIn: '1h', algorithm: 'HS256' });
+  return token;
+}
+
+// Function to verify token
+function verifyToken(token) {
+  if (!token) {
+    throw new Error('Token not provided');
+  }
+
+  try {
+    const decoded = jwt.verify(token, secretKey, { algorithms: ['HS256'] });
+    return decoded;
+  } catch (err) {
+    throw new Error('Invalid token');
+  }
+}
+
+// GraphQL Resolvers
+const resolvers = {
+    Mutation: {
+    register: async (_, { userInput: { name, password, role } }) => {
+      if (!name || !password || !role) {
+        throw new Error('Name password, and role required');
+      }
+
+      const newUser = new User({
+        name: name,
+        password: password,
+        role: role,
+      });
+
+      try {
+        const response = await newUser.save();
+        return {
+          id: response._id,
+          ...response._doc,
+        };
+      } catch (error) {
+        console.error(error);
+        throw new Error('Failed to create user');
+      }
+    },
+
+    login: async (_, { name, password }) => {
+      try {     
+        const user = await User.findOne({ name: name });
+        if (!user) {
+          throw new Error('User not found');
+        }
+        if (password !== user.password) {
+          throw new Error('Incorrect password');
+        }      
+        const token = generateToken(user);      
+        if (!token) {
+          throw new Error('Failed to generate token');
+        }
+        return {
+          message: 'Login successful',
+          token: token,
+        };
+      } catch (error) {
+        console.error(error);
+        throw new Error('Login failed');
+      }
+    }
+  },
+  Query: {
+    users: async (parent, args, context) => {
+      try {
+        // Extract the token from the request headers
+        const token = context.req.headers.authorization || '';
+
+
+        const decodedToken = verifyToken(token);
+        if (decodedToken.role !== 'Admin') {
+          throw new ('Unauthorized. Only Admins can access this data.');
+        }
+        const users = await User.find({}, { name: 1, _id: 1, role: 1 });
+        return users;
+      } catch (error) {
+        console.error(error);
+        throw new Error('Failed to fetch users');
+      }
+    },
+  },
+};
+
+module.exports = resolvers;

graphql/typeDefs.js

@@ -0,0 +1,32 @@
+const { gql } = require("apollo-server");
+
+const typeDefs = gql`
+  type User {
+    id: ID!
+    name: String!
+    password: String!
+    role: String!
+  }
+
+  input UserInput {
+    name: String!
+    password: String!
+    role: String!
+  }
+
+  type TokenResult {
+    message: String
+    token: String
+  }
+
+  type Query { 
+    users: [User] 
+  }
+
+  type Mutation {
+    register(userInput: UserInput): User
+    login(name: String!, password: String!, role: String!): TokenResult
+  }
+`;
+
+module.exports = typeDefs;

models/user.js

@@ -0,0 +1,12 @@
+const {model, Schema} = require('mongoose');
+
+
+const userSchema = new Schema({
+    name: String,
+    password: String,
+    role : String
+
+});
+
+
+module.exports = model('user', userSchema);

package.json

@@ -0,0 +1,21 @@
+{
+  "name": "graphql-mongodb-jwt",
+  "version": "1.0.0",
+  "main": "index.js",
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1",
+    "start": "node server.js"
+  },
+  "author": "",
+  "license": "ISC",
+  "dependencies": {
+    "apollo-server": "^3.12.0",
+    "dotenv": "^16.3.1",
+    "express": "^4.18.2",
+    "graphql": "^16.6.0",
+    "jsonwebtoken": "^9.0.2",
+    "mongoose": "^7.0.3"
+  },
+  "keywords": [],
+  "description": ""
+}

server.js

@@ -0,0 +1,45 @@
+const { ApolloServer } = require('apollo-server');
+const mongoose = require('mongoose');
+require('dotenv').config();
+
+
+
+
+
+
+const  typeDefs  = require("./graphql/typeDefs");
+const  resolvers  = require("./graphql/resolvers");
+
+
+
+const server = new ApolloServer({ 
+    typeDefs, 
+    resolvers ,
+    context: ({ req }) => ({ req }), 
+});
+ 
+
+
+const MONGO_URI = process.env.MONGO_URI;
+
+mongoose
+  .connect(MONGO_URI, {
+    useNewUrlParser: true,
+    useUnifiedTopology: true,
+  })
+  .then(() => {
+    console.log("Connected to DB");
+    return server.listen({ port: 5000 });
+  })
+  .then((res) => {
+    console.log(`Server running at ${res.url}`);
+    
+  })
+  .catch(err => {
+    console.log(err.message);
+
+  });
+
+
+
+