Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

How do i protect routes from unauthenticated users?

See original GitHub issue

For example /graphql should only be accessed by logged in user.

PS: Sorry if there were similar questions that’s resolved, please reference me then. Thanks!

Issue Analytics

  • State:closed
  • Created 7 years ago
  • Comments:12 (3 by maintainers)

github_iconTop GitHub Comments

2reactions
maksimkurbcommented, Nov 27, 2016

You can use middlewares.

Server-side pseudo-code:


app.use('/graphql',
+(req, res, next) => {
+   if (!req.user) { // if user is not logged in
+       res.status(400);
+       res.send('Access denied');
+   } else {
+      next();
+   }
+},
expressGraphQL(req => ({
  schema,
  graphiql: true,
  rootValue: { request: req },
  pretty: process.env.NODE_ENV !== 'production',
})));

but I think it would be better take a look on src/data/queries/me.js:

const me = {
  ...
  resolve({ request }) {
    return request.user && { // return user only if we are logged in
      ... // some result
    };
  },
};

If you need to protect frontend route, you can check out src/routes/admin/index.js:

async action() {
    if (!isAdmin) { // Redirect to login page if user is not admin
      return { redirect: '/login' };
    }

    ...
  },
1reaction
maksimkurbcommented, Dec 29, 2016

@tzyhhaur you can think about PassportJS as about abstraction layer of your authentication with pluggable auth strategies for various services. You can install one of them (e.g. facebook, google-oauth, yahoo, paypal) and write your own callback (to register user if it is not registered yet for ex.) which just should return some basic user information (like id and email in /src/core/passport.js), so later you can use it by req.user on your callbacks. There is strategy for firebase, so you can implement it (in /src/core/passport.js and /src/server.js files) like facebook implemented in this boilerplate.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Implementing Protected Route and Authentication in React-JS
For this tutorial, I'll be showing how to set up an authentication route and protect other routes from been accessed by unauthorized users....
Read more >
Protected Routes and Authentication with React Router - ui.dev
Protected routes let us choose which routes users can visit based on whether they are logged in.
Read more >
How to Create a Protected Route in React - MakeUseOf
Protected routes are those routes that only grant access to authorized users. This means that users must first meet certain conditions ...
Read more >
How to Protect Routes in Angular From Unauthorized Access
In this tutorial, we are going to see, how to protect the pages/routes from unauthorised access using Angular.
Read more >
React Router 6: Private Routes (alias Protected Routes)
Private Routes in React Router (also called Protected Routes) require a user being authorized to visit a route (read: page).
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

issue with BrowserSync when editing home.js inside the /routes/home folder

Next page

Best way import jQuery plugins or external client scripts?