feat: add ws auth (#177)

* feat(client): ws auth initial setup * feat(server): ws auth initial setup * chore(server): remove redundant console log * feat(client): update ws auth logic * update ws auth logic * remove redundant code * Fix lint error * Fix types properly
ledokku · Oct 8, 2020 · 0ad5ff7 · 0ad5ff7
1 parent 1c1a216
commit 0ad5ff7
Show file tree

Hide file tree

Showing 3 changed files with 31 additions and 1 deletion.
diff --git a/client/src/index.tsx b/client/src/index.tsx
@@ -36,6 +36,11 @@ const wsLink = new WebSocketLink({
   uri: `${config.serverWsUrl}/graphql`,
   options: {
     reconnect: true,
+    connectionParams: () => {
+      return {
+        token: localStorage.getItem('accessToken'),
+      };
+    },
   },
 });
 

diff --git a/client/src/modules/auth/AuthContext.tsx b/client/src/modules/auth/AuthContext.tsx
@@ -23,7 +23,14 @@ const AuthProvider = ({ children }: AuthProviderProps) => {
     user?: JwtUser;
   }>(() => {
     const token = localStorage.getItem('accessToken');
-    const decodedToken = token ? jwtDecode<JwtUser>(token) : undefined;
+    let decodedToken;
+    if (token) {
+      try {
+        decodedToken = jwtDecode<JwtUser>(token);
+      } catch (e) {
+        //Invalid token
+      }
+    }
     return {
       loggedIn: Boolean(token),
       user: decodedToken

diff --git a/server/src/index.ts b/server/src/index.ts
@@ -223,12 +223,30 @@ const resolvers: Resolvers<{ userId?: string }> = {
   ...customResolvers,
 };
 
+interface SubscriptionContext {
+  token?: string;
+}
+
 const apolloServer = new ApolloServer({
   typeDefs,
   resolvers: {
     ...resolvers,
     DateTime: DateTimeResolver,
   },
+  subscriptions: {
+    onConnect: (context: SubscriptionContext) => {
+      if (!context.token) {
+        throw new Error('Missing auth token');
+      }
+      try {
+        jsonwebtoken.verify(context.token, config.jwtSecret);
+        // TODO ARTURS : FIND USER FN FOR EXTRA LAYER OF SECURITY
+      } catch (e) {
+        throw new Error('Invalid token');
+      }
+    },
+  },
+
   context: ({ req, connection }) => {
     if (connection) {
       return connection.context;