Authentication and authorization using GraphQL Schema Directives: src/directives/requireAuthDirective.js

requireAuthDirective.js

const {
  SchemaDirectiveVisitor,
  AuthenticationError
} = require("apollo-server");

class RequireAuthDirective extends SchemaDirectiveVisitor {
  visitFieldDefinition(field) {
    const { resolve = defaultFieldResolver } = field;
    const { role } = this.args;
    field.resolve = async function(...args) {
      const [, , ctx] = args;
      if (ctx.req && ctx.req.user) {
        if (role && (!ctx.req.user.role || !ctx.req.user.role.includes(role))) {
          throw new AuthenticationError(
            "You are not authorized to view this resource."
          );
        } else {
          const result = await resolve.apply(this, args);
          return result;
        }
      } else {
        throw new AuthenticationError(
          "You must be signed in to view this resource."
        );
      }
    };
  }
}

module.exports = RequireAuthDirective;

@mhaagens Can you explain what is meant by:

const { resolve = defaultFieldResolver } = field;

on line 8?

@duncanhall he is missing this import:
import { defaultFieldResolver } from 'graphql'