So far you’ve been working only with the
Link type, but it’s time to include
User as well so that the app can show who posted a link and who voted on it.
You’ll need some registered users for this, so start by implementing the mutation for creating them.
This generates a
user.rb file in
Now we have users, which are required to have
Now when we have our user model and its GraphQL type. We need a way to create users. Users would be created by
Now, you can create a new user using GraphiQL:
Now that you have users, how would you sign them in using GraphQL? With a new mutation, of course! Mutations are a way for the client to talk to the server whenever it needs an operation that isn’t just about fetching data.
For this first time signing users in through GraphQL you’ll be using a simple email/password login method, returning a token that can be used in subsequent requests for authentication.
Note that this is NOT supposed to be a production-ready authentication feature, but just a small functioning prototype to show the basic concept. In a real app, you should make sure to encrypt passwords properly before passing them around and use a good token generation method, such as JWT.
Again, the workflow for adding this mutation will be very similar to the ones we’ve done before:
Now, you can get the token by using GraphiQL:
With the token that the
signinUser mutation provides, apps can authenticate subsequent requests. There are couple of ways this can be done. In this tutorial we are just going to use the build-in session, since this doesn’t add any requirements to the client application. The GraphQL server should be able to get the token from the session header on each request, detect what user it relates to, and pass this information down to the resolvers.
The best place to put data shared between resolvers is in the context object. You’ll need that object to be different in every request now though, since each one may be from a different user.
This is pretty straightforward since the generated token is so simple. Like was said before, make sure to check out a different token method out there when building a real world application though, such as JWT.
Your server can now detect the user that triggered each GraphQL request. This could be useful in many situations. For example, the authenticated user should be exactly the one that posted a link being created with the
createLink mutation. You can now store this information for each link.
rails generate migration add_user_id_link.
It generates a database migration.
Done! Now when you post links, they will be attached to your user, so you have to run