How to secure your endpoints
#
Guard.authorizeThe Guard.authorize
HOF will protect your endpoint and authorize your user based on your rules.
If the user is not authorized an AuthorizationError
will be thrown.
Eg:
authorize(ability, resource, callback)
ability
The action that the user can perform.
Default:create, read, update, delete, manage
More informationresource
The subject of the action.
Default:all
More informationcallback :
It's your query or mutation
async (args) => Promise<any>
#
Guard.authorizePipeIf you are using pipes in your queries or mutations you can use Guard.authorizePipe as shown in the example. If the authorization fails it will throw an AuthorizationError
authorizePipe(ability, resource)
ability
The action that the user can perform.
Default:create, read, update, delete, manage
More informationresource
The subject of the action.
Default:all
More information
#
Check rules inside a query/mutationSometimes you need to decide whether to execute portions of your code based on some conditions.
You can use Guard.can
for this purpose.
Guard.can(ability, resource, ctx, args) // { can: boolean, reason: string }