From 7eec6faaceac2a957c8f9ce29f0b1e0737a397c2 Mon Sep 17 00:00:00 2001
From: Moriz Wahl <moriz.wahl@gmx.de>
Date: Thu, 26 Aug 2021 22:49:33 +0200
Subject: [PATCH] authorization with JWT seems to work

---
 backend/src/auth/auth.ts                      | 13 +++++++++++++
 .../graphql/resolvers/TransactionResolver.ts  |  4 +++-
 backend/src/index.ts                          | 19 ++++++++++++++++++-
 backend/src/jwt/decode.ts                     | 13 ++++++-------
 4 files changed, 40 insertions(+), 9 deletions(-)
 create mode 100644 backend/src/auth/auth.ts

diff --git a/backend/src/auth/auth.ts b/backend/src/auth/auth.ts
new file mode 100644
index 000000000..12ab24feb
--- /dev/null
+++ b/backend/src/auth/auth.ts
@@ -0,0 +1,13 @@
+/* eslint-disable @typescript-eslint/no-explicit-any */
+
+import { AuthChecker } from 'type-graphql'
+import decode from '../jwt/decode'
+
+/* eslint-disable-next-line @typescript-eslint/no-unused-vars */
+export const isAuthorized: AuthChecker<any> = ({ root, args, context, info }, roles) => {
+  if (context.token) {
+    const decoded = decode(context.token)
+    if (decoded.sessionId && decoded.sessionId !== 0) return true
+  }
+  return false
+}
diff --git a/backend/src/graphql/resolvers/TransactionResolver.ts b/backend/src/graphql/resolvers/TransactionResolver.ts
index 607b09691..305cf44d7 100644
--- a/backend/src/graphql/resolvers/TransactionResolver.ts
+++ b/backend/src/graphql/resolvers/TransactionResolver.ts
@@ -1,4 +1,4 @@
-import { Resolver, Query, Args } from 'type-graphql'
+import { Resolver, Query, Args, Authorized } from 'type-graphql'
 import CONFIG from '../../config'
 import { TransactionList } from '../models/Transaction'
 import { TransactionListInput, TransactionSendArgs } from '../inputs/TransactionInput'
@@ -6,6 +6,7 @@ import { apiGet, apiPost } from '../../apis/loginAPI'
 
 @Resolver()
 export class TransactionResolver {
+  @Authorized()
   @Query(() => TransactionList)
   async transactionList(
     @Args() { sessionId, firstPage = 1, items = 25, order = 'DESC' }: TransactionListInput,
@@ -17,6 +18,7 @@ export class TransactionResolver {
     return new TransactionList(result.data)
   }
 
+  @Authorized()
   @Query(() => String)
   async sendCoins(
     @Args() { sessionId, email, amount, memo }: TransactionSendArgs,
diff --git a/backend/src/index.ts b/backend/src/index.ts
index 865506b2f..067403508 100644
--- a/backend/src/index.ts
+++ b/backend/src/index.ts
@@ -1,3 +1,5 @@
+/* eslint-disable @typescript-eslint/no-explicit-any */
+
 import 'reflect-metadata'
 import express from 'express'
 import { buildSchema } from 'type-graphql'
@@ -13,11 +15,25 @@ import { BalanceResolver } from './graphql/resolvers/BalanceResolver'
 import { GdtResolver } from './graphql/resolvers/GdtResolver'
 import { TransactionResolver } from './graphql/resolvers/TransactionResolver'
 
+import { isAuthorized } from './auth/auth'
+
 // TODO implement
 // import queryComplexity, { simpleEstimator, fieldConfigEstimator } from "graphql-query-complexity";
 
 const DB_VERSION = '0001-init_db'
 
+const context = (req: any) => {
+  const authorization = req.req.headers.authorization
+  let token = null
+  if (authorization) {
+    token = req.req.headers.authorization.replace(/^Bearer /, '')
+  }
+  const context = {
+    token,
+  }
+  return context
+}
+
 async function main() {
   // check for correct database version
   const con = await connection()
@@ -33,6 +49,7 @@ async function main() {
   // const connection = await createConnection()
   const schema = await buildSchema({
     resolvers: [UserResolver, BalanceResolver, TransactionResolver, GdtResolver],
+    authChecker: isAuthorized,
   })
 
   // Graphiql interface
@@ -45,7 +62,7 @@ async function main() {
   const server = express()
 
   // Apollo Server
-  const apollo = new ApolloServer({ schema, playground })
+  const apollo = new ApolloServer({ schema, playground, context })
   apollo.applyMiddleware({ app: server })
 
   // Start Server
diff --git a/backend/src/jwt/decode.ts b/backend/src/jwt/decode.ts
index 3c0b33dbe..40c3575e8 100644
--- a/backend/src/jwt/decode.ts
+++ b/backend/src/jwt/decode.ts
@@ -2,17 +2,16 @@
 /* eslint-disable @typescript-eslint/explicit-module-boundary-types */
 
 import jwt from 'jsonwebtoken'
-import '../config'
+import CONFIG from '../config/'
 
-export default async (authorizationHeader: string): any => {
-  if (!authorizationHeader) return null
-  const token = authorizationHeader.replace('Bearer ', '')
+export default (token: string): any => {
+  if (!token) return null
   let sessionId = null
-  let email = null
+  const email = null
   try {
-    const decoded = await jwt.verify(token, CONFIG.JWT_SECRET)
+    const decoded = jwt.verify(token, CONFIG.JWT_SECRET)
     sessionId = decoded.sub
-    email = decoded.email
+    // email = decoded.email
   } catch (err) {
     return null
   }