This program creates a simple GraphQL server. It checks if a user is logged in before giving data. It also checks if the user is an admin before allowing updates.
# Sample GraphQL server with basic security checks
const { ApolloServer, gql } = require('apollo-server');
const typeDefs = gql`
type User {
id: ID!
name: String
}
type Query {
user(id: ID!): User
}
type Mutation {
updateUser(id: ID!, name: String): User
}
`;
const users = [
{ id: '1', name: 'Alice' },
{ id: '2', name: 'Bob' }
];
const resolvers = {
Query: {
user: (parent, args, context) => {
if (!context.user) throw new Error('Not authenticated');
const user = users.find(u => u.id === args.id);
if (!user) throw new Error('User not found');
return user;
}
},
Mutation: {
updateUser: (parent, args, context) => {
if (!context.user) throw new Error('Not authenticated');
if (!context.user.isAdmin) throw new Error('Not authorized');
const user = users.find(u => u.id === args.id);
if (!user) throw new Error('User not found');
user.name = args.name;
return user;
}
}
};
const server = new ApolloServer({
typeDefs,
resolvers,
context: () => {
// Simulate logged-in admin user
return { user: { id: '99', isAdmin: true } };
}
});
server.listen().then(({ url }) => {
console.log(`Server ready at ${url}`);
});