Back end almost done

app.js

@@ -1,7 +1,7 @@
 const { query } = require('express')
 const express = require('express')
 require('dotenv').config()
-
+const isAuth = require('./middleware/requireLogin')
 const PORT = process.env.PORT || 5000
 const { graphqlHTTP } = require('express-graphql')
 const mongoose = require('mongoose')
@@ -24,6 +24,8 @@ mongoose.connection.on('error', (err) => {
 const graphqlSchema = require('./graphql/schema/index')
 const graphqlResolvers = require('./graphql/resolvers/index')
 
+app.use(isAuth)
+
 app.use(
   '/graphql',
   graphqlHTTP({

graphql/resolvers/auth.js

@@ -1,5 +1,6 @@
 const bcrypt = require('bcryptjs')
 const mongoose = require('mongoose')
+const jwt = require('jsonwebtoken')
 require('../../models/user')
 
 const User = mongoose.model('User')
@@ -24,5 +25,28 @@ module.exports = {
     } catch (err) {
       throw err
     }
+  },
+  login: async ({ email, password }) => {
+    //console.log(email)
+    const savedUser = await User.findOne({ email: email })
+    if (!savedUser) {
+      throw new Error('Invalid Email or Password')
+    }
+    const isEqual = await bcrypt.compare(password, savedUser.password)
+    if (isEqual) {
+      throw new Error('Invalid Email or Password')
+    }
+    const token = jwt.sign(
+      { userId: savedUser.id, email: savedUser.email },
+      process.env.JWT_SECRET,
+      {
+        expiresIn: '1h'
+      }
+    )
+    return {
+      userId: savedUser._id,
+      token: token,
+      tokenExpiration: 1
+    }
   }
 }

graphql/resolvers/booking.js

@@ -5,7 +5,10 @@ const { transformedBooking } = require('./merge')
 const Booking = mongoose.model('Booking')
 
 module.exports = {
-  bookings: async () => {
+  bookings: async (args, req) => {
+    if (!req.isAuth) {
+      throw new Error('Unauthenticated!')
+    }
     try {
       const bookings = await Booking.find()
       return bookings.map((booking) => {
@@ -15,11 +18,14 @@ module.exports = {
       throw err
     }
   },
-  bookEvent: async (args) => {
+  bookEvent: async (args, req) => {
+    if (!req.isAuth) {
+      throw new Error('Unauthenticated!')
+    }
     try {
       const fetchedEvent = await Event.findById({ _id: args.eventId })
       const booking = new Booking({
-        user: '609f61da4263fa0a88e0af1d',
+        user: req.userId,
         event: fetchedEvent
       })
       const result = await booking.save()
@@ -28,7 +34,10 @@ module.exports = {
       throw err
     }
   },
-  cancelBooking: async (args) => {
+  cancelBooking: async (args, req) => {
+    if (!req.isAuth) {
+      throw new Error('Unauthenticated!')
+    }
     try {
       const booking = await Booking.findById(args.bookingId).populate('event')
       const event = transformedEvent(booking.event)

graphql/resolvers/events.js

@@ -1,6 +1,7 @@
 const mongoose = require('mongoose')
 require('../../models/event')
-
+require('../../models/user')
+const User = mongoose.model('User')
 const Event = mongoose.model('Event')
 const { transformedEvent } = require('./merge')
 
@@ -15,13 +16,16 @@ module.exports = {
       throw err
     }
   },
-  createEvent: async (args) => {
+  createEvent: async (args, req) => {
+    if (!req.isAuth) {
+      throw new Error('Unauthenticated!')
+    }
     const event = new Event({
       title: args.eventInput.title,
       description: args.eventInput.description,
       price: +args.eventInput.price,
       date: new Date(args.eventInput.date),
-      creator: '609f61da4263fa0a88e0af1d'
+      creator: req.userId
     })
 
     let createdEvent
@@ -30,7 +34,7 @@ module.exports = {
       const result = await event.save()
 
       createdEvent = transformedEvent(result)
-      const creator = await User.findById('609f61da4263fa0a88e0af1d')
+      const creator = await User.findById(req.userId)
       if (!creator) {
         throw new Error('Creator not FOUND!')
       }

graphql/schema/index.js

@@ -25,6 +25,12 @@ type User {
     createdEvents: [Event!]
 }
 
+type AuthData {
+    userId: ID!
+    token: String!
+    tokenExpiration: Int!
+}
+
 input UserInput {
     email: String!
     password: String!
@@ -38,6 +44,7 @@ input EventInput {
 type RootQuery {
     events: [Event!]!
     bookings: [Booking!]!
+    login(email: String!, password: String!): AuthData!
     
 }
 type RootMutation {

middleware/requireLogin.js

@@ -0,0 +1,33 @@
+const jwt = require('jsonwebtoken')
+require('dotenv').config()
+
+module.exports = (req, res, next) => {
+  const authorization = req.get('Authorization')
+  //authorization = Bearer hdjhsabdjh(generated token from jsonwebtoken)
+  if (!authorization) {
+    req.isAuth = false
+    return next()
+  }
+  const token = authorization.replace('Bearer ', '')
+
+  if (!token || token === '') {
+    req.isAuth = false
+    return next()
+  }
+  let decodedToken
+  try {
+    decodedToken = jwt.verify(token, process.env.JWT_SECRET)
+  } catch (error) {
+    req.isAuth = false
+    return next()
+  }
+
+  if (!decodedToken) {
+    req.isAuth = false
+    return next()
+  }
+
+  req.isAuth = true
+  req.userId = decodedToken.userId
+  next()
+}

package.json

@@ -16,6 +16,7 @@
     "express": "^4.17.1",
     "express-graphql": "^0.12.0",
     "graphql": "^15.5.0",
+    "jsonwebtoken": "^8.5.1",
     "mongoose": "^5.12.9"
   },
   "devDependencies": {