pass test for unauthorised use of me query

src/modules/User/UserResolver.spec.ts

@@ -1,4 +1,3 @@
-
 import faker = require("faker")
 import { createConnection, getConnection } from "typeorm"
 import { callSchema } from "../../utils/callSchema"
@@ -29,62 +28,78 @@ afterEach(async () => {
 })
 
 describe("resolver of user", () => {
-    it("returns email as it creates user with mutation", async () => {
+    describe("createUser mutation should", () => {
-
+        it("return email as it creates user with mutation", async () => {
-        const fakeEmail = faker.internet.email()
+            const fakeEmail = faker.internet.email()
-        const fakePassword = faker.internet.password(6)
+            const fakePassword = faker.internet.password(8)
-        const createUserMutation = `mutation {
+            const createUserMutation = `mutation {
-            createUser(email: "${fakeEmail}", password: "${fakePassword}") {
+                createUser(email: "${fakeEmail}", password: "${fakePassword}") {
-                email
+                    email
-            }
+                }
-        }`
+            }`
-
+
-        const response = await callSchema(createUserMutation)
+            const response = await callSchema(createUserMutation)
-
+
-        expect(response).toMatchObject({
+            expect(response.errors).toBeUndefined()
-            data: {
+            expect(response.data).toMatchObject({
                 createUser: { email: fakeEmail },
-            },
+            })
         })
     })
 
-    it("should return emails of registered users", async () => {
+    describe("users query should", () => {
-
+        it("return emails of registered users", async () => {
-        const usersQuery = `{
+            const usersQuery = `{
-            users {
+                users {
-                email
+                    email
-            }
+                }
-        }`
+            }`
 
-        const user = await User.create({
+            const user = await User.create({
-            email: faker.internet.email(),
+                email: faker.internet.email(),
-        }).save()
+            }).save()
 
-        const response = await callSchema(usersQuery)
+            const response = await callSchema(usersQuery)
 
-        expect(response).toMatchObject({
+            expect(response.errors).toBeUndefined()
-            data: {
+            expect(response.data).toMatchObject({
                 users: [{ email: user.email }],
-            },
+            })
         })
     })
 
-    it("should return a valid login token", async () => {
+    describe("loginToken query should", () => {
+        it("return a valid login token", async () => {
+            const fakeEmail = faker.internet.email()
+            const fakePassword = faker.internet.password(6)
+            await User.create({
+                email: fakeEmail,
+                password: fakePassword,
+            }).save()
 
-        const fakeEmail = faker.internet.email()
+            const loginTokenQuery = `{
-        const fakePassword = faker.internet.password(6)
+                loginToken(email: "${fakeEmail}", password: "${fakePassword}") 
-        await User.create({
+            }`
-            email: fakeEmail,
-            password: fakePassword,
-        }).save()
 
-        const loginTokenQuery = `{
+            const response = await callSchema(loginTokenQuery)
-            loginToken(email: "${fakeEmail}", password: "${fakePassword}") 
+            const token = response.data!.loginToken
-        }`
-        
-        const response = await callSchema(loginTokenQuery)
-        const token = response.data!.loginToken;
 
-        expect(jwt.verify(token, jwt.PUBLIC_KEY)).toBeTruthy()
+            expect(jwt.verify(token, jwt.PUBLIC_KEY)).toBeTruthy()
+        })
+    })
+
+    describe("me query should", () => {
+        it("return an error and null data without a valid jwt token", async () => {
+            const meQuery = `{
+                me {
+                    email
+                }
+            }`
+
+            const response = await callSchema(meQuery)
+
+            expect(response.errors).not.toBeUndefined()
+            expect(response.data).toBeNull()
+        })
     })
 })

src/modules/User/UserResolver.ts

@@ -1,5 +1,5 @@
 import "reflect-metadata"
-import { Arg, Mutation, Query, Resolver } from "type-graphql"
+import { Arg, Authorized, Mutation, Query, Resolver } from "type-graphql"
 import * as argon2 from "../../utils/argon2"
 import * as jwt from "../../utils/jwt"
 import { User } from "../User"
@@ -32,6 +32,15 @@ export class UserResolver {
         return token
     }
 
+    @Query(() => User)
+    @Authorized()
+    async me() {
+        const user = User.create({
+            email: "asddsf@fdsfs.sk",
+        })
+        return user
+    }
+
     @Mutation(() => User)
     async createUser(
         @Arg("email") email: string,

src/utils/createSchema.ts

@@ -1,7 +1,8 @@
-import { buildSchema, MiddlewareFn } from "type-graphql"
+import { AuthChecker, buildSchema, MiddlewareFn } from "type-graphql"
+// import { User } from "../modules/User"
 import { UserResolver } from "../modules/User/UserResolver"
 
-const ErrorInterceptor: MiddlewareFn<any> = async ({}, next) => {
+const errorInterceptor: MiddlewareFn<any> = async ({}, next) => {
     try {
         return await next()
     } catch (err) {
@@ -9,8 +10,31 @@ const ErrorInterceptor: MiddlewareFn<any> = async ({}, next) => {
     }
 }
 
+const customAuthChecker: AuthChecker<any> = () => false
+//     { root, args, context, info },
+//     roles,
+//   ) => {
+//       console.log(`root: `)
+//       console.log(root)
+//       console.log(`args: `)
+//       console.log(args)
+//       console.log(`context: `)
+//       console.log(context)
+//       console.log(`info: `)
+//       console.log(info)
+//       console.log(`roles: `)
+//       console.log(roles)
+//     // here we can read the user from context
+//     // and check his permission in the db against the `roles` argument
+//     // that comes from the `@Authorized` decorator, eg. ["ADMIN", "MODERATOR"]
+  
+//     return false; // or false if access is denied
+//   };
+
 export const createSchema = () =>
     buildSchema({
         resolvers: [UserResolver],
-        globalMiddlewares: [ErrorInterceptor],
+        globalMiddlewares: [errorInterceptor],
+        authChecker: customAuthChecker,
+        // authMode: "null"
     })