iworks-core-api/src/auth/index.js

iwroks server api module

import { intersection } from 'lodash';

import config from '../config';

export const authenticated = (roles, fn) => (parent, args, context) => {
  if (config.SKIP_AUTH) {
    return fn(parent, args, context);
  }

  if (context.state.user) {
    if (Array.isArray(roles) && roles.length) {
      const crossRoles = intersection(context.state.user.roles, roles);
      if (!crossRoles.length) {
        throw new Error('You don\'t have necessary role(s) to perform this action');
      }
    }
    return fn(parent, args, context);
  }
  throw new Error('User is not authenticated');
};

export const hasRole = {};