Bunjil is designed to be a bastion GraphQL server. Meaning it’s intended to be public facing, and must handle authentication and authorization.
With authentication we take the opinion, that you should be able to bring your own. So Bunjil has very few opinions on how authentication should be handled. All you need to do is provide a hook that can decode something on the incoming Koa.Request
and populate a user object. This can be as simple as decoding a JWT
, or quering a session storage backend.
Authorization is a bit different however. For it to work you need to provide roles in the form of an array of strings on the user object.
For example: user.roles = [ 'authenticated user', 'editor' ]
, would work.
The authorization engine in power by another module called wahn
. It’s a general purpose Policy Based Access Control library. It was written for Bunjil, and has been implemented to suit the nature of GraphQL.
Setup
// Import Bunjil and the Policy Types |
And that’s it. You now have a very simple Bunjil server.
Next read about adding Authentication.