and the UX could be the user enters the code and e...
# prisma-whats-new
j
and the UX could be the user enters the code and email then commit. If success go to the success page, you can place a "Go to Login Page" link below the success message.
j
@Jeremy Weasley Hi again. I'm having problem with solving this. Because first i need to do a query (to find if the invite code exist). Then i need to do a mutate (to update the users isValid field)
Can't find a good way to do this with a resolver?
j
with each of the implementation of a custom resolver it takes the following params: parent, arguments, context. In the context you can inject a database object and request tokens in it, so when you create query or mutation you can access to it. For reference: https://github.com/benawad/prisma-ecommerce/blob/3_refresh_token/src/resolvers/Mutation/auth.ts
In your case it is more like the password resetting process which you generate a unique token and an expire time in your users model and send the link with the token as a URL parameter to the email address. You can check the feathers-authentication-management for a reference, but it is a RESTful implementation. https://github.com/feathers-plus/feathers-authentication-management, in the src directory.
Also there are tutorials on it: https://blog.feathersjs.com/how-to-setup-email-verification-in-feathersjs-72ce9882e744 for part 1 and https://blog.feathersjs.com/how-to-setup-email-verification-in-feathersjs-2-client-side-6082ce0da55e for part2. They are RESTful implementations but the principles behind it are identical.
j
Thanks! I don't have a problem with the artitechure behind it, but the very simple thing of mutating something based on a query
(i use graph-cool cloud)
I want to query for the input (code). If it match i want to update (mutate) on the user
And how can i make both these at the same time on the server
j
you can query in the mutation resolver.
usually you can update the user with the db query parameter "code"
j
hmm, how can i do that? In the graphcool cloud i can put it javascript code that get executed
j
the mutation resolver function maybe like async verifyCode(parent, { code }, ctx), and you can first check the user with the code exists: const exists = await ctx.db.exists.User({code}); if it exists then: return ctx.db.mutation.updateUser({where:{code}, data{isVerifiedtrue}})
j
I think its this
ctx.db
part i don't know how works
What is this?
j
the context is injected when you config the graphql server.
const server = new GraphQLServer({ typeDefs: './src/schema.graphql', resolvers, context: req => ({ ...req, db: new Prisma({ endpoint: process.env.PRISMA_ENDPOINT, // the endpoint of the Prisma DB service (value is set in .env) secret: process.env.PRISMA_SECRET, // taken from database/prisma.yml (value is set in .env) debug: true, // log all GraphQL queries & mutations }), }), })
j
hmm, okei. I use graph cool cloud (with Apollo), and not prisma.
So all my functions is in the console.
j
oh, I see.
j
I think this i quite a common pattern, so i'm suprised that its so hard to do?
j
yes, i just checked the graphcool cloud console. It seems difficult to add custom resolvers?
j
No, but i would have guest that i could have done this without use resolvers.
But i can add resolvers, but i can't access the context
j
hmm...🤔 it's really hacky
j
Yepp
For just this simple thing
j
yeah, maybe that's why they release prisma to give developers more freedom.
j
Probably
j
now I finally understand your difficulty.
maybe it can be done with separated steps instead of one custom resolver: Admin update the user with the code -> send the link with the code in email using the after hook-> Client query the user with the code -> client update the user
j
But then a user can just do the client update the user, even if the code is not valid.
If he listens to request and maipulate the payload
j
yeah, you are right, it's insecure. the update action should be done by the server. perhaps in the after hook when client query with the code?
oh, and again back to the hacky problem...
🙁
j
Yeah..