Hey folks, I’ve only ever dove into PostgREST, PostGraphQL, and GraphCool, and never actually built a GraphQL api from scratch. I’m having a hard time imagining how authorisation works, paticularly since it seems like you’d have to run your authorisation logic for every field requested. Having a hard time imagining a real-life example. Does anyone know of a good once (ideally in node but I can probably parse another language) that I can peek at?