I'm using JWTs for user auth in my app and I have them accessible in the resolvers via the context object, but I'm not quite sure the best way to use them in a granular way. I'd like to check that a user's req.userId matches the authorId that exists in a Comment node in the database before I allow the user's edit to be saved to the db.
I was using @cypher mutations in the typeDefs file to create / edit things like Comments and other nodes, but I don't know how to match something like req.userId in a cypher mutation now that I'm implementing authorization. Now I'm attempting to use session.writeTransaction in custom resolvers but it looks like a pretty convoluted way of doing things so far.
Any suggestions or examples would be very appreciated, thank you 