I'm looking into GraphQL and so far so good, but I am finding it hard to implement business rules, for example:

1. Receive request with auth token
2. Know who the user is by extractin userId from token
3. fetch data related to that user only.

I was only able to make it allow or deny if there is a token or not lol

which implementation of graphql do you use?

you may have a look at prisma enterprise, it offers a unified data access layer
https://www.prisma.io/enterprise

@heyheni Thanks man I'll check it out.

I'm using Graphcool: https://www.graph.cool/
First time into graphql tbh

Assuming you must have already done GraphQL vs REST API analysis.

@ajit555 yup and from what I've found is that main difference is flexibility in fetching data, so that we can define our own response instead of having to write an endpoint for it.

But what I'm still not able to learn, role based fetching? Like if I'm a regular user I can only fetch, for example, books. But if I'm an author, then I can fetch my book sales and only my book by finding out who am I from the token I provide and not by passing my Id to the query

@gitpush I had a quick review of GraphQL, it is in my TODO to go deeper once need arise.

My suggestion is irrespective of what GQL server you use later, for learning, pick one which has a great resource on documentation, YouTube tutorials, code examples. I think Apollo GQL is a very good one to start with.

Now, read on authentication and authorization section in Apollo documentation and go from there:

https://apollographql.com/docs/...