Azure-Samples
diff --git a/‎README.md
+7-1 b/‎README.md
+7-1
diff --git a/‎api/.env.template
+1 b/‎api/.env.template
+1
diff --git a/‎api/.vscode/extensions.json
-5 b/‎api/.vscode/extensions.json
-5
diff --git a/‎api/.vscode/launch.json
-12 b/‎api/.vscode/launch.json
-12
diff --git a/‎api/.vscode/settings.json
-8 b/‎api/.vscode/settings.json
-8
diff --git a/‎api/.vscode/tasks.json
-23 b/‎api/.vscode/tasks.json
-23
diff --git a/‎api/graphql/index.ts
+65-17 b/‎api/graphql/index.ts
+65-17
diff --git a/‎api/prisma/migrations/20210902192319_init/migration.sql renamed to ‎api/prisma/migrations/20210928034429_init/migration.sql
+4-3 b/‎api/prisma/migrations/20210902192319_init/migration.sql renamed to ‎api/prisma/migrations/20210928034429_init/migration.sql
+4-3
diff --git a/‎api/prisma/schema.prisma
+8-6 b/‎api/prisma/schema.prisma
+8-6
@@ -123,7 +123,7 @@ Prisma will connect to the database using the `DATABASE_URL` environment variabl
 Create a `.env` file by copying [.env.template](./api/.env.template) inside the [./api](./api) folder and then define the database URL using the following format:
 
 ```
-DATABASE_URL="sqlserver://DB_SERVER_NAME.database.windows.net:1433;database=DB_NAME;user=DB_USER;password={PASSWORD};encrypt=true;trustServerCertificate=false;loginTimeout=30"
+DATABASE_URL="sqlserver://DB_SERVER_NAME.database.windows.net:1433;database=DB_NAME;user=DB_USER;password=DB_PASSWORD;encrypt=true;trustServerCertificate=false;loginTimeout=30"
 ```
 
 ## Create the database schema
@@ -288,3 +288,9 @@ A sample of GraphQL endpoint usage in a web page is available at `/client-graphq
 ## Azure Static Web App
 
 Azure Static Web App supports a Free tier which is absolutely great so that you can try them for free, but of course don't expect great performances. Initial REST API response will be in the 500 msec area. Keep this in mind if you are planning to use them for something different than testing. If you need better performance right now and cannot when for when Azure Static Web App will be out of preview, you can always deploy the REST API using plain Azure Functions where you can have amazing scalability and performance.
+
+### Authentication
+
+The sample support user authentication via the native Azure Static Web App implementation: [Authentication and authorization for Azure Static Web Apps](https://docs.microsoft.com/en-us/azure/static-web-apps/authentication-authorization)
+
+Each todo item has an associated "ownerId" which is the user who has created that item and only that user can view and operate on that todo. If no user is logged in, only items that belongs to the "anonymous" user will be allowed to be created, managed and accessed.
@@ -1,6 +1,7 @@
 
 # Template URL for Azure SQL
 # DATABASE_URL="sqlserver://DB_SERVER_NAME.database.windows.net:1433;database=DB_NAME;user=DB_USER@DB_SERVER_NAME;password={PASSWORD};encrypt=true;trustServerCertificate=false;hostNameInCertificate=*.database.windows.net;loginTimeout=30"
+# SHADOW_DATABASE_URL="sqlserver://DB_SERVER_NAME.database.windows.net:1433;database=DB_NAME;user=DB_USER@DB_SERVER_NAME;password={PASSWORD};encrypt=true;trustServerCertificate=false;hostNameInCertificate=*.database.windows.net;loginTimeout=30"
 
 # Template URL for SQL Sever
 DATABASE_URL=sqlserver://localhost:1433;database=prisma-demo;user=SA;password=Prisma1234;trustServerCertificate=true;encrypt=true
@@ -43,14 +43,19 @@ const typeDefs = gql`
 const resolvers = {
   Query: {
 
-    todoList: () => {
-      return prisma.todo.findMany().then(value => value.map(todo => toClientToDo(todo)))
+    todoList: (parent, args, context)  => {
+      return prisma.todo.findMany({
+        where: { 
+          ownerId: context.loggedUserId
+        }
+      }).then(value => value.map(todo => toClientToDo(todo)))
     },
 
-    todo: (parent, args) => {
-      return prisma.todo.findUnique({
+    todo: (parent, args, context)  => {
+      return prisma.todo.findFirst({
         where: {
-          id: parseInt(args.id, 10)
+          id: parseInt(args.id, 10),
+          ownerId: context.loggedUserId
         },
       }).then(value => toClientToDo(value))
     }
@@ -59,33 +64,54 @@ const resolvers = {
 
   Mutation: {
 
-    addTodo: (parent, args) => {
+    addTodo: (parent, args, context) => {
       return prisma.todo.create({
         data: {
           todo: args.title,
-          completed: args.completed
+          completed: args.completed,
+          ownerId: context.loggedUserId
         }
       }).then(value => toClientToDo(value))
     },
 
-    updateTodo: (parent, args) => {
-      return prisma.todo.update({
+    updateTodo: (parent, args, context)  => {
+      const parsedId = parseInt(args.id, 10)
+
+      return prisma.todo.updateMany({
         data: {
           todo: args.title,
           completed: args.completed
         },
         where: {
-          id: parseInt(args.id, 10)
+          id: parsedId,
+          ownerId: context.loggedUserId
         }
+      }).then(value => {
+        return prisma.todo.findFirst({
+          where: {
+            id: parsedId,
+            ownerId: context.loggedUserId
+          }
+        })
       }).then(value => toClientToDo(value))
     },
 
-    deleteTodo: (parent, args) => {
-      return prisma.todo.delete({
+    deleteTodo: (parent, args, context)  => {
+      const parsedId = parseInt(args.id, 10)
+
+      return prisma.todo.findFirst({
         where: {
-          id: parseInt(args.id, 10)
+          id: parseInt(args.id, 10),
+          ownerId: context.loggedUserId
         }
-      }).then(value => toClientToDo(value))
+      }).then(value => {
+        return prisma.todo.deleteMany({
+          where: {
+            id: parsedId,
+            ownerId: context.loggedUserId
+          }
+        }).then(_ => toClientToDo(value))
+      })
     }
 
   }
@@ -94,13 +120,35 @@ const resolvers = {
 const toClientToDo = (todo: Todo) => {
   return {
     id: todo.id,
-    title: todo.todo ,
-    completed: todo.completed 
+    title: todo.todo,
+    completed: todo.completed
   }
 }
 
+const getLoggedUserId = (header: string): string => 
+{
+  if (header)
+  {
+    const encoded = Buffer.from(header, 'base64');
+    const decoded = encoded.toString('ascii');
+    return JSON.parse(decoded).userId;    
+  }
+  
+  return "anonymous"
+}
+
 // @ts-ignore
-const server = new ApolloServer({ typeDefs, resolvers, debug: true, playground: true });
+const server = new ApolloServer({ 
+  typeDefs, 
+  resolvers, 
+  debug: true, 
+  playground: true,
+  context: ({ request }) => {        
+    return { 
+      loggedUserId: getLoggedUserId(request.headers['x-ms-client-principal']) 
+    };
+  },
+});
 
 export default server.createHandler({
   cors: {
 
@@ -6,8 +6,9 @@ BEGIN TRAN;
 CREATE TABLE [dbo].[Todo] (
     [id] INT NOT NULL IDENTITY(1,1),
     [todo] NVARCHAR(100) NOT NULL,
-    [completed] BIT NOT NULL CONSTRAINT [DF__Todo__completed] DEFAULT 0,
-    CONSTRAINT [PK__Todo__id] PRIMARY KEY ([id])
+    [completed] BIT NOT NULL CONSTRAINT [Todo_completed_df] DEFAULT 0,
+    [ownerId] VARCHAR(128) NOT NULL,
+    CONSTRAINT [Todo_pkey] PRIMARY KEY ([id])
 );
 
 COMMIT TRAN;
@@ -16,7 +17,7 @@ END TRY
 BEGIN CATCH
 
 IF @@TRANCOUNT > 0
-BEGIN 
+BEGIN
     ROLLBACK TRAN;
 END;
 THROW
 
@@ -2,16 +2,18 @@
 // learn more about it in the docs: https://pris.ly/d/prisma-schema
 
 datasource db {
-  provider = "sqlserver"
-  url      = env("DATABASE_URL")
+  provider          = "sqlserver"
+  url               = env("DATABASE_URL")
+  shadowDatabaseUrl = env("SHADOW_DATABASE_URL")
 }
 
 generator client {
-  provider        = "prisma-client-js"  
+  provider          = "prisma-client-js"  
 }
 
 model Todo {
-  id        Int     @id @default(autoincrement())
-  todo      String  @db.NVarChar(100)
-  completed Boolean @default(false)
+  id        Int       @id @default(autoincrement())
+  todo      String    @db.NVarChar(100)
+  completed Boolean   @default(false)
+  ownerId   String    @db.VarChar(128)
 }