Hi, has anyone used spicedb with graphql and has any recommendations? I'm thinking we can create a directive that takes the spiceDb resource and does a check... a bit like this Something like this:

graphql
# Define a directive named @authCheck
directive @authCheck(resource: String!) on FIELD_DEFINITION

# Define your types and fields
type Query {
    # Example field that uses the @authCheck directive
    someProtectedResource: SomeResourceType @authCheck(resource: "resource_name")
}

js
class AuthCheckDirective extends SchemaDirectiveVisitor {
    visitFieldDefinition(field) {
        const { resolve = defaultFieldResolver } = field;
        const { resource } = this.args;

        field.resolve = async function (...args) {
            const context = args[2];
            const userId = context.userId;

            // Check permissions using spicedb.check
            const hasPermission = await spicedb.check(resource, userId);

            if (!hasPermission) {
                throw new Error('Unauthorized');
            }

            return resolve.apply(this, args);
        };
    }
}

I believe @mgagliardo has experience using with GraphQL, may be able to share their experience. I had some exposure to GraphQL in previous job and I believe it's key to leverage batching to make efficient use of the backing services. SpiceDB offers a new Batching API that would help here: https://buf.build/authzed/api/docs/main:authzed.api.v1#authzed.api.v1.ExperimentalService.BulkCheckPermission

great tip! thank you! @mgagliardo , any insight you might also have would be great