diff --git a/backend/.env.dist b/backend/.env.dist index 7815be556..21127b9ed 100644 --- a/backend/.env.dist +++ b/backend/.env.dist @@ -1,2 +1,4 @@ -LOGIN_API_URL=http://localhost/login_api/ -COMMUNITY_API_URL=http://localhost/api/ \ No newline at end of file +PORT=4000 +GRAPHIQL=false +// LOGIN_API_URL=http://localhost/login_api/ +// COMMUNITY_API_URL=http://localhost/api/ \ No newline at end of file diff --git a/backend/.gitignore b/backend/.gitignore index 2ccbe4656..66ee735e1 100644 --- a/backend/.gitignore +++ b/backend/.gitignore @@ -1 +1,2 @@ /node_modules/ +/.env diff --git a/backend/src/apis/loginAPI.ts b/backend/src/apis/loginAPI.ts.old similarity index 100% rename from backend/src/apis/loginAPI.ts rename to backend/src/apis/loginAPI.ts.old diff --git a/backend/src/config/index.ts b/backend/src/config/index.ts index 1c922f7f1..341c08f4f 100644 --- a/backend/src/config/index.ts +++ b/backend/src/config/index.ts @@ -4,8 +4,10 @@ import dotenv from 'dotenv' dotenv.config() const server = { - LOGIN_API_URL: process.env.LOGIN_API_URL || 'http://localhost/login_api/', - COMMUNITY_API_URL: process.env.COMMUNITY_API_URL || 'http://localhost/api/', + PORT: process.env.PORT || 4000, + GRAPHIQL: process.env.GRAPHIQL === 'true' || false, + // LOGIN_API_URL: process.env.LOGIN_API_URL || 'http://localhost/login_api/', + // COMMUNITY_API_URL: process.env.COMMUNITY_API_URL || 'http://localhost/api/', } const CONFIG = { ...server } diff --git a/backend/src/graphql/inputs/LoginUserInput.ts b/backend/src/graphql/inputs/LoginUserInput.ts.old similarity index 100% rename from backend/src/graphql/inputs/LoginUserInput.ts rename to backend/src/graphql/inputs/LoginUserInput.ts.old diff --git a/backend/src/graphql/models/Group.ts b/backend/src/graphql/models/Group.ts.old similarity index 100% rename from backend/src/graphql/models/Group.ts rename to backend/src/graphql/models/Group.ts.old diff --git a/backend/src/graphql/models/User.ts b/backend/src/graphql/models/User.ts.old similarity index 100% rename from backend/src/graphql/models/User.ts rename to backend/src/graphql/models/User.ts.old diff --git a/backend/src/graphql/resolvers/GroupResolver.ts b/backend/src/graphql/resolvers/GroupResolver.ts.old similarity index 100% rename from backend/src/graphql/resolvers/GroupResolver.ts rename to backend/src/graphql/resolvers/GroupResolver.ts.old diff --git a/backend/src/graphql/resolvers/UserResolver.ts b/backend/src/graphql/resolvers/UserResolver.ts.old similarity index 100% rename from backend/src/graphql/resolvers/UserResolver.ts rename to backend/src/graphql/resolvers/UserResolver.ts.old diff --git a/backend/src/index.ts b/backend/src/index.ts index 7b7f64c75..6dca948a4 100644 --- a/backend/src/index.ts +++ b/backend/src/index.ts @@ -1,62 +1,80 @@ import 'reflect-metadata' import express from 'express' import { graphqlHTTP } from 'express-graphql' -// import { createConnection } from 'typeorm' import { buildSchema } from 'type-graphql' +// import { createConnection } from 'typeorm' +import CONFIG from './config' + +// TODO move to extern import { BookResolver } from './graphql/resolvers/BookResolver' -import { UserResolver } from './graphql/resolvers/UserResolver' -import { GroupResolver } from './graphql/resolvers/GroupResolver' +// import { UserResolver } from './graphql/resolvers/UserResolver' +// import { GroupResolver } from './graphql/resolvers/GroupResolver' +// TODO implement // import queryComplexity, { simpleEstimator, fieldConfigEstimator } from "graphql-query-complexity"; async function main() { // const connection = await createConnection() - const schema = await buildSchema({ resolvers: [BookResolver, GroupResolver, UserResolver] }) + const schema = await buildSchema({ resolvers: [BookResolver /*, GroupResolver, UserResolver */] }) const server = express() + const validationRules: [] = [ + /** + * This provides GraphQL query analysis to reject complex queries to your GraphQL server. + * This can be used to protect your GraphQL servers + * against resource exhaustion and DoS attacks. + * More documentation can be found (here)[https://github.com/ivome/graphql-query-complexity] + */ + /* queryComplexity({ + // The maximum allowed query complexity, queries above this threshold will be rejected + maximumComplexity: 20, + // The query variables. This is needed because the variables are not available + // in the visitor of the graphql-js library + variables: params!.variables!, + // Optional callback function to retrieve the determined query complexity + // Will be invoked weather the query is rejected or not + // This can be used for logging or to implement rate limiting + onComplete: (complexity: number) => { + console.log("Query Complexity:", complexity); + }, + // Add any number of estimators. The estimators are invoked in order, the first + // numeric value that is being returned by an estimator is used as the field complexity. + // If no estimator returns a value, an exception is raised. + estimators: [ + fieldConfigEstimator(), + // Add more estimators here... + // This will assign each field a complexity of 1 if no other estimator + // returned a value. + simpleEstimator({ + defaultComplexity: 1, + }), + ], + }), */ + ] + // TODO Versioning? server.use( '/api', graphqlHTTP({ schema, - graphiql: true, - validationRules: [ - /** - * This provides GraphQL query analysis to reject complex queries to your GraphQL server. - * This can be used to protect your GraphQL servers - * against resource exhaustion and DoS attacks. - * More documentation can be found (here)[https://github.com/ivome/graphql-query-complexity] - */ - /* queryComplexity({ - // The maximum allowed query complexity, queries above this threshold will be rejected - maximumComplexity: 20, - // The query variables. This is needed because the variables are not available - // in the visitor of the graphql-js library - variables: params!.variables!, - // Optional callback function to retrieve the determined query complexity - // Will be invoked weather the query is rejected or not - // This can be used for logging or to implement rate limiting - onComplete: (complexity: number) => { - console.log("Query Complexity:", complexity); - }, - // Add any number of estimators. The estimators are invoked in order, the first - // numeric value that is being returned by an estimator is used as the field complexity. - // If no estimator returns a value, an exception is raised. - estimators: [ - fieldConfigEstimator(), - // Add more estimators here... - // This will assign each field a complexity of 1 if no other estimator - // returned a value. - simpleEstimator({ - defaultComplexity: 1, - }), - ], - }), */ - ], + graphiql: false, + validationRules, }), ) - server.listen(4000, () => { + // Graphiql interface + if (CONFIG.GRAPHIQL) { + server.use( + '/graphiql', + graphqlHTTP({ + schema, + graphiql: true, + validationRules, + }), + ) + } + + server.listen(CONFIG.PORT, () => { // eslint-disable-next-line no-console - console.log(`Server is running, GraphIQL available at http://localhost:4000/api`) + console.log(`Server is running, GraphIQL available at http://localhost:${CONFIG.PORT}/graphiql`) }) } diff --git a/backend/yarn.lock b/backend/yarn.lock index b4433044e..f5ec125e6 100644 --- a/backend/yarn.lock +++ b/backend/yarn.lock @@ -148,6 +148,13 @@ resolved "https://registry.yarnpkg.com/@types/json5/-/json5-0.0.29.tgz#ee28707ae94e11d2b827bcbe5270bcea7f3e71ee" integrity sha1-7ihweulOEdK4J7y+UnC86n8+ce4= +"@types/jsonwebtoken@^8.5.2": + version "8.5.2" + resolved "https://registry.yarnpkg.com/@types/jsonwebtoken/-/jsonwebtoken-8.5.2.tgz#eb71c717b3b8681bb85fbd2950c9c4c5d4506748" + integrity sha512-X8BOCkp+WJVNYCYIBugREtVZa4Y09Or9HDx6xqRZem5F8jJV8FuJgNessXyMuv9+U8pjnvdezASwU28uw+1scw== + dependencies: + "@types/node" "*" + "@types/mime@^1": version "1.3.2" resolved "https://registry.yarnpkg.com/@types/mime/-/mime-1.3.2.tgz#93e25bf9ee75fe0fd80b594bc4feb0e862111b5a" @@ -424,6 +431,13 @@ astral-regex@^2.0.0: resolved "https://registry.yarnpkg.com/astral-regex/-/astral-regex-2.0.0.tgz#483143c567aeed4785759c0865786dc77d7d2e31" integrity sha512-Z7tMw1ytTXt5jqMcOP+OQteU1VuNK9Y02uuJtKQ1Sv69jXQKKg5cibLwGJow8yzZP+eAc18EmLGPal0bp36rvQ== +axios@^0.21.1: + version "0.21.1" + resolved "https://registry.yarnpkg.com/axios/-/axios-0.21.1.tgz#22563481962f4d6bde9a76d516ef0e5d3c09b2b8" + integrity sha512-dKQiRHxGD9PPRIUNIWvZhPTPpl1rf/OxTYKsqKUDjBwYylTvV7SjSHJb9ratfyzM6wCdLCOYLzs73qpg5c4iGA== + dependencies: + follow-redirects "^1.10.0" + balanced-match@^1.0.0: version "1.0.2" resolved "https://registry.yarnpkg.com/balanced-match/-/balanced-match-1.0.2.tgz#e83e3a7e3f300b34cb9d87f615fa0cbf357690ee" @@ -484,6 +498,11 @@ braces@^3.0.1, braces@~3.0.2: dependencies: fill-range "^7.0.1" +buffer-equal-constant-time@1.0.1: + version "1.0.1" + resolved "https://registry.yarnpkg.com/buffer-equal-constant-time/-/buffer-equal-constant-time-1.0.1.tgz#f8e71132f7ffe6e01a5c9697a4c6f3e48d5cc819" + integrity sha1-+OcRMvf/5uAaXJaXpMbz5I1cyBk= + buffer-from@^1.0.0: version "1.1.1" resolved "https://registry.yarnpkg.com/buffer-from/-/buffer-from-1.1.1.tgz#32713bc028f75c02fdb710d7c7bcec1f2c6070ef" @@ -807,6 +826,13 @@ duplexer3@^0.1.4: resolved "https://registry.yarnpkg.com/duplexer3/-/duplexer3-0.1.4.tgz#ee01dd1cac0ed3cbc7fdbea37dc0a8f1ce002ce2" integrity sha1-7gHdHKwO08vH/b6jfcCo8c4ALOI= +ecdsa-sig-formatter@1.0.11: + version "1.0.11" + resolved "https://registry.yarnpkg.com/ecdsa-sig-formatter/-/ecdsa-sig-formatter-1.0.11.tgz#ae0f0fa2d85045ef14a817daa3ce9acd0489e5bf" + integrity sha512-nagl3RYrbNv6kQkeJIpt6NJZy8twLB/2vtz6yN9Z4vRKHN4/QZJIEbqohALSgwKdnksuY3k5Addp5lg8sVoVcQ== + dependencies: + safe-buffer "^5.0.1" + ee-first@1.1.1: version "1.1.1" resolved "https://registry.yarnpkg.com/ee-first/-/ee-first-1.1.1.tgz#590c61156b0ae2f4f0255732a158b266bc56b21d" @@ -1245,6 +1271,11 @@ flatted@^3.1.0: resolved "https://registry.yarnpkg.com/flatted/-/flatted-3.1.1.tgz#c4b489e80096d9df1dfc97c79871aea7c617c469" integrity sha512-zAoAQiudy+r5SvnSw3KJy5os/oRJYHzrzja/tBDqrZtNhUw8bt6y8OBzMWcjWr+8liV8Eb6yOhw8WZ7VFZ5ZzA== +follow-redirects@^1.10.0: + version "1.14.1" + resolved "https://registry.yarnpkg.com/follow-redirects/-/follow-redirects-1.14.1.tgz#d9114ded0a1cfdd334e164e6662ad02bfd91ff43" + integrity sha512-HWqDgT7ZEkqRzBvc2s64vSZ/hfOceEol3ac/7tKwzuvEyWx3/4UegXh5oBOIotkGsObyk3xznnSRVADBgWSQVg== + forwarded@0.2.0: version "0.2.0" resolved "https://registry.yarnpkg.com/forwarded/-/forwarded-0.2.0.tgz#2269936428aad4c15c7ebe9779a84bf0b2a81811" @@ -1754,6 +1785,39 @@ json5@^1.0.1: dependencies: minimist "^1.2.0" +jsonwebtoken@^8.5.1: + version "8.5.1" + resolved "https://registry.yarnpkg.com/jsonwebtoken/-/jsonwebtoken-8.5.1.tgz#00e71e0b8df54c2121a1f26137df2280673bcc0d" + integrity sha512-XjwVfRS6jTMsqYs0EsuJ4LGxXV14zQybNd4L2r0UvbVnSF9Af8x7p5MzbJ90Ioz/9TI41/hTCvznF/loiSzn8w== + dependencies: + jws "^3.2.2" + lodash.includes "^4.3.0" + lodash.isboolean "^3.0.3" + lodash.isinteger "^4.0.4" + lodash.isnumber "^3.0.3" + lodash.isplainobject "^4.0.6" + lodash.isstring "^4.0.1" + lodash.once "^4.0.0" + ms "^2.1.1" + semver "^5.6.0" + +jwa@^1.4.1: + version "1.4.1" + resolved "https://registry.yarnpkg.com/jwa/-/jwa-1.4.1.tgz#743c32985cb9e98655530d53641b66c8645b039a" + integrity sha512-qiLX/xhEEFKUAJ6FiBMbes3w9ATzyk5W7Hvzpa/SLYdxNtng+gcurvrI7TbACjIXlsJyr05/S1oUhZrc63evQA== + dependencies: + buffer-equal-constant-time "1.0.1" + ecdsa-sig-formatter "1.0.11" + safe-buffer "^5.0.1" + +jws@^3.2.2: + version "3.2.2" + resolved "https://registry.yarnpkg.com/jws/-/jws-3.2.2.tgz#001099f3639468c9414000e99995fa52fb478304" + integrity sha512-YHlZCB6lMTllWDtSPHz/ZXTsi8S00usEV6v1tjq8tOUZzw7DpSDWVXjXDre6ed1w/pd495ODpHZYSdkRTsa0HA== + dependencies: + jwa "^1.4.1" + safe-buffer "^5.0.1" + keyv@^3.0.0: version "3.1.0" resolved "https://registry.yarnpkg.com/keyv/-/keyv-3.1.0.tgz#ecc228486f69991e49e9476485a5be1e8fc5c4d9" @@ -1804,11 +1868,46 @@ lodash.get@^4.4.2: resolved "https://registry.yarnpkg.com/lodash.get/-/lodash.get-4.4.2.tgz#2d177f652fa31e939b4438d5341499dfa3825e99" integrity sha1-LRd/ZS+jHpObRDjVNBSZ36OCXpk= +lodash.includes@^4.3.0: + version "4.3.0" + resolved "https://registry.yarnpkg.com/lodash.includes/-/lodash.includes-4.3.0.tgz#60bb98a87cb923c68ca1e51325483314849f553f" + integrity sha1-YLuYqHy5I8aMoeUTJUgzFISfVT8= + +lodash.isboolean@^3.0.3: + version "3.0.3" + resolved "https://registry.yarnpkg.com/lodash.isboolean/-/lodash.isboolean-3.0.3.tgz#6c2e171db2a257cd96802fd43b01b20d5f5870f6" + integrity sha1-bC4XHbKiV82WgC/UOwGyDV9YcPY= + +lodash.isinteger@^4.0.4: + version "4.0.4" + resolved "https://registry.yarnpkg.com/lodash.isinteger/-/lodash.isinteger-4.0.4.tgz#619c0af3d03f8b04c31f5882840b77b11cd68343" + integrity sha1-YZwK89A/iwTDH1iChAt3sRzWg0M= + +lodash.isnumber@^3.0.3: + version "3.0.3" + resolved "https://registry.yarnpkg.com/lodash.isnumber/-/lodash.isnumber-3.0.3.tgz#3ce76810c5928d03352301ac287317f11c0b1ffc" + integrity sha1-POdoEMWSjQM1IwGsKHMX8RwLH/w= + +lodash.isplainobject@^4.0.6: + version "4.0.6" + resolved "https://registry.yarnpkg.com/lodash.isplainobject/-/lodash.isplainobject-4.0.6.tgz#7c526a52d89b45c45cc690b88163be0497f550cb" + integrity sha1-fFJqUtibRcRcxpC4gWO+BJf1UMs= + +lodash.isstring@^4.0.1: + version "4.0.1" + resolved "https://registry.yarnpkg.com/lodash.isstring/-/lodash.isstring-4.0.1.tgz#d527dfb5456eca7cc9bb95d5daeaf88ba54a5451" + integrity sha1-1SfftUVuynzJu5XV2ur4i6VKVFE= + lodash.merge@^4.6.2: version "4.6.2" resolved "https://registry.yarnpkg.com/lodash.merge/-/lodash.merge-4.6.2.tgz#558aa53b43b661e1925a0afdfa36a9a1085fe57a" integrity sha512-0KpjqXRVvrYyCsX1swR/XTK0va6VQkQM6MNo7PqW77ByjAhoARA8EfrP1N4+KlKj8YS0ZUCtRT/YUuhyYDujIQ== +lodash.once@^4.0.0: + version "4.1.1" + resolved "https://registry.yarnpkg.com/lodash.once/-/lodash.once-4.1.1.tgz#0dd3971213c7c56df880977d504c88fb471a97ac" + integrity sha1-DdOXEhPHxW34gJd9UEyI+0cal6w= + lodash.truncate@^4.4.2: version "4.4.2" resolved "https://registry.yarnpkg.com/lodash.truncate/-/lodash.truncate-4.4.2.tgz#5a350da0b1113b837ecfffd5812cbe58d6eae193" @@ -2418,7 +2517,7 @@ semver-diff@^3.1.1: dependencies: semver "^6.3.0" -"semver@2 || 3 || 4 || 5", semver@^5.7.1: +"semver@2 || 3 || 4 || 5", semver@^5.6.0, semver@^5.7.1: version "5.7.1" resolved "https://registry.yarnpkg.com/semver/-/semver-5.7.1.tgz#a954f931aeba508d307bbf069eff0c01c96116f7" integrity sha512-sauaDf/PZdVgrLTNYHRtpXa1iRiKcaebiKQ1BJdpQlWH2lCvexQdX55snPFyK7QzpudqbCI0qXFfOasHdyNDGQ==