Configure builder registry deployment

.gitea/workflows/build.yaml

@@ -1,4 +1,4 @@
-name: Build Docker Image
+name: Build and deploy Docker image
 
 on:
   push:
@@ -6,13 +6,12 @@ on:
 
 jobs:
   build:
-    runs-on: ubuntu-latest
+    runs-on: builder
+    env:
+      IMAGE: gitea.dsrptlab.com/optovia/orders/orders
     steps:
       - uses: actions/checkout@v4
 
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-
       - name: Login to Gitea Registry
         uses: docker/login-action@v3
         with:
@@ -20,12 +19,11 @@ jobs:
           username: ${{ gitea.actor }}
           password: ${{ secrets.REGISTRY_TOKEN }}
 
-      - name: Build and Push
+      - name: Build and push
-        uses: docker/build-push-action@v5
+        run: |
-        with:
+          docker build -t "$IMAGE:latest" -t "$IMAGE:${{ gitea.sha }}" .
-          context: .
+          docker push "$IMAGE:latest"
-          push: true
+          docker push "$IMAGE:${{ gitea.sha }}"
-          tags: gitea.dsrptlab.com/optovia/orders/orders:latest
 
       - name: Deploy to Dokploy
-        run: curl -k -X POST "https://dokploy.dsrptlab.com/api/deploy/VZukUOjYSYb1XmXbM5jIV"
+        run: curl -fsS -X POST "https://ind.dsrptlab.com/api/deploy/8KU24cMi_nHB4S16dhDB3"

.gitmodules

@@ -0,0 +1,3 @@
+[submodule "graphql-contracts"]
+	path = graphql-contracts
+	url = git@gitea.dsrptlab.com:optovia/orders-graphql-contracts.git

package.json

@@ -9,18 +9,16 @@
     "start": "prisma migrate deploy && node dist/index.js"
   },
   "dependencies": {
-    "@apollo/server": "^4.11.3",
+    "@fastify/cors": "^11.2.0",
     "@prisma/client": "^6.5.0",
-    "cors": "^2.8.5",
+    "@sentry/node": "^9.5.0",
-    "express": "^4.21.2",
+    "fastify": "^5.8.5",
     "graphql": "^16.10.0",
     "graphql-tag": "^2.12.6",
     "jose": "^6.0.11",
-    "@sentry/node": "^9.5.0"
+    "mercurius": "^16.9.0"
   },
   "devDependencies": {
-    "@types/cors": "^2.8.17",
-    "@types/express": "^5.0.0",
     "@types/node": "^22.13.0",
     "prisma": "^6.5.0",
     "tsx": "^4.19.0",

src/auth.ts

@@ -1,6 +1,6 @@
 import { createRemoteJWKSet, jwtVerify, type JWTPayload } from "jose";
 import { GraphQLError } from "graphql";
-import type { Request } from "express";
+import type { FastifyRequest } from "fastify";
 
 const LOGTO_JWKS_URL =
   process.env.LOGTO_JWKS_URL || "https://auth.optovia.ru/oidc/jwks";
@@ -16,7 +16,7 @@ export interface AuthContext {
   scopes: string[];
 }
 
-function getBearerToken(req: Request): string {
+function getBearerToken(req: FastifyRequest): string {
   const auth = req.headers.authorization || "";
   if (!auth.startsWith("Bearer ")) {
     throw new GraphQLError("Missing Bearer token", {
@@ -61,7 +61,7 @@ export async function publicContext(): Promise<AuthContext> {
   return { scopes: [] };
 }
 
-export async function userContext(req: Request): Promise<AuthContext> {
+export async function userContext(req: FastifyRequest): Promise<AuthContext> {
   const token = getBearerToken(req);
   const { payload } = await jwtVerify(token, jwks, { issuer: LOGTO_ISSUER });
   return {
@@ -70,7 +70,7 @@ export async function userContext(req: Request): Promise<AuthContext> {
   };
 }
 
-export async function teamContext(req: Request): Promise<AuthContext> {
+export async function teamContext(req: FastifyRequest): Promise<AuthContext> {
   const token = getBearerToken(req);
   const { payload } = await jwtVerify(token, jwks, {
     issuer: LOGTO_ISSUER,
@@ -95,7 +95,9 @@ export async function teamContext(req: Request): Promise<AuthContext> {
   };
 }
 
-export async function managerContext(req: Request): Promise<AuthContext> {
+export async function managerContext(
+  req: FastifyRequest,
+): Promise<AuthContext> {
   const token = getBearerToken(req);
   const { payload } = await jwtVerify(token, jwks, {
     issuer: LOGTO_ISSUER,

src/index.ts

@@ -1,100 +1,104 @@
-import express from 'express'
+import Fastify from "fastify";
-import cors from 'cors'
+import type { FastifyInstance, FastifyRequest } from "fastify";
-import { ApolloServer } from '@apollo/server'
+import cors from "@fastify/cors";
-import { expressMiddleware } from '@apollo/server/express4'
+import mercurius from "mercurius";
-import * as Sentry from '@sentry/node'
+import * as Sentry from "@sentry/node";
-import { publicTypeDefs, publicResolvers } from './schemas/public.js'
+import { publicTypeDefs, publicResolvers } from "./schemas/public.js";
-import { userTypeDefs, userResolvers } from './schemas/user.js'
+import { userTypeDefs, userResolvers } from "./schemas/user.js";
-import { teamTypeDefs, teamResolvers } from './schemas/team.js'
+import { teamTypeDefs, teamResolvers } from "./schemas/team.js";
-import { publicContext, userContext, teamContext, managerContext, type AuthContext } from './auth.js'
+import {
+  publicContext,
+  userContext,
+  teamContext,
+  managerContext,
+} from "./auth.js";
 
-const PORT = parseInt(process.env.PORT || '8000', 10)
+const PORT = Number.parseInt(process.env.PORT || "8000", 10);
-const SENTRY_DSN = process.env.SENTRY_DSN || ''
+const SENTRY_DSN = process.env.SENTRY_DSN || "";
 
 if (SENTRY_DSN) {
   Sentry.init({
     dsn: SENTRY_DSN,
     tracesSampleRate: 0.01,
-    release: process.env.RELEASE_VERSION || '1.0.0',
+    release: process.env.RELEASE_VERSION || "1.0.0",
-    environment: process.env.ENVIRONMENT || 'production',
+    environment: process.env.ENVIRONMENT || "production",
-  })
+  });
 }
 
-const app = express()
+const app = Fastify();
+await app.register(cors, { origin: ["https://optovia.ru"], credentials: true });
 
-app.use(cors({ origin: ['https://optovia.ru'], credentials: true }))
+type GraphqlBody = {
+  query?: string;
+  variables?: Record<string, unknown>;
+  operationName?: string;
+};
 
-const publicServer = new ApolloServer<AuthContext>({
+async function registerGraphqlEndpoint(
-  typeDefs: publicTypeDefs,
+  server: FastifyInstance,
-  resolvers: publicResolvers,
+  path: string,
-  introspection: true,
+  schema: string,
-})
+  resolvers: unknown,
-
+  context: (request: FastifyRequest) => Promise<unknown> | unknown,
-const userServer = new ApolloServer<AuthContext>({
+) {
-  typeDefs: userTypeDefs,
+  await server.register(
-  resolvers: userResolvers,
+    async (route) => {
-  introspection: true,
+      await route.register(mercurius, {
-})
+        schema,
-
+        resolvers: resolvers as never,
-const teamServer = new ApolloServer<AuthContext>({
+        routes: false,
-  typeDefs: teamTypeDefs,
+      });
-  resolvers: teamResolvers,
+      route.post("/", async (request, reply) => {
-  introspection: true,
+        const body = request.body as GraphqlBody;
-})
+        if (typeof body.query !== "string") {
-const managerServer = new ApolloServer<AuthContext>({
+          throw new Error("GraphQL query is required");
-  typeDefs: teamTypeDefs,
+        }
-  resolvers: teamResolvers,
+        return reply.graphql(
-  introspection: true,
+          body.query,
-})
+          (await context(request)) as Record<string, unknown>,
-
+          body.variables,
-await Promise.all([publicServer.start(), userServer.start(), teamServer.start(), managerServer.start()])
+          body.operationName,
-
+        );
-app.use(
+      });
-  '/graphql/public',
-  express.json(),
-  expressMiddleware(publicServer, {
-    context: async () => publicContext(),
-  }) as unknown as express.RequestHandler,
-)
-
-app.use(
-  '/graphql/user',
-  express.json(),
-  expressMiddleware(userServer, {
-    context: async ({ req }) => {
-      try {
-        return await userContext(req as unknown as import('express').Request)
-      } catch {
-        return { scopes: [] }
-      }
     },
-  }) as unknown as express.RequestHandler,
+    { prefix: path },
-)
+  );
+}
 
-app.use(
+await registerGraphqlEndpoint(
-  '/graphql/team',
+  app,
-  express.json(),
+  "/graphql/public",
-  expressMiddleware(teamServer, {
+  publicTypeDefs,
-    context: async ({ req }) => teamContext(req as unknown as import('express').Request),
+  publicResolvers,
-  }) as unknown as express.RequestHandler,
+  async () => publicContext(),
-)
+);
+await registerGraphqlEndpoint(
+  app,
+  "/graphql/user",
+  userTypeDefs,
+  userResolvers,
+  userContext,
+);
+await registerGraphqlEndpoint(
+  app,
+  "/graphql/team",
+  teamTypeDefs,
+  teamResolvers,
+  teamContext,
+);
+await registerGraphqlEndpoint(
+  app,
+  "/graphql/manager",
+  teamTypeDefs,
+  teamResolvers,
+  managerContext,
+);
 
-app.use(
+app.get("/health", async () => ({ status: "ok" }));
-  '/graphql/manager',
-  express.json(),
-  expressMiddleware(managerServer, {
-    context: async ({ req }) => managerContext(req as unknown as import('express').Request),
-  }) as unknown as express.RequestHandler,
-)
 
-app.get('/health', (_, res) => {
+await app.listen({ port: PORT, host: "0.0.0.0" });
-  res.json({ status: 'ok' })
+console.log(`Orders server ready on port ${PORT}`);
-})
+console.log(`  /graphql/public  - public`);
-
+console.log(`  /graphql/user    - id token auth`);
-app.listen(PORT, '0.0.0.0', () => {
+console.log(`  /graphql/team    - team access token auth`);
-  console.log(`Orders server ready on port ${PORT}`)
+console.log(`  /graphql/manager - manager JWT auth`);
-  console.log(`  /graphql/public  - public`)
-  console.log(`  /graphql/user    - id token auth`)
-  console.log(`  /graphql/team    - team access token auth`)
-  console.log(`  /graphql/manager - manager JWT auth`)
-})