Use Fastify Mercurius and GraphQL contracts

.gitmodules

@@ -0,0 +1,3 @@
+[submodule "graphql-contracts"]
+	path = graphql-contracts
+	url = git@gitea.dsrptlab.com:optovia/teams-graphql-contracts.git

package.json

@@ -9,18 +9,16 @@
     "start": "prisma migrate deploy && node dist/index.js"
   },
   "dependencies": {
-    "@apollo/server": "^4.11.3",
+    "@fastify/cors": "^11.2.0",
     "@prisma/client": "^6.5.0",
     "@sentry/node": "^9.5.0",
-    "cors": "^2.8.5",
+    "fastify": "^5.8.5",
-    "express": "^4.21.2",
     "graphql": "^16.10.0",
     "graphql-tag": "^2.12.6",
-    "jose": "^6.0.11"
+    "jose": "^6.0.11",
+    "mercurius": "^16.9.0"
   },
   "devDependencies": {
-    "@types/cors": "^2.8.17",
-    "@types/express": "^5.0.0",
     "@types/node": "^22.13.0",
     "prisma": "^6.5.0",
     "tsx": "^4.19.0",

src/auth.ts

@@ -1,6 +1,6 @@
 import { createRemoteJWKSet, jwtVerify, type JWTPayload } from "jose";
 import { GraphQLError } from "graphql";
-import type { Request } from "express";
+import type { FastifyRequest } from "fastify";
 import { prisma } from "./db.js";
 
 const LOGTO_JWKS_URL =
@@ -21,7 +21,7 @@ export interface AuthContext {
 
 export const SESSION_TOKEN_PREFIX = "optovia-session:";
 
-function getBearerToken(req: Request): string {
+function getBearerToken(req: FastifyRequest): string {
   const auth = req.headers.authorization || "";
   if (!auth.startsWith("Bearer "))
     throw new GraphQLError("Missing Bearer token", {
@@ -35,7 +35,7 @@ function getBearerToken(req: Request): string {
   return token;
 }
 
-function optionalBearerToken(req: Request): string | null {
+function optionalBearerToken(req: FastifyRequest): string | null {
   const auth = req.headers.authorization || "";
   if (!auth.startsWith("Bearer ")) return null;
   const token = auth.slice(7);
@@ -72,7 +72,7 @@ function hasManagerClaim(payload: JWTPayload): boolean {
   );
 }
 
-export async function userContext(req: Request): Promise<AuthContext> {
+export async function userContext(req: FastifyRequest): Promise<AuthContext> {
   const token = optionalBearerToken(req);
   if (token === null) return { scopes: [] };
   if (token.startsWith(SESSION_TOKEN_PREFIX)) {
@@ -99,7 +99,9 @@ export async function userContext(req: Request): Promise<AuthContext> {
   return { userId: payload.sub, scopes: scopesFromPayload(payload) };
 }
 
-export async function managerContext(req: Request): Promise<AuthContext> {
+export async function managerContext(
+  req: FastifyRequest,
+): Promise<AuthContext> {
   const token = getBearerToken(req);
   const { payload } = await jwtVerify(token, jwks, {
     issuer: LOGTO_ISSUER,
@@ -119,7 +121,7 @@ export async function managerContext(req: Request): Promise<AuthContext> {
   };
 }
 
-export async function teamContext(req: Request): Promise<AuthContext> {
+export async function teamContext(req: FastifyRequest): Promise<AuthContext> {
   const token = getBearerToken(req);
   const { payload } = await jwtVerify(token, jwks, {
     issuer: LOGTO_ISSUER,

src/index.ts

@@ -1,51 +1,115 @@
-import express from 'express'
+import Fastify from "fastify";
-import cors from 'cors'
+import type { FastifyInstance, FastifyRequest } from "fastify";
-import { ApolloServer } from '@apollo/server'
+import cors from "@fastify/cors";
-import { expressMiddleware } from '@apollo/server/express4'
+import mercurius from "mercurius";
-import * as Sentry from '@sentry/node'
+import * as Sentry from "@sentry/node";
-import { publicTypeDefs, publicResolvers } from './schemas/public.js'
+import { publicTypeDefs, publicResolvers } from "./schemas/public.js";
-import { userTypeDefs, userResolvers } from './schemas/user.js'
+import { userTypeDefs, userResolvers } from "./schemas/user.js";
-import { teamTypeDefs, teamResolvers } from './schemas/team.js'
+import { teamTypeDefs, teamResolvers } from "./schemas/team.js";
-import { managerTypeDefs, managerResolvers } from './schemas/manager.js'
+import { managerTypeDefs, managerResolvers } from "./schemas/manager.js";
-import { m2mTypeDefs, m2mResolvers } from './schemas/m2m.js'
+import { m2mTypeDefs, m2mResolvers } from "./schemas/m2m.js";
-import { publicContext, userContext, teamContext, managerContext, m2mContext, type AuthContext } from './auth.js'
+import {
+  publicContext,
+  userContext,
+  teamContext,
+  managerContext,
+  m2mContext,
+} from "./auth.js";
 
-const PORT = parseInt(process.env.PORT || '8000', 10)
+const PORT = Number.parseInt(process.env.PORT || "8000", 10);
-const SENTRY_DSN = process.env.SENTRY_DSN || ''
+const SENTRY_DSN = process.env.SENTRY_DSN || "";
 
 if (SENTRY_DSN) {
   Sentry.init({
     dsn: SENTRY_DSN,
     tracesSampleRate: 0.01,
-    release: process.env.RELEASE_VERSION || '1.0.0',
+    release: process.env.RELEASE_VERSION || "1.0.0",
-    environment: process.env.ENVIRONMENT || 'production',
+    environment: process.env.ENVIRONMENT || "production",
-  })
+  });
 }
 
-const app = express()
+const app = Fastify();
-app.use(cors({ origin: ['https://optovia.ru'], credentials: true }))
+await app.register(cors, { origin: ["https://optovia.ru"], credentials: true });
 
-const publicServer = new ApolloServer<AuthContext>({ typeDefs: publicTypeDefs, resolvers: publicResolvers, introspection: true })
+type GraphqlBody = {
-const userServer = new ApolloServer<AuthContext>({ typeDefs: userTypeDefs, resolvers: userResolvers, introspection: true })
+  query?: string;
-const teamServer = new ApolloServer<AuthContext>({ typeDefs: teamTypeDefs, resolvers: teamResolvers, introspection: true })
+  variables?: Record<string, unknown>;
-const managerServer = new ApolloServer<AuthContext>({ typeDefs: managerTypeDefs, resolvers: managerResolvers, introspection: true })
+  operationName?: string;
-const m2mServer = new ApolloServer<AuthContext>({ typeDefs: m2mTypeDefs, resolvers: m2mResolvers, introspection: true })
+};
 
-await Promise.all([publicServer.start(), userServer.start(), teamServer.start(), managerServer.start(), m2mServer.start()])
+async function registerGraphqlEndpoint(
+  server: FastifyInstance,
+  path: string,
+  schema: string,
+  resolvers: unknown,
+  context: (request: FastifyRequest) => Promise<unknown> | unknown,
+) {
+  await server.register(
+    async (route) => {
+      await route.register(mercurius, {
+        schema,
+        resolvers: resolvers as never,
+        routes: false,
+      });
+      route.post("/", async (request, reply) => {
+        const body = request.body as GraphqlBody;
+        if (typeof body.query !== "string") {
+          throw new Error("GraphQL query is required");
+        }
+        return reply.graphql(
+          body.query,
+          (await context(request)) as Record<string, unknown>,
+          body.variables,
+          body.operationName,
+        );
+      });
+    },
+    { prefix: path },
+  );
+}
 
-app.use('/graphql/public', express.json(), expressMiddleware(publicServer, { context: async () => publicContext() }) as unknown as express.RequestHandler)
+await registerGraphqlEndpoint(
-app.use('/graphql/user', express.json(), expressMiddleware(userServer, { context: async ({ req }) => userContext(req as unknown as import('express').Request) }) as unknown as express.RequestHandler)
+  app,
-app.use('/graphql/team', express.json(), expressMiddleware(teamServer, { context: async ({ req }) => teamContext(req as unknown as import('express').Request) }) as unknown as express.RequestHandler)
+  "/graphql/public",
-app.use('/graphql/manager', express.json(), expressMiddleware(managerServer, { context: async ({ req }) => managerContext(req as unknown as import('express').Request) }) as unknown as express.RequestHandler)
+  publicTypeDefs,
-app.use('/graphql/m2m', express.json(), expressMiddleware(m2mServer, { context: async () => m2mContext() }) as unknown as express.RequestHandler)
+  publicResolvers,
+  async () => publicContext(),
+);
+await registerGraphqlEndpoint(
+  app,
+  "/graphql/user",
+  userTypeDefs,
+  userResolvers,
+  userContext,
+);
+await registerGraphqlEndpoint(
+  app,
+  "/graphql/team",
+  teamTypeDefs,
+  teamResolvers,
+  teamContext,
+);
+await registerGraphqlEndpoint(
+  app,
+  "/graphql/manager",
+  managerTypeDefs,
+  managerResolvers,
+  managerContext,
+);
+await registerGraphqlEndpoint(
+  app,
+  "/graphql/m2m",
+  m2mTypeDefs,
+  m2mResolvers,
+  async () => m2mContext(),
+);
 
-app.get('/health', (_, res) => { res.json({ status: 'ok' }) })
+app.get("/health", async () => ({ status: "ok" }));
 
-app.listen(PORT, '0.0.0.0', () => {
+await app.listen({ port: PORT, host: "0.0.0.0" });
-  console.log(`Teams server ready on port ${PORT}`)
+console.log(`Teams server ready on port ${PORT}`);
-  console.log(`  /graphql/public  - public`)
+console.log(`  /graphql/public  - public`);
-  console.log(`  /graphql/user    - id token auth`)
+console.log(`  /graphql/user    - id token auth`);
-  console.log(`  /graphql/team    - team access token auth`)
+console.log(`  /graphql/team    - team access token auth`);
-  console.log(`  /graphql/manager - manager JWT auth`)
+console.log(`  /graphql/manager - manager JWT auth`);
-  console.log(`  /graphql/m2m     - internal services (no auth)`)
+console.log(`  /graphql/m2m     - internal services (no auth)`);
-})