optovia/teams
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Compare commits

base: optovia:b076343c57d07e6b4545287adde2fa6d32c5a4cc
Branches Tags
optovia:main
...
compare: optovia:main
Branches Tags
optovia:main

1 Commits
b076343c57 ... main

Author SHA1 Message Date
Ruslan Bakiev
7fc16bb333 Use Fastify Mercurius and GraphQL contracts
Some checks are pending
Build Docker Image / build (push) Waiting to run
Details
2026-06-01 00:25:27 +05:00
6 changed files with 1265 additions and 1567 deletions
Expand all files Collapse all files

3
.gitmodules vendored Normal file
View File

@@ -0,0 +1,3 @@
[submodule "graphql-contracts"]
path = graphql-contracts
url = git@gitea.dsrptlab.com:optovia/teams-graphql-contracts.git

1
graphql-contracts Submodule

Submodule graphql-contracts added at c632d41e35

2664
package-lock.json generated
View File

File diff suppressed because it is too large Load Diff

10
package.json
View File

@@ -9,18 +9,16 @@
"start": "prisma migrate deploy && node dist/index.js" "start": "prisma migrate deploy && node dist/index.js"
}, },
"dependencies": { "dependencies": {
"@apollo/server": "^4.11.3", "@fastify/cors": "^11.2.0",
"@prisma/client": "^6.5.0", "@prisma/client": "^6.5.0",
"@sentry/node": "^9.5.0", "@sentry/node": "^9.5.0",
"cors": "^2.8.5", "fastify": "^5.8.5",
"express": "^4.21.2",
"graphql": "^16.10.0", "graphql": "^16.10.0",
"graphql-tag": "^2.12.6", "graphql-tag": "^2.12.6",
"jose": "^6.0.11" "jose": "^6.0.11",
"mercurius": "^16.9.0"
}, },
"devDependencies": { "devDependencies": {
"@types/cors": "^2.8.17",
"@types/express": "^5.0.0",
"@types/node": "^22.13.0", "@types/node": "^22.13.0",
"prisma": "^6.5.0", "prisma": "^6.5.0",
"tsx": "^4.19.0", "tsx": "^4.19.0",

14
src/auth.ts
View File

@@ -1,6 +1,6 @@
import { createRemoteJWKSet, jwtVerify, type JWTPayload } from "jose"; import { createRemoteJWKSet, jwtVerify, type JWTPayload } from "jose";
import { GraphQLError } from "graphql"; import { GraphQLError } from "graphql";
import type { Request } from "express"; import type { FastifyRequest } from "fastify";
import { prisma } from "./db.js"; import { prisma } from "./db.js";
const LOGTO_JWKS_URL = const LOGTO_JWKS_URL =
@@ -21,7 +21,7 @@ export interface AuthContext {
export const SESSION_TOKEN_PREFIX = "optovia-session:"; export const SESSION_TOKEN_PREFIX = "optovia-session:";
function getBearerToken(req: Request): string { function getBearerToken(req: FastifyRequest): string {
const auth = req.headers.authorization || ""; const auth = req.headers.authorization || "";
if (!auth.startsWith("Bearer ")) if (!auth.startsWith("Bearer "))
throw new GraphQLError("Missing Bearer token", { throw new GraphQLError("Missing Bearer token", {
@@ -35,7 +35,7 @@ function getBearerToken(req: Request): string {
return token; return token;
} }
function optionalBearerToken(req: Request): string | null { function optionalBearerToken(req: FastifyRequest): string | null {
const auth = req.headers.authorization || ""; const auth = req.headers.authorization || "";
if (!auth.startsWith("Bearer ")) return null; if (!auth.startsWith("Bearer ")) return null;
const token = auth.slice(7); const token = auth.slice(7);
@@ -72,7 +72,7 @@ function hasManagerClaim(payload: JWTPayload): boolean {
); );
} }
export async function userContext(req: Request): Promise<AuthContext> { export async function userContext(req: FastifyRequest): Promise<AuthContext> {
const token = optionalBearerToken(req); const token = optionalBearerToken(req);
if (token === null) return { scopes: [] }; if (token === null) return { scopes: [] };
if (token.startsWith(SESSION_TOKEN_PREFIX)) { if (token.startsWith(SESSION_TOKEN_PREFIX)) {
@@ -99,7 +99,9 @@ export async function userContext(req: Request): Promise<AuthContext> {
return { userId: payload.sub, scopes: scopesFromPayload(payload) }; return { userId: payload.sub, scopes: scopesFromPayload(payload) };
} }
export async function managerContext(req: Request): Promise<AuthContext> { export async function managerContext(
req: FastifyRequest,
): Promise<AuthContext> {
const token = getBearerToken(req); const token = getBearerToken(req);
const { payload } = await jwtVerify(token, jwks, { const { payload } = await jwtVerify(token, jwks, {
issuer: LOGTO_ISSUER, issuer: LOGTO_ISSUER,
@@ -119,7 +121,7 @@ export async function managerContext(req: Request): Promise<AuthContext> {
}; };
} }
export async function teamContext(req: Request): Promise<AuthContext> { export async function teamContext(req: FastifyRequest): Promise<AuthContext> {
const token = getBearerToken(req); const token = getBearerToken(req);
const { payload } = await jwtVerify(token, jwks, { const { payload } = await jwtVerify(token, jwks, {
issuer: LOGTO_ISSUER, issuer: LOGTO_ISSUER,

140
src/index.ts
View File

@@ -1,51 +1,115 @@
import express from 'express' import Fastify from "fastify";
import cors from 'cors' import type { FastifyInstance, FastifyRequest } from "fastify";
import { ApolloServer } from '@apollo/server' import cors from "@fastify/cors";
import { expressMiddleware } from '@apollo/server/express4' import mercurius from "mercurius";
import * as Sentry from '@sentry/node' import * as Sentry from "@sentry/node";
import { publicTypeDefs, publicResolvers } from './schemas/public.js' import { publicTypeDefs, publicResolvers } from "./schemas/public.js";
import { userTypeDefs, userResolvers } from './schemas/user.js' import { userTypeDefs, userResolvers } from "./schemas/user.js";
import { teamTypeDefs, teamResolvers } from './schemas/team.js' import { teamTypeDefs, teamResolvers } from "./schemas/team.js";
import { managerTypeDefs, managerResolvers } from './schemas/manager.js' import { managerTypeDefs, managerResolvers } from "./schemas/manager.js";
import { m2mTypeDefs, m2mResolvers } from './schemas/m2m.js' import { m2mTypeDefs, m2mResolvers } from "./schemas/m2m.js";
import { publicContext, userContext, teamContext, managerContext, m2mContext, type AuthContext } from './auth.js' import {
publicContext,
userContext,
teamContext,
managerContext,
m2mContext,
} from "./auth.js";
const PORT = parseInt(process.env.PORT || '8000', 10) const PORT = Number.parseInt(process.env.PORT || "8000", 10);
const SENTRY_DSN = process.env.SENTRY_DSN || '' const SENTRY_DSN = process.env.SENTRY_DSN || "";
if (SENTRY_DSN) { if (SENTRY_DSN) {
Sentry.init({ Sentry.init({
dsn: SENTRY_DSN, dsn: SENTRY_DSN,
tracesSampleRate: 0.01, tracesSampleRate: 0.01,
release: process.env.RELEASE_VERSION || '1.0.0', release: process.env.RELEASE_VERSION || "1.0.0",
environment: process.env.ENVIRONMENT || 'production', environment: process.env.ENVIRONMENT || "production",
}) });
} }
const app = express() const app = Fastify();
app.use(cors({ origin: ['https://optovia.ru'], credentials: true })) await app.register(cors, { origin: ["https://optovia.ru"], credentials: true });
const publicServer = new ApolloServer<AuthContext>({ typeDefs: publicTypeDefs, resolvers: publicResolvers, introspection: true }) type GraphqlBody = {
const userServer = new ApolloServer<AuthContext>({ typeDefs: userTypeDefs, resolvers: userResolvers, introspection: true }) query?: string;
const teamServer = new ApolloServer<AuthContext>({ typeDefs: teamTypeDefs, resolvers: teamResolvers, introspection: true }) variables?: Record<string, unknown>;
const managerServer = new ApolloServer<AuthContext>({ typeDefs: managerTypeDefs, resolvers: managerResolvers, introspection: true }) operationName?: string;
const m2mServer = new ApolloServer<AuthContext>({ typeDefs: m2mTypeDefs, resolvers: m2mResolvers, introspection: true }) };
await Promise.all([publicServer.start(), userServer.start(), teamServer.start(), managerServer.start(), m2mServer.start()]) async function registerGraphqlEndpoint(
server: FastifyInstance,
path: string,
schema: string,
resolvers: unknown,
context: (request: FastifyRequest) => Promise<unknown> | unknown,
) {
await server.register(
async (route) => {
await route.register(mercurius, {
schema,
resolvers: resolvers as never,
routes: false,
});
route.post("/", async (request, reply) => {
const body = request.body as GraphqlBody;
if (typeof body.query !== "string") {
throw new Error("GraphQL query is required");
}
return reply.graphql(
body.query,
(await context(request)) as Record<string, unknown>,
body.variables,
body.operationName,
);
});
},
{ prefix: path },
);
}
app.use('/graphql/public', express.json(), expressMiddleware(publicServer, { context: async () => publicContext() }) as unknown as express.RequestHandler) await registerGraphqlEndpoint(
app.use('/graphql/user', express.json(), expressMiddleware(userServer, { context: async ({ req }) => userContext(req as unknown as import('express').Request) }) as unknown as express.RequestHandler) app,
app.use('/graphql/team', express.json(), expressMiddleware(teamServer, { context: async ({ req }) => teamContext(req as unknown as import('express').Request) }) as unknown as express.RequestHandler) "/graphql/public",
app.use('/graphql/manager', express.json(), expressMiddleware(managerServer, { context: async ({ req }) => managerContext(req as unknown as import('express').Request) }) as unknown as express.RequestHandler) publicTypeDefs,
app.use('/graphql/m2m', express.json(), expressMiddleware(m2mServer, { context: async () => m2mContext() }) as unknown as express.RequestHandler) publicResolvers,
async () => publicContext(),
);
await registerGraphqlEndpoint(
app,
"/graphql/user",
userTypeDefs,
userResolvers,
userContext,
);
await registerGraphqlEndpoint(
app,
"/graphql/team",
teamTypeDefs,
teamResolvers,
teamContext,
);
await registerGraphqlEndpoint(
app,
"/graphql/manager",
managerTypeDefs,
managerResolvers,
managerContext,
);
await registerGraphqlEndpoint(
app,
"/graphql/m2m",
m2mTypeDefs,
m2mResolvers,
async () => m2mContext(),
);
app.get('/health', (_, res) => { res.json({ status: 'ok' }) }) app.get("/health", async () => ({ status: "ok" }));
app.listen(PORT, '0.0.0.0', () => { await app.listen({ port: PORT, host: "0.0.0.0" });
console.log(`Teams server ready on port ${PORT}`) console.log(`Teams server ready on port ${PORT}`);
console.log(` /graphql/public - public`) console.log(` /graphql/public - public`);
console.log(` /graphql/user - id token auth`) console.log(` /graphql/user - id token auth`);
console.log(` /graphql/team - team access token auth`) console.log(` /graphql/team - team access token auth`);
console.log(` /graphql/manager - manager JWT auth`) console.log(` /graphql/manager - manager JWT auth`);
console.log(` /graphql/m2m - internal services (no auth)`) console.log(` /graphql/m2m - internal services (no auth)`);
})