@adobe/aio-cli-plugin-api-mesh 5.0.0-alpha → 5.0.0

package/src/plugins/complianceHeaders/complianceHeaders.js

@@ -0,0 +1,55 @@
+/**
+ * CF-Connecting-IP provides the client IP address connecting to Cloudflare to the origin web server. This header will only be sent on the
+ * traffic from Cloudflare’s edge to your origin web server. Upstream requests will the Cloudflare Worker client IP address of
+ * `2a06:98c0:3600::103`.
+ * @see https://developers.cloudflare.com/fundamentals/reference/http-request-headers/#cf-connecting-ip
+ */
+const CF_CONNECTING_IP_HEADER = 'cf-connecting-ip';
+
+/**
+ * The X-Forwarded-For (XFF) request header is a de-facto standard header for identifying the originating IP address of a client connecting
+ * to a web server through a proxy server.
+ * @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For
+ */
+const X_FORWARDED_FOR_HEADER = 'x-forwarded-for';
+
+/**
+ * Add `x-forwarded-for` header from request context to each fetch.
+ * @param context Request context.
+ * @param headers Fetch headers.
+ */
+const addXForwardedForHeader = (context, headers) => {
+	// `cf-connecting-ip` header contains the original visitor's IP address
+	const connectingIp = context?.request.headers.get(CF_CONNECTING_IP_HEADER);
+	const xForwardedFor = context?.request.headers.get(X_FORWARDED_FOR_HEADER);
+	if (connectingIp) {
+		if (!xForwardedFor) {
+			// Construct new `x-forwarded-for` header if not present in original request
+			headers.set(X_FORWARDED_FOR_HEADER, connectingIp);
+		} else {
+			// Construct `x-forwarded-for` header using original header
+			headers.set(X_FORWARDED_FOR_HEADER, `${xForwardedFor}, ${connectingIp}`);
+		}
+	}
+};
+
+/**
+ * Adds compliance headers to source fetch requests.
+ */
+function useComplianceHeaders() {
+	return {
+		onFetch({ context, options }) {
+			// Construct mutable headers from options passed to each fetch
+			const headers = new Headers(options.headers);
+			addXForwardedForHeader(context, headers);
+			options.headers = headers;
+		},
+	};
+}
+
+module.exports = {
+	useComplianceHeaders,
+	CF_CONNECTING_IP_HEADER,
+	X_FORWARDED_FOR_HEADER,
+	addXForwardedForHeader,
+};

package/src/plugins/complianceHeaders/index.js

@@ -0,0 +1,2 @@
+const { useComplianceHeaders } = require('./complianceHeaders');
+module.exports = useComplianceHeaders;

package/src/plugins/httpDetailsExtensions/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2020 Uri Goldshtein
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/src/plugins/httpDetailsExtensions/index.js

@@ -0,0 +1,81 @@
+/**
+ * Fork of https://github.com/ardatan/graphql-mesh/blob/%40graphql-mesh/plugin-http-details-extensions%400.1.21/packages/plugins/http-details-extensions/src/index.ts
+ * Version: 0.1.21
+ * TODO: Extract to a separate repository/artifact after approach has been validated.
+ */
+
+/* eslint-disable */
+
+const { isAsyncIterable } = require('@envelop/core');
+const { getHeadersObj } = require('@graphql-mesh/utils');
+
+function useIncludeHttpDetailsInExtensions(opts) {
+	if (!opts.if) {
+		return {};
+	}
+
+	const httpDetailsByContext = new WeakMap();
+
+	function getHttpDetailsByContext(context) {
+		let httpDetails = httpDetailsByContext.get(context);
+		if (!httpDetails) {
+			httpDetails = [];
+			httpDetailsByContext.set(context, httpDetails);
+		}
+		return httpDetails;
+	}
+
+	return {
+		onFetch({ url, context, info, options }) {
+			if (context != null) {
+				const requestTimestamp = Date.now();
+				return ({ response }) => {
+					const responseTimestamp = Date.now();
+					const responseTime = responseTimestamp - requestTimestamp;
+					const httpDetailsList = getHttpDetailsByContext(context);
+					const httpDetails = {
+						sourceName: (info)?.sourceName,
+						path: info?.path,
+						request: {
+							timestamp: requestTimestamp,
+							url,
+							method: options.method || 'GET',
+							headers: getHeadersObj(options.headers),
+						},
+						response: {
+							timestamp: responseTimestamp,
+							status: response.status,
+							statusText: response.statusText,
+							headers: getHeadersObj(response.headers),
+							// Added to interface to account for edge fetch implementation/behavior
+							cookies: response.headers.getSetCookie(),
+						},
+						responseTime,
+					};
+					httpDetailsList.push(httpDetails);
+				};
+			}
+			return undefined;
+		},
+		onExecute({ args: { contextValue } }) {
+			return {
+				onExecuteDone({ result, setResult }) {
+					if (!isAsyncIterable(result)) {
+						const httpDetailsList = httpDetailsByContext.get(contextValue);
+						if (httpDetailsList != null) {
+							setResult({
+								...result,
+								extensions: {
+									...result.extensions,
+									httpDetails: httpDetailsList,
+								},
+							});
+						}
+					}
+				},
+			};
+		},
+	};
+}
+
+module.exports = useIncludeHttpDetailsInExtensions;

package/src/secrets.js

@@ -0,0 +1,34 @@
+// Parse the yaml secrets string from env to json object
+function loadMeshSecrets(logger, secret) {
+	let parsedSecrets = {};
+
+	try {
+		// Replace escaped backslashes with a single backslash
+		secret = secret.replace(/\\"/g, '"');
+		parsedSecrets = JSON.parse(secret);
+	} catch (err) {
+		logger.error('Error parsing secrets.');
+	}
+
+	return parsedSecrets;
+}
+
+// Custom get secrets handler
+const getSecretsHandler = {
+	get: function (target, prop, receiver) {
+		if (prop === 'toJSON') {
+			// Handle the toJSON case
+			return () => target;
+		}
+		if (prop in target) {
+			return Reflect.get(target, prop, receiver);
+		} else {
+			throw new Error(`The secret ${String(prop)} is not available.`);
+		}
+	},
+	set: function () {
+		throw new Error('Setting secrets is not allowed');
+	},
+};
+
+module.exports = { loadMeshSecrets, getSecretsHandler };

package/src/served.js

@@ -0,0 +1,22 @@
+/**
+ * Header to indicate which tier served the request.
+ */
+const SERVE_TIER_HEADER = 'x-api-mesh-served';
+
+/**
+ * Tiers that served the request.
+ */
+const ServedTier = {
+	WORKER_HOT: 0,
+};
+
+/**
+ * Add the served header to the response. Requires mutable headers on the response object.
+ * @param response Response.
+ * @param servedTier Tier that served the request.
+ */
+const addServedHeader = (response, servedTier) => {
+	response.headers.set(SERVE_TIER_HEADER, servedTier.toString());
+};
+
+module.exports = { ServedTier, addServedHeader };

package/src/server.js

@@ -1,200 +1,38 @@
-// Resolve the path to 'fastify' and 'graphql-yoga' within the local 'node_modules'
-const fastifyPath = require.resolve('fastify', { paths: [process.cwd()] });
-const yogaPath = require.resolve('graphql-yoga', { paths: [process.cwd()] });
-
-// Load 'fastify' and 'graphql-yoga' using the resolved paths
-const fastify = require(fastifyPath);
-const { createYoga } = require(yogaPath);
-const logger = require('./classes/logger');
-
-//Load the functions from serverUtils.js
-const {
-	readMeshConfig,
-	removeRequestHeaders,
-	prepSourceResponseHeaders,
-	processResponseHeaders,
-	readSecretsFile,
-} = require('./serverUtils');
-
-let yogaServer = null;
-let meshConfig;
-
-// catch unhandled promise rejections
-process.on('unhandledRejection', reason => {
-	logger.error('Unhandled Rejection at:', reason.stack || reason);
-});
-
-// catch uncaught exceptions
-process.on('uncaughtException', err => {
-	logger.error('Uncaught Exception thrown');
-	logger.error(err.stack);
-	process.exit(1);
-});
-
-// get meshId from command line arguments
-const meshId = process.argv[2];
-
-// get PORT number from command line arguments
-const portNo = parseInt(process.argv[3]);
-
-const getCORSOptions = () => {
-	try {
-		const currentWorkingDirectory = process.cwd();
-		const meshConfigPath = `${currentWorkingDirectory}/mesh-artifact/${meshId}/.meshrc.json`;
-
-		const meshConfig = require(meshConfigPath);
-		const { responseConfig } = meshConfig;
-		const { CORS } = responseConfig;
-
-		return CORS;
-	} catch (e) {
-		return {};
-	}
-};
-
-// Custom get secrets handler
-const getSecretsHandler = {
-	get: function (target, prop, receiver) {
-		if (prop === 'toJSON') {
-			// Handle the toJSON case
-			return () => target;
-		}
-		if (prop in target) {
-			return Reflect.get(target, prop, receiver);
-		} else {
-			throw new Error(`The secret ${String(prop)} is not available.`);
-		}
-	},
-	set: function () {
-		throw new Error('Setting secrets is not allowed');
-	},
+const { spawn } = require('child_process');
+const { readSecretsFile } = require('./serverUtils');
+const packageData = require('../package.json');
+
+const runServer = portNo => {
+	const wranglerPackageNumber = packageData.dependencies.wrangler;
+	const wranglerVersion = `wrangler@${wranglerPackageNumber.replace(/^[\^~]/, '')}`;
+	const indexFilePath = `${__dirname}/index.js`;
+	const filePath = '.mesh';
+	const secrets = readSecretsFile(filePath);
+	const commandArgs = [
+		wranglerVersion,
+		'dev',
+		indexFilePath,
+		'--show-interactive-dev-session',
+		'false',
+		'--var',
+		`Secret:${JSON.stringify(secrets)}`,
+		'--port',
+		portNo,
+		'--inspector-port',
+		'9229',
+	];
+
+	const wrangler = spawn('npx', commandArgs, {
+		stdio: 'inherit',
+	});
+
+	wrangler.on('close', code => {
+		console.log(`wrangler dev process exited with code ${code}`);
+	});
+
+	wrangler.on('error', error => {
+		console.error(`Failed to start wrangler dev: ${error.message}`);
+	});
 };
 
-const getYogaServer = async () => {
-	if (yogaServer) {
-		return yogaServer;
-	} else {
-		const currentWorkingDirectory = process.cwd();
-		const meshArtifactsPath = `${currentWorkingDirectory}/mesh-artifact/${meshId}`;
-
-		const meshArtifacts = require(meshArtifactsPath);
-		const { getBuiltMesh } = meshArtifacts;
-
-		const tenantMesh = await getBuiltMesh();
-		const corsOptions = getCORSOptions();
-
-		const secrets = readSecretsFile(meshId);
-
-		const secretsProxy = new Proxy(secrets, getSecretsHandler);
-
-		logger.info('Creating graphQL server');
-
-		meshConfig = readMeshConfig(meshId);
-
-		yogaServer = createYoga({
-			plugins: tenantMesh.plugins,
-			graphqlEndpoint: `/graphql`,
-			graphiql: true,
-			maskedErrors: false,
-			cors: corsOptions,
-			context: initialContext => ({
-				...initialContext,
-				secrets: secretsProxy,
-			}),
-		});
-
-		return yogaServer;
-	}
-};
-
-const app = fastify();
-
-app.route({
-	method: ['GET', 'POST'],
-	url: '/graphql',
-	handler: async (req, res) => {
-		logger.info('Request received: ', req.body);
-
-		let body = null;
-		let responseBody = null;
-		let includeMetaData = false;
-
-		if (req.headers['x-include-metadata'] && req.headers['x-include-metadata'].length > 0) {
-			if (req.headers['x-include-metadata'].toLowerCase() === 'true') {
-				includeMetaData = true;
-			}
-		}
-
-		const response = await yogaServer.handleNodeRequest(req, {
-			req,
-			reply: res,
-		});
-
-		try {
-			try {
-				body = await response.text();
-				if (body) {
-					responseBody = JSON.parse(body);
-				}
-			} catch (err) {
-				logger.error(`Error parsing response body: ${err}`);
-				logger.error(response);
-				throw new Error(`Error parsing response body: ${err}`);
-			}
-			//Set the value of includeHTTPDetails flag
-
-			const includeHTTPDetails = !!meshConfig?.responseConfig?.includeHTTPDetails;
-			const meshHTTPDetails = responseBody?.extensions?.httpDetails;
-			logger.info('Mesh HTTP Details: ', meshHTTPDetails);
-
-			/* the logic for handling mesh response headers using includeMetaData */
-			prepSourceResponseHeaders(meshHTTPDetails, req.id);
-			const responseHeaders = processResponseHeaders(meshId, req.id, includeMetaData, req.method);
-
-			/** Adding the yoga response headers to the response */
-			response.headers?.forEach((value, key) => {
-				res.header(key, value);
-			});
-
-			// Delete the httpDetails extensions details if mesh owner has disabled those details in the config
-			if (includeHTTPDetails !== true) {
-				delete responseBody?.extensions?.httpDetails;
-			}
-
-			//make sure to remove the request headers from cache after the request is complete
-			removeRequestHeaders(req.id);
-			const fastifyResponseBody = JSON.stringify(responseBody);
-			res.status(response.status).headers(responseHeaders).send(fastifyResponseBody);
-		} catch (err) {
-			logger.error(`Error parsing response body: ${err}`);
-			//we have this fallback catch clause if someone wants to load the graphiql engine. This returns the default headers back
-			response.headers?.forEach((value, key) => {
-				res.header(key, value);
-			});
-			res.status(response.status);
-			res.send(response.body);
-		}
-
-		return res;
-	},
-});
-
-app.listen(
-	{
-		//set the port no of the server based on the input value
-		port: portNo,
-	},
-	async err => {
-		try {
-			if (err) {
-				throw new Error(`Server setup error: ${err.message}`);
-			}
-			yogaServer = await getYogaServer();
-		} catch (error) {
-			console.error(error);
-			process.exit(1);
-		}
-
-		console.log(`Server is running on http://localhost:${portNo}/graphql`);
-	},
-);
+module.exports = { runServer };

package/src/serverUtils.js

@@ -318,13 +318,13 @@ function ccDirectivesToString(directives) {
 
 /**
  * Returns secrets content from artifacts
- * @param meshId
+ * @param meshPath
  * @returns
  */
-function readSecretsFile(meshId) {
+function readSecretsFile(meshPath) {
 	let secrets = {};
 	try {
-		const filePath = path.resolve(process.cwd(), 'mesh-artifact', `${meshId}`, 'secrets.yaml');
+		const filePath = path.resolve(process.cwd(), `${meshPath}`, 'secrets.yaml');
 		if (fs.existsSync(filePath)) {
 			secrets = YAML.parse(fs.readFileSync(filePath, 'utf8'));
 		}

package/src/templates/wrangler.toml

@@ -0,0 +1,14 @@
+# Tenant worker core definition. For platform workers metadata configs are used to set bindings.
+name = "tenant-worker-core"
+compatibility_date = "2024-06-03"
+node_compat = false
+
+find_additional_modules = true
+base_dir = ".mesh"
+rules = [
+  { type = "CommonJS", globs = ["tenantFiles/**/*.js"] }
+]
+
+
+[[migrations]]
+tag = "v1"

package/src/utils/logger.js

@@ -0,0 +1,42 @@
+const pino = require('pino');
+
+/**
+ * Get a new instance of a Pino logger with default configuration.
+ * @param level Log level.
+ */
+const pinoLogger = level =>
+	pino({
+		level: level || 'info',
+		formatters: {
+			level(label) {
+				return {
+					level: label,
+				};
+			},
+		},
+	});
+
+/**
+ * Get a new instance of a Pino logger with default configuration and child bindings.
+ * @param bindings Logger bindings.
+ */
+const logger = bindings => {
+	return pinoLogger(bindings?.logLevel).child({
+		meshId: bindings?.meshId,
+		requestId: bindings?.requestId,
+	});
+};
+
+/**
+ * Create a logger from environment/request.
+ * @param bindings Logger bindings.
+ */
+const bindedlogger = bindings => {
+	return logger({
+		logLevel: bindings?.logLevel,
+		meshId: bindings?.meshId,
+		requestId: bindings?.requestId,
+	});
+};
+
+module.exports = { logger, pinoLogger, bindedlogger };

package/src/utils/requestId.js

@@ -0,0 +1,26 @@
+const UUID = require('../uuid');
+
+/**
+ * Default request identifier header name.
+ */
+const DEFAULT_REQUEST_ID_HEADER_NAME = 'x-request-id';
+
+/**
+ * Get request identifier from headers. Will attempt to set request identifier if not present.
+ * @param request Request.
+ * @param headerName Request identifier header name.
+ */
+function getRequestId(request, headerName = DEFAULT_REQUEST_ID_HEADER_NAME) {
+	let requestId = request.headers.get(headerName);
+	if (!requestId) {
+		requestId = UUID.newUuid().toString();
+		try {
+			request.headers.set(headerName, requestId);
+		} catch (err) {
+			// Unable to set request headers
+		}
+	}
+	return requestId;
+}
+
+module.exports = { DEFAULT_REQUEST_ID_HEADER_NAME, getRequestId };

package/src/wranglerServer.js

@@ -0,0 +1,80 @@
+import { getMesh } from '@graphql-mesh/runtime';
+
+const { getCorsOptions } = require('./cors');
+const { createYoga } = require('graphql-yoga');
+const { GraphQLError } = require('graphql/error');
+
+const { loadMeshSecrets, getSecretsHandler } = require('./secrets');
+const useComplianceHeaders = require('./plugins/complianceHeaders');
+const UseHttpDetailsExtensions = require('./plugins/httpDetailsExtensions');
+const useSourceHeaders = require('@adobe/plugin-source-headers');
+const { useDisableIntrospection } = require('@envelop/disable-introspection');
+
+let meshInstance$;
+
+async function buildMeshInstance(meshArtifacts, meshConfig) {
+	const { getMeshOptions } = meshArtifacts;
+	const options = await getMeshOptions();
+
+	options.additionalEnvelopPlugins = (options.additionalEnvelopPlugins || []).concat(
+		useComplianceHeaders(),
+		UseHttpDetailsExtensions({
+			// Get the details of responseConfig.includeHTTPDetails and store in Cache
+			if: meshConfig.responseConfig?.includeHTTPDetails || false,
+		}),
+		useSourceHeaders(meshConfig),
+	);
+
+	if (meshConfig.disableIntrospection) {
+		options.additionalEnvelopPlugins.push(useDisableIntrospection());
+	}
+
+	return getMesh(options).then(mesh => {
+		const id = mesh.pubsub.subscribe('destroy', () => {
+			meshInstance$ = undefined;
+			mesh.pubsub.unsubscribe(id);
+		});
+		return mesh;
+	});
+}
+
+async function getBuiltMesh(meshArtifacts, meshConfig) {
+	if (meshInstance$ == null) {
+		meshInstance$ = buildMeshInstance(meshArtifacts, meshConfig);
+	}
+	return meshInstance$;
+}
+
+const buildServer = async (loggerInstance, env, meshArtifacts, meshConfig) => {
+	const { Secret: secret } = env;
+	const tenantMesh = await getBuiltMesh(meshArtifacts, meshConfig);
+	const meshSecrets = loadMeshSecrets(loggerInstance, secret);
+	return await buildYogaServer(env, tenantMesh, meshConfig, meshSecrets);
+};
+
+async function buildYogaServer(env, tenantMesh, meshConfig, meshSecrets) {
+	const secretsProxy = new Proxy(meshSecrets, getSecretsHandler);
+	return createYoga({
+		plugins: tenantMesh.plugins,
+		graphqlEndpoint: `/graphql`,
+		cors: getCorsOptions(env, meshConfig),
+		context: initialContext => ({
+			...initialContext,
+			secrets: secretsProxy,
+		}),
+		maskedErrors: {
+			maskError: maskError,
+		},
+		logging: 'debug',
+	});
+}
+
+const maskError = error => {
+	if (error instanceof GraphQLError && error.extensions?.http?.headers) {
+		delete error.extensions.http.headers;
+	}
+
+	return error;
+};
+
+module.exports = { buildServer };