@constructive-io/graphql-server 2.10.5

package/middleware/gql.js

@@ -0,0 +1,131 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ListOfAllDomainsOfDb = exports.ApiByNameQuery = exports.ApiQuery = void 0;
+const graphql_tag_1 = __importDefault(require("graphql-tag"));
+// DO NOT CHANGE TO domainBySubdomainAndDomain(domain: $domain, subdomain: $subdomain)
+// condition is the way to handle since it will pass in null properly
+// e.g. subdomain.domain or domain both work
+exports.ApiQuery = (0, graphql_tag_1.default) `
+  query ApiRoot($domain: String!, $subdomain: String) {
+    domains(condition: { domain: $domain, subdomain: $subdomain }) {
+      nodes {
+        api {
+          databaseId
+          dbname
+          roleName
+          anonRole
+          isPublic
+          schemaNamesFromExt: apiExtensions {
+            nodes {
+              schemaName
+            }
+          }
+          schemaNames: schemataByApiSchemaApiIdAndSchemaId {
+            nodes {
+              schemaName
+            }
+          }
+          rlsModule {
+            privateSchema {
+              schemaName
+            }
+            authenticateStrict
+            authenticate
+            currentRole
+            currentRoleId
+          }
+          database {
+            sites {
+              nodes {
+                domains {
+                  nodes {
+                    subdomain
+                    domain
+                  }
+                }
+              }
+            }
+          } # for now keep this for patches
+          apiModules {
+            nodes {
+              name
+              data
+            }
+          }
+        }
+      }
+    }
+  }
+`;
+exports.ApiByNameQuery = (0, graphql_tag_1.default) `
+  query ApiByName($name: String!, $databaseId: UUID!) {
+    api: apiByDatabaseIdAndName(name: $name, databaseId: $databaseId) {
+      databaseId
+      dbname
+      roleName
+      anonRole
+      isPublic
+      schemaNamesFromExt: apiExtensions {
+        nodes {
+          schemaName
+        }
+      }
+      schemaNames: schemataByApiSchemaApiIdAndSchemaId {
+        nodes {
+          schemaName
+        }
+      }
+      rlsModule {
+        privateSchema {
+          schemaName
+        }
+        authenticate
+        authenticateStrict
+        currentRole
+        currentRoleId
+      }
+      database {
+        sites {
+          nodes {
+            domains {
+              nodes {
+                subdomain
+                domain
+              }
+            }
+          }
+        }
+      } # for now keep this for patches
+      apiModules {
+        nodes {
+          name
+          data
+        }
+      }
+    }
+  }
+`;
+exports.ListOfAllDomainsOfDb = (0, graphql_tag_1.default) `
+  query ListApisByDatabaseId {
+    apis {
+      nodes {
+        id
+        databaseId
+        name
+        dbname
+        roleName
+        anonRole
+        isPublic
+        domains {
+          nodes {
+            domain
+            subdomain
+          }
+        }
+      }
+    }
+  }
+`;

package/middleware/graphile.d.ts

@@ -0,0 +1,4 @@
+import { ConstructiveOptions } from '@constructive-io/graphql-types';
+import { RequestHandler } from 'express';
+import './types';
+export declare const graphile: (opts: ConstructiveOptions) => RequestHandler;

package/middleware/graphile.js

@@ -0,0 +1,91 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.graphile = void 0;
+const graphile_cache_1 = require("graphile-cache");
+const graphile_settings_1 = require("graphile-settings");
+const pg_cache_1 = require("pg-cache");
+const postgraphile_1 = require("postgraphile");
+require("./types"); // for Request type
+const PublicKeySignature_1 = __importDefault(require("../plugins/PublicKeySignature"));
+const graphile = (opts) => {
+    return async (req, res, next) => {
+        try {
+            const api = req.api;
+            if (!api) {
+                return res.status(500).send('Missing API info');
+            }
+            const key = req.svc_key;
+            if (!key) {
+                return res.status(500).send('Missing service cache key');
+            }
+            const { dbname, anonRole, roleName, schema } = api;
+            if (graphile_cache_1.graphileCache.has(key)) {
+                const { handler } = graphile_cache_1.graphileCache.get(key);
+                return handler(req, res, next);
+            }
+            const options = (0, graphile_settings_1.getGraphileSettings)({
+                ...opts,
+                graphile: {
+                    ...opts.graphile,
+                    schema: schema,
+                },
+            });
+            const pubkey_challenge = api.apiModules.find((mod) => mod.name === 'pubkey_challenge');
+            if (pubkey_challenge && pubkey_challenge.data) {
+                options.appendPlugins.push((0, PublicKeySignature_1.default)(pubkey_challenge.data));
+            }
+            options.appendPlugins = options.appendPlugins ?? [];
+            options.appendPlugins.push(...opts.graphile.appendPlugins);
+            options.pgSettings = async function pgSettings(request) {
+                const gqlReq = request;
+                const context = {
+                    [`jwt.claims.database_id`]: gqlReq.databaseId,
+                    [`jwt.claims.ip_address`]: gqlReq.clientIp,
+                };
+                if (gqlReq.get('origin')) {
+                    context['jwt.claims.origin'] = gqlReq.get('origin');
+                }
+                if (gqlReq.get('User-Agent')) {
+                    context['jwt.claims.user_agent'] = gqlReq.get('User-Agent');
+                }
+                if (gqlReq?.token?.user_id) {
+                    return {
+                        role: roleName,
+                        [`jwt.claims.token_id`]: gqlReq.token.id,
+                        [`jwt.claims.user_id`]: gqlReq.token.user_id,
+                        ...context,
+                    };
+                }
+                return { role: anonRole, ...context };
+            };
+            options.graphqlRoute = '/graphql';
+            options.graphiqlRoute = '/graphiql';
+            options.graphileBuildOptions = {
+                ...options.graphileBuildOptions,
+                ...opts.graphile.graphileBuildOptions,
+            };
+            const graphileOpts = {
+                ...options,
+                ...opts.graphile.overrideSettings,
+            };
+            const pgPool = (0, pg_cache_1.getPgPool)({
+                ...opts.pg,
+                database: dbname,
+            });
+            const handler = (0, postgraphile_1.postgraphile)(pgPool, schema, graphileOpts);
+            graphile_cache_1.graphileCache.set(key, {
+                pgPool,
+                pgPoolKey: dbname,
+                handler,
+            });
+            return handler(req, res, next);
+        }
+        catch (e) {
+            return res.status(500).send(e.message);
+        }
+    };
+};
+exports.graphile = graphile;

package/middleware/types.d.ts

@@ -0,0 +1,33 @@
+import { ApiModule } from "../types";
+export type ConstructiveAPIToken = {
+    id: string;
+    user_id: string;
+    [key: string]: any;
+};
+declare global {
+    namespace Express {
+        interface Request {
+            api?: {
+                dbname: string;
+                anonRole: string;
+                roleName: string;
+                schema: string[];
+                apiModules: ApiModule[];
+                rlsModule?: {
+                    authenticate?: string;
+                    authenticateStrict?: string;
+                    privateSchema: {
+                        schemaName: string;
+                    };
+                };
+                domains?: string[];
+                databaseId?: string;
+                isPublic?: boolean;
+            };
+            svc_key?: string;
+            clientIp?: string;
+            databaseId?: string;
+            token?: ConstructiveAPIToken;
+        }
+    }
+}

package/middleware/types.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/package.json

@@ -0,0 +1,88 @@
+{
+  "name": "@constructive-io/graphql-server",
+  "version": "2.10.5",
+  "author": "Constructive <developers@constructive.io>",
+  "description": "Constructive GraphQL Server",
+  "main": "index.js",
+  "module": "esm/index.js",
+  "types": "index.d.ts",
+  "homepage": "https://github.com/constructive-io/constructive",
+  "license": "MIT",
+  "publishConfig": {
+    "access": "public",
+    "directory": "dist"
+  },
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/constructive-io/constructive"
+  },
+  "bugs": {
+    "url": "https://github.com/constructive-io/constructive/issues"
+  },
+  "scripts": {
+    "clean": "makage clean",
+    "prepack": "npm run build",
+    "build": "makage build",
+    "build:dev": "makage build --dev",
+    "dev": "ts-node src/run.ts",
+    "dev:watch": "nodemon --watch src --ext ts --exec ts-node src/run.ts",
+    "lint": "eslint . --fix",
+    "test": "jest --passWithNoTests",
+    "test:watch": "jest --watch",
+    "bucket:create": "ts-node src/scripts/create-bucket.ts"
+  },
+  "keywords": [
+    "server",
+    "graphql",
+    "express",
+    "constructive",
+    "backend"
+  ],
+  "dependencies": {
+    "@constructive-io/graphql-env": "^2.8.4",
+    "@constructive-io/graphql-types": "^2.12.4",
+    "@constructive-io/s3-utils": "^2.3.5",
+    "@constructive-io/upload-names": "^2.3.3",
+    "@constructive-io/url-domains": "^2.3.4",
+    "@graphile-contrib/pg-many-to-many": "^1.0.2",
+    "@pgpmjs/logger": "^1.3.4",
+    "@pgpmjs/server-utils": "^2.8.6",
+    "@pgpmjs/types": "^2.12.4",
+    "cors": "^2.8.5",
+    "dotenv": "^17.2.3",
+    "express": "^5.1.0",
+    "graphile-build": "^4.14.1",
+    "graphile-cache": "^1.6.6",
+    "graphile-i18n": "^0.2.10",
+    "graphile-meta-schema": "^0.3.10",
+    "graphile-plugin-connection-filter": "^2.4.10",
+    "graphile-plugin-connection-filter-postgis": "^1.1.10",
+    "graphile-plugin-fulltext-filter": "^2.1.10",
+    "graphile-query": "^2.4.5",
+    "graphile-search-plugin": "^0.2.10",
+    "graphile-settings": "^2.9.5",
+    "graphile-simple-inflector": "^0.2.10",
+    "graphile-utils": "^4.14.1",
+    "graphql": "15.10.1",
+    "graphql-tag": "2.12.6",
+    "graphql-upload": "^13.0.0",
+    "lru-cache": "^11.2.4",
+    "pg": "^8.16.3",
+    "pg-cache": "^1.6.6",
+    "pg-query-context": "^2.3.4",
+    "postgraphile": "^4.14.1",
+    "request-ip": "^3.3.0"
+  },
+  "devDependencies": {
+    "@aws-sdk/client-s3": "^3.952.0",
+    "@types/cors": "^2.8.17",
+    "@types/express": "^5.0.6",
+    "@types/graphql-upload": "^8.0.12",
+    "@types/pg": "^8.16.0",
+    "@types/request-ip": "^0.0.41",
+    "makage": "^0.1.8",
+    "nodemon": "^3.1.10",
+    "ts-node": "^10.9.2"
+  },
+  "gitHead": "22cfe32e994e26a6490e04e28bab26d1e7e6345c"
+}

package/plugins/PublicKeySignature.d.ts

@@ -0,0 +1,11 @@
+import type { Plugin } from 'graphile-build';
+export interface PublicKeyChallengeConfig {
+    schema: string;
+    crypto_network: string;
+    sign_up_with_key: string;
+    sign_in_request_challenge: string;
+    sign_in_record_failure: string;
+    sign_in_with_challenge: string;
+}
+export declare const PublicKeySignature: (pubkey_challenge: PublicKeyChallengeConfig) => Plugin;
+export default PublicKeySignature;

package/plugins/PublicKeySignature.js

@@ -0,0 +1,121 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PublicKeySignature = void 0;
+const graphile_utils_1 = require("graphile-utils");
+const pg_query_context_1 = __importDefault(require("pg-query-context"));
+const PublicKeySignature = (pubkey_challenge) => {
+    const { schema, crypto_network, sign_up_with_key, sign_in_request_challenge, sign_in_record_failure, sign_in_with_challenge } = pubkey_challenge;
+    return (0, graphile_utils_1.makeExtendSchemaPlugin)(() => ({
+        typeDefs: (0, graphile_utils_1.gql) `
+      input CreateUserAccountWithPublicKeyInput {
+        publicKey: String!
+      }
+
+      input GetMessageForSigningInput {
+        publicKey: String!
+      }
+
+      input VerifyMessageForSigningInput {
+        publicKey: String!
+        message: String!
+        signature: String!
+      }
+
+      type createUserAccountWithPublicKeyPayload {
+        message: String!
+      }
+
+      type getMessageForSigningPayload {
+        message: String!
+      }
+
+      type verifyMessageForSigningPayload {
+        access_token: String!
+        access_token_expires_at: Datetime!
+      }
+
+      extend type Mutation {
+        createUserAccountWithPublicKey(
+          input: CreateUserAccountWithPublicKeyInput
+        ): createUserAccountWithPublicKeyPayload
+
+        getMessageForSigning(
+          input: GetMessageForSigningInput
+        ): getMessageForSigningPayload
+
+        verifyMessageForSigning(
+          input: VerifyMessageForSigningInput
+        ): verifyMessageForSigningPayload
+      }
+    `,
+        resolvers: {
+            Mutation: {
+                async createUserAccountWithPublicKey(_parent, args, context) {
+                    const { pgClient } = context;
+                    const { publicKey } = args.input;
+                    await (0, pg_query_context_1.default)({
+                        client: pgClient,
+                        context: { role: 'anonymous' },
+                        query: `SELECT * FROM "${schema}".${sign_up_with_key}($1)`,
+                        variables: [publicKey]
+                    });
+                    const { rows: [{ [sign_in_request_challenge]: message }] } = await (0, pg_query_context_1.default)({
+                        client: pgClient,
+                        context: { role: 'anonymous' },
+                        query: `SELECT * FROM "${schema}".${sign_in_request_challenge}($1)`,
+                        variables: [publicKey]
+                    });
+                    return { message };
+                },
+                async getMessageForSigning(_parent, args, context) {
+                    const { pgClient } = context;
+                    const { publicKey } = args.input;
+                    const { rows: [{ [sign_in_request_challenge]: message }] } = await (0, pg_query_context_1.default)({
+                        client: pgClient,
+                        context: { role: 'anonymous' },
+                        query: `SELECT * FROM "${schema}".${sign_in_request_challenge}($1)`,
+                        variables: [publicKey]
+                    });
+                    if (!message)
+                        throw new Error('NO_ACCOUNT_EXISTS');
+                    return { message };
+                },
+                async verifyMessageForSigning(_parent, args, context) {
+                    const { pgClient } = context;
+                    const { publicKey, message, signature } = args.input;
+                    //   const network = Networks[crypto_network];
+                    const network = 'btc';
+                    //   const result = verifyMessage(message, publicKey, signature, network);
+                    // TODO implement using interchainJS?
+                    const result = false;
+                    if (!result) {
+                        await (0, pg_query_context_1.default)({
+                            client: pgClient,
+                            context: { role: 'anonymous' },
+                            query: `SELECT * FROM "${schema}".${sign_in_record_failure}($1)`,
+                            variables: [publicKey]
+                        });
+                        throw new Error('BAD_SIGNIN');
+                    }
+                    const { rows: [token] } = await (0, pg_query_context_1.default)({
+                        client: pgClient,
+                        context: { role: 'anonymous' },
+                        query: `SELECT * FROM "${schema}".${sign_in_with_challenge}($1, $2)`,
+                        variables: [publicKey, message]
+                    });
+                    if (!token?.access_token)
+                        throw new Error('BAD_SIGNIN');
+                    return {
+                        access_token: token.access_token,
+                        access_token_expires_at: token.access_token_expires_at
+                    };
+                }
+            }
+        }
+    }));
+};
+exports.PublicKeySignature = PublicKeySignature;
+exports.default = exports.PublicKeySignature;

package/run.d.ts

@@ -0,0 +1,2 @@
+#!/usr/bin/env node
+export {};

package/run.js

@@ -0,0 +1,10 @@
+#!/usr/bin/env node
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const graphql_env_1 = require("@constructive-io/graphql-env");
+const server_1 = require("./server");
+(0, server_1.GraphQLServer)((0, graphql_env_1.getEnvOptions)({
+    pg: {
+        database: process.env.PGDATABASE,
+    },
+}));

package/schema.d.ts

@@ -0,0 +1,12 @@
+import { PostGraphileOptions } from 'postgraphile';
+export type BuildSchemaOptions = {
+    database?: string;
+    schemas: string[];
+    graphile?: Partial<PostGraphileOptions>;
+};
+export declare function buildSchemaSDL(opts: BuildSchemaOptions): Promise<string>;
+export declare function fetchEndpointSchemaSDL(endpoint: string, opts?: {
+    headerHost?: string;
+    headers?: Record<string, string>;
+    auth?: string;
+}): Promise<string>;

package/schema.js

@@ -0,0 +1,123 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.buildSchemaSDL = buildSchemaSDL;
+exports.fetchEndpointSchemaSDL = fetchEndpointSchemaSDL;
+const graphql_1 = require("graphql");
+const graphile_settings_1 = require("graphile-settings");
+const pg_cache_1 = require("pg-cache");
+const postgraphile_1 = require("postgraphile");
+const http = __importStar(require("node:http"));
+const https = __importStar(require("node:https"));
+// Build GraphQL Schema SDL directly from Postgres using PostGraphile, without HTTP.
+async function buildSchemaSDL(opts) {
+    const database = opts.database ?? 'constructive';
+    const schemas = Array.isArray(opts.schemas) ? opts.schemas : [];
+    const settings = (0, graphile_settings_1.getGraphileSettings)({
+        graphile: {
+            schema: schemas,
+            ...(opts.graphile ?? {})
+        }
+    });
+    const pgPool = (0, pg_cache_1.getPgPool)({ database });
+    const schema = await (0, postgraphile_1.createPostGraphileSchema)(pgPool, schemas, settings);
+    return (0, graphql_1.printSchema)(schema);
+}
+// Fetch GraphQL Schema SDL from a running GraphQL endpoint via introspection.
+// This centralizes GraphQL client usage in the server package to avoid duplicating deps in the CLI.
+async function fetchEndpointSchemaSDL(endpoint, opts) {
+    const url = new URL(endpoint);
+    const requestUrl = url;
+    const introspectionQuery = (0, graphql_1.getIntrospectionQuery)({ descriptions: true });
+    const postData = JSON.stringify({
+        query: introspectionQuery,
+        variables: null,
+        operationName: 'IntrospectionQuery',
+    });
+    const headers = {
+        'Content-Type': 'application/json',
+        'Content-Length': String(Buffer.byteLength(postData)),
+    };
+    if (opts?.headerHost) {
+        headers['Host'] = opts.headerHost;
+    }
+    if (opts?.auth) {
+        headers['Authorization'] = opts.auth;
+    }
+    if (opts?.headers) {
+        for (const [key, value] of Object.entries(opts.headers)) {
+            headers[key] = value;
+        }
+    }
+    const isHttps = requestUrl.protocol === 'https:';
+    const lib = isHttps ? https : http;
+    const responseData = await new Promise((resolve, reject) => {
+        const req = lib.request({
+            hostname: requestUrl.hostname,
+            port: (requestUrl.port ? Number(requestUrl.port) : (isHttps ? 443 : 80)),
+            path: requestUrl.pathname,
+            method: 'POST',
+            headers,
+        }, (res) => {
+            let data = '';
+            res.on('data', (chunk) => { data += chunk; });
+            res.on('end', () => {
+                if (res.statusCode && res.statusCode >= 400) {
+                    reject(new Error(`HTTP ${res.statusCode} – ${data}`));
+                    return;
+                }
+                resolve(data);
+            });
+        });
+        req.on('error', (err) => reject(err));
+        req.write(postData);
+        req.end();
+    });
+    let json;
+    try {
+        json = JSON.parse(responseData);
+    }
+    catch (e) {
+        throw new Error(`Failed to parse response: ${responseData}`);
+    }
+    if (json.errors) {
+        throw new Error('Introspection returned errors');
+    }
+    if (!json.data) {
+        throw new Error('No data in introspection response');
+    }
+    const schema = (0, graphql_1.buildClientSchema)(json.data);
+    return (0, graphql_1.printSchema)(schema);
+}

package/scripts/create-bucket.d.ts

@@ -0,0 +1 @@
+import 'dotenv/config';

package/scripts/create-bucket.js

@@ -0,0 +1,34 @@
+"use strict";
+// Minimal script to create a bucket in MinIO using @constructive-io/s3-utils
+// Avoid strict type coupling between different @aws-sdk/client-s3 versions
+Object.defineProperty(exports, "__esModule", { value: true });
+// Loads graphql/server/.env by default when running via ts-node from this workspace
+require("dotenv/config");
+const client_s3_1 = require("@aws-sdk/client-s3");
+const s3_utils_1 = require("@constructive-io/s3-utils");
+const BUCKET = process.env.BUCKET_NAME || 'test-bucket';
+const REGION = process.env.AWS_REGION || 'us-east-1';
+const ACCESS_KEY = process.env.AWS_ACCESS_KEY || process.env.AWS_ACCESS_KEY_ID || 'minioadmin';
+const SECRET_KEY = process.env.AWS_SECRET_KEY ||
+    process.env.AWS_SECRET_ACCESS_KEY ||
+    'minioadmin';
+const ENDPOINT = process.env.MINIO_ENDPOINT || 'http://localhost:9000';
+(async () => {
+    try {
+        const client = new client_s3_1.S3Client({
+            region: REGION,
+            credentials: { accessKeyId: ACCESS_KEY, secretAccessKey: SECRET_KEY },
+            endpoint: ENDPOINT,
+            forcePathStyle: true,
+        });
+        // Hint downstream to apply MinIO policies
+        process.env.IS_MINIO = 'true';
+        const res = await (0, s3_utils_1.createS3Bucket)(client, BUCKET);
+        console.log(`[create-bucket] ${BUCKET}:`, res);
+        client.destroy();
+    }
+    catch (e) {
+        console.error('[create-bucket] error', e);
+        process.exitCode = 1;
+    }
+})();