@openneuro/server 4.19.3 → 4.20.0-alpha.1

package/Dockerfile

@@ -4,7 +4,7 @@ FROM openneuro/node AS build
 WORKDIR /srv/packages/openneuro-server
 RUN yarn build
 
-FROM node:18.15.0-alpine
+FROM node:18.17.1-alpine
 
 WORKDIR /srv
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@openneuro/server",
-  "version": "4.19.3",
+  "version": "4.20.0-alpha.1",
   "description": "Core service for the OpenNeuro platform.",
   "license": "MIT",
   "main": "src/server.js",
@@ -16,35 +16,37 @@
   "author": "Squishymedia",
   "dependencies": {
     "@apollo/client": "3.7.2",
+    "@apollo/server": "4.9.3",
+    "@apollo/utils.keyvadapter": "3.0.0",
     "@elastic/elasticsearch": "7.15.0",
-    "@openneuro/search": "^4.19.3",
+    "@graphql-tools/schema": "^10.0.0",
+    "@keyv/redis": "^2.7.0",
+    "@openneuro/search": "^4.20.0-alpha.1",
     "@passport-next/passport-google-oauth2": "^1.0.0",
     "@sentry/node": "^4.5.3",
-    "apollo-server": "2.25.4",
-    "apollo-server-cache-redis": "1.4.0",
-    "apollo-server-express": "2.25.3",
     "base64url": "^3.0.0",
-    "body-parser": "^1.18.2",
-    "cookie-parser": "^1.4.3",
+    "cookie-parser": "^1.4.6",
+    "cors": "^2.8.5",
     "date-fns": "^2.16.1",
     "draft-js": "^0.11.7",
     "draft-js-export-html": "^1.4.1",
-    "elastic-apm-node": "3.43.0",
-    "express": "^4.17.1",
-    "graphql": "14.7.0",
+    "elastic-apm-node": "3.49.1",
+    "express": "4.18.2",
+    "graphql": "16.6.0",
     "graphql-bigint": "^1.0.0",
-    "graphql-compose": "^7.25.0",
+    "graphql-compose": "9.0.10",
     "graphql-iso-date": "^3.6.1",
     "graphql-redis-subscriptions": "2.1.0",
     "graphql-subscriptions": "^1.1.0",
-    "graphql-tools": "4.0.6",
+    "graphql-tools": "9.0.0",
     "immutable": "^3.8.2",
     "ioredis": "4.17.3",
     "jsdom": "^11.6.2",
     "jsonwebtoken": "^9.0.0",
+    "keyv": "^4.5.3",
     "mime-types": "^2.1.19",
     "moment": "^2.14.1",
-    "mongoose": "^7.0.2",
+    "mongoose": "^6.11.3",
     "morgan": "^1.6.1",
     "node-mailjet": "^3.3.5",
     "object-hash": "2.1.1",
@@ -59,38 +61,33 @@
     "request": "^2.83.0",
     "semver": "^5.5.0",
     "sitemap": "^2.1.0",
-    "subscriptions-transport-ws": "0.9.18",
     "superagent": "^3.8.2",
     "ts-node": "9.1.1",
-    "typescript": "4.5.4",
+    "typescript": "5.1.6",
     "underscore": "^1.8.3",
     "uuid": "^3.0.1",
     "xmldoc": "^1.1.0"
   },
   "devDependencies": {
-    "@babel/core": "^7.6.4",
-    "@babel/plugin-proposal-object-rest-spread": "^7.6.2",
-    "@babel/plugin-proposal-optional-chaining": "^7.6.0",
-    "@babel/plugin-syntax-object-rest-spread": "^7.0.0",
-    "@babel/preset-env": "^7.6.3",
-    "@babel/runtime-corejs3": "^7.13.10",
+    "@types/cors": "^2",
     "@types/draft-js": "^0.10.43",
+    "@types/express": "^4.17.17",
+    "@types/express-serve-static-core": "^4.17.35",
     "@types/ioredis": "^4.17.1",
+    "@types/ioredis-mock": "^8.2.2",
     "@types/node-mailjet": "^3",
     "@types/semver": "^5",
-    "apollo-link-schema": "^1.2.5",
-    "babel-eslint": "^10.1.0",
     "core-js": "^3.10.1",
-    "ioredis-mock": "^8.2.2",
+    "ioredis-mock": "^8.8.1",
     "nodemon": "^2.0.7",
     "supertest": "^3.0.0",
     "ts-node-dev": "1.1.6",
     "tsc-watch": "^4.2.9",
-    "vitest": "^0.25.2",
+    "vitest": "0.33.0",
     "vitest-fetch-mock": "^0.2.1"
   },
   "publishConfig": {
     "access": "public"
   },
-  "gitHead": "0a72f7f93897f2b3fed01b4b017f4b1f977a0a04"
+  "gitHead": "60ca7376fddf72b9516b582ee46c585ef526a39f"
 }

package/src/app.ts

@@ -0,0 +1,119 @@
+/*eslint no-console: ["error", { allow: ["log"] }] */
+/* eslint-disable no-unused-vars*/
+
+/**
+ * Express app setup
+ */
+import { createServer } from 'http'
+import cors from 'cors'
+import express, { urlencoded, json } from 'express'
+import passport from 'passport'
+import config from './config'
+import routes from './routes'
+import morgan from 'morgan'
+import schema from './graphql/schema'
+import { ApolloServer } from '@apollo/server'
+import { ApolloServerPluginLandingPageLocalDefault } from '@apollo/server/plugin/landingPage/default'
+import { expressMiddleware } from '@apollo/server/express4'
+import { ApolloServerPluginDrainHttpServer } from '@apollo/server/plugin/drainHttpServer'
+import { KeyvAdapter } from '@apollo/utils.keyvadapter'
+import Keyv from 'keyv'
+import KeyvRedis from '@keyv/redis'
+import cookieParser from 'cookie-parser'
+import * as jwt from './libs/authentication/jwt'
+import * as auth from './libs/authentication/states.js'
+import { sitemapHandler } from './handlers/sitemap.js'
+import { setupPassportAuth } from './libs/authentication/passport.js'
+import { redis } from './libs/redis'
+import { version } from './lerna.json'
+export { Express } from 'express-serve-static-core'
+
+interface OpenNeuroRequestContext {
+  user: string
+  isSuperUser: boolean
+  userInfo: {
+    id: string
+    exp: string
+    scopes: string[]
+  }
+}
+
+export async function expressApolloSetup() {
+  const app = express()
+
+  setupPassportAuth()
+
+  app.use(passport.initialize())
+
+  app.use((req, res, next) => {
+    res.set(config.headers)
+    res.type('application/json')
+    next()
+  })
+  app.use(morgan('short'))
+  app.use(cookieParser())
+  app.use(urlencoded({ extended: false, limit: '50mb' }))
+  app.use(json({ limit: '50mb' }))
+
+  // routing ---------------------------------------------------------
+  app.use('/sitemap.xml', sitemapHandler)
+  app.use(config.apiPrefix, routes)
+
+  const httpServer = createServer(app)
+
+  // Apollo server setup
+  const apolloServer = new ApolloServer<OpenNeuroRequestContext>({
+    schema,
+    // Always allow introspection - our schema is public
+    introspection: true,
+    cache: new KeyvAdapter(new Keyv({ store: new KeyvRedis(redis) })),
+    plugins: [
+      ApolloServerPluginLandingPageLocalDefault(),
+      ApolloServerPluginDrainHttpServer({
+        httpServer,
+      }),
+      {
+        async requestDidStart() {
+          return {
+            async willSendResponse(requestContext) {
+              const { response } = requestContext
+              if (
+                response.body.kind === 'single' &&
+                'data' in response.body.singleResult
+              ) {
+                response.body.singleResult.extensions = {
+                  ...response.body.singleResult.extensions,
+
+                  openneuro: { version },
+                }
+              }
+            },
+          }
+        },
+      },
+    ],
+  })
+
+  await apolloServer.start()
+
+  // Setup GraphQL middleware
+  app.use(
+    ['/graphql', '/crn/graphql'],
+    cors<cors.CorsRequest>(),
+    jwt.authenticate,
+    auth.optional,
+    expressMiddleware(apolloServer, {
+      context: async ({ req }) => {
+        if (req.isAuthenticated()) {
+          return {
+            user: req.user.id,
+            isSuperUser: req.user.admin,
+            userInfo: req.user,
+          }
+        }
+      },
+    }),
+  )
+
+  return app
+}

package/src/datalad/files.ts

@@ -12,7 +12,7 @@ export const encodeFilePath = (path: string): string => {
 }
 
 /**
- * Convert to from URL compatible path fo filepath
+ * Convert from URL compatible path to filepath
  * @param {String} path
  */
 export const decodeFilePath = (path: string): string => {

package/src/graphql/__tests__/__snapshots__/permissions.spec.js.snap

@@ -1,4 +1,4 @@
-// Vitest Snapshot v1
+// Vitest Snapshot v1, https://vitest.dev/guide/snapshot.html
 
 exports[`resolver permissions helpers > checkDatasetAdmin() > resolves to false for anonymous users 1`] = `"You do not have admin access to this dataset."`;
 

package/src/graphql/__tests__/permissions.spec.js

@@ -4,7 +4,7 @@ import {
   states,
   checkDatasetWrite,
   checkDatasetAdmin,
-} from '../permissions.js'
+} from '../permissions'
 
 vi.mock('ioredis')
 

package/src/graphql/permissions.js

@@ -1,5 +1,5 @@
 import config from '../config.js'
-import { ApolloError } from 'apollo-server'
+import { GraphQLError } from 'graphql'
 import Permission from '../models/permission'
 import Dataset from '../models/dataset'
 import Deletion from '../models/deletion'
@@ -52,9 +52,9 @@ export const checkPermissionLevel = (permission, state) => {
   }
 }
 
-export class DeletedDatasetError extends ApolloError {
+export class DeletedDatasetError extends GraphQLError {
   constructor(datasetId, reason, redirect = undefined) {
-    let extension
+    let extensions
     if (redirect) {
       try {
         // Validate URL before we attach it to the API response
@@ -65,17 +65,15 @@ export class DeletedDatasetError extends ApolloError {
           url.pathname.startsWith('/datasets')
         ) {
           // Only return a relative path to avoid cross site risks
-          extension = { redirect: url.pathname }
+          extensions = { code: 'DELETED_DATASET', redirect: url.pathname }
         }
       } catch (err) {
         // Do nothing
       }
     }
-    super(
-      `Dataset ${datasetId} has been deleted. Reason: ${reason}.`,
-      'DELETED_DATASET',
-      extension,
-    )
+    super(`Dataset ${datasetId} has been deleted. Reason: ${reason}.`, {
+      extensions,
+    })
   }
 }
 

package/src/graphql/pubsub.js

@@ -1,10 +1,5 @@
-import Redis from 'ioredis'
-import config from '../config.js'
-import pubsubFactory from '../libs/redis-pubsub.js'
+async function* asyncIterator(_) {
+  yield null
+}
 
-const pubsub = pubsubFactory({
-  publisher: new Redis(config.redis),
-  subscriber: new Redis(config.redis),
-})
-
-export default pubsub
+export default { publish: (_, __) => {}, asyncIterator }

package/src/graphql/resolvers/dataset.js

@@ -7,11 +7,11 @@ import {
   checkDatasetRead,
   checkDatasetWrite,
   checkDatasetAdmin,
-} from '../permissions.js'
+} from '../permissions'
 import { user } from './user.js'
-import { permissions } from './permissions.js'
+import { permissions } from './permissions'
 import { datasetComments } from './comment.js'
-import { metadata } from './metadata.js'
+import { metadata } from './metadata'
 import { history } from './history.js'
 import * as dataladAnalytics from '../../datalad/analytics.js'
 import DatasetModel from '../../models/dataset'

package/src/graphql/resolvers/draft.js

@@ -1,5 +1,5 @@
 import Summary from '../../models/summary'
-import { summary } from './summary.js'
+import { summary } from './summary'
 import { issues } from './issues.js'
 import { description } from './description.js'
 import { readme } from './readme.js'

package/src/graphql/resolvers/git.ts

@@ -1,5 +1,5 @@
 import { checkDatasetWrite } from '../permissions.js'
-import { generateRepoToken } from '../../libs/authentication/jwt.js'
+import { generateRepoToken } from '../../libs/authentication/jwt'
 import { getDatasetEndpoint } from '../../libs/datalad-service.js'
 
 /**

package/src/graphql/resolvers/{metadata.js → metadata.ts}

@@ -1,5 +1,7 @@
 import Snapshot from '../../models/snapshot'
-import MetadataModel from '../../models/metadata'
+import { LeanDocument } from 'mongoose'
+import DatasetModel from '../../models/dataset'
+import MetadataModel, { MetadataDocument } from '../../models/metadata'
 import { latestSnapshot } from './snapshots'
 import { permissions } from './permissions'
 
@@ -8,7 +10,11 @@ import { permissions } from './permissions'
  *
  * User modified fields are queried from the Metadata model and dynamic metadata is updated from the latest snapshot
  */
-export const metadata = async (dataset, _, context) => {
+export const metadata = async (
+  dataset,
+  _,
+  context,
+): Promise<LeanDocument<MetadataDocument>> => {
   const record = await MetadataModel.findOne({
     datasetId: dataset.id,
   }).lean()
@@ -24,7 +30,7 @@ export const metadata = async (dataset, _, context) => {
   for (const user of userPermissions) {
     if (user.level === 'admin') {
       const userObj = await user.user
-      adminUsers.push(userObj.email)
+      adminUsers.push(userObj.name)
     }
   }
   const firstSnapshot = await Snapshot.find({ datasetId: dataset.id }).sort({
@@ -44,7 +50,7 @@ export const metadata = async (dataset, _, context) => {
     adminUsers,
     firstSnapshotCreatedAt,
     latestSnapshotCreatedAt: snapshot.created,
-    subjectAges: summary?.subjectMetadata?.map(s => s.age),
+    ages: summary?.subjectMetadata?.map(s => s.age as number),
     modalities: summary?.modalities || [],
     dataProcessed: summary?.dataProcessed || null,
   }
@@ -60,3 +66,19 @@ export const addMetadata = async (obj, { datasetId, metadata }) => {
   })
   return result
 }
+
+/**
+ * Resolve all public datasets and return metadata
+ */
+export async function publicMetadata(
+  obj,
+): Promise<Array<LeanDocument<MetadataDocument>>> {
+  const datasets = await DatasetModel.find({
+    public: true,
+  }).lean()
+  const dsMetadata: LeanDocument<MetadataDocument>[] = []
+  for (const ds of datasets) {
+    dsMetadata.push(await metadata(ds, null, {}))
+  }
+  return dsMetadata
+}

package/src/graphql/resolvers/mutation.js

@@ -18,9 +18,9 @@ import {
   undoDeprecateSnapshot,
 } from './snapshots.js'
 import { removeUser, setAdmin, setBlocked } from './user.js'
-import { updateSummary } from './summary.js'
+import { updateSummary } from './summary'
 import { revalidate, updateValidation } from './validation.js'
-import { updatePermissions, removePermissions } from './permissions.js'
+import { updatePermissions, removePermissions } from './permissions'
 import { followDataset } from './follow.js'
 import { starDataset } from './stars.js'
 import { publishDataset } from './publish.js'
@@ -28,7 +28,7 @@ import { updateDescription, updateDescriptionList } from './description.js'
 import { updateReadme } from './readme.js'
 import { addComment, editComment, deleteComment } from './comment.js'
 import { subscribeToNewsletter } from './newsletter'
-import { addMetadata } from './metadata.js'
+import { addMetadata } from './metadata'
 import { prepareUpload, finishUpload } from './upload.js'
 import { prepareRepoAccess } from './git'
 import { cacheClear } from './cache'

package/src/graphql/resolvers/{permissions.js → permissions.ts}

@@ -1,17 +1,25 @@
-import User from '../../models/user'
-import Permission from '../../models/permission'
+import User, { UserDocument } from '../../models/user'
+import Permission, { PermissionDocument } from '../../models/permission'
 import { checkDatasetAdmin } from '../permissions'
 import { user } from './user'
 import pubsub from '../pubsub.js'
 
-export const permissions = async ds => {
+interface DatasetPermission {
+  id: string
+  userPermissions: (PermissionDocument & { user: Promise<UserDocument> })[]
+}
+
+export async function permissions(ds): Promise<DatasetPermission> {
   const permissions = await Permission.find({ datasetId: ds.id }).exec()
   return {
     id: ds.id,
-    userPermissions: permissions.map(userPermission => ({
-      ...userPermission.toJSON(),
-      user: user(ds, { id: userPermission.userId }),
-    })),
+    userPermissions: permissions.map(
+      userPermission =>
+        ({
+          ...userPermission.toJSON(),
+          user: user(ds, { id: userPermission.userId }),
+        } as PermissionDocument & { user: Promise<UserDocument> }),
+    ),
   }
 }
 
@@ -53,7 +61,7 @@ export const updatePermissions = async (obj, args, { user, userInfo }) => {
   }
 
   const userPromises = users.map(user => {
-    return new Promise((resolve, reject) => {
+    return new Promise<void>((resolve, reject) => {
       Permission.updateOne(
         {
           datasetId: args.datasetId,

package/src/graphql/resolvers/query.js

@@ -5,6 +5,7 @@ import { dataset, datasets } from './dataset.js'
 import { snapshot, participantCount } from './snapshots.js'
 import { user, users } from './user.js'
 import { flaggedFiles } from './flaggedFiles'
+import { publicMetadata } from './metadata'
 
 const Query = {
   dataset,
@@ -14,6 +15,7 @@ const Query = {
   snapshot,
   participantCount,
   flaggedFiles,
+  publicMetadata,
 }
 
 export default Query

package/src/graphql/resolvers/reviewer.ts

@@ -1,7 +1,7 @@
 import config from '../../config'
 import Reviewer from '../../models/reviewer'
 import { checkDatasetAdmin } from '../permissions.js'
-import { generateReviewerToken } from '../../libs/authentication/jwt.js'
+import { generateReviewerToken } from '../../libs/authentication/jwt'
 
 /**
  * Create an anonymous read-only access key

package/src/graphql/resolvers/snapshots.js

@@ -4,7 +4,7 @@ import { onBrainlife } from './brainlife'
 import { checkDatasetRead, checkDatasetWrite } from '../permissions.js'
 import { readme } from './readme.js'
 import { description } from './description.js'
-import { summary } from './summary.js'
+import { summary } from './summary'
 import { snapshotIssues } from './issues.js'
 import { getFiles } from '../../datalad/files'
 import Summary from '../../models/summary'

package/src/graphql/resolvers/{summary.js → summary.ts}

@@ -1,9 +1,9 @@
-import Summary from '../../models/summary'
+import Summary, { SummaryDocument } from '../../models/summary'
 
 /**
  * Summary resolver
  */
-export const summary = async dataset => {
+export async function summary(dataset): Promise<Partial<SummaryDocument>> {
   const datasetSummary = (
     await Summary.findOne({
       id: dataset.revision,

package/src/graphql/resolvers/upload.js

@@ -1,6 +1,6 @@
 import Upload from '../../models/upload'
 import { checkDatasetWrite } from '../permissions.js'
-import { generateUploadToken } from '../../libs/authentication/jwt.js'
+import { generateUploadToken } from '../../libs/authentication/jwt'
 import { finishUploadRequest } from '../../datalad/upload.js'
 import { getDatasetEndpoint } from '../../libs/datalad-service.js'
 

package/src/graphql/resolvers/user.js

@@ -45,4 +45,18 @@ export const setBlocked = (obj, { id, blocked }, { userInfo }) => {
   }
 }
 
-export default user
+const UserResolvers = {
+  id: obj => obj.id,
+  provider: obj => obj.provider,
+  avatar: obj => obj.avatar,
+  orcid: obj => obj.orcid,
+  created: obj => obj.created,
+  modified: obj => obj.modified,
+  lastSeen: obj => obj.lastSeen,
+  email: obj => obj.email,
+  name: obj => obj.name,
+  admin: obj => obj.admin,
+  blocked: obj => obj.blocked,
+}
+
+export default UserResolvers

package/src/graphql/schema.js

@@ -97,6 +97,8 @@ export const typeDefs = `
       "Get files that have already been deleted, default false."
       deleted: Boolean = false
     ): [FlaggedFile]
+    # All public dataset metadata
+    publicMetadata: [Metadata] @cacheControl(maxAge: 86400, scope: PUBLIC)
   }
 
   type Mutation {
@@ -527,7 +529,7 @@ export const typeDefs = `
     id: ID!
     # ID of user who flagged snapshot as deprecated
     user: String
-    # Reason for deprecating snaphot
+    # Reason for deprecating snapshot
     reason: String
     # Timestamp of snapshot deprecation
     timestamp: Date

package/src/graphql/utils/file.js

@@ -5,7 +5,7 @@ export const filterRemovedAnnexObjects =
     const removedAnnexObjectKeys = (
       await BadAnnexObject.find({ datasetId }).exec()
     ).map(({ annexKey }) => annexKey)
-    // keep files that havent had their annex objects removed
+    // keep files that haven't had their annex objects removed
     return userInfo?.admin
       ? files
       : files.filter(({ key }) => !removedAnnexObjectKeys.includes(key))

package/src/handlers/datalad.js

@@ -40,23 +40,20 @@ export const getFile = async (req, res) => {
     const uri = snapshotId
       ? `http://${worker}/datasets/${datasetId}/snapshots/${snapshotId}/files/${filename}`
       : `http://${worker}/datasets/${datasetId}/files/${filename}`
-    return (
-      fetch(uri)
-        .then(r => {
-          // Set the content length (allow clients to catch HTTP issues better)
-          res.setHeader(
-            'Content-Length',
-            Number(r.headers.get('content-length')),
-          )
-          return r.body
-        })
+    return fetch(uri)
+      .then(r => {
+        // Set the content length (allow clients to catch HTTP issues better)
+        res.setHeader('Content-Length', Number(r.headers.get('content-length')))
+        return r.body
+      })
+      .then(stream =>
         // @ts-expect-error
-        .then(stream => Readable.fromWeb(stream).pipe(res))
-        .catch(err => {
-          console.error(err)
-          res.status(500).send('Internal error transferring requested file')
-        })
-    )
+        Readable.fromWeb(stream, { highWaterMark: 4194304 }).pipe(res),
+      )
+      .catch(err => {
+        console.error(err)
+        res.status(500).send('Internal error transferring requested file')
+      })
   }
 }
 

package/src/handlers/doi.js

@@ -42,7 +42,7 @@ export async function createSnapshotDoi(req, res) {
   }
 }
 
-// Have seperate function to get Doi that does not require any authorization
+// Have separate function to get Doi that does not require any authorization
 export async function getDoi(req, res) {
   const datasetId = req.params.datasetId
   const snapshotId = req.params.snapshotId

package/src/libs/authentication/__tests__/jwt.spec.js

@@ -1,5 +1,5 @@
 import User from '../../../models/user'
-import { addJWT } from '../jwt.js'
+import { addJWT } from '../jwt'
 
 vi.mock('ioredis')
 vi.mock('../../../config.js')

package/src/libs/authentication/{jwt.js → jwt.ts}

@@ -5,8 +5,26 @@ import { decrypt } from './crypto'
 import User from '../../models/user'
 import config from '../../config.js'
 
-export const buildToken = (config, user, expiresIn, options) => {
-  const fields = {
+interface OpenNeuroTokenProfile {
+  sub: string
+  email: string
+  provider: string
+  name: string
+  admin: boolean
+  iat: number
+  exp: number
+  // Tokens may be scoped and limited to one dataset
+  scopes?: string[]
+  dataset?: string
+}
+
+export const buildToken = (
+  config,
+  user,
+  expiresIn,
+  options?: { scopes?: string[]; dataset?: string },
+): string => {
+  const fields: Omit<OpenNeuroTokenProfile, 'iat' | 'exp'> = {
     sub: user.id,
     email: user.email,
     provider: user.provider,
@@ -15,7 +33,7 @@ export const buildToken = (config, user, expiresIn, options) => {
   }
   // Allow extensions of the base token format
   if (options) {
-    if ('scopes' in options) {
+    if (options && 'scopes' in options) {
       fields.scopes = options.scopes
     }
     if ('dataset' in options) {
@@ -24,7 +42,7 @@ export const buildToken = (config, user, expiresIn, options) => {
   }
   return jwt.sign(fields, config.auth.jwt.secret, {
     expiresIn,
-  })
+  }) as string
 }
 
 // Helper to generate a JWT containing user info
@@ -77,7 +95,7 @@ export function generateReviewerToken(
 /**
  * Generate an git repo token
  *
- * Similary to the upload token, this shorter lived token is specific to git access
+ * Similarly to the upload token, this shorter lived token is specific to git access
  */
 export function generateRepoToken(user, datasetId, expiresIn = 60 * 60 * 24) {
   const options = {
@@ -111,8 +129,8 @@ export const jwtFromRequest = req => {
   }
 }
 
-export const decodeJWT = token => {
-  return jwt.decode(token)
+export const decodeJWT = (token: string): OpenNeuroTokenProfile => {
+  return jwt.decode(token) as OpenNeuroTokenProfile
 }
 
 export const parsedJwtFromRequest = req => {

package/src/libs/authentication/orcid.js

@@ -1,6 +1,6 @@
 import passport from 'passport'
 import User from '../../models/user'
-import { parsedJwtFromRequest } from './jwt.js'
+import { parsedJwtFromRequest } from './jwt'
 
 export const requestAuth = passport.authenticate('orcid', {
   session: false,

package/src/libs/authentication/passport.js

@@ -6,7 +6,7 @@ import { Strategy as ORCIDStrategy } from 'passport-orcid'
 import config from '../../config.js'
 import User from '../../models/user'
 import { encrypt } from './crypto'
-import { addJWT, jwtFromRequest, decodeJWT } from './jwt.js'
+import { addJWT, jwtFromRequest } from './jwt'
 import orcid from '../orcid.js'
 
 const PROVIDERS = {

package/src/libs/doi/__tests__/__snapshots__/doi.spec.js.snap

@@ -1,4 +1,4 @@
-// Vitest Snapshot v1
+// Vitest Snapshot v1, https://vitest.dev/guide/snapshot.html
 
 exports[`DOI minting utils > template() > accepts expected arguments 1`] = `
 "<?xml version=\\"1.0\\" encoding=\\"UTF-8\\"?>

package/src/libs/email/templates/__tests__/__snapshots__/comment-created.spec.ts.snap

@@ -1,4 +1,4 @@
-// Vitest Snapshot v1
+// Vitest Snapshot v1, https://vitest.dev/guide/snapshot.html
 
 exports[`email template -> comment created > renders with expected arguments 1`] = `
 "<html>

package/src/libs/email/templates/__tests__/__snapshots__/dataset-deleted.spec.ts.snap

@@ -1,4 +1,4 @@
-// Vitest Snapshot v1
+// Vitest Snapshot v1, https://vitest.dev/guide/snapshot.html
 
 exports[`email template -> comment created > renders with expected arguments 1`] = `
 "<html>

package/src/libs/email/templates/__tests__/__snapshots__/owner-unsubscribed.spec.ts.snap

@@ -1,4 +1,4 @@
-// Vitest Snapshot v1
+// Vitest Snapshot v1, https://vitest.dev/guide/snapshot.html
 
 exports[`email template -> comment created > renders with expected arguments 1`] = `
 "<html>

package/src/libs/email/templates/__tests__/__snapshots__/snapshot-created.spec.ts.snap

@@ -1,4 +1,4 @@
-// Vitest Snapshot v1
+// Vitest Snapshot v1, https://vitest.dev/guide/snapshot.html
 
 exports[`email template -> comment created > renders with expected arguments 1`] = `
 "<html>

package/src/libs/email/templates/__tests__/__snapshots__/snapshot-reminder.spec.ts.snap

@@ -1,4 +1,4 @@
-// Vitest Snapshot v1
+// Vitest Snapshot v1, https://vitest.dev/guide/snapshot.html
 
 exports[`email template -> comment created > renders with expected arguments 1`] = `
 "<html>

package/src/libs/subscription-server.js

@@ -1,4 +1,4 @@
-import { execute, subscribe } from 'graphql'
+/*import { execute, subscribe } from 'graphql'
 import { SubscriptionServer } from 'subscriptions-transport-ws'
 import schema from '../graphql/schema.js'
 
@@ -17,3 +17,4 @@ const subscriptionServerFactory = httpserver =>
   )
 
 export default subscriptionServerFactory
+*/

package/src/models/summary.ts

@@ -17,6 +17,7 @@ export interface SummaryDocument extends Document {
   subjectMetadata: Record<string, any>
   tasks: string[]
   modalities: string[]
+  primaryModality: string
   secondaryModalities: string[]
   dataTypes: string[]
   totalFiles: number
@@ -33,6 +34,7 @@ const summarySchema = new Schema({
   subjectMetadata: Object,
   tasks: [String],
   modalities: [String],
+  primaryModality: String,
   secondaryModalities: [String],
   dataTypes: [String],
   totalFiles: Number,

package/src/routes.js

@@ -9,7 +9,7 @@ import * as subscriptions from './handlers/subscriptions'
 import verifyUser from './libs/authentication/verifyUser.js'
 import * as google from './libs/authentication/google.js'
 import * as orcid from './libs/authentication/orcid.js'
-import * as jwt from './libs/authentication/jwt.js'
+import * as jwt from './libs/authentication/jwt'
 import * as auth from './libs/authentication/states.js'
 import * as doi from './handlers/doi'
 import { sitemapHandler } from './handlers/sitemap.js'
@@ -148,7 +148,7 @@ const routes = [
   {
     method: 'get',
     url: '/auth/orcid',
-    middlware: [noCache],
+    middleware: [noCache],
     handler: orcid.requestAuth,
   },
   {

package/src/{server.js → server.ts}

@@ -7,11 +7,9 @@ apm.start({
 
 import { createServer } from 'http'
 import mongoose from 'mongoose'
-import subscriptionServerFactory from './libs/subscription-server.js'
 import { connect as redisConnect } from './libs/redis'
 import config from './config'
-import createApp from './app'
-import { version } from './lerna.json'
+import { expressApolloSetup } from './app'
 
 const redisConnectionSetup = async () => {
   try {
@@ -23,18 +21,18 @@ const redisConnectionSetup = async () => {
   }
 }
 
-mongoose.connect(config.mongo.url, {
+void mongoose.connect(config.mongo.url, {
   dbName: config.mongo.dbName,
   connectTimeoutMS: config.mongo.connectTimeoutMS,
 })
 
-redisConnectionSetup().then(() => {
-  const app = createApp(false)
+void redisConnectionSetup().then(async () => {
+  const app = await expressApolloSetup()
   const server = createServer(app)
   server.listen(config.port, () => {
     // eslint-disable-next-line no-console
     console.log('Server is listening on port ' + config.port)
     // Setup GraphQL subscription transport
-    subscriptionServerFactory(server)
+    //subscriptionServerFactory(server)
   })
 })

package/src/app.js

@@ -1,94 +0,0 @@
-/*eslint no-console: ["error", { allow: ["log"] }] */
-/* eslint-disable no-unused-vars*/
-
-/**
- * Express app setup
- */
-import express from 'express'
-import passport from 'passport'
-import config from './config'
-import routes from './routes'
-import morgan from 'morgan'
-import schema from './graphql/schema'
-import { ApolloServer } from 'apollo-server-express'
-import { BaseRedisCache } from 'apollo-server-cache-redis'
-import bodyParser from 'body-parser'
-import cookieParser from 'cookie-parser'
-import * as jwt from './libs/authentication/jwt.js'
-import * as auth from './libs/authentication/states.js'
-import { sitemapHandler } from './handlers/sitemap.js'
-import { setupPassportAuth } from './libs/authentication/passport.js'
-import { redis } from './libs/redis'
-import { version } from './lerna.json'
-
-// test flag disables Sentry for tests
-export default test => {
-  const app = express()
-
-  setupPassportAuth()
-
-  app.use(passport.initialize())
-
-  app.use((req, res, next) => {
-    res.set(config.headers)
-    res.type('application/json')
-    next()
-  })
-  app.use(morgan('short'))
-  app.use(cookieParser())
-  app.use(bodyParser.urlencoded({ extended: false, limit: '50mb' }))
-  app.use(bodyParser.json({ limit: '50mb' }))
-
-  // routing ---------------------------------------------------------
-  app.use('/sitemap.xml', sitemapHandler)
-  app.use(config.apiPrefix, routes)
-
-  // error handling --------------------------------------------------\
-
-  // Apollo engine setup
-  const engineConfig = {
-    privateVariables: ['files'],
-  }
-
-  // Apollo server setup
-  const apolloServer = new ApolloServer({
-    schema,
-    context: ({ req }) => {
-      if (req.isAuthenticated()) {
-        return {
-          user: req.user.id,
-          isSuperUser: req.user.admin,
-          userInfo: req.user,
-        }
-      }
-    },
-    // Always allow introspection - our schema is public
-    introspection: true,
-    // Enable authenticated queries in playground
-    // Note - buggy at the moment
-    playground: {
-      settings: {
-        'request.credentials': 'same-origin',
-      },
-    },
-    // Enable cache options
-    tracing: true,
-    cacheControl: true,
-    // Don't limit the max size for dataset uploads
-    uploads: { maxFieldSize: Infinity },
-    formatResponse: response => {
-      return { ...response, extensions: { openneuro: { version } } }
-    },
-    cache: new BaseRedisCache({
-      client: redis,
-    }),
-  })
-
-  // Setup pre-GraphQL middleware
-  app.use('/crn/graphql', jwt.authenticate, auth.optional)
-
-  // Inject Apollo Server
-  apolloServer.applyMiddleware({ app, path: '/crn/graphql' })
-
-  return app
-}