cfw-graphql-bootstrap 1.0.0

package/dist/index.js

@@ -0,0 +1,1052 @@
+// src/logger/index.ts
+import pino from "pino/browser";
+var isDev = process.env.NODE_ENV !== "production";
+var logLevel = process.env.LOG_LEVEL || (isDev ? "debug" : "info");
+var serializers = {
+  err: (err) => {
+    if (!err) return err;
+    return {
+      type: err.constructor?.name || err.name,
+      message: err.message,
+      stack: err.stack,
+      code: err.code,
+      statusCode: err.statusCode
+    };
+  },
+  req: (req) => {
+    if (!req) return req;
+    return {
+      method: req.method,
+      url: req.url,
+      headers: Object.fromEntries(req.headers.entries())
+    };
+  },
+  res: (res) => {
+    if (!res) return res;
+    return {
+      statusCode: res.status,
+      headers: Object.fromEntries(res.headers.entries())
+    };
+  }
+};
+var logger = pino({
+  browser: {
+    asObject: true,
+    write: {
+      info: (o) => {
+        if (!isDev && globalThis.logshipper) {
+          globalThis.logshipper.log(o);
+        }
+        console.log(JSON.stringify(o));
+      },
+      error: (o) => {
+        if (!isDev && globalThis.logshipper) {
+          globalThis.logshipper.log(o);
+        }
+        console.error(JSON.stringify(o));
+      },
+      debug: (o) => {
+        if (isDev) {
+          console.debug(JSON.stringify(o));
+        }
+      },
+      warn: (o) => {
+        if (!isDev && globalThis.logshipper) {
+          globalThis.logshipper.log(o);
+        }
+        console.warn(JSON.stringify(o));
+      },
+      fatal: (o) => {
+        if (!isDev && globalThis.logshipper) {
+          globalThis.logshipper.log(o);
+        }
+        console.error(JSON.stringify(o));
+      },
+      trace: (o) => {
+        if (isDev) {
+          console.trace(JSON.stringify(o));
+        }
+      }
+    }
+  },
+  level: logLevel,
+  base: {
+    env: process.env.NODE_ENV,
+    service: "graphql-subgraph",
+    runtime: "cloudflare-workers"
+  },
+  serializers,
+  timestamp: () => `,"timestamp":"${(/* @__PURE__ */ new Date()).toISOString()}"`,
+  formatters: {
+    level: (label) => {
+      return { level: label.toUpperCase() };
+    },
+    log: (object) => {
+      if (globalThis.requestContext) {
+        object.traceId = globalThis.requestContext.traceId;
+        object.spanId = globalThis.requestContext.spanId;
+        object.userId = globalThis.requestContext.userId;
+      }
+      return object;
+    }
+  }
+});
+function createLogger(context) {
+  return logger.child(context);
+}
+
+// src/context/constants.ts
+var Headers = {
+  GATEWAY_USER: "x-gateway-user",
+  GATEWAY_USER_SIGNATURE: "x-gateway-user-signature",
+  AUTH: "authorization",
+  CLIENT_ID: "x-client-id"
+};
+
+// src/context/auth.ts
+async function verifyAndParseUser(encodedUser, signature, secret) {
+  if (!encodedUser || !signature) {
+    return void 0;
+  }
+  try {
+    const encoder = new TextEncoder();
+    const key = await crypto.subtle.importKey(
+      "raw",
+      encoder.encode(secret),
+      { name: "HMAC", hash: "SHA-256" },
+      false,
+      ["verify"]
+    );
+    const signatureBuffer = hexToBuffer(signature);
+    const dataBuffer = encoder.encode(encodedUser);
+    const isValid = await crypto.subtle.verify(
+      "HMAC",
+      key,
+      signatureBuffer,
+      dataBuffer
+    );
+    if (!isValid) {
+      console.error("Invalid user signature");
+      return void 0;
+    }
+    const user = JSON.parse(atob(encodedUser));
+    return user;
+  } catch (error) {
+    console.error("Error verifying user:", error);
+    return void 0;
+  }
+}
+function hexToBuffer(hex) {
+  const bytes = new Uint8Array(hex.length / 2);
+  for (let i = 0; i < hex.length; i += 2) {
+    bytes[i / 2] = parseInt(hex.substring(i, i + 2), 16);
+  }
+  return bytes.buffer;
+}
+
+// src/cache/kv-cache.ts
+var KVCache = class {
+  constructor(kv) {
+    this.kv = kv;
+  }
+  /**
+   * Get a value from cache
+   */
+  async get(key) {
+    try {
+      const value = await this.kv.get(key);
+      if (!value) return null;
+      try {
+        return JSON.parse(value);
+      } catch {
+        return value;
+      }
+    } catch (error) {
+      console.error(`Cache get error for key ${key}:`, error);
+      return null;
+    }
+  }
+  /**
+   * Set a value in cache
+   */
+  async set(key, value, options = {}) {
+    try {
+      const serialized = typeof value === "string" ? value : JSON.stringify(value);
+      const kvOptions = {};
+      if (options.ttl) {
+        kvOptions.expirationTtl = options.ttl;
+      }
+      await this.kv.put(key, serialized, kvOptions);
+    } catch (error) {
+      console.error(`Cache set error for key ${key}:`, error);
+    }
+  }
+  /**
+   * Delete a value from cache
+   */
+  async delete(key) {
+    try {
+      await this.kv.delete(key);
+    } catch (error) {
+      console.error(`Cache delete error for key ${key}:`, error);
+    }
+  }
+  /**
+   * Check if a key exists in cache
+   */
+  async has(key) {
+    try {
+      const value = await this.kv.get(key);
+      return value !== null;
+    } catch (error) {
+      console.error(`Cache has error for key ${key}:`, error);
+      return false;
+    }
+  }
+  /**
+   * Clear multiple keys matching a prefix
+   */
+  async clearPrefix(prefix) {
+    try {
+      const list = await this.kv.list({ prefix });
+      const promises = list.keys.map((key) => this.kv.delete(key.name));
+      await Promise.all(promises);
+    } catch (error) {
+      console.error(`Cache clear prefix error for ${prefix}:`, error);
+    }
+  }
+  /**
+   * Get or set a value with a factory function
+   * Useful for cache-aside pattern
+   */
+  async getOrSet(key, factory, options = {}) {
+    const cached2 = await this.get(key);
+    if (cached2 !== null) {
+      return cached2;
+    }
+    const fresh = await factory();
+    await this.set(key, fresh, options);
+    return fresh;
+  }
+};
+function createCacheKey(...parts) {
+  return parts.filter((part) => part !== void 0).map((part) => String(part)).join(":");
+}
+
+// src/cache/redis-cache.ts
+var RedisCache = class {
+  // Use Bun.redis or @upstash/redis
+  constructor(config = {}) {
+    if (config.url && config.token) {
+      this.initUpstash({ url: config.url, token: config.token });
+    } else if (typeof globalThis !== "undefined" && globalThis.Bun) {
+      this.redis = globalThis.Bun.redis;
+    } else {
+      this.redis = this.createMockRedis();
+    }
+  }
+  async initUpstash(config) {
+    this.redis = this.createMockRedis();
+  }
+  createMockRedis() {
+    const store = /* @__PURE__ */ new Map();
+    return {
+      get: async (key) => store.get(key),
+      set: async (key, value) => {
+        store.set(key, value);
+        return "OK";
+      },
+      setex: async (key, ttl, value) => {
+        store.set(key, value);
+        return "OK";
+      },
+      del: async (...keys) => {
+        keys.forEach((k) => store.delete(k));
+        return keys.length;
+      },
+      exists: async (key) => store.has(key) ? 1 : 0,
+      keys: async (pattern) => {
+        const regex = new RegExp(pattern.replace("*", ".*"));
+        return Array.from(store.keys()).filter((k) => regex.test(k));
+      },
+      incrby: async (key, by) => {
+        const val = store.get(key) || 0;
+        const newVal = val + by;
+        store.set(key, newVal);
+        return newVal;
+      },
+      expire: async (key, seconds) => true,
+      ttl: async (key) => -1
+    };
+  }
+  async get(key) {
+    try {
+      const value = await this.redis.get(key);
+      if (!value) return null;
+      return value;
+    } catch (error) {
+      console.error(`Redis get error for key ${key}:`, error);
+      return null;
+    }
+  }
+  async set(key, value, options = {}) {
+    try {
+      if (options.ttl) {
+        await this.redis.setex(key, options.ttl, value);
+      } else {
+        await this.redis.set(key, value);
+      }
+    } catch (error) {
+      console.error(`Redis set error for key ${key}:`, error);
+    }
+  }
+  async delete(key) {
+    try {
+      await this.redis.del(key);
+    } catch (error) {
+      console.error(`Redis delete error for key ${key}:`, error);
+    }
+  }
+  async has(key) {
+    try {
+      const exists = await this.redis.exists(key);
+      return exists === 1;
+    } catch (error) {
+      console.error(`Redis has error for key ${key}:`, error);
+      return false;
+    }
+  }
+  async clearPrefix(prefix) {
+    try {
+      const keys = await this.redis.keys(`${prefix}*`);
+      if (keys.length > 0) {
+        await this.redis.del(...keys);
+      }
+    } catch (error) {
+      console.error(`Redis clear prefix error for ${prefix}:`, error);
+    }
+  }
+  async getOrSet(key, factory, options = {}) {
+    const cached2 = await this.get(key);
+    if (cached2 !== null) {
+      return cached2;
+    }
+    const fresh = await factory();
+    await this.set(key, fresh, options);
+    return fresh;
+  }
+  // Additional Redis-specific methods
+  async increment(key, by = 1) {
+    return this.redis.incrby(key, by);
+  }
+  async expire(key, seconds) {
+    return this.redis.expire(key, seconds);
+  }
+  async ttl(key) {
+    return this.redis.ttl(key);
+  }
+};
+
+// src/cache/index.ts
+function createCache(env) {
+  if (env.CACHE_KV) {
+    return new KVCache(env.CACHE_KV);
+  }
+  if (env.REDIS_URL && env.REDIS_TOKEN) {
+    return new RedisCache({
+      url: env.REDIS_URL,
+      token: env.REDIS_TOKEN
+    });
+  }
+  return null;
+}
+function cached(options = {}) {
+  return function(target, propertyKey, descriptor) {
+    const originalMethod = descriptor.value;
+    descriptor.value = async function(...args) {
+      const context = args[2];
+      const cache = context?.cache;
+      if (!cache) {
+        return originalMethod.apply(this, args);
+      }
+      const key = options.keyGenerator ? options.keyGenerator(...args) : createCacheKey(propertyKey, JSON.stringify(args[1]));
+      return cache.getOrSet(
+        key,
+        () => originalMethod.apply(this, args),
+        options
+      );
+    };
+    return descriptor;
+  };
+}
+var CachedDataLoader = class {
+  constructor(batchFn, cache, options = {}) {
+    this.options = options;
+    this.cache = cache;
+  }
+  async load(key) {
+    const cacheKey = createCacheKey("loader", String(key));
+    return this.cache.getOrSet(
+      cacheKey,
+      async () => {
+        return this.loader ? this.loader.load(key) : null;
+      },
+      this.options
+    );
+  }
+  async loadMany(keys) {
+    return Promise.all(keys.map((key) => this.load(key)));
+  }
+  async clear(key) {
+    const cacheKey = createCacheKey("loader", String(key));
+    await this.cache.delete(cacheKey);
+  }
+  async clearAll() {
+    await this.cache.clearPrefix("loader:");
+  }
+};
+
+// src/env/config.ts
+var EnvParser = class {
+  constructor(env) {
+    this.env = env;
+  }
+  string(key, defaultValue) {
+    const value = this.env[key];
+    return value !== void 0 && value !== "" ? String(value) : defaultValue;
+  }
+  int(key, defaultValue) {
+    const value = this.env[key];
+    if (value === void 0 || value === "") return defaultValue;
+    const parsed = parseInt(String(value), 10);
+    return isNaN(parsed) ? defaultValue : parsed;
+  }
+  bool(key, defaultValue) {
+    const value = this.env[key];
+    if (value === void 0 || value === "") return defaultValue;
+    const str = String(value).toLowerCase();
+    return str === "true" || str === "1";
+  }
+  array(key, defaultValue) {
+    const value = this.env[key];
+    if (value === void 0 || value === "") return defaultValue;
+    if (Array.isArray(value)) return value;
+    return String(value).split(",").map((s) => s.trim()).filter(Boolean);
+  }
+  enum(key, validValues, defaultValue) {
+    const value = this.string(key);
+    if (value && validValues.includes(value)) {
+      return value;
+    }
+    return defaultValue;
+  }
+};
+var EnvironmentLoader = class {
+  constructor() {
+    this.config = null;
+  }
+  /**
+   * Load environment from Cloudflare Workers env object
+   */
+  load(env) {
+    const parser = new EnvParser(env);
+    this.config = {
+      NODE_ENV: parser.enum(
+        "NODE_ENV",
+        ["development", "test", "production"],
+        "production"
+      ),
+      PORT: parser.int("PORT", 3344),
+      GATEWAY_SECRET: parser.string("GATEWAY_SECRET"),
+      ALLOWED_ORIGINS: parser.array("ALLOWED_ORIGINS", [
+        "http://localhost:3000"
+      ]),
+      LOG_LEVEL: parser.enum(
+        "LOG_LEVEL",
+        ["trace", "debug", "info", "warn", "error", "fatal"],
+        "info"
+      ),
+      RATE_LIMIT_WINDOW_MS: parser.int("RATE_LIMIT_WINDOW_MS", 6e4),
+      RATE_LIMIT_MAX: parser.int("RATE_LIMIT_MAX", 100),
+      ENABLE_METRICS: parser.bool("ENABLE_METRICS", true),
+      ENABLE_TRACING: parser.bool("ENABLE_TRACING", true),
+      MAX_QUERY_DEPTH: parser.int("MAX_QUERY_DEPTH", 10),
+      MAX_QUERY_COMPLEXITY: parser.int("MAX_QUERY_COMPLEXITY", 1e3),
+      INTROSPECTION_ENABLED: parser.bool("INTROSPECTION_ENABLED", false),
+      REDIS_URL: parser.string("REDIS_URL"),
+      REDIS_TOKEN: parser.string("REDIS_TOKEN"),
+      LOG_SERVICE_URL: parser.string("LOG_SERVICE_URL"),
+      LOG_SERVICE_TOKEN: parser.string("LOG_SERVICE_TOKEN")
+    };
+    return this.config;
+  }
+  /**
+   * Get current configuration
+   */
+  getConfig() {
+    if (!this.config) {
+      throw new Error("Environment not loaded. Call load() first.");
+    }
+    return this.config;
+  }
+  /**
+   * Helper getters for common checks
+   */
+  get isDev() {
+    return this.config?.NODE_ENV === "development";
+  }
+  get isTest() {
+    return this.config?.NODE_ENV === "test";
+  }
+  get isProd() {
+    return this.config?.NODE_ENV === "production";
+  }
+};
+var envLoader = new EnvironmentLoader();
+
+// src/context/index.ts
+async function createBaseContext(honoContext) {
+  const request = honoContext.request;
+  const rawEnv = honoContext.env;
+  const env = envLoader.load(rawEnv);
+  let user;
+  const encodedUser = request.headers.get(Headers.GATEWAY_USER);
+  if (encodedUser) {
+    if (env.GATEWAY_SECRET) {
+      const signature = request.headers.get(Headers.GATEWAY_USER_SIGNATURE);
+      user = await verifyAndParseUser(
+        encodedUser,
+        signature,
+        env.GATEWAY_SECRET
+      );
+    } else if (env.NODE_ENV !== "production") {
+      try {
+        user = JSON.parse(atob(encodedUser));
+      } catch (e) {
+        console.error("Failed to parse user in dev mode:", e);
+      }
+    }
+  }
+  const cache = createCache(rawEnv);
+  if (cache) {
+    logger.info("KV cache initialized for GraphQL resolvers");
+  }
+  return {
+    user,
+    logger,
+    cache,
+    env,
+    // Pass validated env config
+    executionCtx: honoContext.ctx,
+    authorization: request.headers.get(Headers.AUTH) || "",
+    clientId: request.headers.get(Headers.CLIENT_ID) || ""
+  };
+}
+function createContextFunction(extendContext) {
+  if (!extendContext) {
+    return (honoContext) => createBaseContext(honoContext);
+  }
+  return async (honoContext) => {
+    const baseContext = await createBaseContext(honoContext);
+    return extendContext(baseContext, honoContext);
+  };
+}
+
+// src/utils/builder.util.ts
+function assertDefined(t, msg) {
+  if (t === void 0) {
+    throw new Error("Assertion failed when configuring server: " + msg);
+  }
+  return true;
+}
+
+// src/server/server.builder.ts
+import { ApolloServer } from "@apollo/server";
+import { startServerAndCreateCloudflareWorkersHandler } from "@as-integrations/cloudflare-workers";
+
+// src/server/hono.configure.ts
+import { Hono } from "hono";
+import { cors } from "hono/cors";
+import { compress } from "hono/compress";
+
+// src/middleware/validation.ts
+function createValidationMiddleware(options = {}) {
+  return async (c, next) => {
+    try {
+      const env = c.get("env");
+      const maxQueryDepth = options.maxQueryDepth || env?.MAX_QUERY_DEPTH || 10;
+      const maxQueryComplexity = options.maxQueryComplexity || env?.MAX_QUERY_COMPLEXITY || 1e3;
+      const maxAliasCount = options.maxAliasCount || 15;
+      const contentType = c.req.header("content-type");
+      if (c.req.method === "POST" && !contentType?.includes("application/json")) {
+        return c.json(
+          {
+            errors: [
+              {
+                message: "Content-Type must be application/json",
+                extensions: { code: "BAD_REQUEST" }
+              }
+            ]
+          },
+          400
+        );
+      }
+      const clientId = c.req.header("x-client-id");
+      if (!clientId && env?.NODE_ENV === "production") {
+        return c.json(
+          {
+            errors: [
+              {
+                message: "Client identification required",
+                extensions: { code: "BAD_REQUEST" }
+              }
+            ]
+          },
+          400
+        );
+      }
+      await next();
+    } catch (error) {
+      console.error("Validation middleware error:", error);
+      return c.json(
+        {
+          errors: [
+            {
+              message: "Request validation failed",
+              extensions: { code: "INTERNAL_SERVER_ERROR" }
+            }
+          ]
+        },
+        500
+      );
+    }
+  };
+}
+
+// src/middleware/rate-limit.ts
+function createRateLimitMiddleware(options = {}) {
+  const {
+    keyGenerator = (c) => c.req.header("x-client-id") || c.req.header("cf-connecting-ip") || "anonymous"
+  } = options;
+  return async (c, next) => {
+    const env = c.get("env");
+    const windowMs = options.windowMs || env?.RATE_LIMIT_WINDOW_MS || 60 * 1e3;
+    const max = options.max || env?.RATE_LIMIT_MAX || 100;
+    const key = keyGenerator(c);
+    const rateLimitKey = `rate_limit:${key}`;
+    if (c.env?.RATE_LIMIT_KV) {
+      const current = await c.env.RATE_LIMIT_KV.get(rateLimitKey);
+      const count = current ? parseInt(current, 10) : 0;
+      if (count >= max) {
+        return c.json(
+          {
+            errors: [
+              {
+                message: "Too many requests",
+                extensions: {
+                  code: "RATE_LIMITED",
+                  retryAfter: windowMs / 1e3
+                }
+              }
+            ]
+          },
+          429,
+          {
+            "Retry-After": String(windowMs / 1e3),
+            "X-RateLimit-Limit": String(max),
+            "X-RateLimit-Remaining": "0",
+            "X-RateLimit-Reset": String(Date.now() + windowMs)
+          }
+        );
+      }
+      await c.env.RATE_LIMIT_KV.put(rateLimitKey, String(count + 1), {
+        expirationTtl: windowMs / 1e3
+      });
+      c.header("X-RateLimit-Limit", String(max));
+      c.header("X-RateLimit-Remaining", String(max - count - 1));
+      c.header("X-RateLimit-Reset", String(Date.now() + windowMs));
+    }
+    await next();
+  };
+}
+
+// src/middleware/tracing.ts
+function createTracingMiddleware() {
+  return async (c, next) => {
+    const env = c.get("env");
+    const traceId = c.req.header("x-trace-id") || generateTraceId();
+    const spanId = generateSpanId();
+    const parentSpanId = c.req.header("x-parent-span-id");
+    const userId = c.get("userId");
+    globalThis.requestContext = {
+      traceId,
+      spanId,
+      userId
+    };
+    c.set("traceId", traceId);
+    c.set("spanId", spanId);
+    c.header("x-trace-id", traceId);
+    c.header("x-span-id", spanId);
+    const startTime = Date.now();
+    try {
+      await next();
+    } finally {
+      const duration = Date.now() - startTime;
+      logger.info(
+        {
+          type: "request",
+          traceId,
+          spanId,
+          parentSpanId,
+          method: c.req.method,
+          path: c.req.path,
+          status: c.res.status,
+          duration,
+          userAgent: c.req.header("user-agent"),
+          ip: c.req.header("cf-connecting-ip") || c.req.header("x-forwarded-for")
+        },
+        `${c.req.method} ${c.req.path} - ${c.res.status} (${duration}ms)`
+      );
+      c.header("Server-Timing", `total;dur=${duration}`);
+      delete globalThis.requestContext;
+    }
+  };
+}
+function generateTraceId() {
+  return Array.from(crypto.getRandomValues(new Uint8Array(16))).map((b) => b.toString(16).padStart(2, "0")).join("");
+}
+function generateSpanId() {
+  return Array.from(crypto.getRandomValues(new Uint8Array(8))).map((b) => b.toString(16).padStart(2, "0")).join("");
+}
+
+// src/middleware/health.ts
+function configureHealthChecks(app, options = {}) {
+  app.get("/health", (c) => {
+    return c.json({
+      status: "ok",
+      timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+      uptime: process.uptime ? process.uptime() : 0
+    });
+  });
+  app.get("/ready", async (c) => {
+    const checks = options.checks || {};
+    const results = {};
+    let allHealthy = true;
+    for (const [name, check] of Object.entries(checks)) {
+      try {
+        results[name] = await check();
+        if (!results[name]) allHealthy = false;
+      } catch (error) {
+        results[name] = false;
+        allHealthy = false;
+      }
+    }
+    const status = allHealthy ? 200 : 503;
+    return c.json(
+      {
+        status: allHealthy ? "ready" : "not_ready",
+        checks: results,
+        timestamp: (/* @__PURE__ */ new Date()).toISOString()
+      },
+      status
+    );
+  });
+  app.get("/metrics", (c) => {
+    return c.text(`# HELP graphql_requests_total Total number of GraphQL requests
+# TYPE graphql_requests_total counter
+graphql_requests_total 0
+
+# HELP graphql_errors_total Total number of GraphQL errors
+# TYPE graphql_errors_total counter
+graphql_errors_total 0
+
+# HELP graphql_duration_seconds GraphQL request duration
+# TYPE graphql_duration_seconds histogram
+graphql_duration_seconds_bucket{le="0.1"} 0
+graphql_duration_seconds_bucket{le="0.5"} 0
+graphql_duration_seconds_bucket{le="1"} 0
+graphql_duration_seconds_bucket{le="+Inf"} 0
+graphql_duration_seconds_sum 0
+graphql_duration_seconds_count 0`);
+  });
+}
+
+// src/server/hono.configure.ts
+function configureHono(builder) {
+  const app = new Hono();
+  app.use("*", async (c, next) => {
+    const rawEnv = c.env || {};
+    const env = typeof rawEnv.NODE_ENV !== "undefined" ? rawEnv : {};
+    c.set("env", env);
+    await next();
+  });
+  app.use("*", createTracingMiddleware());
+  app.use("*", compress());
+  app.use("*", createValidationMiddleware());
+  app.use("*", createRateLimitMiddleware());
+  configureHealthChecks(app, {
+    checks: {
+      graphql: async () => true
+      // Check GraphQL schema is loaded
+    }
+  });
+  app.use(
+    "/*",
+    cors({
+      origin: (origin, c) => {
+        const env = c.env;
+        const isProd = env.NODE_ENV === "production";
+        const allowedOrigins = env.ALLOWED_ORIGINS ? typeof env.ALLOWED_ORIGINS === "string" ? env.ALLOWED_ORIGINS.split(",").map((s) => s.trim()) : env.ALLOWED_ORIGINS : ["http://localhost:3000"];
+        if (!isProd) {
+          return origin || "*";
+        }
+        return allowedOrigins.includes(origin) ? origin : allowedOrigins[0];
+      },
+      allowHeaders: [
+        "Content-Type",
+        "Authorization",
+        "x-apollo-operation-name",
+        "apollo-require-preflight"
+      ],
+      allowMethods: ["POST", "GET", "OPTIONS"],
+      credentials: true,
+      maxAge: 86400
+    })
+  );
+  app.use("*", async (c, next) => {
+    await next();
+    const env = c.get("env");
+    const isProd = env?.NODE_ENV === "production";
+    c.header("X-Content-Type-Options", "nosniff");
+    c.header("X-Frame-Options", "DENY");
+    c.header("X-XSS-Protection", "1; mode=block");
+    c.header("Referrer-Policy", "strict-origin-when-cross-origin");
+    c.header("Server", "GraphQL");
+    if (isProd) {
+      c.header(
+        "Content-Security-Policy",
+        "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline';"
+      );
+      c.header(
+        "Strict-Transport-Security",
+        "max-age=31536000; includeSubDomains; preload"
+      );
+    }
+  });
+  return app;
+}
+
+// src/utils/graphql.util.ts
+import { ApolloServerErrorCode } from "@apollo/server/errors";
+var BAD_USER_INPUT_CODE = ApolloServerErrorCode.BAD_USER_INPUT;
+var getNonUserInputErrors = (errors) => errors.filter((e) => e.extensions?.code !== BAD_USER_INPUT_CODE);
+
+// src/utils/tracing.util.ts
+var getOpsName = (gqlCtx) => gqlCtx.contextValue.rootSpan?.getBaggageItem(
+  "root_op_name" /* ROOT_OP_NAME */
+) || gqlCtx.request.operationName || gqlCtx.operationName || "UNKNOWN";
+
+// src/logger/apollo.logger.ts
+var getUserId = (gqlCtx) => gqlCtx.user?.id ?? "UNKNOWN";
+function createApolloLoggingPlugin() {
+  return {
+    async requestDidStart(requestContext) {
+      const start = Date.now();
+      const operationName = requestContext.request.operationName;
+      const requestLogger = createLogger({
+        source: "apollo",
+        operationName
+      });
+      return {
+        async didResolveOperation(gqlCtx) {
+          const userId = getUserId(gqlCtx.contextValue);
+          const operation = getOpsName(gqlCtx);
+          requestLogger.info(
+            {
+              event: "operation_resolved",
+              operation,
+              userId,
+              operationName: gqlCtx.operationName,
+              variables: gqlCtx.request.variables
+            },
+            `Operation [${operation}] resolved for user [${userId}]`
+          );
+        },
+        async willSendResponse(gqlCtx) {
+          const errors = getNonUserInputErrors(gqlCtx.errors || []);
+          const duration = Date.now() - start;
+          const userId = getUserId(gqlCtx.contextValue);
+          const operation = getOpsName(gqlCtx);
+          if (errors.length > 0) {
+            requestLogger.error(
+              {
+                event: "operation_error",
+                operation,
+                userId,
+                duration,
+                errors: errors.map((e) => ({
+                  message: e.message,
+                  path: e.path,
+                  extensions: e.extensions,
+                  stack: e.stack
+                }))
+              },
+              `Operation [${operation}] failed with ${errors.length} error(s)`
+            );
+          }
+          requestLogger.info(
+            {
+              event: "operation_complete",
+              operation,
+              userId,
+              duration,
+              success: errors.length === 0,
+              errorCount: errors.length
+            },
+            `Operation [${operation}] completed in ${duration}ms${errors.length > 0 ? " with errors" : " successfully"}`
+          );
+        },
+        async didEncounterErrors(gqlCtx) {
+          const errors = gqlCtx.errors || [];
+          const userId = getUserId(gqlCtx.contextValue);
+          requestLogger.error(
+            {
+              event: "graphql_errors",
+              userId,
+              errors: errors.map((e) => ({
+                message: e.message,
+                path: e.path,
+                extensions: e.extensions
+              }))
+            },
+            `GraphQL execution encountered ${errors.length} error(s)`
+          );
+        }
+      };
+    }
+  };
+}
+
+// src/server/plugin.configure.ts
+import { ApolloServerPluginLandingPageDisabled } from "@apollo/server/plugin/disabled";
+function configurePlugins(builder) {
+  builder.plugins.push(ApolloServerPluginLandingPageDisabled());
+  builder.plugins.push(createApolloLoggingPlugin());
+}
+
+// src/server/server.builder.ts
+var ServerBuilder = class {
+  constructor(config) {
+    this.config = config;
+    this.plugins = [];
+    this.assert();
+    this.app = configureHono(this);
+    this.schema = this.config.apollo.schema;
+  }
+  configure() {
+    const honoApp = this.app;
+    configurePlugins(this);
+    const server = new ApolloServer({
+      schema: this.schema,
+      plugins: this.plugins
+    });
+    const cfHandler = startServerAndCreateCloudflareWorkersHandler(
+      server,
+      {
+        context: async (c) => createContextFunction(this.config.extendContext)(c)
+      }
+    );
+    honoApp.all(this.config.path ?? "/", async (c) => {
+      let executionCtx;
+      try {
+        executionCtx = c.executionCtx;
+      } catch (e) {
+        executionCtx = {
+          waitUntil: (promise) => promise,
+          passThroughOnException: () => {
+          }
+        };
+      }
+      return cfHandler(c.req.raw, c.env, executionCtx);
+    });
+    return {
+      // fetch: app.fetch,
+      async fetch(request, env, ctx) {
+        await Promise.resolve();
+        return honoApp.fetch(request, env, ctx);
+      },
+      port: 3344
+      // Only used in local development
+    };
+  }
+  assert() {
+    assertDefined(
+      this.config.apollo.schema,
+      "Apollo server config must have a schema"
+    );
+  }
+};
+
+// src/server/index.ts
+var SERVICE_NAME_REGEX = /^[a-z0-9\-_]+$/i;
+function createGraphQLServer(options) {
+  if (!SERVICE_NAME_REGEX.test(options.name)) {
+    throw new Error("Service name must be alphanumeric, hyphen, or underscore");
+  }
+  logger.info(`Creating GraphQL server ${options.name} v${options.version}`);
+  return new ServerBuilder(options.config);
+}
+
+// src/utils/error.util.ts
+import { GraphQLError } from "graphql";
+import { ApolloServerErrorCode as ApolloServerErrorCode2 } from "@apollo/server/errors";
+var ErrorCode = /* @__PURE__ */ ((ErrorCode2) => {
+  ErrorCode2["UNAUTHENTICATED"] = "UNAUTHENTICATED";
+  ErrorCode2["FORBIDDEN"] = "FORBIDDEN";
+  ErrorCode2["VALIDATION_FAILED"] = "VALIDATION_FAILED";
+  ErrorCode2["RATE_LIMITED"] = "RATE_LIMITED";
+  ErrorCode2["EXTERNAL_SERVICE_ERROR"] = "EXTERNAL_SERVICE_ERROR";
+  ErrorCode2["NOT_FOUND"] = "NOT_FOUND";
+  ErrorCode2["CONFLICT"] = "CONFLICT";
+  return ErrorCode2;
+})(ErrorCode || {});
+var AppError = class extends GraphQLError {
+  constructor(message, code, extensions) {
+    super(message, {
+      extensions: {
+        code,
+        ...extensions
+      }
+    });
+  }
+};
+
+// src/utils/schema.util.ts
+import { gql } from "graphql-tag";
+var createSchemaModule = (typeDefs, resolvers) => ({
+  typeDefs,
+  resolvers
+});
+export {
+  AppError,
+  CachedDataLoader,
+  ErrorCode,
+  KVCache,
+  RedisCache,
+  ServerBuilder,
+  cached,
+  configureHealthChecks,
+  createApolloLoggingPlugin,
+  createCache,
+  createContextFunction,
+  createGraphQLServer,
+  createRateLimitMiddleware,
+  createSchemaModule,
+  createTracingMiddleware,
+  createValidationMiddleware,
+  envLoader,
+  getNonUserInputErrors,
+  gql,
+  logger
+};
+//# sourceMappingURL=index.js.map