"use strict"; /*Powered By: Manaknightdigital Inc. https://manaknightdigital.com/ Year: 2020*/ /** * App * @copyright 2020 Manaknightdigital Inc. * @link https://manaknightdigital.com * @license Proprietary Software licensing * @author Ryan Wong * */ require("dotenv").config(); const express = require("express"); const fs = require("fs"); const path = require("path"); const logger = require("morgan"); const helmet = require("helmet"); const cookieParser = require("cookie-parser"); const cors = require("cors"); const { ApolloServer } = require("apollo-server-express"); const { graphqlUploadExpress } = require("graphql-upload"); const body_parser = require("body-parser"); const db = require("./models"); const typeDefs = fs.readFileSync( path.join(__dirname, "/types/schema.graphql"), "utf8" ); const jwtService = require("./services/JwtService"); const resolvers = require("./resolvers"); const schemaDirectives = require("./directives"); const { AuthenticationError } = require("./services/ErrorService"); const { errorCodes } = require("./core/strings"); const { formatGraphqlError } = require("./utils/formatError"); const GRAPHQL_PATH = "/graphql"; const ALLOWED_ROLE_IDS = [2]; let app = express(); app.use(logger("dev")); if (process.env.MODE === "development") { logger.token("graphql-query", (req) => { const disallowedLogs = ["IntrospectionQuery"]; if (req.method === "POST" && req.originalUrl === GRAPHQL_PATH) { const { query, variables, operationName } = req.body; return !disallowedLogs.includes(operationName) ? `GRAPHQL: \nOperation Name: ${operationName} \nQuery: ${query} \nVariables: ${JSON.stringify( variables )}` : ""; } return ""; }); app.use(logger(":graphql-query")); } const server = new ApolloServer({ uploads: false, typeDefs, resolvers, schemaDirectives, context: async ({ req }) => { // const token = req.headers.authorization // if (!token) { // throw new AuthenticationError( // 'Invalid token', // errorCodes.token.INVALID_TOKEN // ) // } // const cleanToken = token.replace('Bearer ', '') // const verify = jwtService.verifyAccessToken(cleanToken) // const roleId = verify?.role_id // const user = verify?.user // const credentialId = verify?.credential_id // if (!verify || !roleId || !user || !credentialId) { // throw new AuthenticationError( // 'Invalid token', // errorCodes.token.INVALID_TOKEN // ) // } // if (!ALLOWED_ROLE_IDS.includes(+roleId)) { // throw new AuthenticationError( // 'Access Denied', // errorCodes.account.UNAUTHORIZED // ) // } return { credentialId: 1, user: { id: 1, role_id: 1 }, db, role: { roleId: 1, allowedRoleIds: [1, 2, 3], // allowedRoleIds: ALLOWED_ROLE_IDS, }, }; }, formatError: formatGraphqlError, }); if (process.NODE_ENV === "maintenance") { app.all("*", (req, res) => { res.status(503).json({ message: "website under maintenance" }); }); } app.set("iocContainer", process.env); app.set("db", db); app.use(body_parser.json({ limit: "50mb" })); app.use(express.json()); app.use( express.urlencoded({ extended: false, }) ); app.use(cors()); app.set("view engine", "eta"); app.set("views", path.join(__dirname, "/views")); app.use(cookieParser()); app.use(helmet()); app.use(express.static(path.join(__dirname, "/public"))); app.use(express.static(path.join(__dirname, "/uploads"))); app.use(express.static(path.join(__dirname))); app.use(graphqlUploadExpress({ maxFileSize: 1000000000, maxFiles: 10 })); server.applyMiddleware({ app, path: GRAPHQL_PATH }); app.use((err, req, res, next) => { res.locals.message = err.message; res.locals.error = req.app.get("env") === "development" ? err : {}; // render the error page res.status(err.status || 500); res.json({ message: err.message, }); }); app.use((_, res, next) => { return res .status(400) .send("

404: Page Not Found!

"); }); module.exports = { app, apollo: server, };