feat: add graphql support (#349)

* fix: eslint warnings * refactor: use ramda + sanctuary instead of lodash * refactor: use prettier-standard for formatting * feat: enable security * feat: add graphql * chore: remove trailing commas from linter * docs: new scripts on react and new-admin-server * feat: handle authentication on graphql * fix: perf improvement to date picker * chore: add insecure-dev script to run servers
2019-12-24 14:36:41 +00:00 · 2019-12-24 14:36:41 +00:00 · b8e0c2175b
commit b8e0c2175b
parent 49f434f1d1
182 changed files with 8827 additions and 4623 deletions
--- a/lib/new-admin/admin-server.js
+++ b/lib/new-admin/admin-server.js
@ -1,103 +1,92 @@
-const bodyParser = require('body-parser')
-const cors = require('cors')
+const fs = require('fs')
 const express = require('express')
-const http = require('http')
-const got = require('got')
+const https = require('https')
+const helmet = require('helmet')
+const cookieParser = require('cookie-parser')
+const { ApolloServer, AuthenticationError } = require('apollo-server-express')

-const supportLogs = require('../support_logs')
-const machineLoader = require('../machine-loader')
-const logs = require('../logs')
-const transactions = require('./transactions')
+const T = require('../time')
+const options = require('../options')

-const serverLogs = require('./server-logs')
-const supervisor = require('./supervisor')
-const funding = require('./funding')
-const config = require('./config')
+const login = require('./login')
+const { typeDefs, resolvers } = require('./graphql/schema')

 const devMode = require('minimist')(process.argv.slice(2)).dev
+const NEVER = new Date(Date.now() + 100 * T.years)

-const app = express()
-app.use(bodyParser.json())
-
-if (devMode) {
-  app.use(cors())
+const hostname = options.hostname
+if (!hostname) {
+  console.error('Error: no hostname specified.')
+  process.exit(1)
 }

-app.get('/api/config', async (req, res, next) => {
-  const state = config.getConfig(req.params.config)
-  const data = await config.fetchData()
-  res.json({ state, data })
-  next()
+const app = express()
+app.use(helmet({ noCache: true }))
+app.use(cookieParser())
+
+const apolloServer = new ApolloServer({
+  typeDefs,
+  resolvers,
+  playground: false,
+  introspection: false,
+  formatError: error => {
+    console.log(error)
+    return error
+  },
+  context: async ({ req }) => {
+    const token = req.cookies && req.cookies.token
+
+    const success = await login.authenticate(token)
+    if (!success) throw new AuthenticationError('Authentication failed')
+  }
 })

-app.post('/api/config', (req, res, next) => {
-  config.saveConfig(req.body)
-    .then(it => res.json(it))
-    .then(() => dbNotify())
-    .catch(next)
+apolloServer.applyMiddleware({
+  app,
+  cors: {
+    credentials: true,
+    origin: devMode && 'https://localhost:3000'
+  }
 })

-app.get('/api/funding', (req, res) => {
-  return funding.getFunding()
-    .then(r => res.json(r))
+app.get('/api/register', (req, res, next) => {
+  const otp = req.query.otp
+
+  if (!otp) return next()
+
+  return login.register(otp)
+    .then(r => {
+      if (r.expired) return res.status(401).send('OTP expired, generate new registration link')
+
+      // Maybe user is using old registration key, attempt to authenticate
+      if (!r.success) return next()
+
+      const cookieOpts = {
+        httpOnly: true,
+        secure: true,
+        domain: hostname,
+        sameSite: true,
+        expires: NEVER
+      }
+
+      const token = r.token
+      req.token = token
+      res.cookie('token', token, cookieOpts)
+      res.sendStatus(200)
+    })
 })

-app.get('/api/machines', (req, res) => {
-  machineLoader.getMachineNames()
-    .then(r => res.send({ machines: r }))
-})
-
-app.get('/api/logs/:deviceId', (req, res, next) => {
-  return logs.getMachineLogs(req.params.deviceId)
-    .then(r => res.send(r))
-    .catch(next)
-})
-
-app.post('/api/support_logs', (req, res, next) => {
-  return supportLogs.insert(req.query.deviceId)
-    .then(r => res.send(r))
-    .catch(next)
-})
-
-app.get('/api/version', (req, res, next) => {
-  res.send(require('../../package.json').version)
-})
-
-app.get('/api/uptimes', (req, res, next) => {
-  return supervisor.getAllProcessInfo()
-    .then(r => res.send(r))
-    .catch(next)
-})
-
-app.post('/api/server_support_logs', (req, res, next) => {
-  return serverLogs.insert()
-    .then(r => res.send(r))
-    .catch(next)
-})
-
-app.get('/api/server_logs', (req, res, next) => {
-  return serverLogs.getServerLogs()
-    .then(r => res.send(r))
-    .catch(next)
-})
-
-app.get('/api/txs', (req, res, next) => {
-  return transactions.batch()
-    .then(r => res.send(r))
-    .catch(next)
-})
-
-function dbNotify () {
-  return got.post('http://localhost:3030/dbChange')
-    .catch(e => console.error('Error: lamassu-server not responding'))
+const certOptions = {
+  key: fs.readFileSync(options.keyPath),
+  cert: fs.readFileSync(options.certPath)
 }

 function run () {
-  const serverPort = 8070
+  const serverPort = devMode ? 8070 : 443

  const serverLog = `lamassu-admin-server listening on port ${serverPort}`

-  const webServer = http.createServer(app)
+  const webServer = https.createServer(certOptions, app)
  webServer.listen(serverPort, () => console.log(serverLog))
 }