feat: initial graphql and migrations

Author: ncrmro

.gitignore

@@ -2,3 +2,4 @@
 *.log
 
 node_modules
+generated

README.md

@@ -1,41 +1,54 @@
 # Postgres GraphQL
 
-This is an example project using the following technologies to provide a GraphQL server.
+This is an example project using the following technologies to provide a GraphQL
+server.
 
-- Postgres
-- Postgraphql
-- Graphile Migrate
+- [Postgres](https://www.postgresql.org)
+- [PostGraphile](https://www.graphile.org)
+- [graphile-migrate](https://github.com/graphile/migrate)
 
-The main benefit here is our GraphQL API types come directly from the Database, furthermore in our frontend applications
-we can automatically generate Typescript Types and Typed requests to interact with our API greatly improving development
-agility and our application's integrity.
+The main benefit here is our GraphQL API types come directly from the Database,
+furthermore in our frontend applications we can automatically generate
+Typescript Types and Typed requests to interact with our API improving
+development agility and our application's integrity.
 
 ## Getting Started
 
-The only hard requirement is that you have `docker` and `docker-compose` installed which, although naturally you could
-install everything locally.
+The only hard requirement is that you have `docker` and `docker-compose`
+installed, although naturally, you could install everything locally.
 
 ### .env
 
-First lets copy the `.env.example` to `.env`, this file will be used by `docker-compose` which will pass these environment
-variables into designated containers.
+First, let's copy the `.env.example` to `.env`. This file used by
+`docker-compose` will pass these environment variables into designated
+containers.
 
 ```bash
 cp .env.example .env
 ```
 
-### Local Docker Development
+Pull the images
+
+```bash
+docker-compose pull
+```
+
+And then we can build our services.
 
 ```bash
 docker-compose build
 ```
 
-Lets initialize and insure the database is ready to go.
+### Database
+
+Initialize and ensure the database is ready to go.
 
 ```bash
 docker-compose up database
 ```
 
+#### Schema and Migrations
+
 Install the dependencies
 
 ```bash
@@ -48,8 +61,60 @@ Initialize graphile-migrate
 docker-compose run migrations yarn graphile-migrate init
 ```
 
-Write some migrations in `current.sql`, once your ready to commit.
+At this point, we are ready to start the migrations watch service. Kill our
+existing docker-compose process with `control + c`. Then start up the migration
+watcher.
 
 ```bash
-docker-compose exec migrations yarn graphile-migrate commit
+docker-compose up database migrations
+```
+
+Write some migrations in `current.sql`, once you're ready to commit.
+
+Note I like to keep the minimum amount of logic in a specific commit to make
+your schema easier to read in the future, this also keeps your agility up in
+regards to developing new features.
+
+```bash
+docker-compose exec migrations yarn graphile-migrate commit -m "my commit message"
+```
+
+If you need to reset the database and rerun committed migrations.
+
+```bash
+docker-compose exec migrations yarn graphile-migrate reset --erase
+```
+
+### GraphQL
+
+Once we have our database up and running with a schema we can go ahead and start
+the GraphQL server.
+
+```bash
+docker-compose up database migrations gql
+```
+
+Or using up without and other parameters would start all available
+docker-compose services
+
+```bash
+docker-compose up database migrations gql
+```
+
+Note that because GraphQL specifies migrations as a dependency and migrations
+specify database as a dependency we could also start everything up with the
+following command, although this would only output logs from the gql service
+hiding other crucial logs.
+
+```bash
+docker-compose up database migrations gql
+```
+
+#### GraphiQL
+
+Postgraphile comes with a nifty interface to aid in development called GraphiQL,
+this allows us to inspect our current GraphQL schema at the following URL.
+
+```
+http://localhost:5000/graphiql
 ```

apps/database/migrations/committed/000001-schemas-and-roles.sql

@@ -0,0 +1,32 @@
+--! Previous: -
+--! Hash: sha1:417a071b3828db454e480480b1f48ba490dcf60e
+--! Message: schemas and roles
+
+-- Enter migration here
+
+CREATE SCHEMA IF NOT EXISTS public;
+CREATE SCHEMA IF NOT EXISTS private;
+
+DO
+$$
+    BEGIN
+        CREATE ROLE myapp_anonymous;
+    EXCEPTION
+        WHEN DUPLICATE_OBJECT THEN
+            RAISE NOTICE 'not creating anonymous role -- it already exists';
+    END
+$$;
+
+DO
+$$
+    BEGIN
+        CREATE ROLE myapp_viewer;
+    EXCEPTION
+        WHEN DUPLICATE_OBJECT THEN
+            RAISE NOTICE 'not creating viewer role -- it already exists';
+    END
+$$;
+
+ALTER DEFAULT PRIVILEGES REVOKE EXECUTE ON FUNCTIONS FROM PUBLIC;
+ALTER DEFAULT PRIVILEGES REVOKE EXECUTE ON FUNCTIONS FROM myapp_anonymous;
+ALTER DEFAULT PRIVILEGES REVOKE EXECUTE ON FUNCTIONS FROM myapp_viewer;

apps/database/migrations/committed/000002-updated-at-trigger.sql

@@ -0,0 +1,13 @@
+--! Previous: sha1:417a071b3828db454e480480b1f48ba490dcf60e
+--! Hash: sha1:2d6741b787f0894efd5bbb849d19df6eed3d1839
+--! Message: updated at trigger
+
+-- Enter migration here
+
+CREATE OR REPLACE FUNCTION private.set_updated_at() RETURNS trigger AS
+$$
+BEGIN
+    new.updated_at := current_timestamp;
+    RETURN new;
+END;
+$$ LANGUAGE plpgsql;

apps/database/migrations/committed/000003-user-tables.sql

@@ -0,0 +1,61 @@
+--! Previous: sha1:2d6741b787f0894efd5bbb849d19df6eed3d1839
+--! Hash: sha1:2874c961801a9d6832bd9442d92795af2ee6048b
+--! Message: user tables
+
+-- Enter migration here
+
+DROP TABLE IF EXISTS public.user;
+
+CREATE TABLE public.user
+(
+    id         uuid PRIMARY KEY     DEFAULT gen_random_uuid(),
+    username   text CHECK (char_length(username) < 32) UNIQUE,
+    created_at timestamptz NOT NULL DEFAULT (NOW() AT TIME ZONE 'utc'),
+    updated_at timestamptz NOT NULL DEFAULT (NOW() AT TIME ZONE 'utc')
+);
+
+COMMENT ON TABLE public.user IS 'Public information about a user';
+COMMENT ON COLUMN public.user.username IS 'This publicly viewable username';
+
+CREATE TRIGGER user_updated_at
+    BEFORE UPDATE
+    ON public.user
+    FOR EACH ROW
+EXECUTE PROCEDURE private.set_updated_at();
+
+CREATE POLICY select_user ON public.user FOR SELECT
+    USING (id = current_setting('jwt.claims.user_id', TRUE)::uuid);
+
+CREATE POLICY update_user ON public.user FOR UPDATE TO myapp_viewer
+    USING (id = current_setting('jwt.claims.person_id', TRUE)::uuid);
+
+COMMENT ON TABLE public.user IS E'@omit delete';
+
+DROP TABLE IF EXISTS private.user_account;
+
+CREATE TABLE private.user_account
+(
+    user_id       uuid PRIMARY KEY REFERENCES public.user (id) ON DELETE CASCADE,
+    email         text        NOT NULL UNIQUE CHECK (email ~* '^.+@.+\..+$'),
+    active        bool                 DEFAULT FALSE,
+    password_hash text,
+    created_at    timestamptz NOT NULL DEFAULT (NOW() AT TIME ZONE 'utc'),
+    updated_at    timestamptz NOT NULL DEFAULT (NOW() AT TIME ZONE 'utc')
+);
+
+COMMENT ON TABLE private.user_account IS 'Private information about a person’s account.';
+COMMENT ON COLUMN private.user_account.user_id IS 'The id of the person associated with this account.';
+COMMENT ON COLUMN private.user_account.email IS 'The email address of the person.';
+COMMENT ON COLUMN private.user_account.password_hash IS 'An opaque hash of the person’s password.';
+
+CREATE TRIGGER user_account_updated_at
+    BEFORE UPDATE
+    ON private.user_account
+    FOR EACH ROW
+EXECUTE PROCEDURE private.set_updated_at();
+
+CREATE POLICY select_private_user ON private.user_account FOR SELECT
+    USING (user_id = current_setting('jwt.claims.user_id', TRUE)::uuid);
+
+CREATE POLICY update_private_user ON private.user_account FOR UPDATE TO myapp_viewer
+    USING (user_id = current_setting('jwt.claims.person_id', TRUE)::uuid);

apps/database/migrations/committed/000004-user-registration.sql

@@ -0,0 +1,37 @@
+--! Previous: sha1:2874c961801a9d6832bd9442d92795af2ee6048b
+--! Hash: sha1:ab7772c2fb1a26725a0f3802bdb273a470e77191
+--! Message: user registration
+
+-- Enter migration here
+
+CREATE EXTENSION IF NOT EXISTS "pgcrypto";
+
+DROP TYPE IF EXISTS public.jwt_token CASCADE;
+
+CREATE TYPE public.jwt_token AS
+(
+    role     text,
+    user_id  uuid,
+    username text,
+    email    text,
+    exp      bigint
+);
+
+CREATE OR REPLACE FUNCTION public.register_user(email text,
+                                     password text) RETURNS public.jwt_token AS
+$$
+DECLARE "user" public.user;
+BEGIN
+    INSERT INTO public.user (username)
+    VALUES (email)
+    RETURNING * INTO "user";
+
+    INSERT INTO private.user_account (user_id, email, password_hash)
+    VALUES ("user".id, email, crypt(password, gen_salt('bf')));
+
+    RETURN public.authenticate(email, password);
+END;
+$$ LANGUAGE plpgsql STRICT
+                    SECURITY DEFINER;
+
+COMMENT ON FUNCTION public.register_user(text, text) IS 'Registers a single user and creates an account in our forum.';

apps/database/migrations/committed/000005-user-authentication.sql

@@ -0,0 +1,31 @@
+--! Previous: sha1:ab7772c2fb1a26725a0f3802bdb273a470e77191
+--! Hash: sha1:f74433c99ebe55a2175d99c75f8a77cad78222c4
+--! Message: user authentication
+
+-- Enter migration here
+
+CREATE OR REPLACE FUNCTION public.authenticate(email text,
+                                    password text) RETURNS public.jwt_token AS
+$$
+DECLARE account  private.user_account;
+        username text;
+BEGIN
+    SELECT a.*
+    INTO account
+    FROM private.user_account AS a
+    WHERE a.email = authenticate.email;
+
+    SELECT u.username INTO username FROM public.user u WHERE id = account.user_id;
+
+    IF account.password_hash = crypt(password, account.password_hash)
+    THEN
+        RETURN ('jtx_viewer', account.user_id, username, account.email,
+                extract(EPOCH FROM (now() + INTERVAL '2 days')))::public.jwt_token;
+    ELSE
+        RETURN NULL;
+    END IF;
+END;
+$$ LANGUAGE plpgsql STRICT
+                    SECURITY DEFINER;
+
+COMMENT ON FUNCTION public.authenticate(text, text) IS 'Creates a JWT token that will securely identify a user and give them certain permissions. This token expires in 2 days.';

apps/database/migrations/current.sql

@@ -1,28 +1 @@
 -- Enter migration here
-
-CREATE SCHEMA IF NOT EXISTS myapp;
-CREATE SCHEMA IF NOT EXISTS myapp_private;
-
-DO
-$$
-    BEGIN
-        CREATE ROLE myapp_anonymous;
-    EXCEPTION
-        WHEN DUPLICATE_OBJECT THEN
-            RAISE NOTICE 'not creating anonymous role -- it already exists';
-    END
-$$;
-
-DO
-$$
-    BEGIN
-        CREATE ROLE myapp_viewer;
-    EXCEPTION
-        WHEN DUPLICATE_OBJECT THEN
-            RAISE NOTICE 'not creating viewer role -- it already exists';
-    END
-$$;
-
-ALTER DEFAULT PRIVILEGES REVOKE EXECUTE ON FUNCTIONS FROM PUBLIC;
-ALTER DEFAULT PRIVILEGES REVOKE EXECUTE ON FUNCTIONS FROM myapp_anonymous;
-ALTER DEFAULT PRIVILEGES REVOKE EXECUTE ON FUNCTIONS FROM myapp_viewer;

apps/graphql/Dockerfile

@@ -0,0 +1,21 @@
+ARG BASE_IMAGE=node:12.18.2-alpine3.11
+
+FROM $BASE_IMAGE as base
+
+WORKDIR /app
+
+CMD yarn start
+
+EXPOSE 5000
+
+RUN apk add postgresql-client
+
+COPY apps/graphql/package.json apps/graphql/yarn.lock /app/
+
+RUN yarn install --production=true
+
+COPY apps/graphql/src /app/src
+
+FROM base as dev
+
+RUN yarn install

apps/graphql/codegen.yml

@@ -0,0 +1,14 @@
+overwrite: true
+schema: "schema.graphql"
+documents: "../**/*.graphql"
+generates:
+  generated/graphql.ts:
+    plugins:
+      - typescript
+      - typescript-operations
+      - typescript-graphql-request
+
+config:
+ scalars:
+   DateTime: "string"
+   JSON: "{ [key: string]: any }"