-
Notifications
You must be signed in to change notification settings - Fork 3
/
createGraphQlKoaRouter.ts
70 lines (59 loc) 路 2.22 KB
/
createGraphQlKoaRouter.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
import { GraphQLSchema } from "graphql";
import * as apolloServer from "apollo-server-koa";
import * as KoaRouter from "koa-router";
import * as koaBody from "koa-bodyparser";
import IGraphQlConfig from "./IGraphQlConfig";
export default function createGraphQlKoaRouter(
schema: GraphQLSchema,
{ endpoint, graphiQlEndpointActive, graphiQlEndpoint }: IGraphQlConfig
): KoaRouter {
const koaGraphQlOptionsFunction = getKoaGraphQLOptionsFunction(schema);
const gqlKoaRouter = new KoaRouter();
gqlKoaRouter.post(endpoint, koaBody(), enforceOriginMatch, setCacheHeaders, apolloServer.graphqlKoa(koaGraphQlOptionsFunction));
gqlKoaRouter.get(endpoint, enforceOriginMatch, setCacheHeaders, apolloServer.graphqlKoa(koaGraphQlOptionsFunction));
if (graphiQlEndpointActive === true) {
gqlKoaRouter.get(graphiQlEndpoint, apolloServer.graphiqlKoa({ endpointURL: endpoint }));
}
return gqlKoaRouter;
}
async function setCacheHeaders(ctx: any, next: () => any) {
await next();
let cacheHeader = "no-store";
if (ctx.state.includesMutation === true) {
cacheHeader = "no-store";
} else {
if (ctx.state.authRequired === true) {
cacheHeader = "privat, max-age=600";
} else {
cacheHeader = "public, max-age=600";
}
}
ctx.set("Cache-Control", cacheHeader);
}
function enforceOriginMatch(ctx: any, next: () => any) {
const errorMessage = "All graphql endpoints only allow requests with origin and referrer headers or API-Client requests from non-browsers.";
if (ctx.securityContext == null) {
return ctx.throw(400, errorMessage);
}
// If a user is requesting data through an API-Client (not a Browser) simply allow everything
if (ctx.securityContext.isApiClient === true) {
return next();
}
if (ctx.securityContext.sameOriginApproved.byOrigin === true && ctx.securityContext.sameOriginApproved.byReferrer === true) {
return next();
}
return ctx.throw(400, errorMessage);
}
function getKoaGraphQLOptionsFunction(schema: GraphQLSchema): apolloServer.KoaGraphQLOptionsFunction {
return (ctx) => {
ctx.state.authRequired = false;
ctx.state.includesMutation = false;
return {
schema,
context: {
ctx,
accessToken: ctx.state.accessToken
}
};
};
}