fix graphql subscription auth; no wss for now (#1162)

backend/graphql/User/queries.ts

@@ -9,7 +9,7 @@ import {
 
 import { User } from "@prisma/client"
 
-import { isAdmin } from "../../accessControl"
+import { isAdmin, Role } from "../../accessControl"
 import { ForbiddenError, UserInputError } from "../../lib/errors"
 import { buildUserSearch, convertPagination } from "../../util/db-functions"
 import { notEmpty } from "../../util/notEmpty"
@@ -137,14 +137,20 @@ export const UserSubscriptions = extendType({
       args: {
         search: nonNull(stringArg()),
       },
-      // authorize: isAdmin,
+      authorize: isAdmin,
       subscribe(_, { search }, ctx) {
+        if (ctx.role !== Role.ADMIN) {
+          throw new ForbiddenError("Not authorized")
+        }
+
         const queries = buildUserSearch(search) ?? []
         const fieldCount = queries.length
+
         let users: Array<User> = []
 
         return (async function* () {
           let fieldIndex = 1
+
           for (const query of queries) {
             const field = Object.keys(query).join(", ")
             const fieldValue = Object.values(query)

backend/middlewares/fetchUser.ts

@@ -16,7 +16,9 @@ export const moocfiAuthPlugin = () =>
           return next(root, args, ctx, info)
         }
 
-        const rawToken = ctx.req?.headers?.authorization // connection?
+        const rawToken =
+          ctx.req?.headers?.authorization ??
+          (ctx.req?.headers?.["Authorization"] as string) // connection?
 
         if (!rawToken) {
           ctx.role = Role.VISITOR

backend/server.ts

@@ -10,9 +10,14 @@ import morgan from "morgan"
 import { WebSocketServer } from "ws"
 
 import { ApolloServer } from "@apollo/server"
-// import { ApolloServerPluginLandingPageGraphQLPlayground } from "@apollo/server-plugin-landing-page-graphql-playground"
+import { ApolloServerPluginEmbeddedLandingPageProductionDefaultOptions } from "@apollo/server/dist/esm/plugin/landingPage/default/types"
 import { expressMiddleware } from "@apollo/server/express4"
 import { ApolloServerPluginDrainHttpServer } from "@apollo/server/plugin/drainHttpServer"
+// import { ApolloServerPluginLandingPageGraphQLPlayground } from "@apollo/server-plugin-landing-page-graphql-playground"
+import {
+  ApolloServerPluginLandingPageLocalDefault,
+  ApolloServerPluginLandingPageProductionDefault,
+} from "@apollo/server/plugin/landingPage/default"
 
 import { apiRouter } from "./api"
 import { DEBUG, isProduction, isTest } from "./config"
@@ -75,10 +80,26 @@ export default async (serverContext: ServerContext) => {
     server: httpServer,
     path: isProduction ? "/api" : "/",
   })
+
   const serverCleanup = useServer(
     {
       schema,
-      context: serverContext,
+      context: (ctx) => {
+        const { prisma, logger, knex, extraContext } = serverContext
+
+        return {
+          ...ctx,
+          req: {
+            headers: {
+              ...ctx.connectionParams, // compatibility with middleware
+            },
+          },
+          prisma,
+          logger,
+          knex,
+          ...extraContext,
+        }
+      },
     },
     wsServer,
   )
@@ -87,6 +108,12 @@ export default async (serverContext: ServerContext) => {
     schema,
     plugins: [
       ApolloServerPluginDrainHttpServer({ httpServer }),
+      isProduction
+        ? ApolloServerPluginLandingPageProductionDefault({
+            graphRef: "foo@mooc",
+            embed: true,
+          } as ApolloServerPluginEmbeddedLandingPageProductionDefaultOptions)
+        : ApolloServerPluginLandingPageLocalDefault(),
       /*ApolloServerPluginLandingPageGraphQLPlayground({
         endpoint: isProduction ? "/api" : "/graphql",
       }),*/

frontend/lib/with-apollo-client/get-apollo.ts

@@ -124,7 +124,7 @@ function create(
   const wsLink = isBrowser
     ? new GraphQLWsLink(
         createClient({
-          url: production ? "wss://www.mooc.fi/api/" : "ws://localhost:4000",
+          url: production ? "ws://www.mooc.fi/api/" : "ws://localhost:4000",
         }),
       )
     : null