Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add HTTPS to GraphQL and NextJS Server #376

Closed
wants to merge 1 commit into from
Closed

Add HTTPS to GraphQL and NextJS Server #376

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions app/.eslintrc.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,7 @@ module.exports = {
},
},
rules: {
'no-console': 2,
'no-empty': [
'error',
{
Expand Down
6 changes: 4 additions & 2 deletions app/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,10 @@
"name": "@connexta/revelio",
"version": "2.0.0",
"scripts": {
"dev": "next",
"dev": "cross-env NODE_ENV=development node src/server.js",
"build": "next build",
"build:storybook": "build-storybook -c .storybook -o target/storybook",
"start": "next start",
"start": "cross-env NODE_ENV=production node src/server.js",
"fmt": "prettier \"**/*.{js,jsx,ts,tsx,json}\" --write",
"storybook": "start-storybook -p 8081 -c .storybook",
"lint": "eslint .",
Expand Down Expand Up @@ -33,6 +33,7 @@
"golden-layout": "^1.5.9",
"graphql": "^14.0.2",
"graphql-tag": "2.10.3",
"https": "^1.0.0",
"immutable": "^4.0.0-rc.12",
"isomorphic-unfetch": "^3.0.0",
"lodash.throttle": "^4.1.1",
Expand All @@ -48,6 +49,7 @@
"react-beautiful-dnd": "^13.0.0",
"react-dom": "^16.7.0",
"universal-cookie": "^4.0.3",
"url": "^0.11.0",
"uuid": "^7.0.3"
},
"license": "ISC",
Expand Down
2 changes: 1 addition & 1 deletion app/src/configuration.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ import getConfig from 'next/config'
const { publicRuntimeConfig } = getConfig()

const defaultConfig = {
GRAPHQL_BASE_URL: 'http://localhost:8080/graphql',
GRAPHQL_BASE_URL: 'https://localhost:8080/graphql',
}

module.exports = key => {
Expand Down
2 changes: 2 additions & 0 deletions app/src/lib/apollo.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ export const initOnContext = ctx => {
// as antipattern since it disables project wide Automatic Static Optimization.
if (process.env.NODE_ENV === 'development') {
if (inAppContext) {
// eslint-disable-next-line no-console
console.warn(
'Warning: You have opted-out of Automatic Static Optimization due to `withApollo` in `pages/_app`.\n' +
'Read more: https://err.sh/next.js/opt-out-auto-static-optimization\n'
Expand Down Expand Up @@ -152,6 +153,7 @@ export const withApollo = ({ ssr = false } = {}) => PageComponent => {
// Prevent Apollo Client GraphQL errors from crashing SSR.
// Handle them in components via the data.error prop:
// https://www.apollographql.com/docs/react/api/react-apollo.html#graphql-query-data-error
// eslint-disable-next-line no-console
console.error('Error while running `getDataFromTree`', error)
}

Expand Down
24 changes: 24 additions & 0 deletions app/src/server.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
const { createServer } = require('https')
const { parse } = require('url')
const next = require('next')
const fs = require('fs')
const dev = process.env.NODE_ENV !== 'production'
const app = next({ dev })
const handle = app.getRequestHandler()

process.env.NODE_TLS_REJECT_UNAUTHORIZED = 0
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Isn't the point of https so we can now remove this line?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

since the ddf cert is self signed, we still need this to get past that auth rejection

const httpsOptions = {
key: fs.readFileSync('../server.key'),
cert: fs.readFileSync('../server.crt'),
}

app.prepare().then(() => {
createServer(httpsOptions, (req, res) => {
const parsedUrl = parse(req.url, true)
willwill96 marked this conversation as resolved.
Show resolved Hide resolved
handle(req, res, parsedUrl)
}).listen(3000, err => {
if (err) throw err
// eslint-disable-next-line no-console
console.log('> Ready on https://localhost:3000')
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shouldn't CI have failed with this console.log are we no longer enforcing that? Or are you ignoring it for this case and I'm just not seeing it?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i was able to add this to the eslint config for the app directory but not graphql. for some reason the no-console rule won't play nicely with typescript files

})
})
5 changes: 5 additions & 0 deletions app/yarn.lock
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7810,6 +7810,11 @@ https-browserify@^1.0.0:
resolved "https://registry.yarnpkg.com/https-browserify/-/https-browserify-1.0.0.tgz#ec06c10e0a34c0f2faf199f7fd7fc78fffd03c73"
integrity sha1-7AbBDgo0wPL68Zn3/X/Hj//QPHM=

https@^1.0.0:
version "1.0.0"
resolved "https://registry.yarnpkg.com/https/-/https-1.0.0.tgz#3c37c7ae1a8eeb966904a2ad1e975a194b7ed3a4"
integrity sha1-PDfHrhqO65ZpBKKtHpdaGUt+06Q=

hyphenate-style-name@^1.0.3:
version "1.0.3"
resolved "https://registry.yarnpkg.com/hyphenate-style-name/-/hyphenate-style-name-1.0.3.tgz#097bb7fa0b8f1a9cf0bd5c734cf95899981a9b48"
Expand Down
1 change: 1 addition & 0 deletions graphql/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@
"cors": "^2.8.5",
"express": "^4.17.1",
"graphql": "^15.0.0",
"https": "^1.0.0",
"immutable": "^4.0.0-rc.12",
"isomorphic-fetch": "^2.2.1",
"moment": "^2.25.3",
Expand Down
2 changes: 1 addition & 1 deletion graphql/src/configuration.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
import url from 'url'
const defaultDdfUrl = 'https://localhost:8993'
const defaultWebappUrl = 'http://localhost:3000'
const defaultWebappUrl = 'https://localhost:3000'
Copy link
Contributor

@Bdthomson Bdthomson May 18, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just realized, does the graphql server need to know about the webapp at all? This key should be able to be removed unless I'm missing something.

Copy link
Contributor Author

@willwill96 willwill96 May 19, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is used for the CORS policy. Would it be better to allow from all origins?

revelio/graphql/src/apollo-server/index.tsx

Lines 63 to 66 in 941149b

cors: {
origin: config('WEBAPP_LOCATION'),
credentials: true,
},

const parsableAttributes: Record<string, any> = {
FETCH_ORIGIN: () =>
process.env['FETCH_ORIGIN'] && url.parse(process.env['FETCH_ORIGIN']),
Expand Down
16 changes: 13 additions & 3 deletions graphql/src/index.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,8 @@ import express from 'express'
import apolloServer from './apollo-server'
import compression from 'compression'
import config from './configuration'
import https from 'https'
import fs from 'fs'
const app = express()
const port = config('EXPRESS_PORT')

Expand Down Expand Up @@ -36,6 +38,14 @@ app.use(compression())

app.use('/graphql', apolloServer)

app.listen(port, () => {
console.log(`Server is running on port ${port}`)
})
https
.createServer(
{
key: fs.readFileSync('../server.key'),
cert: fs.readFileSync('../server.crt'),
},
app
)
.listen(port, () => {
console.log(`Server is running on port ${port}`)
})
5 changes: 5 additions & 0 deletions graphql/yarn.lock
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2092,6 +2092,11 @@ http-errors@^1.7.3, http-errors@~1.7.2:
statuses ">= 1.5.0 < 2"
toidentifier "1.0.0"

https@^1.0.0:
version "1.0.0"
resolved "https://registry.yarnpkg.com/https/-/https-1.0.0.tgz#3c37c7ae1a8eeb966904a2ad1e975a194b7ed3a4"
integrity sha1-PDfHrhqO65ZpBKKtHpdaGUt+06Q=

[email protected], iconv-lite@^0.4.24, iconv-lite@~0.4.13:
version "0.4.24"
resolved "https://registry.yarnpkg.com/iconv-lite/-/iconv-lite-0.4.24.tgz#2022b4b25fbddc21d2f524974a474aafe733908b"
Expand Down
73 changes: 73 additions & 0 deletions server.crt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,73 @@
Bag Attributes
friendlyName: localhost
localKeyID: 54 69 6D 65 20 31 35 38 39 38 33 37 36 35 34 33 34 37
subject=/CN=localhost
issuer=/C=US/ST=AZ/O=DDF/OU=Dev/CN=DDF Demo Root CA/[email protected]
-----BEGIN CERTIFICATE-----
MIICsjCCAhugAwIBAgIGAWBQwru6MA0GCSqGSIb3DQEBCwUAMIGEMQswCQYDVQQG
EwJVUzELMAkGA1UECBMCQVoxDDAKBgNVBAoTA0RERjEMMAoGA1UECxMDRGV2MRkw
FwYDVQQDExBEREYgRGVtbyBSb290IENBMTEwLwYJKoZIhvcNAQkBFiJlbWFpbEFk
ZHJlc3M9ZGRmcm9vdGNhQGV4YW1wbGUub3JnMCAXDTE3MTIxMjE2NDM0N1oYDzIx
MTcxMjEyMTY0MzQ3WjAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQDEwOqpKuMr+GmiT3kKcMKp4361ByVBaxvj5M6r
ptn+Al8oOZfxfaDOhOikUVuaPTuIYvTWW04KaQNHI3nm86RwldbwMlPZka5jGeYk
OJ3qah1C6OMmMDEC7lM0/bhxPLc8C0cUwAG8FdlBLDKCYFjHj6UBq5xhD/1uJyvS
oWcFqJQbXP+igVV7tDdRxRDhp8f5eActecjQXK5+bpzNs8KC+3gvnhBj/ux/DYyr
E6iA4nKMnelIaZjhW11bsuQwM6XK8Tq7PQ2LuAuhFoKUq/p8p8Sva75/3nGeCHOl
cjj7rnoSCcUgX+u1nnCN/wsshyRAX30wS7C75nQilQkxCfAlAgMBAAGjGDAWMBQG
A1UdEQQNMAuCCWxvY2FsaG9zdDANBgkqhkiG9w0BAQsFAAOBgQAQBBked2MsqlmI
wxSUXLee6f9R14GPsNsOkLohFhBTKuxC++n+q0+LvMRLmFxPj4dois/dHKQiD7wY
WYY4WPvb3nD2aPev4NZm8erB9+XPVueRzxaLXQ+K1oW9Kjui8+2q1lTBBGOjma1D
T/b6FVhyJo5SjQ3JMKe9TACVp/YA7A==
-----END CERTIFICATE-----
Bag Attributes
friendlyName: 1.2.840.113549.1.9.1=#1622656d61696c416464726573733d646466726f6f746361406578616d706c652e6f7267,CN=DDF Demo Root CA,OU=Dev,O=DDF,ST=AZ,C=US
subject=/C=US/ST=AZ/O=DDF/OU=Dev/CN=DDF Demo Root CA/[email protected]
issuer=/C=US/ST=AZ/O=DDF/OU=Dev/CN=DDF Demo Root CA/[email protected]
-----BEGIN CERTIFICATE-----
MIIDdzCCAuCgAwIBAgIJAL0PQLifiHRgMA0GCSqGSIb3DQEBCwUAMIGEMQswCQYD
VQQGEwJVUzELMAkGA1UECBMCQVoxDDAKBgNVBAoTA0RERjEMMAoGA1UECxMDRGV2
MRkwFwYDVQQDExBEREYgRGVtbyBSb290IENBMTEwLwYJKoZIhvcNAQkBFiJlbWFp
bEFkZHJlc3M9ZGRmcm9vdGNhQGV4YW1wbGUub3JnMCAXDTE1MTIxMTEzNDM1MloY
DzIxMTUxMTE3MTM0MzUyWjCBhDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkFaMQww
CgYDVQQKEwNEREYxDDAKBgNVBAsTA0RldjEZMBcGA1UEAxMQRERGIERlbW8gUm9v
dCBDQTExMC8GCSqGSIb3DQEJARYiZW1haWxBZGRyZXNzPWRkZnJvb3RjYUBleGFt
cGxlLm9yZzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtW0UkhViBv7Tv+MF
nUpdlULG5/SFSg4w7Da9gnxWqFLvnlJ/vipFxVo+bwFytZUbzQ5261e3M/7KWc7+
2Oav6bLGwqemh1dlwuoLNATnyuHntsUlEAlKOomOfL4kFLLQx0jc20lLfJWatSBl
FUd0iq5gE8yPEjGBGxPbfQXUyd8CAwEAAaOB7DCB6TAdBgNVHQ4EFgQU4VTHl98K
wr+pX3heOwsr5EgXvcYwgbkGA1UdIwSBsTCBroAU4VTHl98Kwr+pX3heOwsr5EgX
vcahgYqkgYcwgYQxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJBWjEMMAoGA1UEChMD
RERGMQwwCgYDVQQLEwNEZXYxGTAXBgNVBAMTEERERiBEZW1vIFJvb3QgQ0ExMTAv
BgkqhkiG9w0BCQEWImVtYWlsQWRkcmVzcz1kZGZyb290Y2FAZXhhbXBsZS5vcmeC
CQC9D0C4n4h0YDAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4GBAGrhV8Rw
RxMiPppXNA0/4zc7g0tKtjggObLMMQhJeIAvIrbjNx0VoX3/fLXDC6KwTCnJaeQ7
IKT4fpw31i/2s2gCjecLgDRVR7YFWs37dEJxqWeRyNM5/BYCodwkoNFDqDG89Fms
M3xsPGUNuzXMUnXTncGcqEiJo0RayTHZYzvN
-----END CERTIFICATE-----
Bag Attributes
friendlyName: ddf demo root ca
2.16.840.1.113894.746875.1.1: <Unsupported tag 6>
subject=/C=US/ST=AZ/O=DDF/OU=Dev/CN=DDF Demo Root CA/[email protected]
issuer=/C=US/ST=AZ/O=DDF/OU=Dev/CN=DDF Demo Root CA/[email protected]
-----BEGIN CERTIFICATE-----
MIIDdzCCAuCgAwIBAgIJAL0PQLifiHRgMA0GCSqGSIb3DQEBCwUAMIGEMQswCQYD
VQQGEwJVUzELMAkGA1UECBMCQVoxDDAKBgNVBAoTA0RERjEMMAoGA1UECxMDRGV2
MRkwFwYDVQQDExBEREYgRGVtbyBSb290IENBMTEwLwYJKoZIhvcNAQkBFiJlbWFp
bEFkZHJlc3M9ZGRmcm9vdGNhQGV4YW1wbGUub3JnMCAXDTE1MTIxMTEzNDM1MloY
DzIxMTUxMTE3MTM0MzUyWjCBhDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkFaMQww
CgYDVQQKEwNEREYxDDAKBgNVBAsTA0RldjEZMBcGA1UEAxMQRERGIERlbW8gUm9v
dCBDQTExMC8GCSqGSIb3DQEJARYiZW1haWxBZGRyZXNzPWRkZnJvb3RjYUBleGFt
cGxlLm9yZzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtW0UkhViBv7Tv+MF
nUpdlULG5/SFSg4w7Da9gnxWqFLvnlJ/vipFxVo+bwFytZUbzQ5261e3M/7KWc7+
2Oav6bLGwqemh1dlwuoLNATnyuHntsUlEAlKOomOfL4kFLLQx0jc20lLfJWatSBl
FUd0iq5gE8yPEjGBGxPbfQXUyd8CAwEAAaOB7DCB6TAdBgNVHQ4EFgQU4VTHl98K
wr+pX3heOwsr5EgXvcYwgbkGA1UdIwSBsTCBroAU4VTHl98Kwr+pX3heOwsr5EgX
vcahgYqkgYcwgYQxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJBWjEMMAoGA1UEChMD
RERGMQwwCgYDVQQLEwNEZXYxGTAXBgNVBAMTEERERiBEZW1vIFJvb3QgQ0ExMTAv
BgkqhkiG9w0BCQEWImVtYWlsQWRkcmVzcz1kZGZyb290Y2FAZXhhbXBsZS5vcmeC
CQC9D0C4n4h0YDAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4GBAGrhV8Rw
RxMiPppXNA0/4zc7g0tKtjggObLMMQhJeIAvIrbjNx0VoX3/fLXDC6KwTCnJaeQ7
IKT4fpw31i/2s2gCjecLgDRVR7YFWs37dEJxqWeRyNM5/BYCodwkoNFDqDG89Fms
M3xsPGUNuzXMUnXTncGcqEiJo0RayTHZYzvN
-----END CERTIFICATE-----
32 changes: 32 additions & 0 deletions server.key
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
Bag Attributes
friendlyName: localhost
localKeyID: 54 69 6D 65 20 31 35 38 39 38 33 36 39 34 36 38 38 31
Key Attributes: <No Attributes>
-----BEGIN PRIVATE KEY-----
MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDEwOqpKuMr+Gmi
T3kKcMKp4361ByVBaxvj5M6rptn+Al8oOZfxfaDOhOikUVuaPTuIYvTWW04KaQNH
I3nm86RwldbwMlPZka5jGeYkOJ3qah1C6OMmMDEC7lM0/bhxPLc8C0cUwAG8FdlB
LDKCYFjHj6UBq5xhD/1uJyvSoWcFqJQbXP+igVV7tDdRxRDhp8f5eActecjQXK5+
bpzNs8KC+3gvnhBj/ux/DYyrE6iA4nKMnelIaZjhW11bsuQwM6XK8Tq7PQ2LuAuh
FoKUq/p8p8Sva75/3nGeCHOlcjj7rnoSCcUgX+u1nnCN/wsshyRAX30wS7C75nQi
lQkxCfAlAgMBAAECggEAAcUQd0wU9gjKfnTDjHX+MkQDGELDsYZynkapGz8pd9Dy
pSx7cucj4qesZgn7TnRdjDkDpcf1eD+AkYu+pXaslHysjcWOHodib67EdK/zr6+b
qsXogSfu0O1u3yunFJGsvkQFtCiT+2qg5SauH6EZO1ZN8ClogzD/IRYGHWNpR1I8
VTUJlzTmshp6D71oJ+QNxI4wdJIiA4iaA45nmmeI26M6JKiCmNIDJJVBsjKw8Yxa
4M4m8qT639w/KOHs8NUc1potihmcSlA7OVJ0zk1IZX8wtBZefNQ0QDx+CKM4++Ll
zzgGCbN4Z47js8eF/yGb58qG5ugNPqtuZNB2hw6zMwKBgQDg1bFrPUsC6weEYJEa
hV/dH5PfuSO0+16sBpdD9RBXP/hyLe9li04UT44BWAWJHzzusAXFj4HuW02ZQ0dE
FGEydCaM6muwfe2vQu1OBDuE4USIv7A5ZgCelnehmH+lSST506seB7WJrI/a+Mp0
QaI2SwzPiIpR0TcucnSEdk+ZgwKBgQDgBsIIPQvOi9KgLLYSBjSGDc4AeYJV/D5C
q8V5EJlRIYlOlC47GLKY9VmkUH+fKzvNngv6jik7a7pgzzWi0cGoOefuLv0ODOmc
nbPl2ZMdVFjxH0DOn4mKwAX0hLGZ8mz4s7G0BttowQ7nzY/h+ntjCVQdSmh/Y/xT
se0gZ68nNwKBgDDvUcY9eO4RqXkua2aSUOMX1F+FNDhX3asjZBjuZbgXvENdrBU1
1LCnAAla1xmZKvHobdkp+uWeCa2p7wDqTp1kml9hRj8LqYfT0UKBuVKalQgOcJSN
luTtauxI/L9ExD97ymqm0uQ8IrNOIwJapquaehdRaImWN6RsVN/fwENxAoGAWw3E
HW8admfUQvAJTIgjHv1LZlv8wpAUiiqgx5Uci6Iy2bJWnARsysimF6f0RzBeTTNY
sQzI63LcvO5bYYMZ0BNBFkkY53YOGW7rqJdnOPuIbvCB+blUQQXNJdYtDWJAMlFu
/7ntwcT+Fu8w9OtG7TjkbEdK88Qi0a22sH4T7b8CgYBDIpg9vTw5l2nrfCxkCVsr
qNpuZ+Lgwsb/+N5HuGeUHywjxeoexEmCdhO0TXxivgCamYtUCKvVN4KtH9OJbYV1
NQJJaaNR4EpvGwVTig6MsblYRSMIJKOOCqVHXJlJqa0BYnb4aNe3cvsVzt0XPs9P
Fwq2gWDfaqVB1Y0oBc6o0Q==
-----END PRIVATE KEY-----