benawad · sangaloma · Jun 17, 2017 · Jun 17, 2017 · Jun 18, 2017 · Jun 18, 2017
diff --git a/.babelrc b/.babelrc
@@ -1,5 +1,6 @@
 {
     "presets": [
-        "latest"
+        "latest",
+        "stage-2"
     ]
 }
diff --git a/.gitignore b/.gitignore
@@ -1 +1,2 @@
 node_modules
+.env
diff --git a/README.md b/README.md
@@ -1,4 +1,3 @@
 # Template for an Express Server with GraphQL
 
-[Watch the video to learn how it was made.](https://youtu.be/hqk30IVeYak
-)
+[Watch the video to learn how it was made.](https://youtu.be/X6pNLEOs-10)
diff --git a/auth.js b/auth.js
@@ -0,0 +1,83 @@
+import jwt from 'jsonwebtoken';
+import _ from 'lodash';
+import bcrypt from 'bcrypt';
+
+export const createTokens = async (user, secret, secret2) => {
+  const createToken = jwt.sign(
+    {
+      user: _.pick(user, ['id', 'isAdmin']),
+    },
+    secret,
+    {
+      expiresIn: '1m',
+    },
+  );
+
+  const createRefreshToken = jwt.sign(
+    {
+      user: _.pick(user, 'id'),
+    },
+    secret2,
+    {
+      expiresIn: '7d',
+    },
+  );
+
+  return Promise.all([createToken, createRefreshToken]);
+};
+
+export const refreshTokens = async (token, refreshToken, models, SECRET, SECRET_2) => {
+  let userId = -1;
+  try {
+    const { user: { id } } = jwt.decode(refreshToken);
+    userId = id;
+  } catch (err) {
+    return {};
+  }
+
+  if (!userId) {
+    return {};
+  }
+
+  const user = await models.User.findOne({ where: { id: userId }, raw: true });
+
+  if (!user) {
+    return {};
+  }
+
+  const refreshSecret = SECRET_2 + user.password;
+
+  try {
+    jwt.verify(refreshToken, refreshSecret);
+  } catch (err) {
+    return {};
+  }
+
+  const [newToken, newRefreshToken] = await createTokens(user, SECRET, refreshSecret);
+  return {
+    token: newToken,
+    refreshToken: newRefreshToken,
+    user,
+  };
+};
+
+export const tryLogin = async (email, password, models, SECRET, SECRET_2) => {
+  const user = await models.User.findOne({ where: { email }, raw: true });
+  if (!user) {
+    // user with provided email not found
+    throw new Error('Invalid login');
+  }
+
+  const valid = await bcrypt.compare(password, user.password);
+  if (!valid) {
+    // bad password
+    throw new Error('Invalid login');
+  }
+
+  const [token, refreshToken] = await createTokens(user, SECRET, SECRET_2 + user.password);
+
+  return {
+    token,
+    refreshToken,
+  };
+};
diff --git a/config/config.json b/config/config.json
@@ -0,0 +1,9 @@
+{
+  "development": {
+    "username": "test_graphql_admin",
+    "password": "iamapassword",
+    "database": "test_graphql_db",
+    "host": "localhost",
+    "dialect": "postgres"
+  }
+}
diff --git a/index.js b/index.js
@@ -1,19 +1,113 @@
+import 'dotenv/config';
 import express from 'express';
 import bodyParser from 'body-parser';
 import { graphiqlExpress, graphqlExpress } from 'graphql-server-express';
 import { makeExecutableSchema } from 'graphql-tools';
+import cors from 'cors';
+import jwt from 'jsonwebtoken';
+import { createServer } from 'http';
+import { execute, subscribe } from 'graphql';
+import { SubscriptionServer } from 'subscriptions-transport-ws';
+import joinMonsterAdapt from 'join-monster-graphql-tools-adapter';
+import passport from 'passport';
+import FacebookStrategy from 'passport-facebook';
 
 import typeDefs from './schema';
 import resolvers from './resolvers';
 import models from './models';
+import { createTokens, refreshTokens } from './auth';
+import joinMonsterMetadata from './joinMonsterMetadata';
 
 const schema = makeExecutableSchema({
   typeDefs,
   resolvers,
 });
 
+joinMonsterAdapt(schema, joinMonsterMetadata);
+
+const SECRET = 'aslkdjlkaj10830912039jlkoaiuwerasdjflkasd';
+const SECRET_2 = 'ajsdklfjaskljgklasjoiquw01982310nlksas;sdlkfj';
+
 const app = express();
 
+passport.use(
+  new FacebookStrategy(
+    {
+      clientID: process.env.FACEBOOK_CLIENT_ID,
+      clientSecret: process.env.FACEBOOK_CLIENT_SECRET,
+      callbackURL: 'http://localhost:3000/auth/facebook/callback',
+      scope: ['email'],
+      profileFields: ['id', 'emails'],
+    },
+    async (accessToken, refreshToken, profile, cb) => {
+      // 2 cases
+      // #1 first time login
+      // #2 previously logged in with facebook
+      // #3 previously registered with email
+      const { id, emails: [{ value }] } = profile;
+      // []
+      let fbUser = await models.User.findOne({
+        where: { $or: [{ fbId: id }, { email: value }] },
+      });
+
+      console.log(fbUser);
+      console.log(profile);
+
+      if (!fbUser) {
+        // case #1
+        fbUser = await models.User.create({
+          fbId: id,
+          email: value,
+        });
+      } else if (!fbUser.fbId) {
+        // case #3
+        // add email to user
+        await fbUser.update({
+          fbId: id,
+        });
+      }
+
+      cb(null, fbUser);
+    },
+  ),
+);
+
+app.use(passport.initialize());
+
+app.get('/flogin', passport.authenticate('facebook'));
+
+app.get(
+  '/auth/facebook/callback',
+  passport.authenticate('facebook', { session: false }),
+  async (req, res) => {
+    const [token, refreshToken] = await createTokens(req.user, SECRET, SECRET_2);
+    res.redirect(`http://localhost:3001/home?token=${token}&refreshToken=${refreshToken}`);
+  },
+);
+
+const addUser = async (req, res, next) => {
+  const token = req.headers['x-token'];
+  if (token) {
+    try {
+      const { user } = jwt.verify(token, SECRET);
+      req.user = user;
+    } catch (err) {
+      const refreshToken = req.headers['x-refresh-token'];
+      const newTokens = await refreshTokens(token, refreshToken, models, SECRET, SECRET_2);
+      if (newTokens.token && newTokens.refreshToken) {
+        res.set('Access-Control-Expose-Headers', 'x-token, x-refresh-token');
+        res.set('x-token', newTokens.token);
+        res.set('x-refresh-token', newTokens.refreshToken);
+      }
+      req.user = newTokens.user;
+    }
+  }
+  next();
+};
+
+app.use(cors('*'));
+app.use(addUser);
+
 app.use(
   '/graphiql',
   graphiqlExpress({
@@ -24,7 +118,31 @@ app.use(
 app.use(
   '/graphql',
   bodyParser.json(),
-  graphqlExpress({ schema, context: { models } }),
+  graphqlExpress(req => ({
+    schema,
+    context: {
+      models,
+      SECRET,
+      SECRET_2,
+      user: req.user,
+    },
+  })),
 );
 
-models.sequelize.sync().then(() => app.listen(3000));
+const server = createServer(app);
+
+models.sequelize.sync({ force: true }).then(() =>
+  server.listen(3000, () => {
+    new SubscriptionServer(
+      {
+        execute,
+        subscribe,
+        schema,
+      },
+      {
+        server,
+        path: '/subscriptions',
+      },
+    );
+  }),
+);
diff --git a/joinMonsterMetadata.js b/joinMonsterMetadata.js
@@ -0,0 +1,54 @@
+export default {
+  Query: {
+    fields: {
+      getBook: {
+        where: (table, empty, args) => `${table}.id = ${args.id}`,
+      },
+      allBooks: {
+        limit: (table, { limit }) => limit,
+        orderBy: 'id',
+        where: (table, empty, { key }) => `${table}.id > ${key}`,
+      },
+    },
+  },
+  Author: {
+    sqlTable: 'authors',
+    uniqueKey: 'id',
+    fields: {
+      books: {
+        junction: {
+          sqlTable: '"bookAuthors"',
+          include: {
+            primary: {
+              sqlColumn: 'primary',
+            },
+          },
+          sqlJoins: [
+            (authorTable, junctionTable) => `${authorTable}.id = ${junctionTable}."authorId"`,
+            (junctionTable, bookTable) => `${junctionTable}."bookId" = ${bookTable}.id`,
+          ],
+        },
+      },
+    },
+  },
+  Book: {
+    sqlTable: 'books',
+    uniqueKey: 'id',
+    fields: {
+      authors: {
+        junction: {
+          sqlTable: '"bookAuthors"',
+          include: {
+            primary: {
+              sqlColumn: 'primary',
+            },
+          },
+          sqlJoins: [
+            (bookTable, junctionTable) => `${bookTable}.id = ${junctionTable}."bookId"`,
+            (junctionTable, authorTable) => `${junctionTable}."authorId" = ${authorTable}.id`,
+          ],
+        },
+      },
+    },
+  },
+};
diff --git a/models/author.js b/models/author.js
@@ -0,0 +1,22 @@
+export default (sequelize, DataTypes) => {
+  const Author = sequelize.define('author', {
+    firstname: {
+      type: DataTypes.STRING,
+    },
+    lastname: {
+      type: DataTypes.STRING,
+    },
+  });
+
+  Author.associate = (models) => {
+    // many to many with book
+    Author.belongsToMany(models.Book, {
+      through: {
+        model: models.BookAuthor,
+      },
+      foreignKey: 'authorId',
+    });
+  };
+
+  return Author;
+};
diff --git a/models/book.js b/models/book.js
@@ -0,0 +1,19 @@
+export default (sequelize, DataTypes) => {
+  const Book = sequelize.define('book', {
+    title: {
+      type: DataTypes.STRING,
+    },
+  });
+
+  Book.associate = (models) => {
+    // many to many with book
+    Book.belongsToMany(models.Author, {
+      through: {
+        model: models.BookAuthor,
+      },
+      foreignKey: 'bookId',
+    });
+  };
+
+  return Book;
+};
diff --git a/models/bookAuthor.js b/models/bookAuthor.js
@@ -0,0 +1,9 @@
+export default (sequelize, DataTypes) => {
+  const BookAuthor = sequelize.define('bookAuthor', {
+    primary: {
+      type: DataTypes.BOOLEAN,
+    },
+  });
+
+  return BookAuthor;
+};
diff --git a/models/champion.js b/models/champion.js
@@ -0,0 +1,12 @@
+export default (sequelize, DataTypes) => {
+  const Champion = sequelize.define('champion', {
+    name: {
+      type: DataTypes.STRING,
+    },
+    publicId: {
+      type: DataTypes.STRING,
+    },
+  });
+
+  return Champion;
+};