This patch enables graphql-api server to accept an OAuth2 access token
on the graphql route.
It:
1. validates the format of the authorization header value in middleware
2. looks up the token in Redis
3. ensures the client id of the token is in the allowed clients list
4. includes the user's id and email in the 'authUser' property in
Apollo's context
5. includes the authorization header value as 'token' in Apollo's
context
Because:
* New graphql-api server doesn't exist yet.
This commit:
* Duplicates the admin-server project, with admin-server specific bits
removed.
* Links in necessary build portions to circleci.
Closes#4812
why, after all these years?
because there's a few annoying cases where the loopback
makes dev harder. When you try to test a flow from a not
local machine, like a tv, mobile device, or a saucelabs
proxy session. With localhost it's easy enough to forward
but loopback not so much
enough is enough
why: several reasons...
- to have a unified approach and pattern for:
- debugging
- fs watching for local dev
- running services in dev
- configuring services in dev
- to improve the initial clone and subsequent `npm ci` experience
- to make future work on tooling easier
1. renamed _scripts/*.sh to use kebab-case
2. linted _scripts with shellcheck
3. added _dev directory and moved pm2 json files there
4. added nps and package-scripts.js
- this allows us to do nice things like: `npm start debug firefox`
- I'd like to expand this further but it's a start
5. refactored the install scripts to make `npm install` nicer
6. renamed pm2 process names for easier control
- can use `pm2 logs auth` instead of the id
start-android is no longer needed so it was removed
along with its dependencies and replaced by adb-reverse
I removed `adr-log` in favor of running `npx adr-log` to
make `npm ci` smaller.
`concurrently` is no longer used.
The remainder were updated to their latest versions.
Because:
* It can be useful to debug multiple services at once.
This commit:
* Adds a pm2 config that starts 4 of the servers using start-dev-debug
with unique inspect ports so that they can be debugged all at the
same time.
* Updates the package.json files for these services so they don't choose
the same port.
* Documents the ports used for debugging.
* Add's an attach debug for VS Code that lets one choose which process
to debug.
The actual debuggable node invocation is buried behind a few layers of
indirection; this run script unpacks that indirection, making it really
easy to launch a debuggable content or payments server process.
Also added some docs on debugging server or test node processes.
I moved the CONTRIBUTING.md file from the content server package to
the top level so that it easily discoverable. The README now
contains a link to CONTRIBUTING.md. CONTRIBUTING.md now mentions
GPG signatures as a requirement for opening PRs.
Not attached to an issue.
Danny Coates
Jody Heavener
Barry Chen
Ben Bangert
Ankita Shrivastava
Lauren Zugai
Vijay Budhram
Lauren Zugai
Jared Hirsch
Dave Justice
Vlad Filippov
Shane Tomlinson
Wil Clouser
Les Orchard
Shivam Singhal
Edouard Oger
Beatriz Rizental
Deepti