nextjs typegraphql apollo server micro

Author: wpcodevo

.env.example

@@ -0,0 +1,10 @@
+MONGO_INITDB_ROOT_USERNAME=
+MONGO_INITDB_ROOT_PASSWORD=
+MONGO_INITDB_DATABASE=
+MONGODB_LOCAL_URI=
+
+ACCESS_TOKEN_PRIVATE_KEY=
+ACCESS_TOKEN_PUBLIC_KEY=
+
+REFRESH_TOKEN_PRIVATE_KEY=
+REFRESH_TOKEN_PUBLIC_KEY=

.gitignore

@@ -27,6 +27,7 @@ yarn-error.log*
 
 # local env files
 .env*.local
+.env
 
 # vercel
 .vercel

Makefile

@@ -0,0 +1,5 @@
+dev:
+	docker-compose up -d
+
+dev-down:
+	docker-compose down

codegen.yml

@@ -0,0 +1,10 @@
+schema: http://localhost:3000/api/graphql
+documents: './src/**/*.graphql'
+generates:
+  ./graphql/generated.ts:
+    plugins:
+      - typescript
+      - typescript-operations
+      - typescript-react-query
+    config:
+      fetcher: graphql-request

docker-compose.yml

@@ -0,0 +1,25 @@
+version: '3.8'
+services:
+  mongo:
+    image: mongo
+    container_name: mongodb
+    ports:
+      - '6000:27017'
+    volumes:
+      - mongodb:/data/db
+    env_file:
+      - ./.env
+    environment:
+      MONGO_INITDB_ROOT_USERNAME: ${MONGO_INITDB_ROOT_USERNAME}
+      MONGO_INITDB_ROOT_PASSWORD: ${MONGO_INITDB_ROOT_PASSWORD}
+      MONGO_INITDB_DATABASE: ${MONGO_INITDB_DATABASE}
+  redis:
+    image: redis:latest
+    container_name: redis
+    ports:
+      - '6379:6379'
+    volumes:
+      - redis:/data
+volumes:
+  redis:
+  mongodb:

next.config.js

@@ -1,6 +1,11 @@
 /** @type {import('next').NextConfig} */
 const nextConfig = {
   reactStrictMode: true,
-}
+  webpack: (config) => {
+    config.experiments = config.experiments || {};
+    config.experiments.topLevelAwait = true;
+    return config;
+  },
+};
 
-module.exports = nextConfig
+module.exports = nextConfig;

package.json

@@ -9,16 +9,41 @@
     "lint": "next lint"
   },
   "dependencies": {
+    "@typegoose/typegoose": "^9.9.0",
+    "apollo-server-micro": "^3.9.0",
+    "bcryptjs": "^2.4.3",
+    "class-validator": "^0.13.2",
+    "cookies-next": "^2.0.4",
+    "cors": "^2.8.5",
+    "dotenv-safe": "^8.2.0",
+    "graphql": "15.x",
+    "graphql-request": "^4.3.0",
+    "jsonwebtoken": "^8.5.1",
+    "micro": "^9.3.4",
+    "mongoose": "^6.4.0",
     "next": "12.1.6",
     "react": "18.2.0",
-    "react-dom": "18.2.0"
+    "react-dom": "18.2.0",
+    "redis": "^4.1.0",
+    "reflect-metadata": "^0.1.13",
+    "type-graphql": "^1.1.1"
   },
   "devDependencies": {
+    "@graphql-codegen/cli": "^2.6.2",
+    "@graphql-codegen/typescript": "^2.5.1",
+    "@graphql-codegen/typescript-operations": "^2.4.2",
+    "@graphql-codegen/typescript-react-query": "^3.5.14",
+    "@types/bcryptjs": "^2.4.2",
+    "@types/dotenv-safe": "^8.1.2",
+    "@types/jsonwebtoken": "^8.5.8",
     "@types/node": "18.0.0",
     "@types/react": "18.0.14",
     "@types/react-dom": "18.0.5",
+    "autoprefixer": "^10.4.7",
     "eslint": "8.18.0",
     "eslint-config-next": "12.1.6",
+    "postcss": "^8.4.14",
+    "tailwindcss": "^3.1.3",
     "typescript": "4.7.4"
   }
 }

pages/_document.tsx

@@ -0,0 +1,15 @@
+import { Html, Head, Main, NextScript } from 'next/document';
+import dotenv from 'dotenv-safe';
+dotenv.config();
+
+export default function Document() {
+  return (
+    <Html>
+      <Head />
+      <body>
+        <Main />
+        <NextScript />
+      </body>
+    </Html>
+  );
+}

pages/api/graphql.ts

@@ -0,0 +1,63 @@
+import 'reflect-metadata';
+import { NextApiRequest, NextApiResponse } from 'next';
+import { ApolloServer } from 'apollo-server-micro';
+import { buildSchema } from 'type-graphql';
+import Cors from 'cors';
+import { resolvers } from '../../src/resolvers';
+import { connectDB } from '../../src/utils/connectDB';
+import deserializeUser from '../../src/middleware/deserializeUser';
+
+const cors = Cors({
+  methods: ['GET', 'HEAD', 'POST', 'PUT', 'DELETE', 'PATCH', 'OPTIONS'],
+  credentials: true,
+  origin: [
+    'https://studio.apollographql.com',
+    'http://localhost:8000',
+    'http://localhost:3000',
+  ],
+});
+
+function runMiddleware(req: NextApiRequest, res: NextApiResponse, fn: any) {
+  return new Promise((resolve, reject) => {
+    fn(req, res, (result: any) => {
+      if (result instanceof Error) {
+        return reject(result);
+      }
+
+      return resolve(result);
+    });
+  });
+}
+
+const schema = await buildSchema({
+  resolvers,
+  dateScalarMode: 'isoDate',
+});
+
+const server = new ApolloServer({
+  schema,
+  csrfPrevention: true,
+  context: ({ req, res }: { req: NextApiRequest; res: NextApiResponse }) => ({
+    req,
+    res,
+    deserializeUser,
+  }),
+});
+
+export const config = {
+  api: {
+    bodyParser: false,
+  },
+};
+
+const startServer = server.start();
+
+export default async function handler(
+  req: NextApiRequest,
+  res: NextApiResponse
+) {
+  await runMiddleware(req, res, cors);
+  await connectDB();
+  await startServer;
+  await server.createHandler({ path: '/api/graphql' })(req, res);
+}

postcss.config.js

@@ -0,0 +1,6 @@
+module.exports = {
+  plugins: {
+    tailwindcss: {},
+    autoprefixer: {},
+  },
+}

src/controllers/error.controller.ts

@@ -0,0 +1,19 @@
+import { ValidationError } from 'apollo-server-micro';
+
+const handleCastError = (error: any) => {
+  const message = `Invalid ${error.path}: ${error.value}`;
+  throw new ValidationError(message);
+};
+
+const handleValidationError = (error: any) => {
+  const message = Object.values(error.errors).map((el: any) => el.message);
+  throw new ValidationError(`Invalid input: ${message.join(', ')}`);
+};
+
+const errorHandler = (err: any) => {
+  if (err.name === 'CastError') handleCastError(err);
+  if (err.name === 'ValidationError') handleValidationError(err);
+  throw err;
+};
+
+export default errorHandler;

src/middleware/deserializeUser.ts

@@ -0,0 +1,56 @@
+import { AuthenticationError, ForbiddenError } from 'apollo-server-micro';
+import { NextApiRequest, NextApiResponse } from 'next';
+import { checkCookies, getCookie } from 'cookies-next';
+import errorHandler from '../controllers/error.controller';
+import UserModel from '../models/user.model';
+import redisClient from '../utils/connectRedis';
+import { verifyJwt } from '../utils/jwt';
+import { disconnectDB } from '../utils/connectDB';
+
+const deserializeUser = async (req: NextApiRequest, res: NextApiResponse) => {
+  try {
+    // Get the access token
+    let access_token;
+    if (
+      req.headers.authorization &&
+      req.headers.authorization.startsWith('Bearer')
+    ) {
+      access_token = req.headers.authorization.split(' ')[1];
+    } else if (checkCookies('access_token', { req, res })) {
+      access_token = getCookie('access_token', { req, res });
+    }
+
+    if (!access_token) throw new AuthenticationError('No access token found');
+
+    // Validate the Access token
+    const decoded = verifyJwt<{ userId: string }>(
+      String(access_token),
+      'accessTokenPublicKey'
+    );
+
+    if (!decoded) throw new AuthenticationError('Invalid access token');
+
+    // Check if the session is valid
+    const session = await redisClient.get(decoded.userId);
+
+    if (!session) throw new ForbiddenError('Session has expired');
+
+    // Check if user exist
+    const user = await UserModel.findById(JSON.parse(session)._id)
+      .select('+verified')
+      .lean(true);
+    await disconnectDB();
+
+    if (!user || !user.verified) {
+      throw new ForbiddenError(
+        'The user belonging to this token no logger exist'
+      );
+    }
+
+    return user;
+  } catch (error: any) {
+    errorHandler(error);
+  }
+};
+
+export default deserializeUser;

src/models/user.model.ts

@@ -0,0 +1,60 @@
+import {
+  getModelForClass,
+  prop,
+  pre,
+  ModelOptions,
+  Severity,
+  index,
+} from '@typegoose/typegoose';
+import bcrypt from 'bcryptjs';
+
+@pre<User>('save', async function (next) {
+  if (!this.isModified('password')) return next();
+
+  this.password = await bcrypt.hash(this.password, 12);
+  this.passwordConfirm = undefined;
+  return next();
+})
+@ModelOptions({
+  schemaOptions: {
+    timestamps: true,
+  },
+  options: {
+    allowMixed: Severity.ALLOW,
+  },
+})
+@index({ email: 1 })
+export class User {
+  readonly _id: string;
+
+  @prop({ required: true })
+  name: string;
+
+  @prop({ required: true, unique: true, lowercase: true })
+  email: string;
+
+  @prop({ default: 'user' })
+  role: string;
+
+  @prop({ required: true, select: false })
+  password: string;
+
+  @prop({ required: true })
+  passwordConfirm: string | undefined;
+
+  @prop({ default: 'default.jpeg' })
+  photo: string;
+
+  @prop({ default: true, select: false })
+  verified: boolean;
+
+  static async comparePasswords(
+    hashedPassword: string,
+    candidatePassword: string
+  ) {
+    return await bcrypt.compare(candidatePassword, hashedPassword);
+  }
+}
+
+const UserModel = getModelForClass<typeof User>(User);
+export default UserModel;

src/resolvers/index.ts

@@ -0,0 +1,3 @@
+import UserResolver from './user.resolver';
+
+export const resolvers = [UserResolver] as const;

src/resolvers/user.resolver.ts

@@ -0,0 +1,41 @@
+import { Arg, Ctx, Mutation, Query, Resolver } from 'type-graphql';
+import {
+  LoginInput,
+  LoginResponse,
+  SignUpInput,
+  UserResponse,
+} from '../schemas/user.schema';
+import UserService from '../services/user.service';
+import type { Context } from '../types/context';
+
+@Resolver()
+export default class UserResolver {
+  constructor(private userService: UserService) {
+    this.userService = new UserService();
+  }
+
+  @Mutation(() => UserResponse)
+  async signupUser(@Arg('input') input: SignUpInput) {
+    return this.userService.signUpUser(input);
+  }
+
+  @Mutation(() => LoginResponse)
+  async loginUser(@Arg('input') loginInput: LoginInput, @Ctx() ctx: Context) {
+    return this.userService.loginUser(loginInput, ctx);
+  }
+
+  @Query(() => UserResponse)
+  async getMe(@Ctx() ctx: Context) {
+    return this.userService.getMe(ctx);
+  }
+
+  @Query(() => LoginResponse)
+  async refreshAccessToken(@Ctx() ctx: Context) {
+    return this.userService.refreshAccessToken(ctx);
+  }
+
+  @Query(() => Boolean)
+  async logoutUser(@Ctx() ctx: Context) {
+    return this.userService.logoutUser(ctx);
+  }
+}