From 7624dc7e4cc8aef5b373f7f5b5950b69a38abb98 Mon Sep 17 00:00:00 2001 From: IM CHAECHEOL <38449269+lcc3108@users.noreply.github.com> Date: Sun, 15 Dec 2019 00:27:20 +0900 Subject: [PATCH] add jwt and terraform setting update (#2) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * . * update aws context * update .env * encrypt .env && google_key * add enviroment tar file * update apollo server context base64 encoding update * . * . * . * jwt verify update https://github.com/auth0/node-jsonwebtoken/issues/208#issuecomment-230855763 자바와 nodejs의 jwt토큰 호환성 에러해결 * . * . * . * update traivs * update travis.yml * update aws credencial * remove directives * update .env in private.tar.enc * terraform add i_am_role cloudwatch for lamdbda * update terraform.tf * . * . * . * update mutation * update mutation * update lambda loadbalancer * update terrform * . * . * . * . * before merge --- .env.enc | Bin 176 -> 0 bytes .gitignore | 1 + .travis.yml | 11 +- google_key.json.enc | Bin 2320 -> 0 bytes private.tar.enc | Bin 0 -> 10256 bytes src/controllers/graphql/aws.ts | 20 ++- src/controllers/graphql/gcp.ts | 19 ++- src/controllers/graphql/mutation.ts | 18 ++- src/models/graphql/directives/auth.ts | 16 +++ src/models/graphql/directives/index.ts | 5 + src/models/graphql/types.ts | 2 + terraform.tf | 166 +++++++++++++++++++++++-- 12 files changed, 228 insertions(+), 30 deletions(-) delete mode 100644 .env.enc delete mode 100644 google_key.json.enc create mode 100644 private.tar.enc create mode 100644 src/models/graphql/directives/auth.ts create mode 100644 src/models/graphql/directives/index.ts diff --git a/.env.enc b/.env.enc deleted file mode 100644 index 39f8551163a139d043cf6c674788b6a63c0c3a8a..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 176 zcmV;h08js<@$4U8mR+=$M<;x=&Gl!jJ*O*~ucpCqZTWW_n9d=Sx|pxms|b88*feje zmGhpwyKc4{!s}*Kl#>p)IsQf$M$FjGdHq?Ra!Hjx)5HM&$I>W}LL?DR3-3vymAf^O zjErRtG-@(g1(vGJ+*%V}PlP|0%@b4zs76LGPoHjATD2IOQ`#aM>PXp;?_=jzLuj@F ey@v_kO>&vAc!G8uwhwr6GB-sH69<C z!#xOBloW@6Z|ZQB^MB$HVv-TPaMT;g9|2Umw0X0n_+nxN_bswbek$Vkn4>)(Uu?^P zD|T|e-7&{|lNJbOxuwT<))YdlscRy>$U=NxeWpdE?a<2QaHPqihyebPo7Q;hwWA)w zF}alU+Q__nKO?v};Ys=1aIrCkOnOS4|F89YE>H?F-+OrBdxGv2$}bimB6H6M+>u7b zgzaoeT@xEEb%hFr5-hyuMMm<9{q;wS1GhY2a-M(fZL` zdcmpkH}T^%aus&OqQMWeQsy>Li?8UJ^ktSo((o;N*$mg*E)+!I96g6nNhO-(wwZH> z$Rnk+&^15n$*GUFAl4RcY^3N(3u6guFSXo-J^80JK7r$5goW7nTK0~pJn~mcrVShQj=>goj>KeDQQ_O=TPFh_f@TAvJU#TfHi zgjSsLy^z3lx5L-|UBQil4r$2XoYiT*;`Jx8L~oMh2U9Kb3{a#(oXO@pxH~$b^5gSG zaj=)H$GqO+O~!Q({2~$IAJ9T13jkWzryN1*1SuDgi%8!fpju-V>iLa=d~7{UqIqu< zFM|LoknDB`k6I5or=mczq<+}ttLZn_^#Fh?pg>Ayjs-C)6lyfN8_Qt&vRpRvx6+2x z+Qh_hz@kWjYL8mKA9#BTrflCr9uWb-akC3U&j|bPG>~7;NymZtEY`y)s+Vxhjf1P1>oOtlApSb;%RR#AVf0u1xwd%I6kaKU=PLqaEIf^=C*g2|#RRfHbj!lHmh zSus8~Dk>?Jr6%!f;%qp7lze|&xQepWN7y1) zykr1B7KJkmNlN++Y{H_B^8H*MeO;x;4OIJ(BA@;L7vy{Pjg}(?u!gb+%GQSzRkrVy z1i4(3PR0*0fJGeE-jZrz>eKdWY?%}pWl;m1dE7jQO368MZet2F0b2^fks!}9%k-Mo z!2c63WH#~c@`$uoG4dS_CY>tb0Q^TM8n8jRP0i+Lr|_QF^h|fL2T5?PBYdh~ z5C2NPiN#niW=?+v4&gl`(C*`cTmd-CJak-uCdE%tBTqHbXPFqqrBFs>T(WY(R~<{o zkJGVktU|z#LuZZ^aDd=DO=W`t!?g+?oxZy0M+t4PR5W}`nRnW zEWUt<%AN<(3gea3ANli1ijZg7g~%K{j0n1;2HN7Dc^+=I1*fm@pAq&zv+WJSt-hnU zeT0At)I-7vLy7fE-h+8QGhQJDirwOB1fvc#tkKLAMA1N@{Ikh_kDzwCy^mKMPbzK{ z0x0F~F*%(cMqh*nk!VUEf6`8E>8@q_MH;5#>>Jz%S>{ob%vgqA2zvsU{$?XKrPzF=;*B=4Ai{KOPHt$GVZ7}(jx-nxikA& z=Bt5lQcGauQS@pEn}Sa#8o}x-WQ|-Vt$PKDle~4DcaKPJ8VRc?EA$QIoT{%>|C#_3 zTwu6}x87+@T?0~XL@esK*TptYuSaA}`VIkw7)FV`4{DYYB8cN%lCfa~6Wg!UH< z!vWFz)jmK6!sVp@0fau5(dW?g23R(iL(c;-?gVhb&OiW912=Ic)1nFrDs z1vW@()y`*-y&95x#S5Gd9apnlf+0!^-^53NjB_v7$*X@gZhrh0_2s23nIKA5zAl&+ zk>Zj15!JS0aiZl{?&^wYLfg5GyoJ{n!fH0tSND~hzG6^y0K@7<+j0UycYg%J?xO2#WxKhB*!8@?ckzI5St@+)t*jgiQS@tx}YgA9m&K-QdffXv)mbITI zLYjouBJ2~Sdw(H)V}mo#`<_vWy@)&pS{_EfI-kg*;Z2inXCwM>d`QL?KJ2T`IzOpd&JUz{pN%PFKr)G!J5$#{#gG4!!) z43aZY04-h+TYK-f6Z9^Y)UowVEB9l0Z+**e_9ciB|8;o@mJC9^S%HCMWRy$_^px*q(G;r07Mux(AQcMhF9p zwTy~I)M<2q9*F~GUIZ(|_IF&%prMJO`VH}Wnse2J?HFbrnWDep4DFVqxIy{&XZ(il z5^zd`kjTlBHpWn%CO6|3d0Vr2$(Nh8YR_~XImw@;X~~ab70a!nfr@{a;ra{@%rJTR z^L@#^8vjnXxLEZ!7wFA4RxBtp4_a3WZ4igMiHRpX>6=i?oR5@H-c6q#Syq1T?Xrm& z?Re)!5A&{qxiM{0Y`IiS;OLLU(aTUXGxSRGp53+_%F`<&VD^vFRx4>AKuY0#byMqs z8EW~-7OhbFWDj#hzpRWQ(=O?NC#yWvur>?PmsW%e+H%=F1(P@Sad!Q>tR5>mKa%`> zkr*(S+7?_2tCke7*XaQQHvp&sly$9bq%^i@YJHrto&8xSI?h3^MC{`JoZgPi2Z?jS*tqkD8Kn(_Sn59XEYz z+(VlUJRY=cS4<(H|4h|~hDpnsO2pCfE)cPeN0cj?&<9PtH*7Ixb`u`OG=}9P$_lE9 z2dID?{Ja_}2A;N__yut(l3*sHAmNQ;qEt|jl2mmWb!1SGqIr?0_abor{oiGqY%vX) zV}5U|WO*wlDQ0BBcNYo+JuHxDy3(gRv)fHi2l#wSSEuh1$~O(NZC}1=QYn7*fhs_FP4ma^F~OY&BiG75(cy6C1tF-{ zvHWm8Je4gfQ8j{|A9Q!AY>7ig`VXI_HMTA}%XZYpg|_~pXZAy*A9ba>h* zQjh(y@^QdsY>w)?wk6xbQb}3La1YFo z(DDtICoAL*97o$;!Q8)7zTF0!hZ3!Wecl`9#8z=if~+VYzQ2r64@x^`-|_(oHd0{Q z)Xz1-Ij(l9_r~rqQH3>%0V^f09@ST@*&|MKgox(IhY}+tpgoe}oI#$qDZo)TTK1^x zH{EJHQdwVqB=#}9H^(%uHdJL9m1FHDa+mJMo(`m@$RC-2Nx`qJpWIcA~mK+SJ*V7>s7Y5@pde1qi4(5I)vDoG+bw}ak6K%9#?;f%CJl;*MQ{Qzhz*^+zb^YbAovU zh|esZFipIJ0%w0({pF}uJ&L)|hUKm}*kWC(Sl8~0$q!kcnOZ)5QVG6sHG^3BpXF`x zi%5*VqqUpF5}y#qx39ww4SZ1W!Z1qS1)Bm}UyH-p5W-#Y#Ho=@KF+iX#si+FWmB^* zs3!79$%bf`aTr9TXRB`HDh0X@TL;}2M!Ww_BYQhcg{|kgp%EWnZbZ20zpU@*t=2`% zp>pN$cPn#7P(ng+TyVu;Xn4seZO$d{igAT1SFCx}IE{gB4IvolB!!W%OjN`job?hB z2xN7s!J<@LXDqA+AwA~}l8yX%a9GF^Ermf8h2Xj_Qx$(okt@-BAeAuhrP{4=*Q0;3 zBCk)Wjar)0VFq1oM3=6Rd3B1_nWOPJQ)Y| zLr@Tkqov!VSL=Ev)T2lpWemP zKbhMzNNBaNvIko1tMj3>}2J~L}4#1>uAGHr9OW8H4b7R`l)P{ zxM_U#P_#?Mmd;P4{L+#14hei0fqs`9qWk-ERGzA-5j)WD5zdC@d9$BIEwPpw4>CYG z5rx>ognc2B_FxfHRn#c4WN*h-LI~_ZXhG``=%aMfeI|ATe;bqAGWl5SwLnqxuj~ym z9H2D-`+MjOVhxD`@q*BKbKc?4_P|04c}O!jcra%*)58wJS=`x{ne0BHWG$sz6fD`v ztoJ|n=|L-=fV>4W95IdCi_by&M*C#nf$sq@I#4x)u2zH=3~gpX`J%o#L#GsC${WR2 z2ph*$ea1WGjnu>6N`X+Z1!#X~?ou;+x|x27ZDO|t50Np_d48?U{5nS*JWIuXgc9Eg ze*R#uDwS?3rr~bdr23f}!H>y|{2*m{C)j5Ho2-$!fTTLClMsq<^hm;S*Xn0`Q@RtB zxxBw`|+m>^pi zYN|>!UmGeUW8wjEU)(d*+!aZB_zHZ7i#nN}|AyWc1Ri$*up}gbjBUR1s`Ef-<}_t( z-Nu*_>$nq+C#+mPyXZ%OfmCQW9gEeZcjcc55Elc=lT6K5fpM9~3dHFHx9qmLoJbih zh#`FNlpuPO-!O`)F!X zG&MaS*{&ro)Nr564 zw+>ELowe7Kj!d@W@YxA?KLPlA;?MBZkb3XCfL17G9Ld&@=Sm@p)xC(r-O=^75bAGH ziy3b%3~|?>q@S}Idlw`QNq;Yojt+#AALPUpDld21y3_mdt) z#&iPXB2|OCQV4Dw8FToBFaL-PsPBlw{poBKr}uFh6nCrjpn(&uvQrOPwMz*VlY&nI z*N39lue*i;?v31I`az^I2^FBVxX!oPM|6+vq#gU*RnGqx`519$2{AIjI0HjrB#4D& zdM<^jIE*LgzfN)Gm{{U`m$+eMf&WSFH9-^}m6D~oYi5fy^yw;wY-QYswU;76ySMi} z3L5}+?;U?4$^cvT>R*;hsszcRwE1) zv5PA1N1oA;AKe2AWSllm%;KmBI^1W9L@DlJ9b<3x$g`u(7m)&cYMr?5!L1TG)XG<=Xi-&VPL+p2B;Pf=9f{=NY1C+SRijy|zOs-)<=4=10SmGa!N*UVThS zymm6D{wcLGxI8JOr)IyV_d-?ze@~_;8E*Ee;*Keks>?M;Zc>Hyt!g7qFdG7J2nTfq zC^6HzLLXKAzJ}JLYUm-rW-86RuWq!rr{!+xM!P!;ZsbZWfXx=Oi&pq2@0$BuG+d1) zym!pCy2+q*Yl-EhG-YstX=JCj|6uOjA!7&g%b&bUl_7W0eG&_a)2eYKFo&6?Y#+{& zAw6568Bc@C8^K^g#=BPgmX&fv4lflUaUH!KPI={8t%Zuo-rh79VikL0JRe?PUJw<- z!JQ5}=2(j=%Yz&_>?#iMZg#} zahA;_I@F z1OCGB1KAmL4WnT2U9~Y1>Tvo4Trw2W-!zF8dZOcrJx#M@AR*-i-h~KNk5VliQ>4G1 z`f!2frBP7evym`=3f`X#M3gP=&L*BL zg*gw3694oDYh!+g)&a>VScH5x|H5<#*fOj0k36F$J5>7Tj&(Y$9grp*f6owIm~hu} zSp=VmqwA{;t7Cse6ubj0Qrp2<0xp`J`a<2)EP2Kjf5=)lKL- zAJ3cE$tZ%x{s8mlWP|1#^|x%wzBKyc{xjAwkqHSh_nM$h&+-L?Q zlRqTf|0X%9#%NRDx7RXnjDV5Sz9tA^AePa8g_Xt;>$G)SnH7sF*oRVk-n_b(sdBTl zpW!T%&;&2nFUe?|-tHW)xmu3`(tqev>UA)>Cs8TLf%X1SdA&&C^2SAT3bOxRlBP0qqtQ4;Mnp3*bXABHk+s zw6H&$Il9@8Ih8f8$$u;_UH5I2XyZ2>MW9PKSz4VMZwqu{LSY|`;PkmMl8x<_4hE_B zxe^;TTE^djiffI?24v3Pi>fbLE2rnwO8iNC1Y^xoCXyMC0^n#@&r{~fV8V!koB z%_=gwzjT)_h#8#F7%dnu4oDxXt?kUv+xZtuBK4p$3HHHAonT4=bk((+D7VHh{G2AQ z&SfQ}`vjACtxnJqLGxXyUV<^FUy2N5Kb-mzpp6dAU--U$(WD$40{`hvfF!j_yM8hZ z1ignellDGMt2X*^j<%skcunXsA8Pw`E`hk@K>0v9d=6J*QCwny1pq|WS?G!Su1B2S`KDENQmM_;1cby#Ik z4J{i!H_8kp-y~l8#g@}|Av8*-7eGFAE_Yww26K(@M%N5K2Y9rgJV9fLG%Om_H;w7M zmpHCZ;&;Duv)R|m*Oh(akGT^}(oiX(SQG{LGz+hxh1WZ5klue*C-iG=$R57}ve0**jHi!M7cT@f^P&31&lp+^D!O!GPMeA`)>|5E z8nJZ>b!Fmau1N@NJbbSka5BN0j&qSTcviP0@Bhy%caXv}KHcx7%*_*sp~oMIm_$gd zkg*S1r|K1Mv;o1`M*x4PC&m26Ly zlVBX;=(z^|mDx(>5a~C{ZD!|WM$Q0wh=wmY<}V14v7ujRf9U-_#)hV7>&2jld=&V$&e53G`Ev5?I)OlOu@Ob#t56dT*2aeL$m{E6F z>I3_0=NmWanb<$y#0!VwZDM3q9KI9{T_q8H#>E8Xe6@f@$cl}(VUn8-O|&qM-%KK0 z%G}Vl60lbQd*WEj=-p0+ZLv@W*ijTQ`+49~c_Lj_QLcut9bwU;z;pB#esqmGUbvmF zslAY`mH%rAvzqf!o7|9-Wc5eiMUM;`t>3W#mRx<|GOU+T(t^Bs+~6;gJ7uTAbPRoo ze}}m8k-oaJGWbVGGO{~*U7WD$;0H&UGH)=aw*-YDd+G+9U<3Jm-3X(=ATRlby--zo zDE}Ph&w1!bBHjef?NfFj1;|4Ti~?$M zBZIL*>8RC2N*W!rFA(DG>xx!=6Lnz@wtmmV$3*s6MSg5Ln#*>IarDiVRwf@~D7V5fv zl$GEd(wrNXws$t@0IlKYC3L2*%H|2@*LKTd*l1izm26?+Z^<=NRf3!S5G3 z7=SG*{cE!py@l}+_gMtX%`R5tIKEbTo*i;W`MkCil*i*r{8ok)tmNL+t<)=xUe5%g z%MeRvMRTYrY*z2S7c%4LEHm9x784@!P1ZD;G`nM@mMpcq-%V(`4yOvbK>Bk&By>JF zE50hWrrf;~7$$y|jeR66Yh5hLN5YdzEK@o0nC?Mx zHDuQR(=(uPgSx8r zBl&KXQ5K-f{ve5%vEAL&X2NBMEwZ@2iu3%ViF6q=FYt@fdL~%G2E4K%9QhWq3wg)H zZOdX4XO`LXHlXPT8OnE2|LS8n?=)G*oFPUm+B@~ObC5Gy5`G_an`7m~@z3=^x29le zsXlN`)V8O62y6Y54-eMOA{m1Mc9n9WWprcUZt&4wrMd8(pQm3BX0~)JwQ9}_r=Ehx zlC!4hv`bKUR5AZ|jBP@7O0geq*>k4pXAHUo5O?P5Y0B^m0t_ETJ`IchHh5#ty2JD2 z%M4&|OTu}&i?r#nOWdZhUkOGgm<`wg?4s}l4eId6U@Qm+vZ?W&$Rb+X)TUr7_Ud)~qSnaxM~?s8 z8n^ z9ohZzlA(#KL+j&bhcIPG#e;ASJ*PHZHo?zSlah{Gp7~60Ya0uonDIg9 zBcfg@ij&dYKetu!19>F=VeV{X&=VkG__% zQP!$rOH?^e6Jhj9Khj|(cDs_L(UI3Sh~VeuT6FpqO4`lW|Hj~#&5_>WEid(XlnEX9 z5K7^7%@pX5GV+$))b~sibxR3n{EFj*`g=FgWJfZ6sbN(N_mUE(G5Fyt8?*(3dS`B<9_qoPG7tY_pv7tqoCO=`8@+=4T<@u=!iwr>#@#EqUMA?@>E75v@b+r-1cYubmz&b4Ac^P1kK*%d4 z#3(dJD}Pr$tb1jDLMig70shrq!5=0k_jE-+*Gn-W*&OQ$8xfkG*uAa;m@d7O+X8C+ zXG`mwm`~Xce|tAeF3pBo@p6SW!zKecTCk3DoR2`X1na~d{Pm-*s0P~)Fn<7G&>CsC ze?GTPKKGlUbYxa3hV6j<@+K(>VnGd9_eyxL6iQp`A8+?1Rp-MwfD&fr3@&%LqJtC1 zR*@sfGlE1vPq7hPPE&-Rjr{}$#}Fj0Vc;Ll|0sSd$m?-XUirj<$U7zsh9kq^{G!?f#F05nd)UVzQz zq*$kjKHGhHdW|6laog@3(jPeo#G&CV4eiB@-wnSouk)*|MFo$uV2GMtsO z^)VsLc9&)hpZ6h98Fw--H2xSt9A?}8dd@1!?7%i_H^}qdNI5xO1H#Y@Kpbwmft=7k04nhth+WLP3nq?h&69%cj zwG0u?f1iykm4wWl;sO^AkvZg9Pl=KpJ?Ic6v|!E7GCu=s$5exD-CB=EG@eUZ0K_za(FU1G?8x_<26D)2+&IyAHoalI3Dys zpLi5vVrXCp37RMf-GbiwpG5lLKU%b;;+XCch2o(4Mh+qjq5{7xH_{EXv~t_D2Bb`UkVS3gn^jZCY8-qDJH; z<7Izd4qj=Qv}^w7*unUdqZbpj>{+XmcLjPs00y@1P*fAXuhi^T2DuzWi`1Q27OA#C zVm#RHKJkMK4HGwKPNqB3bFcI2J>BKXW(4&^aw5+c1lbC~)&d8-tMg7gWW?rJ|xE&?I~5_ac#QEZfMPjSZ`eZ)pKcVD-%P36LlT?tCN~vFKz9p6>xIA zKUilWHepEPQ`IEzck$>%Y9b+3q~tj%@3{6kB!+fK7rS?itoUK+B503RH|ud9kRLgKd#^BqpA&;R z)}(8CBVZN;x}>2v*%44@f%Fiu`U>7Ie{_LU8H}q>Q7u zX1n5|3GenZQ#TXNFn&z@aq-N|8FR-;7y)vSLjoA^P-JnA`@n{UQs3%9p#&R?{e`E_ zMnM$;g$L#{6-y8L#r!MEETnY+zy#@n*f}TA3W+zYFGT!4m;fRL1DVpJijvL!R2*Xm zDr?7PnHOd)*p~~s)wYw7SQ@pUc7<><^)9if)=)=j4JcKTDC=KB+X1jK5RJnZm(2)* zA{o2@sAHUOx~7mx9SH%@ZF{8{+@Cfikd8%(!Pc4eoj24ets|eJ`v=;(`gfuIav546 z#s~t8mHRYYe-i#qP%2!n%|P5gLQjAsaJm!g8;e}Run3u|{4}N8yz=m@;^3Z+vF7dv zkOG)jiJkdwYBr!RlE_Gi^`m@rkYJLG6+Ae~7EK`(sv$O|?IIK>Z!^hms-z$y9r_tB z^Zd1T-sA#*!fds@5bPQD^JxKK;|I~QHb0Zt_6xv(=suMH^1`^6TtN{6VDoKm z)x|+5k>03wF{pKMZjP@_$k)z{3dY+~%#ZAlY}!<<1AG$F_RYQX;=+14dhH=z+oGEA z$w2kEsJbJ8*R6VPR0HLCbWyYD+rxF61EV(1)pPUJ3Et&~b(Ze?~HxfHjnw5GajoPShhZy2a)gEw84d z6AYyHn*#@3ZknF1t&g8K_RrmS40@b)Y4k_rZE-Ru3$c!%0kmt)Fcfu@pH9JmPxuQ( z^9%`j6?^MW@kG*Q#<(!O@?;0*S7*wB02BJ<0D|cdS3^`*F=2I%=L>ueb$B+K2E=#H zNka%~I~Cb72xktx8x+GOj`;x0S5-7CnEi>ei;GF{O|?3IQkg(QpE+$GZ{-rCo@pRxsa`lE>f9h#AjwLLcAK=JKq&Jd#C6I?LVQ9&Q~*MuxS+RC+KW z@r4_;u4uB#N{PHTv2ZZEC$8-b>>Da6m}pp@;$-araJ z0H4|8UD-rJ9%LLDM{z3i>0PBMUIs_`60B!b5{_C1up2&FGJ|PHoj{n8K>RQF%WVXf z5&~Q^>4{CSp2ewiVRpM>mQ;dVip>QUmj5kTVT^mPTv8vw)UKDaRtQBkMFoeZ(TJS8 zeF>khknel5>0N6Xf=Fm$1P>4bMz!x9(Tn(*-X!HAlBY|g5jGLvc}m5svA(u^7ECS< zxgwmHdMn6fyAl;U+TUO6X}~L<#tmXIT9WUUNT3?cBF*SyHg1(s;m8N7+5)PcSsdC1 zjFFMr-NPKJj4qX8oDmZ3f2yI^^@t2Q?!ee-g>ScqMf=?X9?4lVFRb#@vo*6!%)}c- zy!&W(SdBE2RJn`ETMSdIVqN>FPA>3vIF#qqjH5h*;8^8mkycZQuxDr}CuKp6*3SXc zM`Md9bcl^-sRU1^`&v*{i3&L0!L5jC$IylC43;aDi=dE0PPG6+l6EyrKgP`W?@hI8 z=-m^?^InkptYs#Z#ft_r;IpLJ&0i~3!`aS*jTATM>r{b*+UPJSXkR#(s|FFYt~`A@9pyR(yp&t|`|Ls5 z=b$p711(Z@D)bOH!cjU~H{321_E2+{3q@v-eR&1HsOM>t{c0QmbTte{!nGM~92S8l W;Aw8dk0F1_p;OutJf8f3G}{#yvBzrw literal 0 HcmV?d00001 diff --git a/src/controllers/graphql/aws.ts b/src/controllers/graphql/aws.ts index 40eaeab..3592ebc 100644 --- a/src/controllers/graphql/aws.ts +++ b/src/controllers/graphql/aws.ts @@ -2,22 +2,34 @@ import { ApolloServer } from "apollo-server-lambda"; import { typeDefs } from "@/models/graphql/types"; import { resolvers } from "@/controllers/graphql/resolvers"; import jwt from "jsonwebtoken"; +import { schemaDirectives } from "@/models/graphql/directives"; export const awsServer = new ApolloServer({ typeDefs, resolvers, - context: ({ APIGatewayProxyEvent }) => { - if (!APIGatewayProxyEvent.headers.authorization) return { user: undefined }; + context: ({ event }) => { + console.log("event", event); + console.log("event.header", event.headers); + if (!event.headers.Authorization) { + console.log("no header"); + return { user: undefined }; + } - const token = APIGatewayProxyEvent.headers.authorization.substr(7); + const token = event.headers.Authorization.substr(7); + console.log("token", token); try { - const user = jwt.verify(token, Buffer.from(process.env.JWT_SECRET, "base64")); + const user = jwt.verify(token, process.env.JWT_SECRET); + console.log("auth success"); + return { user }; } catch { + console.log("auth fail"); + return { user: undefined }; } }, + schemaDirectives, playground: false, introspection: false, }); diff --git a/src/controllers/graphql/gcp.ts b/src/controllers/graphql/gcp.ts index 40e7e57..145f004 100644 --- a/src/controllers/graphql/gcp.ts +++ b/src/controllers/graphql/gcp.ts @@ -2,23 +2,32 @@ import { ApolloServer, gql } from "apollo-server-cloud-functions"; import { typeDefs } from "@/models/graphql/types"; import { resolvers } from "@/controllers/graphql/resolvers"; import jwt from "jsonwebtoken"; +import { schemaDirectives } from "@/models/graphql/directives"; export const gcpServer = new ApolloServer({ typeDefs, resolvers, context: ({ req }) => { - if (!req.headers.authorization) return { user: undefined }; + if (!req.headers.authorization) { + console.log("no header"); + return { user: undefined }; + } const token = req.headers.authorization.substr(7); - + console.log("token", token); try { - const user = jwt.verify(token, Buffer.from(process.env.JWT_SECRET, "base64")); + const user = jwt.verify(token, process.env.JWT_SECRET); + console.log("yes verify"); + return { user }; } catch { + console.log("no verify"); + return { user: undefined }; } }, - playground: false, - introspection: false, + schemaDirectives, + // playground: false, + // introspection: false, }); gcpServer.setGraphQLPath("/"); diff --git a/src/controllers/graphql/mutation.ts b/src/controllers/graphql/mutation.ts index 5ccc0f5..7d6d88f 100644 --- a/src/controllers/graphql/mutation.ts +++ b/src/controllers/graphql/mutation.ts @@ -1,9 +1,19 @@ import { sendmail } from "../mail/ses"; export default { - sendEmail: async (_, { to, title, body }, { user }) => { - if (!user) return "no auth"; - const result = await sendmail(to, title, body); - return result; + sendEmail: async (_, { to, title, body }, { user, ...etc }) => { + console.log("user", user); + console.log("etc", etc); + if (!user) { + console.log("true"); + return { status: 403, message: "no auth" }; + } + console.log("false"); + try { + const result = await sendmail(to, title, body); + return { status: 200, message: result.messageId }; + } catch (err) { + return { status: 500, message: err }; + } }, }; diff --git a/src/models/graphql/directives/auth.ts b/src/models/graphql/directives/auth.ts new file mode 100644 index 0000000..3b24479 --- /dev/null +++ b/src/models/graphql/directives/auth.ts @@ -0,0 +1,16 @@ +import { SchemaDirectiveVisitor } from "apollo-server-cloud-functions"; +import { defaultFieldResolver } from "graphql"; + +export class IsAuthDirective extends SchemaDirectiveVisitor { + public visitFieldDefinition(field) { + const { resolve = defaultFieldResolver } = field; + field.resolve = async function(...args) { + const [, {}, { user }] = args; + if (!user) { + throw new Error("User not authenticated"); + } + // args[2].authUser = authUser; + return resolve.apply(this, args); + }; + } +} diff --git a/src/models/graphql/directives/index.ts b/src/models/graphql/directives/index.ts new file mode 100644 index 0000000..fee8fd2 --- /dev/null +++ b/src/models/graphql/directives/index.ts @@ -0,0 +1,5 @@ +import { IsAuthDirective } from "./auth"; + +export const schemaDirectives = { + isAuth: IsAuthDirective, +}; diff --git a/src/models/graphql/types.ts b/src/models/graphql/types.ts index 4a05fbe..ea5550d 100644 --- a/src/models/graphql/types.ts +++ b/src/models/graphql/types.ts @@ -1,6 +1,8 @@ import { gql } from "apollo-server-lambda"; export const typeDefs = gql` + directive @isAuth on FIELD_DEFINITION + type Response { status: Int! message: String! diff --git a/terraform.tf b/terraform.tf index d58a51c..7465dd0 100644 --- a/terraform.tf +++ b/terraform.tf @@ -1,6 +1,6 @@ # TF-UPGRADE-TODO: Block type was not recognized, so this block and its contents were not automatically upgraded. #init - +#module terraform { backend "remote" { hostname = "app.terraform.io" @@ -52,7 +52,22 @@ resource "google_cloudfunctions_function" "function" { provider "aws" { region = "us-east-1" } +#data +data "aws_vpc" "jclip" { + default = true +} + +data "aws_subnet_ids" "default" { + vpc_id = data.aws_vpc.jclip.id + + +} +data "aws_security_groups" "default" { + tags = { + service = "jclip" + } +} #source upload resource "aws_s3_bucket" "jclip_bucket" { @@ -106,18 +121,85 @@ resource "aws_lambda_permission" "apigw_lambda" { } resource "aws_lambda_function" "lambda" { - depends_on = [aws_s3_bucket_object.jclip_bucket_object] + + depends_on = [aws_iam_role_policy_attachment.lambda_logs, aws_cloudwatch_log_group.example, aws_s3_bucket_object.jclip_bucket_object] + role = aws_iam_role.iam_for_lambda.arn s3_bucket = "jclip" s3_key = "${data.archive_file.jclip_zip.output_md5}.zip" function_name = "jclip_api" - role = aws_iam_role.role.arn handler = "index.awsHandler" runtime = "nodejs8.10" + vpc_config { + subnet_ids = data.aws_subnet_ids.default.ids + security_group_ids = data.aws_security_groups.default.ids + } # The filebase64sha256() function is available in Terraform 0.11.12 and later # For Terraform 0.11.11 and earlier, use the base64sha256() function and the file() function: # source_code_hash = "${base64sha256(file("lambda.zip"))}" } +#Aplication LoadBalancer + +resource "aws_lb" "default" { + name = "jcliplb" + internal = false + load_balancer_type = "application" + security_groups = data.aws_security_groups.default.ids + subnets = data.aws_subnet_ids.default.ids + + enable_deletion_protection = false +} + +resource "aws_lb_target_group" "default" { + name = "jcliplb-TG" + target_type = "lambda" +} + +resource "aws_lb_listener" "default" { + load_balancer_arn = aws_lb.default.arn + port = "80" + protocol = "HTTP" + + default_action { + type = "forward" + target_group_arn = aws_lb_target_group.default.arn + } +} + +resource "aws_lb_listener_rule" "lambda" { + listener_arn = aws_lb_listener.default.arn + priority = 100 + + action { + type = "forward" + target_group_arn = aws_lb_target_group.default.arn + } + condition{ + path_pattern { + values = ["/**"] + } + } + +} + +resource "aws_lambda_permission" "with_lb" { + statement_id = "AllowExecutionFromLB" + action = "lambda:InvokeFunction" + function_name = aws_lambda_function.lambda.function_name + principal = "elasticloadbalancing.amazonaws.com" + source_arn = aws_lb_target_group.default.arn +} + +resource "aws_lb_target_group_attachment" "default" { + target_group_arn = aws_lb_target_group.default.arn + target_id = aws_lambda_function.lambda.arn +} + +# return base url +output "base_url" { + value = aws_lb.default.dns_name +} +#API gateway resource "aws_api_gateway_stage" "default" { stage_name = "default" rest_api_id = aws_api_gateway_rest_api.api.id @@ -137,11 +219,75 @@ resource "aws_api_gateway_method_response" "response_200" { status_code = "200" } -# IAM -resource "aws_iam_role" "role" { - name = "myrole" +# This is to optionally manage the CloudWatch Log Group for the Lambda Function. +# If skipping this resource configuration, also add "logs:CreateLogGroup" to the IAM policy below. +resource "aws_cloudwatch_log_group" "example" { + name = "/aws/lambda/jclip_api" + retention_in_days = 14 +} + +# See also the following AWS managed policy: AWSLambdaBasicExecutionRole +resource "aws_iam_policy" "lambda_logging" { + name = "lambda_logging" + path = "/" + description = "IAM policy for logging from a lambda" + + policy = <