feat(api): filter private schema into public schema using federation contracts (#6614)

Author: n1ru4l

.changeset/seven-rivers-sip.md

@@ -0,0 +1,6 @@
+---
+'hive': minor
+---
+
+Add new route `/graphql-public` to the `server` service which contains the public GraphQL API
+(fields and types will follow).

packages/services/api/src/modules/schema/module.graphql.ts

@@ -290,7 +290,7 @@ export default gql`
     """
     Whether the CLI supports retrying the schema publish, in case acquiring the schema publish lock fails due to a busy queue.
     """
-    supportsRetry: Boolean = False
+    supportsRetry: Boolean = false
   }
 
   input SchemaComposeInput {

packages/services/api/src/modules/shared/module.graphql.ts

@@ -7,12 +7,22 @@ export default gql`
   scalar JSONSchemaObject
   scalar SafeInt
 
+  extend schema
+    @link(url: "https://specs.apollo.dev/link/v1.0")
+    @link(url: "https://specs.apollo.dev/federation/v2.0", import: ["@tag"])
+
+  directive @link(url: String!, import: [String!]) repeatable on SCHEMA
+
+  directive @tag(
+    name: String!
+  ) repeatable on FIELD_DEFINITION | INTERFACE | OBJECT | UNION | ARGUMENT_DEFINITION | SCALAR | ENUM | ENUM_VALUE | INPUT_OBJECT | INPUT_FIELD_DEFINITION | SCHEMA
+
   type Query {
-    noop: Boolean
+    _: Boolean @tag(name: "public")
   }
 
   type Mutation {
-    noop(noop: String): Boolean
+    _: Boolean @tag(name: "public")
   }
 
   type PageInfo {

packages/services/api/src/modules/shared/resolvers/Mutation/_.ts

@@ -0,0 +1,5 @@
+import type { MutationResolvers } from './../../../../__generated__/types';
+
+export const _: NonNullable<MutationResolvers['_']> = async (_parent, _arg, _ctx) => {
+  return null;
+};

packages/services/api/src/modules/shared/resolvers/Mutation/noop.ts

@@ -0,0 +1,5 @@
+import type { QueryResolvers } from './../../../../__generated__/types';
+
+export const _: NonNullable<QueryResolvers['_']> = async (_parent, _arg, _ctx) => {
+  return null;
+};

packages/services/api/src/modules/shared/resolvers/Query/_.ts

@@ -94,7 +94,7 @@ export type SubgraphInput = {
 
 export function composeFederationV2(
   subgraphs: Array<SubgraphInput>,
-  logger: ServiceLogger,
+  logger?: ServiceLogger,
 ): ComposerMethodResult & {
   includesException?: boolean;
 } {
@@ -121,7 +121,7 @@ export function composeFederationV2(
       includesNetworkError: false,
     } as const;
   } catch (error) {
-    logger.error(error);
+    logger?.error(error);
     Sentry.captureException(error);
 
     return {

packages/services/api/src/modules/shared/resolvers/Query/noop.ts

@@ -22,11 +22,13 @@
     "@fastify/cors": "9.0.1",
     "@fastify/formbody": "7.4.0",
     "@graphql-hive/yoga": "workspace:*",
+    "@graphql-tools/merge": "9.0.24",
     "@graphql-yoga/plugin-persisted-operations": "3.9.0",
     "@graphql-yoga/plugin-response-cache": "3.9.0",
     "@graphql-yoga/redis-event-target": "3.0.2",
     "@hive/api": "workspace:*",
     "@hive/cdn-script": "workspace:*",
+    "@hive/schema": "workspace:*",
     "@hive/service-common": "workspace:*",
     "@hive/storage": "workspace:*",
     "@sentry/integrations": "7.114.0",

packages/services/schema/src/lib/compose.ts

@@ -33,7 +33,7 @@ import type { HivePersistedDocumentsConfig, HiveUsageConfig } from './environmen
 import { useArmor } from './use-armor';
 import { extractUserId, useSentryUser } from './use-sentry-user';
 
-const reqIdGenerate = hyperid({ fixedLength: true });
+export const reqIdGenerate = hyperid({ fixedLength: true });
 
 function hashSessionId(sessionId: string): string {
   return createHash('sha256').update(sessionId).digest('hex');
@@ -56,7 +56,7 @@ export interface GraphQLHandlerOptions {
   authN: AuthN;
 }
 
-interface Context extends RegistryContext {
+export interface Context extends RegistryContext {
   req: FastifyRequest;
   reply: FastifyReply;
   session: Session;
@@ -80,6 +80,30 @@ function hasFastifyRequest(ctx: unknown): ctx is {
   return !!ctx && typeof ctx === 'object' && 'req' in ctx;
 }
 
+export function useHiveErrorHandler(fallbackHandler: (err: Error) => void): Plugin {
+  return useErrorHandler(({ errors, context }): void => {
+    // Not sure what changed, but the `context` is now an object with a contextValue property.
+    // We previously relied on the `context` being the `contextValue` itself.
+    const ctx = ('contextValue' in context ? context.contextValue : context) as Context;
+
+    for (const error of errors) {
+      if (isGraphQLError(error) && error.originalError) {
+        console.error(error);
+        console.error(error.originalError);
+        continue;
+      } else {
+        console.error(error);
+      }
+
+      if (hasFastifyRequest(ctx)) {
+        ctx.req.log.error(error);
+      } else {
+        fallbackHandler(error);
+      }
+    }
+  });
+}
+
 function useNoIntrospection(params: {
   signature: string;
   isNonProductionEnvironment: boolean;
@@ -95,72 +119,77 @@ function useNoIntrospection(params: {
   };
 }
 
+export function useHiveSentry() {
+  return useSentry({
+    startTransaction: false,
+    renameTransaction: false,
+    /**
+     * When it's not `null`, the plugin modifies the error object.
+     * We end up with an unintended error masking, because the GraphQLYogaError is replaced with GraphQLError (without error.originalError).
+     */
+    eventIdKey: null,
+    operationName: () => 'graphql',
+    includeRawResult: false,
+    includeResolverArgs: false,
+    includeExecuteVariables: true,
+    configureScope(args, scope) {
+      // Get the operation name from the request, or use the operation name from the document.
+      const operationName =
+        args.operationName ??
+        args.document.definitions.find(isOperationDefinitionNode)?.name?.value ??
+        'unknown';
+
+      scope.setContext('Extra Info', {
+        operationName,
+        variables: JSON.stringify(args.variableValues),
+        operation: print(args.document),
+        userId: extractUserId(args.contextValue as any),
+      });
+    },
+    appendTags: ({ contextValue }) => {
+      const supertokens_user_id = extractUserId(contextValue as any);
+      const request_id = (contextValue as Context).requestId;
+
+      return {
+        supertokens_user_id,
+        request_id,
+      };
+    },
+    skip(args) {
+      // It's the readiness check
+      return args.operationName === 'readiness';
+    },
+  });
+}
+
+export function useHiveTracing(tracingProvider?: Parameters<typeof useOpenTelemetry>[1]) {
+  return useOpenTelemetry(
+    {
+      document: true,
+      resolvers: false,
+      result: false,
+      variables: variables => {
+        if (variables && typeof variables === 'object' && 'selector' in variables) {
+          return JSON.stringify(variables.selector);
+        }
+
+        return '';
+      },
+      excludedOperationNames: ['readiness'],
+    },
+    tracingProvider,
+  );
+}
+
 export const graphqlHandler = (options: GraphQLHandlerOptions): RouteHandlerMethod => {
   const server = createYoga<Context>({
     logging: options.logger,
     plugins: [
       useArmor(),
-      useSentry({
-        startTransaction: false,
-        renameTransaction: false,
-        /**
-         * When it's not `null`, the plugin modifies the error object.
-         * We end up with an unintended error masking, because the GraphQLYogaError is replaced with GraphQLError (without error.originalError).
-         */
-        eventIdKey: null,
-        operationName: () => 'graphql',
-        includeRawResult: false,
-        includeResolverArgs: false,
-        includeExecuteVariables: true,
-        configureScope(args, scope) {
-          // Get the operation name from the request, or use the operation name from the document.
-          const operationName =
-            args.operationName ??
-            args.document.definitions.find(isOperationDefinitionNode)?.name?.value ??
-            'unknown';
-
-          scope.setContext('Extra Info', {
-            operationName,
-            variables: JSON.stringify(args.variableValues),
-            operation: print(args.document),
-            userId: extractUserId(args.contextValue as any),
-          });
-        },
-        appendTags: ({ contextValue }) => {
-          const supertokens_user_id = extractUserId(contextValue as any);
-          const request_id = (contextValue as Context).requestId;
-
-          return {
-            supertokens_user_id,
-            request_id,
-          };
-        },
-        skip(args) {
-          // It's the readiness check
-          return args.operationName === 'readiness';
-        },
-      }),
+      useHiveSentry(),
       useSentryUser(),
-      useErrorHandler(({ errors, context }): void => {
-        // Not sure what changed, but the `context` is now an object with a contextValue property.
-        // We previously relied on the `context` being the `contextValue` itself.
-        const ctx = ('contextValue' in context ? context.contextValue : context) as Context;
-
-        for (const error of errors) {
-          if (isGraphQLError(error) && error.originalError) {
-            console.error(error);
-            console.error(error.originalError);
-            continue;
-          } else {
-            console.error(error);
-          }
-
-          if (hasFastifyRequest(ctx)) {
-            ctx.req.log.error(error);
-          } else {
-            server.logger.error(error);
-          }
-        }
+      useHiveErrorHandler(error => {
+        server.logger.error(error);
       }),
       useExtendContext(async context => ({
         session: await options.authN.authenticate(context),
@@ -237,24 +266,7 @@ export const graphqlHandler = (options: GraphQLHandlerOptions): RouteHandlerMeth
           },
         },
       ),
-      options.tracing
-        ? useOpenTelemetry(
-            {
-              document: true,
-              resolvers: false,
-              result: false,
-              variables: variables => {
-                if (variables && typeof variables === 'object' && 'selector' in variables) {
-                  return JSON.stringify(variables.selector);
-                }
-
-                return '';
-              },
-              excludedOperationNames: ['readiness'],
-            },
-            options.tracing.traceProvider(),
-          )
-        : {},
+      options.tracing ? useHiveTracing(options.tracing.traceProvider()) : {},
       useExecutionCancellation(),
     ],
     graphiql: !options.isProduction,