Lawn-hiro-api NPM

LawnHiro GraphQL API

Steps to run this project:

Run npm i command
Setup .env file
Run npm start command

.env file parts

Various mysql connection information. In production, this'll be set in the environment variables of the container

MYSQL_USER= SQLusername \ MYSQL_PASSWORD= SQLpassword \ MYSQL_HOST= SQL server host url \ MYSQL_DATABASE= SQL database name

Turn on dev mode

NODE_ENV=development

an arbitrary key that will be used to encrypt JWT in the application. This should be unique per server, non-volatile, and a secret

PRIVATE_KEY= random string of garbage

Email URL

BASE_CLIENT_URL=localhost:3000 IMAGE_SERVE_URL=development-latest.lawnhiro.com

FUTURE VERSION

2/2/2023 Investigated updating packages to new major versions

Apollo

Updating apollo will remove most of the current dependencies in favor of @Apollo-server which will result in mostly deep imports being changed througout the app. Another pain point is the removal of ApolloError type in favor of GraphqlError type. Lastly the server.ts file will need to be rewritten in the new style.

type-graphql

Type graphql has a beta out at time of writing to be capable ot updating graphql to >16.0.0 and along with it typeorm will update fine. Curernt pain point is type-graphql-dataloader as it has yet to update to support apollo 4.0.0 and the beta branch of type-graphql, it does however have a pull request to support current typeorm version which will cause a breaking change so we don't have to fix it ourselves.

Typescript will need to be updated to a slightly newer version as well but that might already be done by the time this is revisited.

@isoftdata/utility-typegraphql-api

This support package will need to be updated with a new major version to work with the new versions of apollo and graphql etc.

5/25/2023 Updating package before a merge found a few more packages that need to be updated after graphql gets updated (Which depends on the above dataloader)

graphql-scalars

Any version greater than 1.17.0 requires a newer version of graphql(Regardless of its package.json being wrong on its peer dependencies).

@types/express

This is less pressing and has less impact but it depends on the @isoftdata/utility-typegraphql-api being updated to use a newer version itself.

Class validator

(DS - 10/11/2023) This is currently a downstream dependency of typeorm, though they are more loosely coupled in typeorm v2.0. In class-validator 0.14 they added some new arguments which default to more extreme values that cause errors, namely skipMissingProperties and forbidUnknownValues. We can't affect them in typeorm v1.* since its used internally and according to the docs at https://typegraphql.com/docs/validation.html in v2.0, those values are flipped safely off because graphql covers those issues. For now the vulnerabilities associated with this are marked as not an issue.

Current outdated packages

@types/express graphql graphql-scalars type-graphql typeorm class-validator

Packages needed to update to update the outdated Packages

@isoftdata/utility-typegraphql-api type-graphql-dataloader Apollo 3 -> Apollo 4

Node version 18/20

Currently this project has been tested in and uses node 16 in production. The only known incompatibility with node 18 is dropped support for --tls-min-v1.1, which is necessary for developers to connect to the production MySQL server with SSL (which is required).

To migrate to node 18/20 support, the Dockerfile needs to change the production from, the engines section of package.json needs adjusted. To move forward in this state without tls 1.1, developers will need users on production that do not require SSL, or the production (and preferrably dev) database need to be updated to mysql 8, or developers will have to simply ignore the incompatibility by doing npm i --force too skip over the fact that their local node version is not the one this project requires.