Should also have a minimal example

When running multiple mutations without a surrounding transaction it fails with an UNAUTHENTICATED error:

{ code: 'INTERNAL_SERVER_ERROR',
     exception:
      { message: 'AUTH.THROW.AUTHENTICATION_ERROR',
        name: 'QueryFailedError',
        length: 153,
        severity: 'ERROR',
        code: 'P0001',
        detail: undefined,
        hint: undefined,
        position: undefined,
        internalPosition: undefined,
        internalQuery: undefined,
        where: 'PL/pgSQL function _auth.current_user_id() line 28 at RAISE',
        schema: undefined,
        table: undefined,
        column: undefined,
        dataType: undefined,
        constraint: undefined,
        file: 'pl_exec.c',
        line: '3323',
        routine: 'exec_stmt_raise',
        query:
         'UPDATE "_graphql"."Some" SET "foo" = $1, "bar" = $2 WHERE id = $3;',
        parameters:
         [ '1',
           '2,
           '3',
           [length]: 3 ],
        stacktrace:
         [ 'QueryFailedError: AUTH.THROW.AUTHENTICATION_ERROR',
           '    at new QueryFailedError (/root/backend/src/error/QueryFailedError.ts:9:9)',
           '    at Query.callback (/root/backend/src/driver/postgres/PostgresQueryRunner.ts:178:30)',
           '    at Query.handleError (/root/backend/node_modules/pg/lib/query.js:142:17)',
           '    at Connection.connectedErrorMessageHandler (/root/backend/node_modules/pg/lib/client.js:211:17)',
           '    at Connection.emit (events.js:182:13)',
           '    at Connection.EventEmitter.emit (domain.js:441:20)',
           '    at TLSSocket.<anonymous> (/root/backend/node_modules/pg/lib/connection.js:126:12)',
           '    at TLSSocket.emit (events.js:182:13)',
           '    at TLSSocket.EventEmitter.emit (domain.js:441:20)',
           '    at addChunk (_stream_readable.js:283:12)',
           '    at readableAddChunk (_stream_readable.js:264:11)',
           '    at TLSSocket.Readable.push (_stream_readable.js:219:10)',
           '    at TLSWrap.onStreamRead [as onread] (internal/stream_base_commons.js:94:17)',
           [length]: 14 ] } } }

• File-Storage
• validator with decorators instead of sql https://github.com/typestack/class-validator
• Permissions über Decorators und Generierung der graphql Views über typeorm
• Expressions über Decorators
• UpdateDateColumn and CreateDateColumn decorators; also set dates when updated by query. Expose typeorm.Version

Package

• db ?
• schema-builder ?

Description / Use Case for a Feature

Enable custom column.

Package

• db
• schema-builder

Describe the bug

In the example below, Project has a relation to ProjectComment for the field comments. Because comments is decorated with QueryPermissions the schema-builder generates the SDL for the subquery for ProjectComment naming the ProjectCommentFilter as type for the optional where parameter of the subquery. Since ProjectComment does not have a decorator for QueryPermissions or MutationPermissions, it does not create the SDL type ProjectCommentFilter leading to the error, shown below.

Solution: Either withdraw the QueryPermissions from comments or give ProjectComment permissions.

To Reproduce

@Entity()
export default class Project extends BaseEntity {
  @PrimaryGeneratedColumn()
  public readonly id!: string;

  @Column({ type: "varchar", gqlType: "String", nullable: true })
  public comment!: string;

  @OneToMany((type) => ProjectComment, "project")
  @QueryPermissions(anyone())
  public comments!: ProjectComment[];
}

@Entity()
export default class ProjectComment extends BaseEntity {
  @PrimaryGeneratedColumn()
  public readonly id!: string;

  @Column({ type: "varchar", gqlType: "String", nullable: true })
  public comment!: string;

  @ManyToOne((type) => Project, "comments")
  public project!: Project;
}

one:b624d9:BootLoader:error 2019-08-07T17:34:34+0300 <error> index.js:80 (BootLoader.<anonymous>) BootLoader.boot.error.caught: Error: Type "ProjectCommentFilter" not found in document.

Expected behavior

To be discussed.

Package

• db

Description / Use Case for a Feature

Add triggers to entities via decorator, e.g. @Entity( trigger: { ... } ). Add some predefined options like updatable, deletable and validate.

Package

• auth

Describe the bug

getUserAuthentication has no queryRunner
https://github.com/fullstack-build/fullstack-one/blob/master/packages/auth/lib/index.ts#L250

https://fullstackone.slack.com/archives/CKJJWLF17/p1564736159005500

We decided to rename permissions/_typenames to views/_viewnames.

When I create a computed column like this

finishedProduction: Boolean! @computed(expression: "FinishedProduction", params: {})

the migration will try to add a NOT NULL Constraint to a not existing column:

one:3407d7:DbSchemaBuilder:trace 2018-11-22T00:31:37+0100 <trace> index.js:235 (DbSchemaBuilder.<anonymous>) migration.sql.statement ALTER TABLE "public"."Order" ALTER COLUMN "finishedProduction" SET NOT NULL; +1ms
  one:3407d7:DbSchemaBuilder:warn  2018-11-22T00:31:37+0100 <warn> index.js:256 (DbSchemaBuilder.<anonymous>) migration.rollback +1ms
  one:3407d7:AutoMigrate:warn  2018-11-22T00:31:37+0100 <warn> index.js:73 (AutoMigrate.<anonymous>) runMigration.error { error: column "finishedProduction" of relation "Order" does not exist
  one:3407d7:AutoMigrate:warn     at Connection.parseE (/Users/hex0r/GitLab/doenastie/backend/node_modules/pg/lib/connection.js:554:11)
  one:3407d7:AutoMigrate:warn     at Connection.parseMessage (/Users/hex0r/GitLab/doenastie/backend/node_modules/pg/lib/connection.js:379:19)
  one:3407d7:AutoMigrate:warn     at Socket.<anonymous> (/Users/hex0r/GitLab/doenastie/backend/node_modules/pg/lib/connection.js:119:22)
  one:3407d7:AutoMigrate:warn     at Socket.emit (events.js:182:13)
  one:3407d7:AutoMigrate:warn     at Socket.EventEmitter.emit (domain.js:442:20)
  one:3407d7:AutoMigrate:warn     at addChunk (_stream_readable.js:283:12)
  one:3407d7:AutoMigrate:warn     at readableAddChunk (_stream_readable.js:264:11)
  one:3407d7:AutoMigrate:warn     at Socket.Readable.push (_stream_readable.js:219:10)
  one:3407d7:AutoMigrate:warn     at TCP.onStreamRead [as onread] (internal/stream_base_commons.js:94:17)
  one:3407d7:AutoMigrate:warn   name: 'error',
  one:3407d7:AutoMigrate:warn   length: 127,
  one:3407d7:AutoMigrate:warn   severity: 'ERROR',
  one:3407d7:AutoMigrate:warn   code: '42703',
  one:3407d7:AutoMigrate:warn   detail: undefined,
  one:3407d7:AutoMigrate:warn   hint: undefined,
  one:3407d7:AutoMigrate:warn   position: undefined,
  one:3407d7:AutoMigrate:warn   internalPosition: undefined,
  one:3407d7:AutoMigrate:warn   internalQuery: undefined,
  one:3407d7:AutoMigrate:warn   where: undefined,
  one:3407d7:AutoMigrate:warn   schema: undefined,
  one:3407d7:AutoMigrate:warn   table: undefined,
  one:3407d7:AutoMigrate:warn   column: undefined,
  one:3407d7:AutoMigrate:warn   dataType: undefined,
  one:3407d7:AutoMigrate:warn   constraint: undefined,
  one:3407d7:AutoMigrate:warn   file: 'tablecmds.c',
  one:3407d7:AutoMigrate:warn   line: '5796',
  one:3407d7:AutoMigrate:warn   routine: 'ATExecSetNotNull' } +3ms

However, without ! everything works fine:

finishedProduction: Boolean @computed(expression: "FinishedProduction", params: {})

The graphql endpoint should detect if the queries contains user-specific data.

If none of the queries include that the cache-control can be set to public. Otherwise it's private.

https://developers.google.com/web/fundamentals/performance/optimizing-content-efficiency/http-caching?hl=de

Package

• db

Description / Use Case for a Feature

Currently it is not possible to define a default expression for relations. This was possible with GQL-Type-Definitions.

Example:

@Entity()
export default class Post extends BaseEntity {
  @PrimaryGeneratedColumn()
  public id: string;

  @Column({ gqlType: "String", type: "character varying" })
  public title: string;

  @ManyToOne((type) => User, "posts", { default: () => { return "_auth.current_user_id()" } })
  public owner: User;
}

If I don't allow to set the owner over GQL the post will be owned by the current user by default without forcing the user to submit an ownerId.

Maybe this is relevant: typeorm/typeorm#2427

Package

• auth

Description / Use Case for a Feature

We need some way limit the number of AuthFactorProofToken - usages.

Eg.:
A user gets an email with an AuthFactorProofToken to reset his password. At the moment he can reset the password again and again as long as the token is valid.

This is not a huge problem, however we should be able to control this.

Currently we return

{
  "data": {
    "createFile": null
  },
  "errors": [
    {
      "message": "jwt must be provided",
      "locations": [
        {
          "line": 2,
          "column": 3
        }
      ],
      "path": [
        "createFile"
      ]
    }
  ]
}

when the user is not authenticated.

I would prefer something more direct.

https://typeorm.io/#/listeners-and-subscribers/afterload

• Detect for each view if it contains a current_user_id() call. Flag them with authRequired = true if they do.
• If a user is not authenticated exclude the auth-views from views.

Package

db

Info

@david Was mir schonmal auffällt ist, dass am @manytomany keine Parameter erlaubt sind. Aktuell nutze ich:
@ManyToOne((type) => User, { eager: true, onDelete: "CASCADE", onUpdate: "CASCADE" })
David [vor 2 Stunden]
FYI: kann sein, dass du ein bisschen Zeug vom DbGeneralPool zum ORM migrieren musst.

David [vor 2 Stunden]
onDelete: "CASCADE", onUpdate: "CASCADE" funktionieren nicht für Postgres.
Used only in MySQL
https://typeorm.io/#/decorator-reference/column

Eugene [vor 2 Stunden]
ich habe mich vertippt, @manytoone
Und Postgres unetrstützt es und bisher hatten wir das auch und fide ich mega wichtig

Just a list of Ideas to not forget them: (Please add more)

Query-Builder

• Nested Mutations (Insert, Update, Delete)

Permission-System

• Permissions for custom resolvers (It would be cool, to set permission-expressions for custom mutations and queries)
• Permissions for custom HTTP endpoints (It would be cool, to set permission-expressions for custom HTTP (REST) endpoints)

• Option enum should create a type in postgres

query: CREATE TYPE "User_size_enum" AS ENUM('small', 'medium', 'large')

• Was passiert wenn das enum im pg als type angelegt wird und ein neuer value hinzugefügt wird im ts?

Geht im Prinzip schon (siehe log). Aber wenn XXX_CREATE_ME und XXX_READ_AUTH (/_PUBLIC) existiert, passiert QueryFailedError: cannot alter type of a column used by a view or rule.
query: START TRANSACTION
query: ALTER TYPE "public"."User_size_enum" RENAME TO "User_size_enum_old"
query: CREATE TYPE "User_size_enum" AS ENUM('small', 'medium', 'large', 'superLarge')
query: ALTER TABLE "User" ALTER COLUMN "size" TYPE "User_size_enum" USING "size"::"text"::"User_size_enum"
query: DROP TYPE "User_size_enum_old"
query: COMMIT

• Entities with EntityOptions and Directives
• Support schema -> entity.schema to @table(schemaName: "public")

@entity({ schema: "other" })
export default class Photo extends typeorm.BaseEntity
creates
type Photo @table(schemaName: "other")

• db Paket

  • Brauchen wir noch den DbGeneralPool? -> Kann weg, wenn wir an den pool von typeorm kommen
  • Brauchen wir noch den DbAppClient? -> Kann weg. Hier sollte man noch testen wie sich transactions auf einer connection verhalten und ob man überhaupt mehrere connections benötigt.
  • Adjust typeorm pool size gracefully

• Fehler: Bei Create GraphQLError: No uuid has been generated in this transaction.

• Fehlermeldungen ergänzen: bspw. wenn enumName da ist aber enum fehlt.

• Migrations sollten auch nach dem npm run build ausführbar sein, jedes one paket registriert seine migrations

• Migrations von fullstack paketen sollte beim booten programatisch gestartet werden.

• inverSide argument for both OneToMany and ManyToOne. Are self-referencing relations possible?

• Unique over multiple Columns -> @unique from typeorm

• Indices

• Completly hide typeorm behind db

• rename migration table to "_migrations"

• Fix: QueryFailedError: relation "Photo" already exists (Die Synchronisation failed)

• events do not work (at least on Davids Ubuntu if he uses his Docker Postgres)

• Auth Decorators (privacyAgreementAcceptedVersion, ...)

• Schema Builder decorators (computed, ...)

• Documentation: orm-example/README.md db/ORM/README.md

Example:

type Station @table @versioning {
  id: ID! @unique
  parentStation: Station @relation(name: "Station_Parent")
  childStations: [Station!] @relation(name: "Station_Parent")
  name: String
}

The second part of the relation (childStations) will not be in dbMeta. However, it should.

Package

• schema-builder

Description / Use Case for a Feature

https://fullstackone.slack.com/archives/CBW1A9CU9/p1564954934001000

This is very similar to #18.

When trying to add a computed column of Gql-Type ID, the migration will try to set the default of the computed column to the uuid-function:

storeId: ID @computed(expression: "StoreIdFromOrder")

Error:

 one:d490c7:DbSchemaBuilder:trace 2018-11-22T16:21:27+0100 <trace> index.js:235 (DbSchemaBuilder.<anonymous>) migration.sql.statement ALTER TABLE "public"."Order" ALTER COLUMN "storeId" SET DEFAULT _meta.uuid_generate_v4(); +1ms
  one:d490c7:DbSchemaBuilder:warn  2018-11-22T16:21:27+0100 <warn> index.js:256 (DbSchemaBuilder.<anonymous>) migration.rollback +2ms
  one:d490c7:AutoMigrate:warn  2018-11-22T16:21:27+0100 <warn> index.js:73 (AutoMigrate.<anonymous>) runMigration.error { error: column "storeId" of relation "Order" does not exist
  one:d490c7:AutoMigrate:warn     at Connection.parseE (/Users/hex0r/GitLab/doenastie/backend/node_modules/pg/lib/connection.js:554:11)
  one:d490c7:AutoMigrate:warn     at Connection.parseMessage (/Users/hex0r/GitLab/doenastie/backend/node_modules/pg/lib/connection.js:379:19)
  one:d490c7:AutoMigrate:warn     at Socket.<anonymous> (/Users/hex0r/GitLab/doenastie/backend/node_modules/pg/lib/connection.js:119:22)
  one:d490c7:AutoMigrate:warn     at Socket.emit (events.js:182:13)
  one:d490c7:AutoMigrate:warn     at Socket.EventEmitter.emit (domain.js:442:20)
  one:d490c7:AutoMigrate:warn     at addChunk (_stream_readable.js:283:12)
  one:d490c7:AutoMigrate:warn     at readableAddChunk (_stream_readable.js:264:11)
  one:d490c7:AutoMigrate:warn     at Socket.Readable.push (_stream_readable.js:219:10)
  one:d490c7:AutoMigrate:warn     at TCP.onStreamRead [as onread] (internal/stream_base_commons.js:94:17)
  one:d490c7:AutoMigrate:warn   name: 'error',
  one:d490c7:AutoMigrate:warn   length: 119,
  one:d490c7:AutoMigrate:warn   severity: 'ERROR',
  one:d490c7:AutoMigrate:warn   code: '42703',
  one:d490c7:AutoMigrate:warn   detail: undefined,
  one:d490c7:AutoMigrate:warn   hint: undefined,
  one:d490c7:AutoMigrate:warn   position: undefined,
  one:d490c7:AutoMigrate:warn   internalPosition: undefined,
  one:d490c7:AutoMigrate:warn   internalQuery: undefined,
  one:d490c7:AutoMigrate:warn   where: undefined,
  one:d490c7:AutoMigrate:warn   schema: undefined,
  one:d490c7:AutoMigrate:warn   table: undefined,
  one:d490c7:AutoMigrate:warn   column: undefined,
  one:d490c7:AutoMigrate:warn   dataType: undefined,
  one:d490c7:AutoMigrate:warn   constraint: undefined,
  one:d490c7:AutoMigrate:warn   file: 'tablecmds.c',
  one:d490c7:AutoMigrate:warn   line: '5853',
  one:d490c7:AutoMigrate:warn   routine: 'ATExecColumnDefault' } +3ms

In general db-migrations should just ignore columns with the @computed directive completely.

When Aiven is switching the Database due to automatic maintenance one seems not to be able to reconnect properly.

Also, the server does not crash, which would trigger a restart and thus a reconnect.

Currently it just loses the database-connection and gets unresponsive.

Package

all

Info

Github says that we have vulnerability issues. We need to update some packages.

Default values are not set when migrating an enum filed.

• Allow with a certain limit
• Check functionality

Package

• db

Describe the bug
If a field is added to an entitiy and at the same time permissions are added, one fails on startup, because gql views are created before typeorm synchronizes the database. Ergo, column is missing during view creation.

To Reproduce
Steps to reproduce the behavior:

1. Add a field to an entitiy
2. Add this field to createViews permissions

Expected behavior
Should not fail. (1) typeorm migrations (2) typeorm syncronization (3) graphql view and trigger migrations
https://github.com/fullstack-build/fullstack-one/blob/master/packages/db/lib/index.ts#L67

Typeorm leaves out JoinColumns like userId when creating tables for @OneToOneJoinColumn and for @ManyToOne if the entity file is not imported. See orm-example in https://github.com/fullstack-build/fullstack-one/blob/0ca8b3709d5ca772351c38c57b871742992bfaa6/examples/orm-example/index.ts

Package

• auth
• boot-loader / graceful-shutdown
• config
• db
• events
• file-storage
• graphql
• notifications
• queue
• schema-builder
• server

Description / Use Case for a Feature

An empty schema.gql should not be required to make the framework start. The framework currently fails because type Mutation is inserted into the complete SDL but does not hold any mutation.

extend type Mutation {

  """
  Some Mutation
  """
  someMutation: String! @custom(resolver: "someMutation")
}

extend type Query {

  """
  Some Query
  """
  someQuery: String! @custom(resolver: "someQuery")

}

Package

• schema-builder

A lot of code got obsolete after #55 and related PRs.

Package

• db
• schema-builder

Description / Use Case for a Feature

TypeGraphql's approach can be used as inspiration. https://typegraphql.ml/docs/resolvers.html

Package

• auth
• notifications

Description / Use Case for a Feature
To avoid possible DDos attacks on the external email and other receiving addresses, a rate-limiter shall be included in all notifications distributed by the system, e.g. 2FA SMS and so on.
Architectural integration (auth or notification) to be discussed.

Somewhere LoggerFactory is Injected, which injects Config, which does not find a config/default.js in .../node_modules/ava/....

https://github.com/fullstack-build/fullstack-one/blob/8053b2be50d478fbd6085e6c1530d8649cb49ac4/packages/graphql/lib/index.ts#L208

apollographql/apollo-server#322

Package

• db

Description / Use Case for a Feature

Include the currently logged in userId as extra column in the auditing table. If no user is logged store null.

SchemaBuilder is generating invalid SQL when running a mutation without changing anything.

Package

• db
• schema-builder

Description / Use Case for a Feature

Based on the proposal by @dustin https://gist.github.com/dustin-H/da58e0e831cbaabeb806b4b62920faa8

Package

• db

Description / Use Case for a Feature

Currently, one has to define the type for postgres, graphql and typescript explicitly like @Column({ type: "integer", gqlType: "Int" }) public count: number;.

Basic types like, number string boolean or any might be detected automatically using reflections and the postgres and graphql types will be set respectively. In contrasts, if the types do not match up, e.g. @Column({ type: "boolean", gqlType: "Int" }) public name: string;,, warnings or errors can be logged or thrown.

Always Returns "No uuid has been generated in this transaction."

The createdAt trigger is setting a wrong date and the updatedAt trigger is reducing decimal points.

Package

• db

Description / Use Case for a Feature

E.g. an entity has a column address. In postgres the data type for address shall be json, but in the graphql endpoint address shall be type Address { street: String!, postalCode: String!, ... } and in Typescript this property shall have a similar interface as for the graphql endpoint.

Package

• I do not know.
• auth
• boot-loader / graceful-shutdown
• config
• db
• events
• file-storage
• graphql
• notifications
• queue
• schema-builder
• server

Describe the bug
When user is not logged in, createFile mutation fails with a technical error.

To Reproduce
Execute mutation without being logged in.

Expected behavior
Not authenticated exception.

Additional context

  one:42095f:Auth:warn  2019-07-26T16:06:57+0300 <warn> AuthQueryHelper.js:189 (AuthQueryHelper.<anonymous>) authenticateTransaction.error { TypeError: Cannot read property 'split' of undefined

Proposal:

1. One user for the migrations, who can write all schemas.
2. One user for the subsequent connection pool, who cannot read or write the meta schema.

Package

• db
• schema-builder

Description / Use Case for a Feature

Make the old @version directive work again. Or more general, provide a way to provide versioning on tables, e.g. using JSON diff.

• Auth
• FileStorage
• Versions

When moved to different schemas, we need to allow the USAGE to the general db-user:

GRANT USAGE ON SCHEMA ${schemaName} TO ${applicationUserName};

The reason is probably this: https://www.heise.de/newsticker/meldung/Firefox-59-verschleiert-Referrer-fuer-besseren-Datenschutz-3960175.html

So we need to create a security hole for this by ignoring missing referrer header.

• date is localized in typeorm when loading a timestamp without time zone