Fix issues with JWT auth

config/prod.yml

@@ -41,40 +41,6 @@ enable_tracing: true
 # SG_AUTH_RAILS_REDIS_PASSWORD
 # SG_AUTH_JWT_PUBLIC_KEY_FILE
 
-# inflections:
-#   person: people
-#   sheep: sheep
-
-auth: 
-  # Can be 'rails' or 'jwt'
-  type: rails
-  cookie: _app_session
-
-  rails:
-    # Rails version this is used for reading the
-    # various cookies formats.
-    version: 5.2
-
-    # Found in 'Rails.application.config.secret_key_base'
-    secret_key_base: 0a248500a64c01184edb4d7ad3a805488f8097ac761b76aaa6c17c01dcb7af03a2f18ba61b2868134b9c7b79a122bc0dadff4367414a2d173297bfea92be5566
-    
-    # Remote cookie store. (memcache or redis)
-    # url: redis://127.0.0.1:6379
-    # password: test
-    # max_idle: 80,
-    # max_active: 12000,
-
-    # In most cases you don't need these
-    # salt: "encrypted cookie"
-    # sign_salt: "signed encrypted cookie"
-    # auth_salt: "authenticated encrypted cookie"
-
-  # jwt:
-  #   provider: auth0
-  #   secret: abc335bfcfdb04e50db5bb0a4d67ab9
-  #   public_key_file: /secrets/public_key.pem
-  #   public_key_type: ecdsa #rsa
-
 database:
   type: postgres
   host: db

docs/.vuepress/components/HomeLayout.vue

@@ -24,6 +24,12 @@
               :item="actionLink"
             />
 
+            <a
+              class="px-4 py-3 my-8 border-2 border-gray-500 text-gray-600 font-bold rounded"
+              href="https://github.com/dosco/super-graph"
+              target="_blank"
+            >Github</a>
+
           </div>
         </div>
 

docs/.vuepress/config.js

@@ -1,6 +1,11 @@
+let ogprefix = 'og: http://ogp.me/ns#'
+let title = 'Super Graph'
+let description = 'An instant GraphQL API for your app. No code needed.'
+let color = '#f42525'
+
 module.exports = {
-  title: 'Super Graph',
-  description: 'Get an instant GraphQL API for your Rails apps.',
+  title: title,
+  description: description,
 
   themeConfig: {
     logo: '/hologram.svg',
@@ -15,6 +20,22 @@ module.exports = {
     serviceWorker: {
       updatePopup: true
     },
+
+    head: [
+      //['link', { rel: 'icon', href: `/assets/favicon.ico` }],
+      ['meta', { prefix: ogprefix, property: 'og:title', content: title }],
+      ['meta', { prefix: ogprefix, property: 'twitter:title', content: title }],
+      ['meta', { prefix: ogprefix, property: 'og:type', content: 'website' }],
+      ['meta', { prefix: ogprefix, property: 'og:url', content: 'https://supergraph.dev }],
+      ['meta', { prefix: ogprefix, property: 'og:description', content: description }],
+      //['meta', { prefix: ogprefix, property: 'og:image', content: 'https://wireupyourfrontend.com/assets/logo.png' }],
+      // ['meta', { name: 'apple-mobile-web-app-capable', content: 'yes' }],
+      // ['meta', { name: 'apple-mobile-web-app-status-bar-style', content: 'black' }],
+      // ['link', { rel: 'apple-touch-icon', href: `/assets/apple-touch-icon.png` }],
+      // ['link', { rel: 'mask-icon', href: '/assets/safari-pinned-tab.svg', color: color }],
+      // ['meta', { name: 'msapplication-TileImage', content: '/assets/mstile-150x150.png' }],
+      // ['meta', { name: 'msapplication-TileColor', content: color }],
+  ],
   },
 
   postcss: {

docs/guide.md

@@ -1149,11 +1149,11 @@ web_ui: true
 # debug, info, warn, error, fatal, panic
 log_level: "debug"
 
-# Disable this in development to get a list of 
-# queries used. When enabled super graph
-# will only allow queries from this list
-# List saved to ./config/allow.list
-use_allow_list: false
+# When production mode is 'true' only queries 
+# from the allow list are permitted.
+# When it's 'false' all queries are saved to the
+# the allow list in ./config/allow.list
+production: false
 
 # Throw a 401 on auth failure for queries that need auth
 auth_fail_block: false

migrate/migrate.go

@@ -16,7 +16,7 @@ import (
 	"github.com/pkg/errors"
 )
 
-var migrationPattern = regexp.MustCompile(`\A(\d+)_.+\.sql\z`)
+var migrationPattern = regexp.MustCompile(`\A(\d+)_[^\.]+\.sql\z`)
 
 var ErrNoFwMigration = errors.Errorf("no sql in forward migration step")
 
@@ -127,7 +127,7 @@ func FindMigrationsEx(path string, fs MigratorFS) ([]string, error) {
 			return nil, err
 		}
 
-		mcount := len(paths) + 100
+		mcount := len(paths)
 
 		if n < int64(mcount) {
 			return nil, fmt.Errorf("Duplicate migration %d", n)

psql/query.go

@@ -191,15 +191,15 @@ func (c *compilerContext) processChildren(sel *qcode.Select, ti *DBTableInfo) (u
 			fallthrough
 		case RelBelongTo:
 			if _, ok := colmap[rel.Col2]; !ok {
-				cols = append(cols, &qcode.Column{ti.Name, rel.Col2, rel.Col2})
+				cols = append(cols, &qcode.Column{Table: ti.Name, Name: rel.Col2, FieldName: rel.Col2})
 			}
 		case RelOneToManyThrough:
 			if _, ok := colmap[rel.Col1]; !ok {
-				cols = append(cols, &qcode.Column{ti.Name, rel.Col1, rel.Col1})
+				cols = append(cols, &qcode.Column{Table: ti.Name, Name: rel.Col1, FieldName: rel.Col1})
 			}
 		case RelRemote:
 			if _, ok := colmap[rel.Col1]; !ok {
-				cols = append(cols, &qcode.Column{ti.Name, rel.Col1, rel.Col2})
+				cols = append(cols, &qcode.Column{Table: ti.Name, Name: rel.Col1, FieldName: rel.Col2})
 			}
 			skipped |= (1 << uint(id))
 

qcode/cleanup.sh

@@ -0,0 +1,2 @@
+#!/bin/sh
+cd corpus && rm -rf $(find . ! -name '00?.gql')

qcode/qcode.go

@@ -577,7 +577,7 @@ func (com *Compiler) compileArgID(sel *Select, arg *Arg) error {
 	case nodeVar:
 		ex.Type = ValVar
 	default:
-		fmt.Errorf("expecting a string, int, float or variable")
+		return fmt.Errorf("expecting a string, int, float or variable")
 	}
 
 	sel.Where = ex

serv/auth_jwt.go

@@ -95,8 +95,11 @@ func jwtHandler(next http.HandlerFunc) http.HandlerFunc {
 			} else {
 				ctx = context.WithValue(ctx, userIDKey, claims.Subject)
 			}
+
 			next.ServeHTTP(w, r.WithContext(ctx))
+			return
 		}
+
 		next.ServeHTTP(w, r)
 	}
 }

serv/cmd_migrate.go

@@ -124,7 +124,7 @@ func cmdDBNew(cmd *cobra.Command, args []string) {
 		os.Exit(1)
 	}
 
-	mname := fmt.Sprintf("%03d_%s.sql", len(m)+100, name)
+	mname := fmt.Sprintf("%d_%s.sql", len(m), name)
 
 	// Write new migration
 	mpath := filepath.Join(conf.MigrationsPath, mname)

serv/core.go

@@ -325,7 +325,7 @@ func (c *coreContext) resolveRemote(
 		ob.WriteString("null")
 	}
 
-	to[0] = jsn.Field{[]byte(s.FieldName), ob.Bytes()}
+	to[0] = jsn.Field{Key: []byte(s.FieldName), Value: ob.Bytes()}
 	return to, nil
 }
 
@@ -402,7 +402,7 @@ func (c *coreContext) resolveRemotes(
 				ob.WriteString("null")
 			}
 
-			to[n] = jsn.Field{[]byte(s.FieldName), ob.Bytes()}
+			to[n] = jsn.Field{Key: []byte(s.FieldName), Value: ob.Bytes()}
 		}(i, id, s)
 	}
 	wg.Wait()

serv/http.go

@@ -77,16 +77,14 @@ func apiv1Http(w http.ResponseWriter, r *http.Request) {
 	}
 
 	b, err := ioutil.ReadAll(io.LimitReader(r.Body, maxReadBytes))
-	defer r.Body.Close()
-
 	if err != nil {
 		logger.Err(err).Msg("failed to read request body")
 		errorResp(w, err)
 		return
 	}
+	defer r.Body.Close()
 
 	err = json.Unmarshal(b, &ctx.req)
-
 	if err != nil {
 		logger.Err(err).Msg("failed to decode json request body")
 		errorResp(w, err)
@@ -109,10 +107,10 @@ func apiv1Http(w http.ResponseWriter, r *http.Request) {
 	if err != nil {
 		logger.Err(err).Msg("failed to handle request")
 		errorResp(w, err)
+		return
 	}
 }
 
 func errorResp(w http.ResponseWriter, err error) {
-	w.WriteHeader(http.StatusBadRequest)
 	json.NewEncoder(w).Encode(gqlResp{Error: err.Error()})
 }

serv/serv.go

@@ -169,6 +169,7 @@ func routeHandler() http.Handler {
 	mux := http.NewServeMux()
 
 	mux.Handle("/api/v1/graphql", withAuth(apiv1Http))
+
 	if conf.WebUI {
 		mux.Handle("/", http.FileServer(rice.MustFindBox("../web/build").HTTPBox()))
 	}

tmpl/dev.yml

@@ -1,4 +1,4 @@
-app_name: "{{app_name}} Development"
+app_name: "{% app_name %} Development"
 host_port: 0.0.0.0:8080
 web_ui: true
 
@@ -48,7 +48,7 @@ migrations_path: ./config/migrations
 auth:
   # Can be 'rails' or 'jwt'
   type: rails
-  cookie: _{{app_name_slug}}_session
+  cookie: _{% app_name_slug %}_session
 
   # Comment this out if you want to disable setting
   # the user_id via a header for testing. 
@@ -84,7 +84,7 @@ database:
   type: postgres
   host: db
   port: 5432
-  dbname: {{app_name_slug}}_development
+  dbname: {% app_name_slug %}_development
   user: postgres
   password: ''
 

tmpl/docker-compose.yml

@@ -1,4 +1,4 @@
-version: '3'
+version: '3.4'
 services:
   db:
     image: postgres

tmpl/prod.yml

@@ -2,7 +2,7 @@
 # so I only need to overwrite some values
 inherits: dev
 
-app_name: "{{app_name}} Production"
+app_name: "{% app_name %} Production"
 host_port: 0.0.0.0:8080
 web_ui: false
 
@@ -40,45 +40,11 @@ enable_tracing: true
 # SG_AUTH_RAILS_REDIS_PASSWORD
 # SG_AUTH_JWT_PUBLIC_KEY_FILE
 
-# inflections:
-#   person: people
-#   sheep: sheep
-
-auth: 
-  # Can be 'rails' or 'jwt'
-  type: rails
-  cookie: _{{app_name_slug}}_session
-
-  rails:
-    # Rails version this is used for reading the
-    # various cookies formats.
-    version: 5.2
-
-    # Found in 'Rails.application.config.secret_key_base'
-    secret_key_base: 0a248500a64c01184edb4d7ad3a805488f8097ac761b76aaa6c17c01dcb7af03a2f18ba61b2868134b9c7b79a122bc0dadff4367414a2d173297bfea92be5566
-    
-    # Remote cookie store. (memcache or redis)
-    # url: redis://127.0.0.1:6379
-    # password: test
-    # max_idle: 80,
-    # max_active: 12000,
-
-    # In most cases you don't need these
-    # salt: "encrypted cookie"
-    # sign_salt: "signed encrypted cookie"
-    # auth_salt: "authenticated encrypted cookie"
-
-  # jwt:
-  #   provider: auth0
-  #   secret: abc335bfcfdb04e50db5bb0a4d67ab9
-  #   public_key_file: /secrets/public_key.pem
-  #   public_key_type: ecdsa #rsa
-
 database:
   type: postgres
   host: db
   port: 5432
-  dbname: {{app_name_slug}}_development
+  dbname: {% app_name_slug %}_development
   user: postgres
   password: ''
   #pool_size: 10