Skip to content
Snippets Groups Projects
Select Git revision
  • main default protected
  • production protected
  • renovate/graphql-mesh
  • renovate/europe-north1-docker.pkg.dev-holi-shared-docker-hub-remote-node-23.x
  • renovate/graphql-16.x-lockfile
  • posthog-feature-flags
  • NOISSUE_upgrade-graphql-mesh
  • HOTFIX-remove-translation-api-cache
  • HOLI-6362-private-hmac-endpoint
  • HOLI-4677-snyk-scanning
  • release/1.6.0
  • NOISSUE_update-graphql-mesh-deps
  • HOLI-10281_build-reproducable-docker-container
  • release/1.51.0
  • release/1.50.0
  • release/1.49.0
  • release/1.48.0
  • release/1.47.0
  • release/1.46.0
  • release/1.44.0
  • release/1.43.0
  • release/1.42.0
  • release/1.41.0
  • release/1.40.0
  • release/1.39.0
  • release/1.38.0
  • release/1.37.0
  • release/1.36.1
  • release/1.36.0
  • release/1.35.0
  • release/1.32.0
  • release/1.31.0
  • release/1.29.0
33 results
Compare
Name Last commit Last update
.yarn/releases
handlers
oathkeeper
s6
smoketest
terraform
.dockerignore
.envrc
.envrc.local.template
.eslintrc.cjs
.gitignore
.gitlab-ci.yml
.gitleaksignore
.meshrc.yml
.node-version
.nvmrc
.pre-commit-config.yaml
.prettierrc
.yarnrc.yml
CODE_OF_CONDUCT.md
CONTRIBUTING.md
Dockerfile
LICENSE.md
README.md
init.sh
jest.config.cjs
logger.ts
mprocs-start-oathkeeper.sh
mprocs-start.sh
package.json
renovate.json
server.ts
tsconfig.json
yarn.lock
README.md

holi-unified-api

This project contains our GraphQL unified API that provides all backend APIs to the frontends.

Authentication and Mesh

This project consists of mainly two parts in a single docker container. The docker container validates authentication using Ory's Zero Trust Proxy, and provides access to backend APIs in a single GraphQL endpoint using GraphQL Mesh.

Running in development

Please take a look at the holi-meta project for running this component locally.

Prerequisites

Run cp .envrc.local.template .envrc.local and adjust .envrc.local to match your configuration (e.g. using the correct node version manager). Using direnv, .envrc (and .envrc.local) will automatically be loaded when you cd into the directory.

.node-version (used by nodenv) ensures that all developers are using the same node/npm versions. It is kept in sync with .nvmrc (used by nvm) by a symbolic link, so please make sure to use a format that is understood by both tools (e.g. a fixed version).

Use the same value of REDIS_PASSWORD from Okuna's .env in ./.envrc.local.

CI/CD

The CI/CD pipeline follows our normal flow, deploying branch environments and deploying main to staging automatically and to production manually. The e2e tests that should go in between staging and prod deployments are missing up until now.

Prefixes

We are using a prefix transformation in GraphQL Mesh to prefix all APIs for Holi Apps to prevent name clashes and clearly distinguish between apps and the "core" functionality in the combined GraphQL API. Prefixes should be equal to App<AppName>_ resp. app<AppName>_ for types and operations and have to be defined in .meshrc.yml. (Take a look at the app-donations API for an example).

Headers

GraphQL Mesh does not forward headers automatically. Instead you have to explicitly mention headers to be passed on in .meshrc.yml, this is already e.g. for Accept-Language.

Configuration

Environment Variable Default Value Description
PORT 4000 the port to listen on
MATRIX_SERVER_BASE_URL http://127.0.0.1:8008/ the base URL of the Matrix server for which unified-api is the reverse proxy

You need a file oathkeeper/secrets/jwks.json with Orys JWT private key. You can either copy it from Passbolt ORY_JWKS_DEVELOPMENT or fetch it directly from ory via the following commands:

mkdir -p oathkeeper/secrets
echo "{\"keys\": [$(ory --project mystifying --format json get jwk hydra.jwt.access-token | jq -r '.keys[0]')]}" > oathkeeper/secrets/jwks.json