A set of MakerX plugins for Apollo Server
graphqlOperationLoggingPlugin
logs GraphQL operations using the logger
from the GraphQL context.
Logging is performed via the willSendResponse
and willSendSubsequentPayload
hooks, which will run for all query, mutation and subscription operations (including those with errors).
Logging of context creation failure can be enabled by supplying a logger to the contextCreationFailureLogger
option.
logLevel
: the log level to use (default:info
)ignoreIntrospectionQueries
: iftrue
, introspection queries will not be logged (default:true
)contextCreationFailureLogger
: The plugin does not have access to a logger prior to context creation, so if you wish to log context creation failures, supply a logger here (it will only be called for context creation failure).contextCreationDidFail
: If you wish to custom log or otherwise react to context creation failures, supply a handler for the plugincontextCreationDidFail
hook (this will be called instead of logging tocontextCreationFailureLogger
).shouldIgnore
: an optional callback that can be used to ignore certain operations, e.g. if you have a healthcheck operation that you prefer not to be logged.includeResponseData
: iftrue
, the operation'sresult.data
will be included in the log output (default:false
)includeMutationResponseData
: iftrue
, the operation'sresult.data
will be included in the log output for mutations only (default:false
)adjustVariables
: an optional callback that can be used to adjust the operation'svariables
before loggingadjustResultData
: an optional callback that can be used to adjust the operation'sresult.data
before logging
const plugins: ApolloServerPlugin<GraphQLContext>[] = [
graphqlOperationLoggingPlugin<GraphQLContext, Logger>({
logLevel: 'audit',
contextCreationFailureLogger: logger,
includeMutationResponseData: true,
adjustVariables: (variables) => pruneKeys(variables, 'headers'),
}),
]
Output includes:
type
: the GraphQL operation type:query
,mutation
orsubscription
operationName
: the optional operation namequery
: the formatted operationduration
: milliseconds taken to process the operation from context creation towillSendResponse
hookvariables
: the optional operation variables, optionally adjusted by theadjustVariables
callbackresult.errors
: the operation'sGraphQLFormattedError[]
, if anyresult.data
: the operation's data result, ifincludeResponseData
istrue
orincludeMutationResponseData
istrue
and the operation is a mutation, optionally adjusted by theadjustResultData
callbackisIncrementalResponse
:true
if the operation is part of an incremental delivery response (@defer
or@stream
)isSubsequentPayload
:true
if the operation is a subsequent payload of an incremental delivery response
introspectionControlPlugin
implements a standard pattern of rejecting unauthorized introspection requests in production.
- Unauthorized requests are those that do not have a
user
set on the GraphQL context. - Production is determined according to
NODE_ENV === 'production'
via node-common
Apollo Server v4 introduced an executeOperation
function to enable operations to be run directly against the server instance, without requiring an HTTP server or network calls.
Bypassing the HTTP stack supports complete control over JWT payloads and other operation context inputs required to set up complex test scenarios.
The @makerx/graphql-apollo-server/testing
module supports testing your GraphQL implementation using this method:
buildExecuteOperation
accepts anApolloServer
instance and context creation function and returns anexecuteOperation
function which:- is strongly typed to the GraphQL context
- accepts
TypedDocumentNode
operations to provide strong operation typing
createTestContext
accepts aJwtPayload
and returns a basicGraphQLContext
which can be used in tests:requestInfo
is set to atestRequestInfo
constantlogger
is set to a no-op loggerUser
is constructed using the specifiedJwtPayload
buildJwt
creates aJwtPayload
suitable for tests, using overridable random defaults
The following example demonstrates how to use the buildExecuteOperation
to run strongly typed tests against an ApolloServer
instance.
The example uses a basic
createTestContext
function, it can be replaced with your own context creation function, which may be different for tests vs normal runtime.
The complete source code for this sample is available in the src/testing/tests directory.
Refer to the GraphQL-Codegen documentation for info on generating strongly typed operations.
This file provides a Vitest test context which sets up an ApolloServer
instance and provides the executeOperation
function to tests.
import { buildExecuteOperation, createTestContext } from '@makerx/graphql-apollo-server/testing'
import type { GraphQLContext } from '@makerx/graphql-core'
import { test as testBase } from 'vitest'
import { createTestServer } from './server'
interface TestContext {
executeOperation: ReturnType<typeof buildExecuteOperation<GraphQLContext, typeof createTestContext>>
}
export const test = testBase.extend<TestContext>({
// eslint-disable-next-line no-empty-pattern
executeOperation: async ({}, use) => {
// setup
const server = createTestServer<GraphQLContext>()
const executeOperation = buildExecuteOperation(server, createTestContext)
// test
await use(executeOperation)
// teardown
server.stop()
},
})
import { buildJwt } from '@makerx/graphql-apollo-server/testing'
import { describe, expect } from 'vitest'
import { graphql } from './gql'
import { test } from './test-context'
const helloQuery = graphql(`
query Hello($message: String) {
hello(message: $message)
}
`)
describe('hello query operation', () => {
test('anonymous calls fail', async ({ executeOperation }) => {
const result = await executeOperation({ query: helloQuery, variables: { message: 'world' } })
expect(result.errors?.[0]?.message).toBe('Not authenticated')
})
test('authenticated calls work', async ({ executeOperation }) => {
const result = await executeOperation({ query: helloQuery, variables: { message: 'world' } }, buildJwt())
expect(result.data?.hello).toBe('Hello, world!')
})
test('user name is returned', async ({ executeOperation }) => {
const result = await executeOperation({ query: helloQuery }, buildJwt({ name: 'Magda' }))
expect(result.data?.hello).toBe('Hello, Magda!')
})
test('user email is returned', async ({ executeOperation }) => {
const result = await executeOperation({ query: helloQuery }, buildJwt({ email: 'magda@magda.net' }))
expect(result.data?.hello).toBe('Hello, magda@magda.net!')
})
})
import { buildJwt } from '@makerx/graphql-apollo-server/testing'
import { describe, expect } from 'vitest'
import { graphql } from './gql'
import { test } from './test-context'
const importantMutation = graphql(`
mutation Important {
important
}
`)
describe('important mutation operation', () => {
test('anonymous calls fail', async ({ executeOperation }) => {
const result = await executeOperation({ query: importantMutation })
expect(result.errors?.[0]?.message).toBe('Not authorized')
})
test('non-admin calls fail', async ({ executeOperation }) => {
const result = await executeOperation({ query: importantMutation }, buildJwt({ roles: ['User'] }))
expect(result.errors?.[0]?.message).toBe('Not authorized')
})
test('admin calls work', async ({ executeOperation }) => {
const result = await executeOperation({ query: importantMutation }, buildJwt({ roles: ['Admin'] }))
expect(result.data?.important).toBe('Operation successful')
})
})
This test shows how the context input JWT payload can be easily controlled when operating underneath the HTTP layer where Bearer token validation and decoding would normally be required.
import { buildJwt } from '@makerx/graphql-apollo-server/testing'
import { describe, expect } from 'vitest'
import { graphql } from './gql'
import { test } from './test-context'
const meQuery = graphql(`
query Me {
me {
id
name
email
roles
}
}
`)
const jwtPayloads = {
basicUser: buildJwt(),
userWithRoles: buildJwt({ roles: ['Admin', 'Supervisor'] }),
userWithName: buildJwt({ name: 'Magda' }),
}
describe('me query operation', () => {
test('anonymous calls return null', async ({ executeOperation }) => {
const result = await executeOperation({ query: meQuery })
expect(result.data?.me).toBeNull()
})
test('returns basic user', async ({ executeOperation }) => {
const result = await executeOperation({ query: meQuery }, jwtPayloads.basicUser)
expect(result.data?.me).toMatchObject({
id: jwtPayloads.basicUser.oid,
email: jwtPayloads.basicUser.email,
})
})
test('returns user roles', async ({ executeOperation }) => {
const result = await executeOperation({ query: meQuery }, jwtPayloads.userWithRoles)
expect(result.data?.me).toMatchObject({
id: jwtPayloads.userWithRoles.oid,
email: jwtPayloads.userWithRoles.email,
roles: jwtPayloads.userWithRoles.roles,
})
})
test('returns user name', async ({ executeOperation }) => {
const result = await executeOperation({ query: meQuery }, jwtPayloads.userWithName)
expect(result.data?.me).toMatchObject({
id: jwtPayloads.userWithName.oid,
email: jwtPayloads.userWithName.email,
name: jwtPayloads.userWithName.name,
})
})
})