I am currently in the process of developing an application using webpack, express, and graphql. The setup involves Express serving the express-graphql endpoint, which is then proxied by webpack-dev-server. My main concern at the moment is figuring out how to implement https for that particular endpoint.
Although I have some experience with express and webpack, my knowledge on ssl is quite limited. I find myself unsure of whether the focus should be on securing the proxy, the express server, or the express-graphql endpoint itself.
In addition to this, I have successfully integrated user authentication using auth0.
server.js
import express from 'express';
import graphQLHTTP from 'express-graphql';
import jwt from 'express-jwt';
import path from 'path';
import webpack from 'webpack';
import WebpackDevServer from 'webpack-dev-server';
import {Schema} from './data/schema';
const APP_PORT = process.env.PORT || 3000;
const GRAPHQL_PORT = 8080;
const AUTH0_ID = process.env.AUTH0_ID;
const AUTH0_SECRET = process.env.AUTH0_SECRET;
const authenticate = jwt({
secret: new Buffer(AUTH0_SECRET, 'base64'),
audience: AUTH0_ID,
});
// Expose a GraphQL endpoint
const graphQLServer = express();
graphQLServer.use('/', authenticate, graphQLHTTP(request => ({
graphiql: true,
pretty: true,
schema: Schema,
rootValue: { user: request.user },
})));
graphQLServer.listen(GRAPHQL_PORT, () => console.log(
`GraphQL Server is now running on http://localhost:${GRAPHQL_PORT}`
));
// Serve the Relay app
...
const app = new WebpackDevServer(compiler, {
contentBase: '/public/',
proxy: {'/graphql': `http://localhost:${GRAPHQL_PORT}`},
publicPath: '/app/',
stats: {colors: true, chunks: false},
});
// Handle incoming routes
app.use('/', (req, res) => {
res.sendFile(path.join(__dirname + '/public/index.html'));
});
app.listen(APP_PORT, () => {
console.log(`App is now running on http://localhost:${APP_PORT}`);
});