cooperative-blue/index.js

const ObjectID    = require("mongodb").ObjectID;
const jwt         = require('jsonwebtoken')
const jwtSecret   = 'CbymrfGfnB'

const anonResolvers = ['login', 'createUser'];


;(async () => {
    const {Savable, slice, getModels} = await require('./models.js')('cb')

    class User extends Savable {
        //static get relations(){
            //return {
                //events: "users"
            //}
        //}
    }
    Savable.addClass(User)

    const express = require('express');
    const express_graphql = require('express-graphql');
    const { buildSchema } = require('graphql');


    const schema = buildSchema(`
        type Query {
            login(login: String!, password: String!): String

            events: [Event]
            event(eventId: String!): Event

            eventMoneysByEvent(eventId: String!): [EventMoney]
            eventMoneys: [EventMoney]
        }
        type Mutation {
            createUser(login: String!, password: String!): User
            changePassword(password: String!): User

            createEvent(name: String!, total: Float!):Event
            changeEvent(eventId:String!, name: String!, total: Float!):Event

            createEventMoney(eventId: String!, amount: Float):EventMoney
        }

        type User {
             _id: String
             login: String
             nick : String
             moneyEvents: [EventMoney]
        }

        type Event {
            _id: String
            name: String
            moneyEvents: [EventMoney]
            owner: String,
            total: Float,
            usersSum: Float,
            moneyDiff: Float,
            avg: Float
        }

        type EventMoney {
            _id: String
            user: User
            event: Event
            amount: Float
            owner: String
            avgDiff: Float
        }
    `);



    var app = express();
    app.use(express.static('public'));

    const rootResolvers = {
        createUser:async function ({login, password}){
            let user =  await Savable.m.User.findOne({login, password})
            if (user)
                return null;
            user = await (new User({login, password})).save()

            user.___owner = user._id.toString()
            user.___permissions = {
                read: ["owner", "user"]
            }

            return await user.save()
        },

        login: async function({login, password}){
            console.log(Savable.classes)
            const user =  await Savable.m.User.findOne({login, password})
            if (!user)
                return null;

            const token = jwt.sign({ sub: {id: user._id, login}}, jwtSecret); //подписывам токен нашим ключем
            return token
        },

        changePassword:async function ({password}, {jwt: {id}, models: {SlicedSavable, User}} ){
            id = new ObjectID(id)

            const user =  await SlicedSavable.m.User.findOne({_id: id})
            if (!user)
                return null;
            user.password = password;
            return await user.save()
        },

        async createEvent({name, total}, {jwt: {id}, models: {Event}}){
            return await (new Event({name, total})).save()
        },

        async changeEvent({eventId, name, total}, {jwt: {id}, models: {SlicedSavable}}){
            const event = await SlicedSavable.m.Event.findOne({_id: ObjectID(eventId)})
            if (!event)
                return null;

            event.name  = name
            event.total = total
            return await event.save()
        },

        async events({}, {jwt: {id}, models: {SlicedSavable}}){
            let events = []
            for (let event of SlicedSavable.m.Event.find({})){
                event = await event
                //const {_id, name, owner, moneyEvents, usersSum, moneyDiff, total} = event
                //event = {_id, name, owner, moneyEvents, usersSum: await event.usersSum,  total}
                //console.log(event)
                events.push(event)
            }

            return events;
        },

        async event({eventId}, {jwt: {id}, models: {SlicedSavable}}){
            return await SlicedSavable.m.Event.findOne({_id: ObjectID(eventId)});
        },


        async createEventMoney({eventId, amount}, {jwt: {id}, models: {SlicedSavable, EventMoney, thisUser}}){
            let eventMoney = await SlicedSavable.m.EventMoney.findOne({"user._id": ObjectID(id), "event._id": ObjectID(eventId)})
            if (eventMoney){
                eventMoney.amount = amount;
                return await eventMoney.save()
            }

            const event = await SlicedSavable.m.Event.findOne({_id: ObjectID(eventId)})
            if (!event)
                return null;

            if (!thisUser)
                return null;

            console.log(thisUser, event, amount)

            return await (new EventMoney({user: thisUser, event, amount})).save()
        },


        async eventMoneysByEvent({eventId}, {jwt: {id}, models: {SlicedSavable}}){
            const event =  await SlicedSavable.m.Event.findOne({_id: ObjectID(eventId)});
            if (!event)
                return null

            const moneys = [];

            for (let money of event.moneyEvents){
                try {
                    await money
                    console.log(money)
                }
                catch (e){
                    console.log('skip no access user' ,e)
                }
                moneys.push(money)
                console.log('in loop')
            }

            console.log('after loop')

            return moneys;
        },


        async eventMoneys({}, {jwt: {id}, models: {SlicedSavable}}){
            const me =  await SlicedSavable.m.User.findOne({_id: ObjectID(id)});
            if (!me)
                return null

            const moneys = [];

            for (let money of me.moneyEvents){
                moneys.push(await money)
            }

            return moneys;
        },

    }

    app.use('/graphql', express_graphql(async (req, res, gql) => { 
        if (!gql.query){
            return {
                schema: schema,
                rootValue: rootResolvers,
                graphiql: true, 
            }
        }
        const operationMatch = gql.query.match(/\{\s*([a-zA-Z]+)\s*/)
        const operationName  = gql.operationName || operationMatch[1]
        console.log('before oper', operationName)
        if ((!operationName) || anonResolvers.includes(operationName)){
            return {
                schema: schema,
                rootValue: rootResolvers,
                graphiql: true, 
            }
        }
        const authorization = req.headers.authorization 
        console.log(authorization)
        
        if (authorization && authorization.startsWith('Bearer ')){
            console.log('token provided')
            const token = authorization.substr("Bearer ".length)
            const decoded = jwt.verify(token, jwtSecret)
            if (decoded){
                console.log('token verified', decoded)

                let slicedModels  = await getModels(decoded.sub.id)

                return {
                    schema: schema,
                    rootValue: rootResolvers,
                    graphiql: true, 
                    context: {jwt: decoded.sub,
                              models: slicedModels}
                }
            }
        }
        console.log('bad end')
    }))



    app.listen(4000, () => console.log('Express GraphQL Server Now Running On localhost:4000/graphql'));
})()