Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
apollo-server-lambda
Advanced tools
This is the AWS Lambda integration of GraphQL Server. Apollo Server is a community-maintained open-source GraphQL server that works with many Node.js HTTP server frameworks. Read the docs. Read the CHANGELOG.
npm install apollo-server-lambda graphql
To deploy the AWS Lambda function we must create a Cloudformation Template and a S3 bucket to store the artifact (zip of source code) and template. We will use the AWS Command Line Interface.
In a file named graphql.js
, place the following code:
const { ApolloServer, gql } = require('apollo-server-lambda');
const { ApolloServerPluginLandingPageGraphQLPlayground } = require('apollo-server-core');
// Construct a schema, using GraphQL schema language
const typeDefs = gql`
type Query {
hello: String
}
`;
// Provide resolver functions for your schema fields
const resolvers = {
Query: {
hello: () => 'Hello world!',
},
};
const server = new ApolloServer({
typeDefs,
resolvers,
// By default, the GraphQL Playground interface and GraphQL introspection
// is disabled in "production" (i.e. when `process.env.NODE_ENV` is `production`).
//
// If you'd like to have GraphQL Playground and introspection enabled in production,
// install the Playground plugin and set the `introspection` option explicitly to `true`.
introspection: true,
plugins: [ApolloServerPluginLandingPageGraphQLPlayground()],
});
exports.handler = server.createHandler();
The bucket name must be universally unique.
aws s3 mb s3://<bucket name>
This will look for a file called graphql.js with the export graphqlHandler
. It creates one API endpoints:
/graphql
(GET and POST)In a file called template.yaml
:
AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Resources:
GraphQL:
Type: AWS::Serverless::Function
Properties:
Handler: graphql.handler
Runtime: nodejs14.x
Events:
AnyRequest:
Type: Api
Properties:
Path: /graphql
Method: ANY
This will read and transform the template, created in previous step. Package and upload the artifact to the S3 bucket and generate another template for the deployment.
aws cloudformation package \
--template-file template.yaml \
--output-template-file serverless-output.yaml \
--s3-bucket <bucket-name>
This will create the Lambda Function and API Gateway for GraphQL. We use the stack-name prod
to mean production but any stack name can be used.
aws cloudformation deploy \
--template-file serverless-output.yaml \
--stack-name prod \
--capabilities CAPABILITY_IAM
apollo-server-lambda
is built on top of apollo-server-express
. It combines the HTTP server framework express
with a package called @vendia/serverless-express
that translates between Lambda events and Express requests. By default, this is entirely behind the scenes, but you can also provide your own express app with the expressAppFromMiddleware
option to createHandler
:
const { ApolloServer } = require('apollo-server-lambda');
const express = require('express');
exports.handler = server.createHandler({
expressAppFromMiddleware(middleware) {
const app = express();
app.use(someOtherMiddleware);
app.use(middleware);
return app;
}
});
Your ApolloServer's context
function can read information about the current operation from both the original Lambda data structures and the Express request and response created by @vendia/serverless-express
. These are provided to your context
function as event
, context
, and express
options.
The event
object contains the API Gateway event (HTTP headers, HTTP method, body, path, ...). The context
object (not to be confused with the context
function itself!) contains the current Lambda Context (Function Name, Function Version, awsRequestId, time remaining, ...). express
contains req
and res
fields with the Express request and response. The object returned from your context
function is provided to all of your schema resolvers in the third context
argument.
const { ApolloServer, gql } = require('apollo-server-lambda');
// Construct a schema, using GraphQL schema language
const typeDefs = gql`
type Query {
hello: String
}
`;
// Provide resolver functions for your schema fields
const resolvers = {
Query: {
hello: () => 'Hello world!',
},
};
const server = new ApolloServer({
typeDefs,
resolvers,
context: ({ event, context, express }) => ({
headers: event.headers,
functionName: context.functionName,
event,
context,
expressRequest: express.req,
}),
});
exports.graphqlHandler = server.createHandler();
To enable CORS the response HTTP headers need to be modified. To accomplish this use the cors
option.
const { ApolloServer, gql } = require('apollo-server-lambda');
// Construct a schema, using GraphQL schema language
const typeDefs = gql`
type Query {
hello: String
}
`;
// Provide resolver functions for your schema fields
const resolvers = {
Query: {
hello: () => 'Hello world!',
},
};
const server = new ApolloServer({
typeDefs,
resolvers,
});
exports.handler = server.createHandler({
expressGetMiddlewareOptions: {
cors: {
origin: '*',
credentials: true,
}
},
});
To enable CORS response for requests with credentials (cookies, http authentication) the allow origin header must equal the request origin and the allow credential header must be set to true.
const { ApolloServer, gql } = require('apollo-server-lambda');
// Construct a schema, using GraphQL schema language
const typeDefs = gql`
type Query {
hello: String
}
`;
// Provide resolver functions for your schema fields
const resolvers = {
Query: {
hello: () => 'Hello world!',
},
};
const server = new ApolloServer({
typeDefs,
resolvers,
});
exports.handler = server.createHandler({
expressGetMiddlewareOptions: {
cors: {
origin: true,
credentials: true,
}
},
});
The options correspond to the express cors configuration with the following fields(all are optional):
origin
: boolean | string | string[]methods
: string | string[]allowedHeaders
: string | string[]exposedHeaders
: string | string[]credentials
: booleanmaxAge
: numberGraphQL Server is built with the following principles in mind:
Anyone is welcome to contribute to GraphQL Server, just read CONTRIBUTING.md, take a look at the roadmap and make your first PR!
FAQs
Production-ready Node.js GraphQL server for AWS Lambda
The npm package apollo-server-lambda receives a total of 44,690 weekly downloads. As such, apollo-server-lambda popularity was classified as popular.
We found that apollo-server-lambda demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.