alex996 / graphql-chat Goto Github PK

Nice series. I hope to see more soon.

I do not know how you imagine the future of the application will be, but in spite of that I would like to share here a little list of some libraries that i have found to be very useful for node security. I will assume that you will use sessions to authenticate and possibly tokens to reset passwords.:

• Helmet - https://www.npmjs.com/package/helmet. "... Helmet helps you secure your Express apps by setting various HTTP headers. It's not a silver bullet, but it can help!..."
• csurf - https://www.npmjs.com/package/csurf. "... Node.js CSRF protection middleware..."
• keygrip - https://www.npmjs.com/package/keygrip. "... Keygrip is a node.js module for signing and verifying data (such as cookies or URLs) through a rotating credential system, in which new server keys can be added and old ones removed regularly, without invalidating client credentials...". Can be used easily with cookie-session: https://github.com/expressjs/cookie-session#using-a-custom-signature-algorithm

As for JWT, i usually like to share this video, that i think very illustrative (maybe too much...): JSON Web Tokens Suck - Randall Degges (DevNet Create 2018) - https://www.youtube.com/watch?v=JdGOb7AxUo0. There are some use cases for JWT at the end :)

Being dependent on too many libraries is not the most reliable thing, but they, nonetheless, can give some direction and awareness to problems and solutions.

Here is an interesting link: OWASP Top 10 Most Critical Web Application Security Risks - 2017- https://github.com/OWASP/Top10/blob/master/2017/OWASP%20Top%2010-2017%20(en).pdf

Hi man,

talking about this line of code:

What if the validation fails? How does the resolver function know that it should not run the next line return User.create(args) ?

According to the joi docs, the validate function returns a promise. What happens with this promise exactly?

Hi,

resolvers\chat.js

The validate method expect two parameters:

await Joi.validate(args, startChat(userIds), { abortEarly: false })

With correction
await Joi.validate(args, startChat(args), { abortEarly: false })

Hey, thank you so much for your courses I honestly think this might be among the best tutorial series I've ever seen paid or free. I'm not done with the course yet just finished the authentication lessons so this may already be covered.

Something that I'm really struggling with in the apps I'm building is authentication with SSO. I would love to see how you would approach account creation/login using various SSO providers like google/facebook/twitter/github. Google would benefit me the most personally.

Once again, thank you so much for your content!

Hi Alex,

Great series so far I am a little behind I seem to be getting this warning in my terminal

node_redis: Warning: Redis server does not require a password, but a password was supplied.

I have checked around github and saw there was a closed issue for it so I don't know how it cropped up on my terminal. Anyone else getting this ? I am using it directly from my env and injecting my env variables in.

issue

Hey man, you still working on the branch?

You were doing quite fine 👌

From your video MERN Stack & GraphQL - #7 Server-Side Validation, it seems that you don't approach the subject of using custom scalar types for validation.

There are already several packages that use that idea:

• @okgrow/graphql-scalars
• GraphQL Custom Types
• ...

What are your thought about it?

Hi!

What was the reason that you dropped the idea to authenticate with the help of passport.js (I saw your old branch)?

@alex996

Hi Alex,

Thank you for creating the MERN stack video series. Can you update this repo with the latest code from the videos? Latest commit is from around the directives video I believe.

Also have you decided on what you will be using for creating the frontend of the site? I wanted to suggest next.js since it's React but also server-side rendered. It can also be integrated with the Express and Apollo setup you've already implemented.

I just would like to know if you are going to continue your YT Series of this repository, because I realized that you are updating the repository but not the videos

resolvers/chat.js

The logged user is added twice

if (idsFound !== userIds.length) {
        throw new UserInputError('One or more User IDs are invalid.')
      }

      const chat = await Chat.create({ title, users: userIds })

Change to:

if (idsFound !== userIds.length) {
        throw new UserInputError('One or more User IDs are invalid.')
      }

      if (!userIds.filter(u => u.id === userId)) {
        userIds.push(userId)
      }

      const chat = await Chat.create({ title, users: userIds })