fix: auth cookie set + graphQL http link

client/js/app.js

@@ -9,7 +9,9 @@ import VueResource from 'vue-resource'
 import VueClipboards from 'vue-clipboards'
 import VeeValidate from 'vee-validate'
 import { ApolloClient } from 'apollo-client'
-import { HttpLink } from 'apollo-link-http'
+import { ApolloLink } from 'apollo-link'
+import { createApolloFetch } from 'apollo-fetch'
+import { BatchHttpLink } from 'apollo-link-batch-http'
 import { InMemoryCache } from 'apollo-cache-inmemory'
 import store from './store'
 
@@ -71,10 +73,33 @@ window.CONSTANTS = CONSTANTS
 // Initialize Apollo Client (GraphQL)
 // ====================================
 
+const graphQLEndpoint = window.location.protocol + '//' + window.location.host + siteConfig.path + 'graphql'
+
+const apolloFetch = createApolloFetch({
+  uri: graphQLEndpoint,
+  constructOptions: (requestOrRequests, options) => ({
+    ...options,
+    method: 'POST',
+    body: JSON.stringify(requestOrRequests),
+    credentials: 'include'
+  })
+})
+
 window.graphQL = new ApolloClient({
-  link: new HttpLink({
-    uri: window.location.protocol + '//' + window.location.host + siteConfig.path + 'graphql'
-  }),
+  link: ApolloLink.from([
+    new ApolloLink((operation, forward) => {
+      operation.setContext({
+        headers: {
+          'Content-Type': 'application/json'
+        }
+      })
+
+      return forward(operation)
+    }),
+    new BatchHttpLink({
+      fetch: apolloFetch
+    })
+  ]),
   cache: new InMemoryCache(),
   connectToDevTools: (process.env.node_env === 'development')
 })

package.json

@@ -53,6 +53,7 @@
     "connect-flash": "0.1.1",
     "connect-redis": "3.3.3",
     "cookie-parser": "1.4.3",
+    "cors": "2.8.4",
     "diff2html": "2.3.3",
     "dotize": "^0.2.0",
     "execa": "0.9.0",
@@ -139,6 +140,8 @@
     "@glimpse/glimpse": "0.22.15",
     "@panter/vue-i18next": "0.9.1",
     "apollo-client-preset": "1.0.6",
+    "apollo-fetch": "0.7.0",
+    "apollo-link-batch-http": "1.0.4",
     "autoprefixer": "7.2.5",
     "babel-cli": "6.26.0",
     "babel-core": "6.26.0",

server/app/data.yml

@@ -45,6 +45,12 @@ defaults:
       path: ''
       rtl: false
       title: Wiki.js
+    # System defaults
+    cors:
+      credentials: true
+      maxAge: 600
+      methods: 'GET,POST'
+      origin: true
 configNamespaces:
   - auth
   - features

server/master.js

@@ -22,6 +22,7 @@ module.exports = async () => {
   const bodyParser = require('body-parser')
   const compression = require('compression')
   const cookieParser = require('cookie-parser')
+  const cors = require('cors')
   const express = require('express')
   const favicon = require('serve-favicon')
   const flash = require('connect-flash')
@@ -48,6 +49,9 @@ module.exports = async () => {
   // ----------------------------------------
 
   app.use(mw.security)
+  app.use(cors(wiki.config.cors))
+  app.options('*', cors(wiki.config.cors))
+  app.enable('trust proxy')
 
   // ----------------------------------------
   // Public Assets

yarn.lock

@@ -432,6 +432,27 @@ apollo-client@^2.1.0:
   optionalDependencies:
     "@types/async" "2.0.46"
 
+apollo-fetch@0.7.0, apollo-fetch@^0.7.0:
+  version "0.7.0"
+  resolved "https://registry.yarnpkg.com/apollo-fetch/-/apollo-fetch-0.7.0.tgz#63c255a0ccb1b4c473524d8f9b536d72438bd3e7"
+  dependencies:
+    cross-fetch "^1.0.0"
+
+apollo-link-batch-http@1.0.4:
+  version "1.0.4"
+  resolved "https://registry.yarnpkg.com/apollo-link-batch-http/-/apollo-link-batch-http-1.0.4.tgz#e958a418a40625943a6018df695cca0cf4527977"
+  dependencies:
+    apollo-fetch "^0.7.0"
+    apollo-link "^1.0.7"
+    apollo-link-batch "^1.0.4"
+    graphql "^0.12.0"
+
+apollo-link-batch@^1.0.4:
+  version "1.0.4"
+  resolved "https://registry.yarnpkg.com/apollo-link-batch/-/apollo-link-batch-1.0.4.tgz#ce0c3820ebd72a153a951017f71c252df51178b4"
+  dependencies:
+    apollo-link "^1.0.7"
+
 apollo-link-dedup@^1.0.0:
   version "1.0.4"
   resolved "https://registry.yarnpkg.com/apollo-link-dedup/-/apollo-link-dedup-1.0.4.tgz#d3200804b8dc892794418f4ae2c40f7251e42b46"
@@ -452,6 +473,14 @@ apollo-link@^1.0.0, apollo-link@^1.0.6:
     apollo-utilities "^1.0.0"
     zen-observable "^0.6.0"
 
+apollo-link@^1.0.7:
+  version "1.0.7"
+  resolved "https://registry.yarnpkg.com/apollo-link/-/apollo-link-1.0.7.tgz#42cd38a7378332fc3e41a214ff6a6e5e703a556f"
+  dependencies:
+    "@types/zen-observable" "0.5.3"
+    apollo-utilities "^1.0.0"
+    zen-observable "^0.6.0"
+
 apollo-server-core@^1.3.2:
   version "1.3.2"
   resolved "https://registry.yarnpkg.com/apollo-server-core/-/apollo-server-core-1.3.2.tgz#f36855a3ebdc2d77b8b9c454380bf1d706105ffc"
@@ -2610,7 +2639,7 @@ core-util-is@1.0.2, core-util-is@~1.0.0:
   version "1.0.2"
   resolved "https://registry.yarnpkg.com/core-util-is/-/core-util-is-1.0.2.tgz#b5fd54220aa2bc5ab57aab7140c940754503c1a7"
 
-cors@^2.7.1:
+cors@2.8.4, cors@^2.7.1:
   version "2.8.4"
   resolved "https://registry.yarnpkg.com/cors/-/cors-2.8.4.tgz#2bd381f2eb201020105cd50ea59da63090694686"
   dependencies:
@@ -2679,6 +2708,13 @@ cron@^1.3:
   dependencies:
     moment-timezone "^0.5.x"
 
+cross-fetch@^1.0.0:
+  version "1.1.1"
+  resolved "https://registry.yarnpkg.com/cross-fetch/-/cross-fetch-1.1.1.tgz#dede6865ae30f37eae62ac90ebb7bdac002b05a0"
+  dependencies:
+    node-fetch "1.7.3"
+    whatwg-fetch "2.0.3"
+
 cross-spawn@^3.0.0:
   version "3.0.1"
   resolved "https://registry.yarnpkg.com/cross-spawn/-/cross-spawn-3.0.1.tgz#1256037ecb9f0c5f79e3d6ef135e30770184b982"
@@ -3367,6 +3403,12 @@ encodeurl@~1.0.1:
   version "1.0.1"
   resolved "https://registry.yarnpkg.com/encodeurl/-/encodeurl-1.0.1.tgz#79e3d58655346909fe6f0f45a5de68103b294d20"
 
+encoding@^0.1.11:
+  version "0.1.12"
+  resolved "https://registry.yarnpkg.com/encoding/-/encoding-0.1.12.tgz#538b66f3ee62cd1ab51ec323829d1f9480c74beb"
+  dependencies:
+    iconv-lite "~0.4.13"
+
 end-of-stream@^1.0.0, end-of-stream@^1.1.0:
   version "1.4.1"
   resolved "https://registry.yarnpkg.com/end-of-stream/-/end-of-stream-1.4.1.tgz#ed29634d19baba463b6ce6b80a37213eab71ec43"
@@ -4607,7 +4649,7 @@ graphql-tools@2.19.0:
     graphql-subscriptions "^0.5.6"
     uuid "^3.1.0"
 
-graphql@0.12.3:
+graphql@0.12.3, graphql@^0.12.0:
   version "0.12.3"
   resolved "https://registry.yarnpkg.com/graphql/-/graphql-0.12.3.tgz#11668458bbe28261c0dcb6e265f515ba79f6ce07"
   dependencies:
@@ -4935,7 +4977,7 @@ iconv-lite@0.4.15:
   version "0.4.15"
   resolved "https://registry.yarnpkg.com/iconv-lite/-/iconv-lite-0.4.15.tgz#fe265a218ac6a57cfe854927e9d04c19825eddeb"
 
-iconv-lite@0.4.19:
+iconv-lite@0.4.19, iconv-lite@~0.4.13:
   version "0.4.19"
   resolved "https://registry.yarnpkg.com/iconv-lite/-/iconv-lite-0.4.19.tgz#f7468f60135f5e5dad3399c0a81be9a1603a082b"
 
@@ -5449,7 +5491,7 @@ is-retry-allowed@^1.0.0:
   version "1.1.0"
   resolved "https://registry.yarnpkg.com/is-retry-allowed/-/is-retry-allowed-1.1.0.tgz#11a060568b67339444033d0125a61a20d564fb34"
 
-is-stream@^1.0.0, is-stream@^1.1.0:
+is-stream@^1.0.0, is-stream@^1.0.1, is-stream@^1.1.0:
   version "1.1.0"
   resolved "https://registry.yarnpkg.com/is-stream/-/is-stream-1.1.0.tgz#12d4a3dd4e68e0b79ceb8dbc84173ae80d91ca44"
 
@@ -7103,6 +7145,13 @@ node-emoji@^1.4.1:
   dependencies:
     lodash.toarray "^4.4.0"
 
+node-fetch@1.7.3:
+  version "1.7.3"
+  resolved "https://registry.yarnpkg.com/node-fetch/-/node-fetch-1.7.3.tgz#980f6f72d85211a5347c6b2bc18c5b84c3eb47ef"
+  dependencies:
+    encoding "^0.1.11"
+    is-stream "^1.0.1"
+
 node-fingerprint@0.0.2:
   version "0.0.2"
   resolved "https://registry.yarnpkg.com/node-fingerprint/-/node-fingerprint-0.0.2.tgz#31cbabeb71a67ae7dd5a7dc042e51c3c75868501"