Skip to main content

w3-gateway

Purpose

Apollo Federation gateway and web entrypoint. It handles Cognito login, token exchange, and routes users to the various web apps, while proxying GraphQL traffic to subgraphs.

Architecture

  • Express app with Apollo Gateway (IntrospectAndCompose) for subgraph composition.
  • Subgraphs are configured via FEDERATED_SERVICE (name=url pairs); requests are forwarded to <subgraph>/graphql.
  • Authentication is enforced at /graphql by verifying Cognito JWTs.
  • User access is tracked via DynamoDB (recordUserTracking).
  • OAuth callbacks for Gmail/Microsoft/GitHub exchange auth codes for tokens and persist them in MongoDB via DbUser.
  • Loads runtime config from AWS SSM Parameter Store before reading .env.

HTTP routes

  • GET / renders the welcome view.
  • GET /auth/login redirects to Cognito Hosted UI.
  • GET /auth/callback exchanges Cognito auth code and renders an app selector.
  • GET /app-selector renders the app selector view.
  • GET /email-management renders the email management app.
  • GET /email-viewer renders the email viewer.
  • GET /github-search renders the GitHub search app.
  • GET /picture-viewer renders the picture viewer.
  • GET /learn-vocab renders the learn-vocab manager.
  • POST /graphql executes the federated GraphQL request with auth.
  • GET /google/oauth2callback handles Gmail token exchange and stores it.
  • GET /microsoft/oauth2callback handles Microsoft token exchange and stores it.
  • GET /github/callback handles GitHub token exchange and stores it.

Configuration highlights

  • FEDERATED_SERVICE: subgraph list (e.g. services=http://host:4001;picture=http://host:4002).
  • Cognito: COGNITO_DOMAIN, COGNITO_CLIENT_ID, COGNITO_CLIENT_SECRET, COGNITO_REDIRECT_URI, scopes/response type.
  • OAuth providers: GITHUB_CLIENT_ID, GITHUB_CLIENT_SECRET, GITHUB_REDIRECT_URI.