How to use express-session middleware with graphql middleware

[gaurav-bothra]

I'm submitting a...

[ ] Regression 
[ ] Bug report
[ ] Feature request
[ x] Documentation issue or request
[ ] Support request => Please do not submit support request here, instead post your question on Stack Overflow.

Current behavior

Currently I created simple boilerplate of nestjs/graphql with express-session middleware. I hooked session middleware in main.ts file. with saveUninitialized flag true... my nestjs server breaks with following error

(node:67816) UnhandledPromiseRejectionWarning: Error [ERR_HTTP_HEADERS_SENT]: Cannot set headers after they are sent to the client at ServerResponse.setHeader (_http_outgoing.js:485:11).

Also when I tries to create session on server by using ctx.req.session.userId. same error occur I find similar issue on github
issue link. But I am unaware how to do it in nestjs fashion. I am new with nestjs.

Expected behavior

Minimal reproduction of the problem with instructions

app.use(session({ name: SESSION_NAME, store: new RedisStore({ host:REDIS_HOST, port:REDIS_PORT, client: client, disableTouch: true, }), cookie: { maxAge: 1000 * 60 * 60 * 24 * 365 * 10, // 10 years httpOnly: true, sameSite: "lax", // csrf secure: __PROD__, // cookie only works in https domain: __PROD__ ? ".local" : undefined, }, saveUninitialized: true, secret: SESSION_SECRET, resave: true }))

What is the motivation / use case for changing the behavior?

Environment

Nest version: 7.1.2

 
For Tooling issues:
- Node version: 12.13.1  
- Platform:  Windows

Others:

[kamilmysliwiec]

Please, report this issue in the Apollo repository https://github.com/apollographql/apollo-server as we use this package to run GQL server

[gaurav-bothra]

Please, report this issue in the Apollo repository https://github.com/apollographql/apollo-server as we use this package to run GQL server

Hi @kamilmysliwiec ,

Thanks for reply.

I used apollo graphql and server side session in of my many projects. In that we need add following line in middle ware.

app.get('/graphiql', graphqlPlaygroundMiddleware({ endpoint: '/graphql' }), () => {})

But in nest graphql module where should I add this line. I am using nestjs first time. That why I created new issue. I also raised this issue in nestjs/graphql discord room.

I guess we need to inject this middleware in GQL server.

[gaurav-bothra]

(node:45556) UnhandledPromiseRejectionWarning: Error [ERR_HTTP_HEADERS_SENT]: Cannot set headers after they are sent to the client at ServerResponse.setHeader (_http_outgoing.js:485:11) at ServerResponse.header (C:\Users\gaura\Desktop\project\server\node_modules\express\lib\response.js:771:10) at ServerResponse.send (C:\Users\gaura\Desktop\project\server\node_modules\express\lib\response.js:170:12) at ServerResponse.json (C:\Users\gaura\Desktop\project\server\node_modules\express\lib\response.js:267:15) at ExpressAdapter.reply (C:\Users\gaura\Desktop\project\server\node_modules\@nestjs\platform-express\adapters\express-adapter.js:24:57) at ExceptionsHandler.handleUnknownError (C:\Users\gaura\Desktop\project\server\node_modules\@nestjs\core\exceptions\base-exception-filter.js:33:24) at ExceptionsHandler.catch (C:\Users\gaura\Desktop\Teaching Ninjas\server\node_modules\@nestjs\core\exceptions\base-exception-filter.js:17:25) at ExceptionsHandler.next (C:\Users\gaura\Desktop\project\server\node_modules\@nestjs\core\exceptions\exceptions-handler.js:16:20) at C:\Users\gaura\Desktop\project\server\node_modules\@nestjs\core\router\router-proxy.js:24:35 at Layer.handle_error (C:\Users\gaura\Desktop\project\server\node_modules\express\lib\router\layer.js:71:5) at trim_prefix (C:\Users\gaura\Desktop\project\server\node_modules\express\lib\router\index.js:315:13) at C:\Users\gaura\Desktop\project\server\node_modules\express\lib\router\index.js:284:7 at Function.process_params (C:\Users\gaura\Desktop\project\server\node_modules\express\lib\router\index.js:335:12) at next (C:\Users\gaura\Desktop\project\server\node_modules\express\lib\router\index.js:275:10) at Layer.handle_error (C:\Users\gaura\Desktop\project\server\node_modules\express\lib\router\layer.js:67:12) at trim_prefix (C:\Users\gaura\Desktop\project\server\node_modules\express\lib\router\index.js:315:13) at C:\Users\gaura\Desktop\project\server\node_modules\express\lib\router\index.js:284:7 at Function.process_params (C:\Users\gaura\Desktop\Teaching Ninjas\server\node_modules\express\lib\router\index.js:335:12) at Immediate.next [as _onImmediate] (C:\Users\gaura\Desktop\project\server\node_modules\express\lib\router\index.js:275:10) at processImmediate (internal/timers.js:441:21) (node:45556) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). (rejection id: 1) (node:45556) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.

[gaurav-bothra]

#4527 for reference.

[jeromemeichelbeck]

I have the same problem.

Don't know how to use express-session with GraphQL in Nestjs...

[smolinari]

@kamilmysliwiec - The Apollo Server team just closed their issue saying it's Nest's problem.

I wish I had the time to make a reproduction.... can anyone here do that? Maybe, together, we can get down to the bottom of why this is happening, as it makes using cookies with express-session and nestjs/graphql impossible.

Scott

[jeromemeichelbeck]

@kamilmysliwiec - The Apollo Server team just closed their issue saying it's Nest's problem.

I wish I had the time to make a reproduction.... can anyone here do that? Maybe, together, we can get down to the bottom of why this is happening, as it makes using cookies with express-session and nestjs/graphql impossible.

Scott

Hi,

I think I just had bad configuration because it works perfectly now.
I think I had a problem with my redis store not connecting correctly. It works now.

Do you also use redis store?

[smolinari]

Yes. Actually I am. @jeromemeichelbeck

The redis store is working fine though (it seems) as I use it for caching too. How would that cause headers to be set a second time? Is your code open source/ can you share it?

Scott

[jeromemeichelbeck]

Yes. Actually I am. @jeromemeichelbeck

The redis store is working fine though (it seems) as I use it for caching too. How would that cause headers to be set a second time?

Scott

Frankly I have no idea...
I know I got the same error as you because of misconfiguration.

[munxar]

@jeromemeichelbeck @smolinari @gaurav-bothra
I had the same issue, and solved it by changing this setting in the apollo playground:

...
 - "request.credentials": "omit",
 + "request.credentials": "include",
...

or when configuring the module:

GraphQLModule.forRoot({     
      playground: { 
        settings: {
          "request.credentials": "include"
        } 
      }
 })

With this the cookie is send from the playground and the session logic should work as expected.

@kamilmysliwiec Would it make sense to extend the docs to have this mentioned in the auth section?
I could imagine some more people stumble upon this.

[CemYil03]

For me this configuration with cors worked:

GraphQLModule.forRoot({
   autoSchemaFile: true,
      formatError: (error: GraphQLError) => {
         delete error?.extensions?.exception;
         return error;
      },
      playground: {
         settings: {
            'request.credentials': 'include',
         },
      },
      cors: {
         credentials: true,
         origin: true,
      },
})