mozilla · vbudhram · Mar 30, 2026 · Copilot · Mar 26, 2026 · vbudhram
@@ -35,7 +35,6 @@ done
 
 # `npx yarn` because `npm i -g yarn` needs sudo
 npx yarn install
-npx yarn gql:allowlist
 NODE_OPTIONS="--max-old-space-size=7168" CHOKIDAR_USEPOLLING=true SKIP_PREFLIGHT_CHECK=true BUILD_TARGETS=stage,prod,dev npx nx run-many -t build --all --verbose --skip-nx-cache
 
 # This will reduce packages to only production dependencies

@@ -6,10 +6,6 @@ cd "$DIR/../.."
 # Make sure there is a common docker network fxa, so containers can
 # communicate with one another if needed
 _dev/pm2/create-docker-net.sh fxa
-
-# Searches for and extracts gql queries from code
-yarn gql:allowlist
-
 pm2 start _dev/pm2/infrastructure.config.js
 
 echo "waiting for containers to start"

@@ -32,24 +32,13 @@
       "outputs": ["{projectRoot}/build", "{projectRoot}/dist"],
       "cache": true
     },
-    "gql-copy": {
-      "dependsOn": [
-        {
-          "projects": ["fxa-admin-panel"],
-          "target": "gql-extract"
-        }
-      ],
-      "inputs": ["typescript", "^typescript"],
-      "outputs": ["{projectRoot}/src/config/gql/allowlist"],
-      "cache": true
-    },
     "lint": {
       "inputs": ["lint", "{workspaceRoot}/.eslintrc.json"],
       "outputs": ["{projectRoot}/.eslintcache"],
       "cache": true
     },
     "prebuild": {
-      "dependsOn": ["gql-copy"],
+      "dependsOn": [],
       "inputs": [],
       "outputs": [
         "{projectRoot}/public/locales",

@@ -23,7 +23,6 @@
     "l10n:prime": "_scripts/l10n/prime.sh",
     "l10n:bundle": "_scripts/l10n/bundle.sh",
     "legal:clone": "_scripts/clone-legal-docs.sh",
-    "gql:allowlist": "nx run-many -t gql-extract && nx run-many -t gql-copy",
     "check:mysql": "_scripts/check-mysql.sh",
     "check:url": "_scripts/check-url.sh",
-    "check:url": "_scripts/check-url.sh",
+    "check:url": "_scripts/check-url.sh",
+    "gql:allowlist": "echo 'Skipping gql allowlist generation; script deprecated.'",
-    "check:url": "_scripts/check-url.sh",
+    "check:url": "_scripts/check-url.sh",
+    "gql:allowlist": "echo 'Skipping gql allowlist generation; script deprecated.'",
     "prepare": "husky",
@@ -276,7 +275,6 @@
     "mocha-multi": "^1.1.7",
     "nx": "21.2.4",
     "nx-cloud": "19.1.0",
-    "persistgraphql": "^0.3.11",
     "postcss": "8.5.0",
     "react-test-renderer": "^18.3.1",
     "reflect-metadata": "^0.2.1",

@@ -18,6 +18,8 @@ NODE_OPTIONS="--max-old-space-size=7168" NODE_ENV=test npx nx run-many \
     --verbose \
     -p \
     123done \
+    fxa-admin-panel \
+    fxa-admin-server \
     fxa-auth-server \
     fxa-content-server \
     fxa-payments-server \

@@ -0,0 +1,70 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+import { expect, test } from '../../lib/fixtures/standard';
+
+const ADMIN_PANEL_URL = process.env.ADMIN_PANEL_URL ?? 'http://localhost:8091';
+const ADMIN_SERVER_URL = process.env.ADMIN_SERVER_URL ?? 'http://localhost:8095';
+
+// Admin panel tests only run locally (stage/prod require SSO)
+test.skip(({ target }) => target.name !== 'local');
+
+test.describe('Admin Panel', () => {
+  test('admin panel loads and renders navigation', async ({ page }) => {
+    await page.goto(ADMIN_PANEL_URL);
+    await expect(
+      page.getByRole('link', { name: /account search/i })
+    ).toBeVisible();
+  });
+
+  test('admin panel heartbeat is healthy', async () => {
+    const res = await fetch(`${ADMIN_PANEL_URL}/__lbheartbeat__`);
+    expect(res.status).toBe(200);
+  });
+
+  test('admin server heartbeat is healthy', async () => {
+    const res = await fetch(`${ADMIN_SERVER_URL}/__lbheartbeat__`);
+    expect(res.status).toBe(200);
+  });
+
+  test('account search by email returns account data via API', async ({
+    target,
+    testAccountTracker,
+  }) => {
+    const credentials = testAccountTracker.generateAccountDetails();
+    await target.createAccount(credentials.email, credentials.password);
+
+    const res = await fetch(
+      `${ADMIN_SERVER_URL}/api/account/by-email?email=${encodeURIComponent(credentials.email)}`,
+      {
+        headers: {
+          'oidc-claim-id-token-email': 'test-admin@mozilla.com',
+          'remote-groups': 'vpn_fxa_admin_panel_prod',
+        },
+      }
+    );
+    expect(res.status).toBe(200);
+    const data = await res.json();
+    expect(data.email).toBe(credentials.email);
+  });
+
+  test('account search from UI shows results', async ({
+    target,
+    page,
+    testAccountTracker,
+  }) => {
+    const credentials = testAccountTracker.generateAccountDetails();
+    await target.createAccount(credentials.email, credentials.password);
+
+    await page.goto(`${ADMIN_PANEL_URL}/account-search`);
+
+    const searchInput = page.getByTestId('email-input');
+    await searchInput.fill(credentials.email);
+    await page.getByTestId('search-button').click();
+
+    await expect(page.getByText(credentials.email)).toBeVisible({
+      timeout: 10000,
+    });
+  });
+});
@@ -75,7 +75,6 @@
     "jest": "27.5.1",
     "jest-watch-typeahead": "0.6.5",
     "nx": "21.2.4",
-    "persistgraphql": "^0.3.11",
     "pm2": "^6.0.14",
     "postcss-import": "^16.1.0",
     "prettier": "^3.5.3",

@@ -71,13 +71,5 @@ module.exports = {
       ignore_watch: ['src/styles/tailwind.out.css'],
       time: true,
     },
-    {
-      name: 'admin-gql-allowlist',
-      autorestart: false,
-      script: 'yarn gql:allowlist',
-      watch: ['src/**/*.ts'],
-      cwd: __dirname,
-      filter_env: ['npm_'],
-    },
   ],
 };
@@ -4,8 +4,7 @@
   "description": "FxA Admin Server",
   "scripts": {
     "prebuild": "yarn clean",
-    "gql-copy": "mkdir -p src/config/gql/allowlist/ && cp ../../configs/gql/allowlist/*.json src/config/gql/allowlist/.",
-    "build": "nest build && yarn copy-config && yarn gql-copy && yarn copy-email-assets && yarn copy-email-l10n-assets",
+    "build": "nest build && yarn copy-config && yarn copy-email-assets && yarn copy-email-l10n-assets",
     "copy-config": "cp ./src/config/*.json ./dist/packages/fxa-admin-server/src/config",
     "copy-email-assets": "copyfiles --up 1 '../../libs/accounts/email-renderer/**/*.{mjml,ftl,txt,css}' dist/libs/ ",
     "copy-email-l10n-assets": "copyfiles --up 1 '../../libs/accounts/email-renderer/public/locales' dist/libs/accounts/email-render/public/locales ",

@@ -14,23 +14,6 @@ convict.addFormats(require('convict-format-with-moment'));
 convict.addFormats(require('convict-format-with-validator'));
 
 const conf = convict({
-  gql: {
-    allowlist: {
-      doc: 'A list of json files holding allowed gql queries',
-      env: 'GQL_ALLOWLIST',
-      default: [
-        'src/config/gql/allowlist/fxa-admin-panel.json',
-        'src/config/gql/allowlist/gql-playground.json',
-      ],
-      format: Array,
-    },
-    enabled: {
-      doc: 'Toggles whether or not gql queries are checked against the allowlist.',
-      env: 'GQL_ALLOWLIST_ENABLED',
-      default: true,
-      format: Boolean,
-    },
-  },
   authHeader: {
     default: USER_EMAIL_HEADER,
     doc: 'Authentication header that should be logged for the user',

@@ -1,36 +1,28 @@
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-import { Field, ObjectType } from '@nestjs/graphql';
 
 export enum AccountDeleteStatus {
   Success = 'Success',
   Failure = 'Failure',
   NoAccount = 'No account found',
 }
 
-@ObjectType()
 export class AccountDeleteResponse {
   /** Name of task held in the task queue. This can be used to get task's status later. */
-  @Field({ nullable: false })
   public taskName!: string;
 
   /** A valid account email or UID */
-  @Field({ nullable: false })
   public locator!: string;
 
   /** A short status message. */
-  @Field({ nullable: false })
   status!: AccountDeleteStatus;
 }
 
-@ObjectType()
 export class AccountDeleteTaskStatus {
   /** Name of task held in the task queue.. */
-  @Field({ nullable: false })
   public taskName!: string;
 
   /** A short status message. */
-  @Field({ nullable: false })
   status!: string;
 }
@@ -1,27 +1,19 @@
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-import { Field, ObjectType } from '@nestjs/graphql';
 
-@ObjectType()
 export class AccountEvent {
-  @Field({ nullable: true })
   public name!: string;
 
-  @Field({ nullable: true })
   public createdAt!: number;
 
-  @Field({ nullable: true })
   eventType!: string;
 
   // Email event based properties
-  @Field({ nullable: true })
   template!: string;
 
   // Metrics properties
-  @Field({ nullable: true })
   flowId!: string;
 
-  @Field({ nullable: true })
   service!: string;
 }
@@ -1,19 +1,15 @@
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-import { Field, ObjectType } from '@nestjs/graphql';
 
 export enum AccountResetStatus {
   Success = 'Success',
   Failure = 'Failure',
   NoAccount = 'No account found',
 }
 
-@ObjectType()
 export class AccountResetResponse {
-  @Field({ nullable: false })
   locator!: string;
 
-  @Field({ nullable: false })
   status!: string;
 }
@@ -1,7 +1,6 @@
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-import { Field, ID, ObjectType } from '@nestjs/graphql';
 
 import { AttachedClient } from './attached-clients.model';
 import { EmailBounce } from './email-bounces.model';
@@ -16,68 +15,46 @@ import { Cart } from './cart.model';
 import { BackupCodes } from './backup-code.model';
 import { RecoveryPhone } from './recovery-phone.model';
 
-@ObjectType()
 export class Account {
-  @Field((type) => ID)
   public uid!: string;
 
-  @Field()
   public email!: string;
 
-  @Field()
   public emailVerified!: boolean;
 
-  @Field({ nullable: true })
   public clientSalt?: string;
 
-  @Field()
   public createdAt!: number;
 
-  @Field({ nullable: true })
   public disabledAt?: number;
 
-  @Field({ nullable: true })
   public locale?: string;
 
-  @Field({ nullable: true })
   public lockedAt?: number;
 
-  @Field({ nullable: true })
   public verifierSetAt?: number;
 
-  @Field((type) => [Email], { nullable: true })
   public emails!: Email[];
 
-  @Field((type) => [EmailBounce], { nullable: true })
   public emailBounces!: EmailBounce[];
 
-  @Field((type) => [Totp], { nullable: true })
   public totp!: Totp[];
 
-  @Field((type) => [RecoveryKeys], { nullable: true })
   public recoveryKeys!: RecoveryKeys[];
 
-  @Field((type) => [SecurityEvents], { nullable: true })
   public securityEvents!: SecurityEvents[];
 
-  @Field((type) => [AttachedClient], { nullable: true })
   public attachedClients!: AttachedClient[];
 
-  @Field((type) => [MozSubscription], { nullable: true })
   public subscriptions!: MozSubscription[];
 
-  @Field((type) => [LinkedAccount], { nullable: true })
   public linkedAccounts!: LinkedAccount[];
 
-  @Field((type) => [AccountEvent], { nullable: true })
   public accountEvents!: AccountEvent[];
 
-  @Field((type) => [Cart], { nullable: true })
   public carts!: Cart[];
 
-  @Field((type) => [BackupCodes], { nullable: true })
   public backupCodes!: BackupCodes[];
 
-  @Field((type) => [RecoveryPhone], { nullable: true })
   public recoveryPhone!: RecoveryPhone[];
 }