Dylan  Iqbal

Dylan Iqbal

1559276342

Using JWTs for GraphQL Authorization with Hasura

Learn about the Hasura platform and how their GraphQL APIs can be secured using JSON Web Tokens

If you’re developing an API today for consumption by third-parties, you’d be more than forgiven for choosing the REST interface to develop the API, as it is a tried and tested standard for delivering data to consumers, as well as accepting changes to the data in a structured way. In more recent times, GraphQL has become an attractive alternative for developing APIs thanks to its flexible, semantic, and performant nature.

But what if you’d like finer control over the details of the data exchange, including integration with third-party authorization servers using JWTs, and being able to quickly and easily set role-based permissions at the field level?

That’s what Hasura have achieved with their GraphQL platform that generates a GraphQL API over a PostgreSQL database. To highlight just a few of the features:

[“The Hasura platform takes advantage of JWT and GraphQL technologies to provide a platform for querying and manipulating data in a PostgreSQL database, taking into account the role specified in the authorization token.”> [“The Hasura platform takes advantage of JWT and GraphQL technologies to provide a platform for querying and manipulating data in a PostgreSQL database, taking into account the role specified in the authorization token.”## A Short Introduction to JSON Web Tokens

From jwt.io:

[“The Hasura platform takes advantage of JWT and GraphQL technologies to provide a platform for querying and manipulating data in a PostgreSQL database, taking into account the role specified in the authorization token.”
What this looks like in practice is a string that is made up of three parts separated by a period:

A JWT is issued as a result of a user authenticating with an authorization server. In the case of the Hasura platform, this JWT can then be used to authorize the request and as such can make queries and mutations depending on the claims present in the token. We will see how this works in the demo a little bit later in the article.

The compact nature of a JWT makes it easy to pass around in query strings, headers, and request bodies, or store in a cookie.

What is GraphQL? An Overview

GraphQL is essentially a query language that allows you to define your API in terms of types. It is datastore-agnostic and has server-side support for many different platforms and languages. Instead of defining your API in terms of status codes and semantic URLs, you define the types and then construct queries using a familiar but powerful syntax. As an example:

{
  article {
    id,
    title,
    author {
      name
    }
  }
}


This describes a query for articles, returning the id, title, and the author’s name. As you can see, it supports nested database objects (the author is another table in the schema, linked to from an article). Mutations can also be defined, which describe how to change data.

In addition, multiple queries can be made in a single request, which is most useful when a client wants to retrieve lots of possibly unrelated data points from the server.

The Hasura Approach

The Hasura platform takes advantage of these technologies to provide a platform for querying and manipulating data in a PostgreSQL database, taking into account the role specified in the authorization token.

The Hasura console allows the user to create a database, define its schema, and populate it with data. Hasura will then generate a GraphQL API on top of this database, automatically generating the appropriate types, queries, and mutations that allow the client to completely query for and manipulate the underlying data.

Hasura takes a role-based approach to authorization, and as such an individual role’s access can be narrowed down to only a subset of the overall schema (even down to the field level). As each role is mapped to certain authorization rules, it can even be prevented from running certain mutations if so desired. Furthermore, queries can be delegated to an upstream service based on the claims present in the authorization token.

Custom claims inside the JWT are used to tell Hasura about the role of the caller, so that Hasura may enforce the necessary authorization rules to decide what the caller can and cannot do.

[Source]

An example of the claims used by Hasura may look like the following:

{
  "https://hasura.io/jwt/claims": {
    "x-hasura-default-role": "anonymous",
    "x-hasura-allowed-roles": [
      "user",
      "anonymous"
    ]
}


These two keys define the possible roles as well as the default role in the absence of the “X-Hasura-Role” header. In the case of Auth0, these custom claims can be put in place using Rules, a platform feature that can be used to dynamically enhance tokens as users are authenticated.

Demo: Querying Data

Let’s have a look at how authorization with Hasura and JWTs works in practice. A demo has been set up that will allow you to construct queries and see the role-based permissions system in action.

This demo has been pre-configured with a database that has authors, articles, tags, and a relationship table that joins many articles to many tags. Let’s see how we can query for some of this data.

Executing anonymous queries

Browse to https://auth0-hasura-demo.herokuapp.com, and use “hasurademo” as the access key.

Next, you will be presented with the Hasura console:

The interface gives you the opportunity to specify some request headers that will be used when querying the GraphQL interface. To demonstrate how the user’s role affects their ability to query and modify data, remove the X-Hasura-Access-Key header by clicking on the cross on the right-hand side, and enter a new header X-Hasura-Role with a value of “anonymous”:

Now, let’s make a query. Use the following query inside the Graphiql query entry area in the lower half of the screen:

{
  article {
    id,
    title
  }
}


To run the query, press Ctrl+Enter (Cmd+Enter if you’re on a Mac), or click on the large ‘play’ button above the query panel. You will see the results of the query on the right-hand side of the screen; you have successfully managed to retrieve the results for two articles that are currently in the database!

Now let’s try a mutation. Alter the query so that it executes the following mutation:

mutation {
  insert_tag(objects:[{name:"<YOUR TAG NAME HERE>"}]) {
    returning {
      name
    }
  }
}


This is a mutation that inserts a new tag with your specified tag name into the database. You should replace the value <YOUR TAG NAME HERE> with a value of your choosing.

Running this mutation right now will return an error, letting you know that the mutation does not exist.

This is correct since the permissions have effectively been set up so that the anonymous role cannot make changes to the database. This is also indicated by the GraphQL API docs, as it does not show any mutations that can be called by this role. To see this, click the “< Docs” button on the right-hand side of the query window to open the API documentation.

Only queries and subscriptions are available as root types here, but no mutations.

Let’s have a closer look at how permissions are set within the Hasura interface.

Validating query permissions

To view the permissions matrix for the “tag” table:

  1. Click the “data” tab at the top of the screen
  2. Click the “tag” table on the left-hand side
  3. Click the “permissions” tab in the main part of the interface

You will arrive at a matrix that describes all the role permissions for the “tag” table. On this screen we can see a number of things:

You can see here that, since the “anonymous” user cannot modify or insert any data, it makes sense that there are no mutations available.

Let’s now switch to the “user” role and see how we can make this mutation work.

Executing Authorized Queries

Click the “Graphiql” heading at the top of the screen to return to the query interface. Now, change the “X-Hasura-Role” request header so that its value is “user”.

If you try to run the mutation again now, you will notice that it will fail for the same reason as before. This is because the “user” role needs to also provide a valid JWT in order to be properly authorized to run this mutation.

[“The Hasura platform takes advantage of JWT and GraphQL technologies to provide a platform for querying and manipulating data in a PostgreSQL database, taking into account the role specified in the authorization token.”> [“The Hasura platform takes advantage of JWT and GraphQL technologies to provide a platform for querying and manipulating data in a PostgreSQL database, taking into account the role specified in the authorization token.”### Generating a valid JWT

For the purposes of this demo, a tool has been provided to make it easy for you to generate a JWT and run this mutation.

Browse to https://auth0-hasura-demo.now.sh/ and log in with your Auth0 account. If you do not currently have one, you can register for a free account.

[“The Hasura platform takes advantage of JWT and GraphQL technologies to provide a platform for querying and manipulating data in a PostgreSQL database, taking into account the role specified in the authorization token.”

Once logged in, you will be able to see your token. Select the entire token string and press Ctrl+C (or Cmd+C on a Mac) to copy it into your clipboard.

Before we head back to the Hasura console, let’s inspect the token to see if it contains the claims that we inspect. Head to http://jwt.io, scroll down and paste the token into the left-hand side of the screen. The right-hand side will automatically update to show you the data contained within the token, and you should be able to see that the correct Hasura claims have been included:

With the token still in your clipboard, head back to the Hasura console. The way we attach this token to the request is through the standard “Authorization” request header.

Add a new header into the “headers” section, specifying the Authorization header and the JWT that you have in your clipboard as the bearer token:

Next, try running the mutation again. You should find that the query now works and that the name of the tag is being played back to you in the response:

[“The Hasura platform takes advantage of JWT and GraphQL technologies to provide a platform for querying and manipulating data in a PostgreSQL database, taking into account the role specified in the authorization token.”
Before we head away from this screen, let’s expand the API docs again to show that the “mutations” root now appears and that you can browse through all the available mutations given that you are now authorized to do so:

Finally, to prove that the mutation has worked we can explore the raw data in the database. Once again, click the “Data” heading at the top of the screen and then click on the “tags” table on the left.

The resulting screen will show you the data that is present in the table, and you can see that the “example-tag” entry that was created by the mutation is there.

Wrapping Up

In this post, you learned a bit about GraphQL and the main differences from a traditional REST API. You also had an introduction to JSON Web Tokens, how they are made up, and how easy they are to pass around.

Next, you discovered how Hasura tackles the idea of a role-based architecture when it comes to securing GraphQL APIs, and how it uses JWTs to authorize incoming requests and grant permissions to specific areas of the schema, even down to the field level.

Finally, you had a practical look at the Hasura platform, learning how to perform anonymous queries, and how to perform authorized mutations using a JWT that was issued to you by Auth0.

Learn More

Build a Simple Web App with Express, Angular, and GraphQL

GraphQL Tutorial: Understanding Spring Data JPA/SpringBoot

How to set up GraphQL with Golang: a deep dive from basics to advanced

Build a Health Tracking App with React, GraphQL, and User Authentication

The Modern GraphQL Bootcamp (Advanced Node.js)

NodeJS - The Complete Guide (incl. MVC, REST APIs, GraphQL)

GraphQL with React: The Complete Developers Guide

GraphQL with Angular & Apollo - The Full-stack Guide

GraphQL: Learning GraphQL with Node.Js

Complete guide to building a GraphQL API

GraphQL: Introduction to GraphQL for beginners

#graphql #json #web-development

What is GEEK

Buddha Community

Using JWTs for GraphQL Authorization with Hasura

Why Use WordPress? What Can You Do With WordPress?

Can you use WordPress for anything other than blogging? To your surprise, yes. WordPress is more than just a blogging tool, and it has helped thousands of websites and web applications to thrive. The use of WordPress powers around 40% of online projects, and today in our blog, we would visit some amazing uses of WordPress other than blogging.
What Is The Use Of WordPress?

WordPress is the most popular website platform in the world. It is the first choice of businesses that want to set a feature-rich and dynamic Content Management System. So, if you ask what WordPress is used for, the answer is – everything. It is a super-flexible, feature-rich and secure platform that offers everything to build unique websites and applications. Let’s start knowing them:

1. Multiple Websites Under A Single Installation
WordPress Multisite allows you to develop multiple sites from a single WordPress installation. You can download WordPress and start building websites you want to launch under a single server. Literally speaking, you can handle hundreds of sites from one single dashboard, which now needs applause.
It is a highly efficient platform that allows you to easily run several websites under the same login credentials. One of the best things about WordPress is the themes it has to offer. You can simply download them and plugin for various sites and save space on sites without losing their speed.

2. WordPress Social Network
WordPress can be used for high-end projects such as Social Media Network. If you don’t have the money and patience to hire a coder and invest months in building a feature-rich social media site, go for WordPress. It is one of the most amazing uses of WordPress. Its stunning CMS is unbeatable. And you can build sites as good as Facebook or Reddit etc. It can just make the process a lot easier.
To set up a social media network, you would have to download a WordPress Plugin called BuddyPress. It would allow you to connect a community page with ease and would provide all the necessary features of a community or social media. It has direct messaging, activity stream, user groups, extended profiles, and so much more. You just have to download and configure it.
If BuddyPress doesn’t meet all your needs, don’t give up on your dreams. You can try out WP Symposium or PeepSo. There are also several themes you can use to build a social network.

3. Create A Forum For Your Brand’s Community
Communities are very important for your business. They help you stay in constant connection with your users and consumers. And allow you to turn them into a loyal customer base. Meanwhile, there are many good technologies that can be used for building a community page – the good old WordPress is still the best.
It is the best community development technology. If you want to build your online community, you need to consider all the amazing features you get with WordPress. Plugins such as BB Press is an open-source, template-driven PHP/ MySQL forum software. It is very simple and doesn’t hamper the experience of the website.
Other tools such as wpFoRo and Asgaros Forum are equally good for creating a community blog. They are lightweight tools that are easy to manage and integrate with your WordPress site easily. However, there is only one tiny problem; you need to have some technical knowledge to build a WordPress Community blog page.

4. Shortcodes
Since we gave you a problem in the previous section, we would also give you a perfect solution for it. You might not know to code, but you have shortcodes. Shortcodes help you execute functions without having to code. It is an easy way to build an amazing website, add new features, customize plugins easily. They are short lines of code, and rather than memorizing multiple lines; you can have zero technical knowledge and start building a feature-rich website or application.
There are also plugins like Shortcoder, Shortcodes Ultimate, and the Basics available on WordPress that can be used, and you would not even have to remember the shortcodes.

5. Build Online Stores
If you still think about why to use WordPress, use it to build an online store. You can start selling your goods online and start selling. It is an affordable technology that helps you build a feature-rich eCommerce store with WordPress.
WooCommerce is an extension of WordPress and is one of the most used eCommerce solutions. WooCommerce holds a 28% share of the global market and is one of the best ways to set up an online store. It allows you to build user-friendly and professional online stores and has thousands of free and paid extensions. Moreover as an open-source platform, and you don’t have to pay for the license.
Apart from WooCommerce, there are Easy Digital Downloads, iThemes Exchange, Shopify eCommerce plugin, and so much more available.

6. Security Features
WordPress takes security very seriously. It offers tons of external solutions that help you in safeguarding your WordPress site. While there is no way to ensure 100% security, it provides regular updates with security patches and provides several plugins to help with backups, two-factor authorization, and more.
By choosing hosting providers like WP Engine, you can improve the security of the website. It helps in threat detection, manage patching and updates, and internal security audits for the customers, and so much more.

Read More

#use of wordpress #use wordpress for business website #use wordpress for website #what is use of wordpress #why use wordpress #why use wordpress to build a website

Dylan  Iqbal

Dylan Iqbal

1559276342

Using JWTs for GraphQL Authorization with Hasura

Learn about the Hasura platform and how their GraphQL APIs can be secured using JSON Web Tokens

If you’re developing an API today for consumption by third-parties, you’d be more than forgiven for choosing the REST interface to develop the API, as it is a tried and tested standard for delivering data to consumers, as well as accepting changes to the data in a structured way. In more recent times, GraphQL has become an attractive alternative for developing APIs thanks to its flexible, semantic, and performant nature.

But what if you’d like finer control over the details of the data exchange, including integration with third-party authorization servers using JWTs, and being able to quickly and easily set role-based permissions at the field level?

That’s what Hasura have achieved with their GraphQL platform that generates a GraphQL API over a PostgreSQL database. To highlight just a few of the features:

[“The Hasura platform takes advantage of JWT and GraphQL technologies to provide a platform for querying and manipulating data in a PostgreSQL database, taking into account the role specified in the authorization token.”> [“The Hasura platform takes advantage of JWT and GraphQL technologies to provide a platform for querying and manipulating data in a PostgreSQL database, taking into account the role specified in the authorization token.”## A Short Introduction to JSON Web Tokens

From jwt.io:

[“The Hasura platform takes advantage of JWT and GraphQL technologies to provide a platform for querying and manipulating data in a PostgreSQL database, taking into account the role specified in the authorization token.”
What this looks like in practice is a string that is made up of three parts separated by a period:

A JWT is issued as a result of a user authenticating with an authorization server. In the case of the Hasura platform, this JWT can then be used to authorize the request and as such can make queries and mutations depending on the claims present in the token. We will see how this works in the demo a little bit later in the article.

The compact nature of a JWT makes it easy to pass around in query strings, headers, and request bodies, or store in a cookie.

What is GraphQL? An Overview

GraphQL is essentially a query language that allows you to define your API in terms of types. It is datastore-agnostic and has server-side support for many different platforms and languages. Instead of defining your API in terms of status codes and semantic URLs, you define the types and then construct queries using a familiar but powerful syntax. As an example:

{
  article {
    id,
    title,
    author {
      name
    }
  }
}


This describes a query for articles, returning the id, title, and the author’s name. As you can see, it supports nested database objects (the author is another table in the schema, linked to from an article). Mutations can also be defined, which describe how to change data.

In addition, multiple queries can be made in a single request, which is most useful when a client wants to retrieve lots of possibly unrelated data points from the server.

The Hasura Approach

The Hasura platform takes advantage of these technologies to provide a platform for querying and manipulating data in a PostgreSQL database, taking into account the role specified in the authorization token.

The Hasura console allows the user to create a database, define its schema, and populate it with data. Hasura will then generate a GraphQL API on top of this database, automatically generating the appropriate types, queries, and mutations that allow the client to completely query for and manipulate the underlying data.

Hasura takes a role-based approach to authorization, and as such an individual role’s access can be narrowed down to only a subset of the overall schema (even down to the field level). As each role is mapped to certain authorization rules, it can even be prevented from running certain mutations if so desired. Furthermore, queries can be delegated to an upstream service based on the claims present in the authorization token.

Custom claims inside the JWT are used to tell Hasura about the role of the caller, so that Hasura may enforce the necessary authorization rules to decide what the caller can and cannot do.

[Source]

An example of the claims used by Hasura may look like the following:

{
  "https://hasura.io/jwt/claims": {
    "x-hasura-default-role": "anonymous",
    "x-hasura-allowed-roles": [
      "user",
      "anonymous"
    ]
}


These two keys define the possible roles as well as the default role in the absence of the “X-Hasura-Role” header. In the case of Auth0, these custom claims can be put in place using Rules, a platform feature that can be used to dynamically enhance tokens as users are authenticated.

Demo: Querying Data

Let’s have a look at how authorization with Hasura and JWTs works in practice. A demo has been set up that will allow you to construct queries and see the role-based permissions system in action.

This demo has been pre-configured with a database that has authors, articles, tags, and a relationship table that joins many articles to many tags. Let’s see how we can query for some of this data.

Executing anonymous queries

Browse to https://auth0-hasura-demo.herokuapp.com, and use “hasurademo” as the access key.

Next, you will be presented with the Hasura console:

The interface gives you the opportunity to specify some request headers that will be used when querying the GraphQL interface. To demonstrate how the user’s role affects their ability to query and modify data, remove the X-Hasura-Access-Key header by clicking on the cross on the right-hand side, and enter a new header X-Hasura-Role with a value of “anonymous”:

Now, let’s make a query. Use the following query inside the Graphiql query entry area in the lower half of the screen:

{
  article {
    id,
    title
  }
}


To run the query, press Ctrl+Enter (Cmd+Enter if you’re on a Mac), or click on the large ‘play’ button above the query panel. You will see the results of the query on the right-hand side of the screen; you have successfully managed to retrieve the results for two articles that are currently in the database!

Now let’s try a mutation. Alter the query so that it executes the following mutation:

mutation {
  insert_tag(objects:[{name:"<YOUR TAG NAME HERE>"}]) {
    returning {
      name
    }
  }
}


This is a mutation that inserts a new tag with your specified tag name into the database. You should replace the value <YOUR TAG NAME HERE> with a value of your choosing.

Running this mutation right now will return an error, letting you know that the mutation does not exist.

This is correct since the permissions have effectively been set up so that the anonymous role cannot make changes to the database. This is also indicated by the GraphQL API docs, as it does not show any mutations that can be called by this role. To see this, click the “< Docs” button on the right-hand side of the query window to open the API documentation.

Only queries and subscriptions are available as root types here, but no mutations.

Let’s have a closer look at how permissions are set within the Hasura interface.

Validating query permissions

To view the permissions matrix for the “tag” table:

  1. Click the “data” tab at the top of the screen
  2. Click the “tag” table on the left-hand side
  3. Click the “permissions” tab in the main part of the interface

You will arrive at a matrix that describes all the role permissions for the “tag” table. On this screen we can see a number of things:

You can see here that, since the “anonymous” user cannot modify or insert any data, it makes sense that there are no mutations available.

Let’s now switch to the “user” role and see how we can make this mutation work.

Executing Authorized Queries

Click the “Graphiql” heading at the top of the screen to return to the query interface. Now, change the “X-Hasura-Role” request header so that its value is “user”.

If you try to run the mutation again now, you will notice that it will fail for the same reason as before. This is because the “user” role needs to also provide a valid JWT in order to be properly authorized to run this mutation.

[“The Hasura platform takes advantage of JWT and GraphQL technologies to provide a platform for querying and manipulating data in a PostgreSQL database, taking into account the role specified in the authorization token.”> [“The Hasura platform takes advantage of JWT and GraphQL technologies to provide a platform for querying and manipulating data in a PostgreSQL database, taking into account the role specified in the authorization token.”### Generating a valid JWT

For the purposes of this demo, a tool has been provided to make it easy for you to generate a JWT and run this mutation.

Browse to https://auth0-hasura-demo.now.sh/ and log in with your Auth0 account. If you do not currently have one, you can register for a free account.

[“The Hasura platform takes advantage of JWT and GraphQL technologies to provide a platform for querying and manipulating data in a PostgreSQL database, taking into account the role specified in the authorization token.”

Once logged in, you will be able to see your token. Select the entire token string and press Ctrl+C (or Cmd+C on a Mac) to copy it into your clipboard.

Before we head back to the Hasura console, let’s inspect the token to see if it contains the claims that we inspect. Head to http://jwt.io, scroll down and paste the token into the left-hand side of the screen. The right-hand side will automatically update to show you the data contained within the token, and you should be able to see that the correct Hasura claims have been included:

With the token still in your clipboard, head back to the Hasura console. The way we attach this token to the request is through the standard “Authorization” request header.

Add a new header into the “headers” section, specifying the Authorization header and the JWT that you have in your clipboard as the bearer token:

Next, try running the mutation again. You should find that the query now works and that the name of the tag is being played back to you in the response:

[“The Hasura platform takes advantage of JWT and GraphQL technologies to provide a platform for querying and manipulating data in a PostgreSQL database, taking into account the role specified in the authorization token.”
Before we head away from this screen, let’s expand the API docs again to show that the “mutations” root now appears and that you can browse through all the available mutations given that you are now authorized to do so:

Finally, to prove that the mutation has worked we can explore the raw data in the database. Once again, click the “Data” heading at the top of the screen and then click on the “tags” table on the left.

The resulting screen will show you the data that is present in the table, and you can see that the “example-tag” entry that was created by the mutation is there.

Wrapping Up

In this post, you learned a bit about GraphQL and the main differences from a traditional REST API. You also had an introduction to JSON Web Tokens, how they are made up, and how easy they are to pass around.

Next, you discovered how Hasura tackles the idea of a role-based architecture when it comes to securing GraphQL APIs, and how it uses JWTs to authorize incoming requests and grant permissions to specific areas of the schema, even down to the field level.

Finally, you had a practical look at the Hasura platform, learning how to perform anonymous queries, and how to perform authorized mutations using a JWT that was issued to you by Auth0.

Learn More

Build a Simple Web App with Express, Angular, and GraphQL

GraphQL Tutorial: Understanding Spring Data JPA/SpringBoot

How to set up GraphQL with Golang: a deep dive from basics to advanced

Build a Health Tracking App with React, GraphQL, and User Authentication

The Modern GraphQL Bootcamp (Advanced Node.js)

NodeJS - The Complete Guide (incl. MVC, REST APIs, GraphQL)

GraphQL with React: The Complete Developers Guide

GraphQL with Angular & Apollo - The Full-stack Guide

GraphQL: Learning GraphQL with Node.Js

Complete guide to building a GraphQL API

GraphQL: Introduction to GraphQL for beginners

#graphql #json #web-development

Delbert  Ferry

Delbert Ferry

1622105190

How to use GraphQL with Javascript – GraphQL.js tutorial

One of the fastest ways to get up and running with GraphQL is to install Apollo Server as middleware on your new or existing HTTP server.

In this short post, we demonstrate how to use Apollo Server to create a GraphQL server with Express.js using the [apollo-server-express] package. At the end, we’ll discuss the tradeoffs of this approach.

#graphql #javascript #graphql.js #graphql.js tutorial

YiXu Zhang

YiXu Zhang

1608603825

Building a Stocks Price Notifier App using React, Apollo GraphQL and Hasura

In this article, we’ll learn how to build an event-based application and send a web-push notification when a particular event is triggered. We’ll set up database tables, events, and scheduled triggers on the Hasura GraphQL engine and wire up the GraphQL endpoint to the front-end application to record the stock price preference of the user.

The concept of getting notified when the event of your choice has occurred has become popular compared to being glued onto the continuous stream of data to find that particular occurrence yourself. People prefer to get relevant emails/messages when their preferred event has occurred as opposed to being hooked on the screen to wait for that event to happen. The events-based terminology is also quite common in the world of software.

How awesome would that be if you could get the updates of the price of your favorite stock on your phone?

In this article, we’re going to build a Stocks Price Notifier application by using React, Apollo GraphQL, and Hasura GraphQL engine. We’re going to start the project from a create-react-app boilerplate code and would build everything ground up. We’ll learn how to set up the database tables, and events on the Hasura console. We’ll also learn how to wire up Hasura’s events to get stock price updates using web-push notifications.

Here’s a quick glance at what we would be building:

Overview of Stock Price Notifier Application

Stock Price Notifier Application

Let’s get going!

#react #apollo #graphql #hasura #javascript

Eleo Nona

Eleo Nona

1603077202

Authorization in GraphQL - Schema Directive vs. GraphQL Shield

This blog also assumes that you are familiar with GraphQL Schema Directives. If not, I recommend reading this Apollo documentation on Schema Directive.

Let’s say we have a basic Blogs application in which an User hasMany Posts and each Post in turn hasMany Comments.

Below is the gist containing the basic GraphQL schema of this application.

const typeDefs = gql`
  input PostInputType {
    id: Int!
    title: String!
    description: String
  }
  type CommentType {
    id: Int!
    comment: String!
  }
  type PostType {
    id: Int!
    title: String
    description: String
    comments: [CommentType]
  }
  type UserType {
    id: Int
    name: String
    email: String
    posts: [PostType]
  }
  type Query {
    users: [UserType]
    posts: [PostType]
  }
`;

#authorization #graphql #javascript #optimization #apollo-server