Gain insights into crafting GraphQL APIs with Elixir's Absinthe. Explore building schemata, securing endpoints, and integrating frontends to master creating, publishing, and utilizing robust GraphQL APIs.

Craft GraphQL APIs in Elixir with Absinthe.png

graphql.tar.gz

Chapter_2_1_start

Chapter_2_2_object_Running_GraphQLServer

Chapter_2_2_object

Chapter_3_3_matching

Chapter_3_3_matching_GraphQiL

Chapter_4_2_Union_GraphQiL

Chapter_5_2_Create

Chapter_6_4-publish

Chapter_6_4-orderingapi

Chapter_7_5-default

Chapter_8_2-login

Chapter_8_3-context

Chapter_9_dataloader

Chapter_10_Start

Chapter_10_2_action

Chapter_10_3_put

Chapter_10_4_login

Chapter_10_5_History

Chapter_11_2_subsription

Chapter_11_1_start

Chapter_11_hybird

Chapter_11_Applo_Client

Chapter_11_1_start-Updated

Chapter11-2-HTTP-Subscription

Chapter11-2-HTTP-Relay-Subscription

GraphQL is an API query language that allows clients to ask for exactly what they need and nothing more makes it easier to evolve APIs over time.

This course is divided into three parts, Part 1- Build a GraphQL API, Part 2- Publish Your API, and Part-3 Use Your API. 

In the first part, you will cover topics ranging from basic GraphQL, Building GraphQL Schema, Taking User Input, Adding Flexibility, Making a Change with Mutations, and Going Live with Subscriptions.

In the second part, you will cover topics ranging from Resolution Middleware, Securing with Authentication and Authorization, and Tuning Resolution.

The third part will cover topics ranging from Driving Phoenix Actions with GraphQL, Integrating with the Frontend and GraphQL Types. Upon completing this course, you will have sufficient foundational knowledge of GraphQL, and you can build, publish and use your API in GraphQL.

Craft GraphQL APIs in Elixir with Absinthe

# Manage user input 
The main administrative feature we want is the ability to look at the order history for each of the menu items we have listed here. This isn’t the kind of thing that should be visible to just anyone, so we need to take some steps to secure the UI. We already know how to secure portions of your GraphQL schema, but we’ll learn how to hook that up to the kinds of session mechanisms we use when doing server-driven UIs. It’ll also be a good first intro to handling input that comes from the forms. When working with normal browser-based interfaces, we’ll need a way to put authentication information into the session cookie managed by Plug. After a successful login, user information will be placed into the cookie, and then that cookie will get pushed along in every subsequent request. In the [Login API](https://www.educative.io/courses/craft-graphql-api-elixir-absinthe/login-api), we created a plug to handle retrieving auth information from headers. We’ll create a similar plug for our admin scope. It’s possible to refactor the existing plug to handle both the API and the admin interface. However, there's enough distinct logic that it’s cleaner to create a new one:

defmodule PlateSlateWeb.AdminAuth do
   @behaviour Plug
   import Plug.Conn
   def init(opts), do: opts
   def call(conn, _) do
     with id when not is_nil(id) <- get_session(conn, :employee_id), 
     %{} = user <- PlateSlate.Accounts.lookup("employee", id) do
       conn
       |> Plug.Conn.assign(:current_user, user)
       |> Absinthe.Plug.put_options(context: %{current_user: user})
    else
       _ -> 
       conn
        |> clear_session
        |> Phoenix.Controller.redirect(to: "/admin/session/new") 
     end
   end 
end

Instead of looking at the headers, we use the `get_session/2` function provided by the `Plug.Conn` module to check the user-provided cookie for an `:employee_id`. If there is such an ID and it matches to a user, we put that user in the connection `:assigns` so that the user is available broadly within our UI. We also put it in the `Absinthe.Plug` context so that our GraphQL queries have access to it too. If the user isn’t authenticated, they’ll just be redirected to the login page. Whatever session info they have is cleared out just in case it’s erroneous.
The trick in the router is that you want this to be applied to the item routes but not the session routes. Otherwise, we'd have a tricky situation where we’d require authentication to log in. You can prevent this by having two `"/admin"` scopes in the router:

Learn how to handle input that comes from the forms.


Handling Input

Learn how to handle input that comes from the forms.

Getting Started

Meet GraphQL

Building Schema of GraphQL

Taking User Input

Adding Flexibility

Making a Change with Mutations

Going Live with Subscriptions

Resolution Middleware

Securing with Authentication and Authorization

Tuning Resolution

Driving Phoenix Actions with GraphQL

Integrating with the Front-end

Conclusion

Handling Input

Manage user input