Gain insights into building full stack apps with GraphQL. Learn back-end setup, front-end integration with React, Apollo Client, and advanced GraphQL features, including caching and testing.

gld.tar.gz

CreatingBackendProject

ImplementingFirstResolver

NestedResolver

QueriesParameters

ExerciseAddCategories 

SettingUpTheDBlayer

ReturningDataFromDB

ExerciseReadUserDataFromDB 

ImplementingMutation

ErrorHandling

UI Setup

Pre-UI Setup

Client Queries

ImplementingDataLoaderWithAppllo

ExerciseImplementingDataLoader

Client Queries Exercise

Client Queries Server

Client Queries Server GraphQl

Client Queries-copy

UI-testing

Client Queries  Basam

CreatingBackendProjectInitialVersion

Pagination With GraphQL

Client Queries-React-Auth

ImplementingMutation-copy

ExerciseAddCategories -copy

GraphQL is a rapidly growing data query and manipulation language for web APIs. A strong grasp of GraphQL is essential for any software engineer who is developing applications on the modern web.

This course is a comprehensive introduction to building full-stack web applications using GraphQL. You’ll start by implementing a back end and exploring GraphQL’s unique approach to API implementation. After setting up your database, you’ll build a front-end application using React. The application will pass GraphQL queries using an Apollo client to pull information from the back end. You’ll wrap up with an exploration of more advanced GraphQL features, including DataLoader, Apollo client caching, and testing GraphQL applications.

By the end of this course, you’ll be ready to build full stack web applications using GraphQL, React, and Apollo.

Building Full Stack Applications with GraphQL

So far, we’ve only made a few design choices about how we’ll implement authentication. Now, let’s explore implementing a new mutation to authenticate a user and use server-side cookies to send an authentication token to a client making a request.

We’ll implement authentication on the backend. This process can  be a bit involved, but we’ll go through it step by step:

* We define new mutations to log in and log out.
* We store password information for users in our database. We store password hashes and not the passwords themselves, but we’ll cover this in more detail later.)
* We implement the `login` mutation to set a cookie and update our GraphQL server to read a JWT token from an incoming request.
* We restrict all other mutations to authenticated users.

This is quite a bit to go through, so we’ll implement all the prep work in this lesson and do the remaining steps in the following lessons.

## New schema
We’ll start by defining new mutations in our application. We add one mutation to log into our application and another mutation to log out.

type Mutation {

  login(userName: String!, password: String!): LogInResponse!

  logOut: Boolean!
}

type LogInResponse {
  expiresIn: Int!
  user: User!
}

The `login` mutation receives a username and password, and if the login process succeeds, it’ll set a server-side cookie with a JWT token describing a logged-in user. We don’t need to declare a cookie in a GraphQL schema, but this mutation will return a GraphQL response using the `LogInResponse` type.


The `LogInResponse` type contains information about an authenticated user and the JWT token’s expiration time. This might seem like duplication since we can provide the same data in a JWT token in a server-side cookie, but we have to do this because our client application won’t be able to read the cookie’s content.

The `logOut` mutation is much simpler and simply instructs a browser to remove an authentication cookie returned by the `login` method.

## Passwords

Before we can implement our mutations, we need to set passwords for our users. Storing passwords in cleartext is a big no-no! Suppose somebody hacks our system and gets their hands on the credentials database? In that situation, they could use those passwords to log in to our website and, because many people reuse their passwords across different websites, they might try to compromise our users’ other accounts.

Instead, we should store hashes of our users’ passwords. To produce a password hash, we simply need to pass a password to a hash function, which returns a hash value. 

All hash functions have two important properties. First, they return the same value for the same input. Second, the output looks almost random. This hash is easy to compute for any input, but it’s practically impossible to figure out what the input was to generate a particular hash. 

With this approach, when a server receives a user’s credentials, it calculates a hash for the received password and compares hashes instead of comparing passwords. This allows us to securely check if a user is providing a correct password without storing it.

Of course, we won’t implement this ourselves and we’ll rely on a popular and battle-tested `bcrypt` library. First, we need to install this library.

```bash
npm install bcrypt
```

Now that we have the library, we can hash a password as soon as we have it. To do this, we use the `hashSync` function.

So far, we’ve only made a few design choices about how we’ll implement authentication. Now, let’s explore implementing a new mutation to authenticate a user and use server-side cookies to send an authentication token to a client making a request.

We’ll implement authentication on the backend. This process can  be a bit involved, but we’ll go through it step by step:

* We define new mutations to log in and log out.
* We store password information for users in our database. We store password hashes and not the passwords themselves, but we’ll cover this in more detail later.)
* We implement the `login` mutation to set a cookie and update our GraphQL server to read a JWT token from an incoming request.
* We restrict all other mutations to authenticated users.

This is quite a bit to go through, so we’ll implement all the prep work in this lesson and do the remaining steps in the following lessons.

# New schema
We’ll start by defining new mutations in our application. We add one mutation to log into our application and another mutation to log out.

The `login` mutation receives a username and password, and if the login process succeeds, it’ll set a server-side cookie with a JWT token describing a logged-in user. We don’t need to declare a cookie in a GraphQL schema, but this mutation will return a GraphQL response using the `LogInResponse` type.


The `LogInResponse` type contains information about an authenticated user and the JWT token’s expiration time. This might seem like duplication since we can provide the same data in a JWT token in a server-side cookie, but we have to do this because our client application won’t be able to read the cookie’s content.

The `logOut` mutation is much simpler and simply instructs a browser to remove an authentication cookie returned by the `login` method.

# Passwords

Before we can implement our mutations, we need to set passwords for our users. Storing passwords in cleartext is a big no-no! Suppose somebody hacks our system and gets their hands on the credentials database? In that situation, they could use those passwords to log in to our website and, because many people reuse their passwords across different websites, they might try to compromise our users’ other accounts.

Instead, we should store hashes of our users’ passwords. To produce a password hash, we simply need to pass a password to a hash function, which returns a hash value. 

All hash functions have two important properties. First, they return the same value for the same input. Second, the output looks almost random. This hash is easy to compute for any input, but it’s practically impossible to figure out what the input was to generate a particular hash. 

With this approach, when a server receives a user’s credentials, it calculates a hash for the received password and compares hashes instead of comparing passwords. This allows us to securely check if a user is providing a correct password without storing it.

Of course, we won’t implement this ourselves and we’ll rely on a popular and battle-tested `bcrypt` library. First, we need to install this library.

```bash
npm install bcrypt
```

Now that we have the library, we can hash a password as soon as we have it. To do this, we use the `hashSync` function.

Learn how to implement authentication in GraphQL.

Getting Started with GraphQL

GraphQL Backend

Developing Frontend Application

Protecting GraphQL API

Advanced GraphQL

Appendix

Getting Started with GraphQL Authentication

New schema