Gain insights into GraphQL's architecture and methodology. Learn about setting up servers, performing complex queries, and updating data with mutations using Apollo Server and Node.js. Discover practical deployment.

getting started with Node js and graph ql 2-01.png

node.tar.gz

nodeapollospa

GraphQL is a query language for web APIs and a runtime for fulfilling queries with existing data. GraphQL gives clients the power to ask for precisely what they need, making it easy to evolve APIs with powerful developer tools.

This course is an introduction to GraphQL using the Node.js JavaScript runtime environment and Apollo Server. You’ll start with an introduction to GraphQL’s architecture and functions before exploring the structure of GraphQL data and learning to perform meaningful, complex queries. You’ll then learn how to update server data using mutations. Next, you’ll explore the GraphQL type system and schemas to set up a GraphQL server using Apollo Server. Once the server is set up, you’ll implement a full GraphQL application using Apollo and Node.js.

By the end of this course, you’ll have a rich understanding of GraphQL’s architecture and methodology and be prepared to deploy GraphQL applications to the web using Apollo and Node.js.

Getting Started with GraphQL using Node.js

# Authorization
Authorization is a business logic that expresses whether a given `user/session/context` can invoke an operation, such as reading or writing a piece of data. The following is an example of authorization: “Only admin can edit pizzas.”

Enforcing this kind of behavior should happen in the business logic layer. It’s tempting to place authorization logic in the GraphQL layer like this:


updatePizza: (parent, args, context) => {
      // check if user is authenticated
      if (!context.user) {
        throw new AuthenticationError('user not authenticated');
      }

      // get current pizza record using pizza id
      const { id, pizza, toppings } = args;

      const index = pizzas.findIndex((pizza) => pizza.id === id)

      // create topping as another table, so you also need to get topping using current topping id!
      const toppingRecords = toppings.map(({id})=> pizzaToppings.find(({id: pizzaToppingId})=> pizzaToppingId === id))

      pizzas[index] = { id, toppings: toppingRecords, pizza}
      return pizzas[index];
    },

Notice that we define whether the user iss authenticated or not by checking whether the context has user property. Can you spot the problem? Here’s a couple of potential issues that could result from using this approach:

- We may need to duplicate this code for each entry point into the service.

- Our authentication logic may grow and be tightly coupled with the resolver if we ever want to implement RBCA or role-based authorization.


Defining authorization logic inside the resolver is fine when learning GraphQL or prototyping. However, delegating authorization logic to the business logic layer will make it hard to maintain and to test a production code base.




Learn how to validate authentication in GraphQL servers.


Introduction

Getting to Know GraphQL

Queries

Mutations

Schemas and Types

Schema Validation

Schema Execution

Schema Introspection

GraphQL Best Practices

GraphQL Exam

Authorization

Authorization