-
Notifications
You must be signed in to change notification settings - Fork 0
GraphQL Cheetsheet
Shaung Cheng edited this page Jan 3, 2021
·
5 revisions
- Define Type / Node
- This defines the fields in the response body
- You most likely will port this class to a Django model and you're all set
- If not, then you'll implement
def resolve_<property_name>(root, info)to define what data to retrieve.
- Define Query
- Export as one single Schema class, this will be the "root router" of GraphQL "routes", but note that in fact there's only one endpoint.
- Dealing with ownership filtering
- As long as Django auth is setup (e.g. JWT),
request.usercan be used out of the box. - We can simply overwrite
def resolve_<property>and filter by ownership there, or in django-filter FilterSet class overwrite@property def qs(). This only works for that property. - To do global filtering - something similar to REST's filter backend, we can use the fact that we can override
def get_queryseton Node/Type classes. So we can create a base class overridingget_querysetand have our ownership filtering logic there, and then let Type / Node classes inherit.
- As long as Django auth is setup (e.g. JWT),
- Dealing with CSRF - See this SO answer
- As long as you're not using session auth, instead like JWT, and you protect graphql endpoint by checking on
request.user, it is fine to exempt.
- As long as you're not using session auth, instead like JWT, and you protect graphql endpoint by checking on
- Dealing with auth - protecting graphql endpoint, only allow login user to request any data
- Deal with auth - apply JWT authentication
- If you use restframework-jwt, then it's only for REST API endpoints. You have to setup Graphql's endpoints (view) separately. But worry not, we can reuse restframework-jwt auth utilities.
- Check out this GitHub comment
- TODO: How to standardize all error to json response, instead of HTML
- Looks like the issue here is Django's
LoginRequiredMixinreturning HTML. Is there better way?
- Looks like the issue here is Django's
- Apollo client is a popular option for making graphql request
- CORS: as long as server side is setup to whitelist frontend's origin, most likely already did for REST API, then you're good. Just make sure to send over the
- Dealing with CSRF
- See the same topic in "Server Side". Chances are we don't need to deal with this.