https://www.prisma.io/ logo
Join SlackCommunities
Powered by
hi, I'm new to graphcool and I have a question. Is...
# prisma-whats-new
r
hi, I'm new to graphcool and I have a question. Is the graphql playground publicly accessible? If it is, then can't anyone access the database?
n
here's a proposal for how an authentication concept in Graphcool 1.0 could look like: https://github.com/graphcool/framework/issues/1365 it's not yet implemented but is targeted for release in the 1.0 preview soon (check https://github.com/graphcool/framework/pull/1318) You can check https://github.com/graphql-boilerplates/node-graphql-server to see how this authentication concept looks like in practice 🙂
r
thanks. so as of now, graphcool isn't ready for production? since anyone can access and alter the database?
n
Graphcool 1.0 comes with a bunch of new features and is currently in a preview (not production ready) check https://www.graph.cool/forum/t/developer-preview-graphcool-1-0-beta/1891?u=nilan for more information 🙂 The target release date for Graphcool 1.0 is within the next two weeks, where it will be production ready indeed. The Graphcool Framework is production ready. Here, you would cover your use case using a permission system.
r
thanks for getting back to me so quickly 🙂 this might seem stupid, but does that mean those using graphcool now has their graphql playground exposed for everyone to use? trying to understand how all this works
n
yes, the GraphQL schema itself is exposed when using the Graphcool Framework. However, with permissions you can control access to individual queries and mutations.
r
thanks. I also have a question regarding auth in graphcool. I was following the tutorials over at howtographql.com. It all worked well. Then I removed the auth header middleware from apollo in 
index.js
. I also updated permissions in 
graphcool.yml
to 
authenticated:true
. However, I was still able to create links and votes. not sure what I'm missing.
n
in Graphcool 1.0, the GraphQL schema of the Graphcool DB is not exposed (access to the schema itself is protected by an API key). Instead, an individual app schema is exposed to GraphQL Clients. Check https://github.com/graphql-boilerplates/node-graphql-server/ to see how this works 🙂
r
Copy code
permissions:
  - operation: "*"
    authenticated: true
this is how it looks
Copy code
const middlewareAuthLink = new ApolloLink((operation, forward) => {
  const token = localStorage.getItem(GC_AUTH_TOKEN)
  const authorizationHeader = token ? `Bearer ${token}` : null
  // operation.setContext({
  //   headers: {
  //     authorization: authorizationHeader
  //   }
  // })
  return forward(operation)
})
and I commented out the middleware in apollo so it doesn't add the authorization header
n
check https://github.com/graphcool/framework/issues/722 🙂 note: this permission system will not be transferred 1-to-1 to Graphcool 1.0, but we're currently discussing a nice DSL using 
graphcool-binding
, check https://github.com/graphcool/graphcool-binding/issues/8
r
great to see it's being worked on 🙂 does that mean authentication doesn't work currently on graphcool?
n
no, the problem here is issue 722 that I just shared 🙂
r
so how do I authenticate users? sorry, I'm new to graphcool. can you point me to the right docs?
n
please check https://github.com/graphql-boilerplates/node-graphql-server 🙂 the advanced boilerplate has authentication included
r
what is the need of another graphql-server when graphcool is present? no understanding that part in node-graphql-server
n
you can read https://blog.graph.cool/graphql-databases-a-preview-into-the-future-of-graphcool-c1d4981383d9 or check the thumbnail image for a TL;DR version😄
r
thanks for the articles, I'm trying to wrap my head around them
so does that mean we need to setup another server for graphql? and graphcool will handle the database?
and if auth is handled by graphql server, then how does graphcool integrations with auth0 work?
I'm trying to build an API with graphcool, how should I go about it? with these changes, I'm not sure where to start
also, does that mean the current graphcool framework and graphcool cloud will be deprecated?
n
most of your questions are already listed here: https://www.graph.cool/forum/t/developer-preview-graphcool-1-0-beta/1891?u=nilan 🙂 feel free to chime in the thread if you have questions after reading it!
r
thank you
n
💚
r
it makes more sense now 🙂 so currently I can start with graphcool framework. then once graphcool 1.0 is ready, it can be easily migrated. And in graphcool 1.0, there will be a seperate graphql server which can be used to customize the api as required, right?
2 Views
Open in Slack
PreviousNext
Powered by