Hello, I have a question that may be a beginner question but I can’t figure out a simple answer. I use (and love) the prisma api with a prisma service, connected to a react app via apollo. The problem is that when a go into my browser console and in the network tab, I can see the URL apollo is making the request against and, by just copy pasting it, anyone can do so and do whatever they want. I found ways to use a custom server to proxy the requests but is there a simpler way? Thanks 🙂

you typically need something else in front of prisma to handle auth. i'm about to try https://github.com/maticzav/graphql-shield or similar on my apollo-server setup. there's also this: https://nexus.js.org/docs/database-access-with-prisma#hide-fields-of-a-model

Prisma is not meant to be a direct access layer to the 'outside'. It's meant to be used as an ORM-like service between your backend API and your database system. The best way to go about it is to write a quick server using graphql-yoga or apollo-server.

Thanks a lot guys, I’ll try all of that 🙂

Glhf! We're here if you need us! 🙂

So, if I understood well, I put that on my server and connect it to Prisma, and I keep apollo on my client and instead of doing requests to prisma on the client side, I do requests to my server ie to nexus, right?

Yes.

nexus-prisma

still requires either GraphQL-Yoga or ApolloServer though.

Thanks!

Hey, don't be sorry! We all start somewhere! 🙂 You can choose how you want to do Prisma. I personally recommend doing it locally with your own DB and docker-compose, but you can create one on Prisma's own service. I would recommend the tutorial series in the docs. https://www.prisma.io/docs/get-started/01-setting-up-prisma-demo-server-JAVASCRIPT-a001/ shows you how to use their "Test DB" (Hosted in their cloud service). You can transition to Docker later.

Thanks a lot Jenkins!