TechLunch #16: GraphQL (25/10/2017)


Warning: theses notes are published raw, without any rewriting.
Attention: ces notes sont publiées telles quelles, sans retraitement particulier.

Talk #1: Présentation

GraphQL version-free: only add fields, never remove non-nullable fields.

Cache : prefer application cache than network cache.

Security : indépendant from GraphQL.

About DoS: do a cost analysis before executing the query. Cap lists to a maximum. We can also create a query whitelist (persisted queries)

Monitoring : Apollo Engine

Documentation : generated from schema

Easy to PoC, hard to prod.

Talk #2 GraphQL real-time with subscriptions


Real-time over GraphQL. Use PubSub.

Talk #3: GraphQL JS and dataloader

3 layers

  • presentation: web server port, login, user security (logged), dispatch GraphQL queries to business classes
  • business: create returned objects, check business rules (does the user has access? What fields can he view?)
  • data access: DB access, FS access, etc

Problem: each query by ID is separated from the others. Called N+1 problem.

Solution: add a dataloader layer between data access and business

One dataloader per user.