GraphQL
From BC$ MobileTV Wiki
GraphQL is a query language meant to be used for APIs, and a server-side runtime for executing queries by using a type system you define for your data. GraphQL isn't tied to any specific database or storage engine and is instead backed by your existing code and data.
A GraphQL service is created by defining types and fields on those types, then providing functions for each field on each type. For example, a GraphQL service that tells us who the currently logged in user is on my device (i.e. "me") as well as that user's name might look something like this:
type Query {
me: User
}
type User {
id: ID
name: String
}
Along with functions for each field on each type:
function Query_me(request) {
return request.auth.user;
}
function User_name(user) {
return user.getName();
}
Tools
- GraphQL - online tester tool: https://lucasconstantino.github.io/graphiql-online/
- EasyGraphQL: https://easygraphql.com/ | SRC[1]
- GraphQL Voyager: https://apis.guru/graphql-voyager/ (API "schema explorer" tool, like a DB relationship visualizer)
- Hasura: https://hasura.io (provides an "Instant GraphQL web service" on all your DB data)
Resources
- GraphQL SDKs: https://graphql.org/code/
- GraphQL for Java: https://github.com/graphql-java/graphql-java
- GraphQL.js: https://graphql.org/graphql-js/
- OWASP Cheat Sheet Series - GraphQL cheat sheet: https://cheatsheetseries.owasp.org/cheatsheets/GraphQL_Cheat_Sheet.html
- Damn Vulnerable GraphQL Application: https://github.com/dolevf/Damn-Vulnerable-GraphQL-Application (Penetration Testing sample app which has intentional vulnerabilities to run locally and PenTest on)
- GraphQL -- Introspection: https://graphql.org/learn/queries/#mutations (i.e. Updates/Deletes)
- Introducing the GraphQL Add-on for ZAP: https://www.zaproxy.org/blog/2020-08-28-introducing-the-graphql-add-on-for-zap/
Tutorials
- The Fullstack Tutorial for GraphQL: https://www.howtographql.com[2]
- The complete GraphQL Security Guide - Fixing the 13 most common GraphQL Vulnerabilities to make your API production ready: https://wundergraph.com/blog/the_complete_graphql_security_guide_fixing_the_13_most_common_graphql_vulnerabilities_to_make_your_api_production_ready
- GraphQL explained -- How GraphQL turns a query into a response: https://blog.apollographql.com/graphql-explained-5844742f195e
- GraphQL concepts I wish someone explained to me a year ago -- PART 1 - GraphQL Basics: https://medium.com/naresh-bhatia/graphql-concepts-i-wish-someone-explained-to-me-a-year-ago-514d5b3c0eab
- GraphQL concepts I wish someone explained to me a year ago -- PART 2 - Queries (server implementation): https://medium.com/naresh-bhatia/graphql-concepts-i-wish-someone-explained-to-me-a-year-ago-6a55981f3a7e
- GraphQL concepts I wish someone explained to me a year ago -- PART 3 - Queries (client implementation): https://medium.com/naresh-bhatia/graphql-concepts-i-wish-someone-explained-to-me-a-year-ago-959b234ff430
- GraphQL concepts I wish someone explained to me a year ago -- PART 4 - Mutations (server implementation): https://medium.com/naresh-bhatia/graphql-concepts-i-wish-someone-explained-to-me-a-year-ago-572d47318e17
- GraphQL concepts I wish someone explained to me a year ago -- PART 5 - Mutations (client implementation): https://medium.com/naresh-bhatia/graphql-concepts-i-wish-someone-explained-to-me-a-year-ago-61923646739b
- GraphQL concepts I wish someone explained to me a year ago -- PART 6 - Subscriptions (server implementation): https://medium.com/naresh-bhatia/graphql-concepts-i-wish-someone-explained-to-me-a-year-ago-62ec468b44ba
- GraphQL concepts I wish someone explained to me a year ago -- PART 7 - Subscriptions (client implementation): https://medium.com/naresh-bhatia/graphql-concepts-i-wish-someone-explained-to-me-a-year-ago-3b84203fb0b9
- Getting Started with GraphQL (in Java): https://reflectoring.io/getting-started-with-graphql/
- Getting started with GraphQL Java: https://blog.graphqleditor.com/Getting-started-with-GraphQL-Java/
- Getting started with GraphQL Java & Spring Boot: https://www.graphql-java.com/tutorials/getting-started-with-spring-boot/
- How To Build a Blazing-Fast GraphQL API With Node.js, MongoDB, and Fastify: https://medium.com/better-programming/how-to-build-a-blazing-fast-graphql-api-with-node-js-mongodb-and-fastify-77fd5acd2998
- Testing a GraphQL Server using Jest: https://medium.com/entria/testing-a-graphql-server-using-jest-4e00d0e4980e
- Testing GraphQL in 3 minutes: https://hackernoon.com/extensive-graphql-testing-57e8760f1c25
- The complete GraphQL Security Guide - Fixing the 13 most common GraphQL Vulnerabilities to make your API production ready: https://wundergraph.com/blog/the_complete_graphql_security_guide_fixing_the_13_most_common_graphql_vulnerabilities_to_make_your_api_production_ready
- GraphQL Concepts Visualized -- a mental model of GraphQL, explained in diagrams: https://blog.apollographql.com/the-concepts-of-graphql-bc68bd819be3
- GraphQL server in Java: Part 1 - Basics | Part 2 - Understanding Resolvers
- Beginner's guide to GraphQL in Java with Spring Boot: https://dzone.com/articles/a-beginners-guide-to-graphql-with-spring-boot | SRC
- Java and GraphQL (with SpringBoot, Okta OAuth security & JUnit5 test coverage example) -- A Guide: https://dzone.com/articles/java-and-graphql-a-guide
- Building A Travel Guide With Gatsby, Neo4j, & GraphQL: https://www.youtube.com/playlist?list=PL9Hl4pk2FsvUza4kdPSKQrcl3MGGutOe2
- Create a Book Rating System With the Goodreads API and Slash GraphQL: https://dzone.com/articles/create-a-book-rating-system-with-the-goodreads-api
- Build Your Own Puppy Playdate Tinder App With Slash GraphQL: https://dzone.com/articles/build-your-own-puppy-playdate-tinder-app-with-slas-1
- How to Set Up a GraphQL Endpoint on a Database: https://dzone.com/articles/how-to-set-up-a-graphql-endpoint-on-a-database?edition=682391
- Neo4j, Java and GraphQL: https://info.michael-simons.eu/2021/07/13/neo4j-java-and-graphql/
- GraphQL -- Introspection explained: https://graphql.org/learn/introspection/
External Links
- wikipedia: GraphQL
- This year in JavaScript: 2018 in review and npm’s predictions for 2019: https://blog.npmjs.org/post/180868064080/this-year-in-javascript-2018-in-review-and-npms
- GraphQL is the new REST — Part 1: https://medium.com/@thisdotmedia/graphql-is-the-new-rest-part-1-6389c28f5026
- Why GraphQL is the future of APIs: https://www.freecodecamp.org/news/why-graphql-is-the-future-of-apis-6a900fb0bc81/
- Netflix blog - Beyond RESTRapid Development with GraphQL Microservices: https://netflixtechblog.com/beyond-rest-1b76f7c20ef6
- GraphQL is not meant to be exposed over the internet: https://medium.com/@wundergraph/graphql-is-not-meant-to-be-exposed-over-the-internet-f502a61a64d6
- Does GraphQL Introduce New Security Risks?: https://devops.com/does-graphql-introduce-new-security-risks/
References
- ↑ How I started testing my Queries and Mutations on GraphQL: https://medium.com/open-graphql/how-i-started-testing-my-queries-and-mutations-on-graphql-f578abc1b424
- ↑ Getting started with GraphQL in Java: https://www.howtographql.com/graphql-java/1-getting-started/
- ↑ GraphQL And REST Differences Explained With Burgers: https://apievangelist.com/2018/06/29/rest-api-and-graphql-burger-king/
- ↑ GraphQL vs. REST, Explained Using Pizza: https://medium.com/@kilkelly/graphql-vs-rest-explained-using-pizza-74d220aa60cc
- ↑ How to test a GraphQL API?: https://stackoverflow.com/questions/42841902/how-to-test-a-graphql-api
- ↑ GraphQL Test Automation with KarateDSL: https://www.youtube.com/watch?v=If9V-tG_gRs
- ↑ Why You Should Disable GraphQL Introspection In Production – GraphQL Security: https://www.apollographql.com/blog/graphql/security/why-you-should-disable-graphql-introspection-in-production/
- ↑ GraphQL Ruby client/server -- Disabling "introspection" (schema self-describing/discovery): https://graphql-ruby.org/schema/introspection.html#disabling-introspection
- ↑ How to Disable Schema Introspection in graphql-spqr-spring-boot-starter: https://stackoverflow.com/questions/64520366/how-to-disable-schema-introspection-in-graphql-spqr-spring-boot-starter
