Hacker News new | ask | show | jobs
by fgkramer 183 days ago
But has this been thoroughly documented and are there solid libraries to achieve this?

My understanding is that this is not part of the spec and that the only way to achieve this is to sign/hash documents on clients and server to check for correctness
2 comments
verdverm 183 days ago
Well, it seems that the Apollo way of doing it now, via their paid GraphOS, is backwards of what I learned 8 years ago (there is always more than one way to do things in CS).

At build time, the server generates a random string resolver names that map onto queries, 1-1, fixed, because we know exactly what we need when we are shipping to production.

Clients can only call those random strings with some parameters, the graph is now locked down and the production server only responds to the random string resolver names

Flexibility in dev, restricted in prod

link
girvo 183 days ago
I mean yeah, in that Persisted Queries are absolutely documented and expected in production on the Relay side, and you’re a hop skip and jump away from disallowing arbitrary queries at that point if you want to

Though you still don’t need to and shouldn’t. Better to use the well defined tools to gate max depth/complexity.

link
verdverm 182 days ago
All these extra requirements are why GraphQL never really captured enough mindshare to be a commonly selected tool
link
girvo 182 days ago
> GraphQL never really captured enough mindshare to be a commonly selected tool

It has been, at the scale it matters and should be used at. Most companies don't operate at that scale though.

link