Detalhes do pacote

grafserv

graphile22.2kMIT0.1.1-beta.26

A highly optimized server for GraphQL, powered by Grafast

server, grafast, graphql, graphile

readme (leia-me)

🔮 Graphile's Crystal Monorepo

GitHub Sponsors Patreon sponsor button Discord chat room Follow

At Graphile we love GraphQL so much we named ourself for our love of it! This repository houses many of the Graphile packages that relate to GraphQL (or relate to the packages that relate to GraphQL, or relate to those package...); the two headline projects are Grafast and PostGraphile but there's many other packages, a fair few of which can be used independently - see below for more details.

Grafast: A cutting-edge planning and execution engine for GraphQL.js ─ use this as a drop-in replacement for the execute method from GraphQL.js and by moving from traditional resolvers to Grafast "plan resolvers" you'll be able to leverage the declarative nature of GraphQL requests to execute your business logic in the most efficient way, leading to reduced server load and happier customers. Use this if you're building your own GraphQL schemas and want the best performance and efficiency without having to put much extra effort in.

PostGraphile: An incredibly low-effort way to build a well structured and high-performance GraphQL API backed primarily by a PostgreSQL database. Our main focusses are performance, automatic best-practices and customisability/extensibility. Use this if you have a PostgreSQL database and you want to use it as the "source of truth" for an auto-generated GraphQL API (which you can still make significant changes to). NOTE: thanks to graphile-export you can also use this as a starting point for an API that you then manage yourself.

➡️ For PostGraphile V4 see the legacy branch

Project summaries

Here's a rough breakdown of the main packages:

  • grafast - standalone cutting-edge planning and execution engine for GraphQL; see above for full description.
  • graphile-export - a package that can (under the right circumstances) export an in-memory dynamically-constructed GraphQL schema to raw JavaScript source code that can be imported and executed
  • jest-serializer-graphql-schema - a simple Jest serializer that understands GraphQL schemas and thus does not fill snapshots with \"\"\" etc.
  • graphile-config - a module that handles the plugins, presets and configuration files for Graphile software - a universal configuration layer.
  • graphile-build - a system for building a GraphQL.js schema from "plugins", particularly useful for auto-generated GraphQL APIs (e.g. PostGraphile uses this) but also useful for hand-rolled schemas that have a lot of modular but widely-used concerns such as connections, naming, etc.
    • graphile-build-pg - plugins for graphile-build that understand @dataplan/pg (i.e. PostgreSQL) services and can generate types, relations, mutations, etc for these database resources.
  • @graphile/lru - an obsessively performant least-recently-used cache (possibly the fastest general purpose LRU cache in Node.js) with a ridiculously tiny feature set; you almost certainly want @isaacs' lru-cache instead of this.
  • pg-sql2 - a library for building highly dynamic SQL-injection-proof PostgreSQL queries using tagged template literals.
  • pg-introspection - a strongly typed introspection library for PostgreSQL, generated from the PostgreSQL documentation to provide up-to-date details of each introspection field.
  • postgraphile - pulls most of the above technologies together; see above for full description.

Crowd-funded open-source software

To help us develop this software sustainably, we ask all individuals and businesses that use it to help support its ongoing maintenance and development via sponsorship.

Click here to find out more about sponsors and sponsorship.

And please give some love to our featured sponsors 🤩:

The Guild
The Guild 		Steelhead
Steelhead

* Sponsors the entire Graphile suite

Why the "crystal" monorepo?

Originally what is now Grafast (and was previously DataPlanner) was known by the codename "Graphile Crystal." This lead us to use the 🔮 emoji to represent the project in secret before we announced it publicly, as a codeword for those in the know. Now that Grafast is the name for our planning and execution engine and we needed a name for the monorepo that wasn't too GraphQL specific (since there are things in here that aren't strictly related to GraphQL) and we figured that calling it the Crystal monorepo would honour our original nickname for the project. Rumours that the name was inspired by the maintainers' crystal wedding anniversary are greatly exaggerated.

changelog (log de mudanças)

grafserv

0.1.1-beta.26

Patch Changes

0.1.1-beta.25

Patch Changes

0.1.1-beta.24

Patch Changes

0.1.1-beta.23

Patch Changes

0.1.1-beta.22

Patch Changes

0.1.1-beta.21

Patch Changes

  • Updated dependencies [83c546509]:
    • graphile-config@0.0.1-beta.14
    • grafast@0.1.1-beta.19
    • ruru@2.0.0-beta.19

0.1.1-beta.20

Patch Changes

  • Updated dependencies [7580bc16a, b336a5829]:
    • graphile-config@0.0.1-beta.13
    • grafast@0.1.1-beta.18
    • ruru@2.0.0-beta.18

0.1.1-beta.19

Patch Changes

  • #2252 866673e14 Thanks @benjie! - Overhaul maskError types to return GraphQLFormattedError.

  • #2240 9a0f9e78c Thanks @benjie! - Adopt new MiddlewareHandlers type for simplicity, and in doing so fix type of middleware (for plugins) that incorrectly unwrapped promise resulting in TypeScript incorrectly suggesting that await was not necessary.

  • Updated dependencies [69ab227b5, 38163c86a, d13b76f0f, b167bd849, 6a13ecbd4]:
    • grafast@0.1.1-beta.17
    • ruru@2.0.0-beta.17
    • graphile-config@0.0.1-beta.12

0.1.1-beta.18

Patch Changes

  • #2204 bf2a2e72a Thanks @Dodobibi! - Overhaul websocket support in nuxt/h3 server adaptor. Removes experimental methods since they are no longer needed. Docs have been updated - please follow the docs. Any issues, please let us know (or better: open a PR!)
  • Updated dependencies [5626c7d36, 76c7340b7]:
    • graphile-config@0.0.1-beta.11
    • grafast@0.1.1-beta.16
    • ruru@2.0.0-beta.16

0.1.1-beta.17

Patch Changes

0.1.1-beta.16

Patch Changes

0.1.1-beta.15

Patch Changes

  • Updated dependencies [807650035]:
    • grafast@0.1.1-beta.13
    • ruru@2.0.0-beta.14

0.1.1-beta.14

Patch Changes

0.1.1-beta.13

Patch Changes

  • #2071 582bd768f Thanks @benjie! - GrafastExecutionArgs now accepts resolvedPreset and requestContext directly; passing these through additional arguments is now deprecated and support will be removed in a future revision. This affects:

    • grafast()
    • execute()
    • subscribe()
    • hookArgs()

    graphile-config has gained a middleware system which is more powerful than it's AsyncHooks system. Old hooks can be emulated through the middleware system safely since middleware is a superset of hooks' capabilities. applyHooks has been renamed to orderedApply (because it applies to more than just hooks), calling applyHooks will still work but is deprecated.

    🚨 grafast no longer automatically reads your graphile.config.ts or similar; you must do that yourself and pass the resolvedPreset to grafast via the args. This is to aid in bundling of grafast since it should not need to read from filesystem or dynamically load modules.

    grafast no longer outputs performance warning when you set GRAPHILE_ENV=development.

    🚨 plugin.grafast.hooks.args is now plugin.grafast.middleware.prepareArgs, and the signature has changed - you must be sure to call the next() function and ctx/resolvedPreset can be extracted directly from args:

     const plugin = {
   grafast: {
-    hooks: {
+    middleware: {
-      args({ args, ctx, resolvedPreset }) {
+      prepareArgs(next, { args }) {
+        const { requestContext: ctx, resolvedPreset } = args;
         // ...
+        return next();
       }
     }
   }
 }

    Many more middleware have been added; use TypeScript's autocomplete to see what's available until we have proper documentation for them.

    plugin.grafserv.hooks.* are still supported but deprecated; instead use middleware plugin.grafserv.middleware.* (note that call signatures have changed slightly, similar to the diff above):

    • hooks.init -> middleware.setPreset
    • hooks.processGraphQLRequestBody -> middleware.processGraphQLRequestBody
    • hooks.ruruHTMLParts -> middleware.ruruHTMLParts

    A few TypeScript types related to Hooks have been renamed, but their old names are still available, just deprecated. They will be removed in a future update:

    • HookObject -> FunctionalityObject
    • PluginHook -> CallbackOrDescriptor
    • PluginHookObject -> CallbackDescriptor
    • PluginHookCallback -> UnwrapCallback

  • Updated dependencies [582bd768f]:

    • graphile-config@0.0.1-beta.9
    • grafast@0.1.1-beta.11
    • ruru@2.0.0-beta.13

0.1.1-beta.12

Patch Changes

0.1.1-beta.11

Patch Changes

  • Updated dependencies [437570f97]:
    • grafast@0.1.1-beta.9
    • ruru@2.0.0-beta.12

0.1.1-beta.10

Patch Changes

  • Updated dependencies [bd5a908a4]:
    • grafast@0.1.1-beta.8
    • ruru@2.0.0-beta.12

0.1.1-beta.9

Patch Changes

0.1.1-beta.8

Patch Changes

0.1.1-beta.7

Patch Changes

0.1.1-beta.6

Patch Changes

0.1.1-beta.5

Patch Changes

  • Updated dependencies [0df5511ac]:
    • graphile-config@0.0.1-beta.6
    • grafast@0.1.1-beta.3
    • ruru@2.0.0-beta.10

0.1.1-beta.4

Patch Changes

0.1.1-beta.3

Patch Changes

0.1.1-beta.2

Patch Changes

  • Updated dependencies [3dd5d86d6]:
    • ruru@2.0.0-beta.7

0.1.1-beta.1

Patch Changes

0.1.1-beta.0

Patch Changes

0.0.1-beta.9

Patch Changes

0.0.1-beta.8

Patch Changes

  • Updated dependencies [4c39d7c0b]:
    • ruru@2.0.0-beta.4

0.0.1-beta.7

Patch Changes

  • Updated dependencies [3700e204f]:
    • grafast@0.0.1-beta.7
    • ruru@2.0.0-beta.3

0.0.1-beta.6

Patch Changes

0.0.1-beta.5

Patch Changes

0.0.1-beta.4

Patch Changes

0.0.1-beta.3

Patch Changes

  • Updated dependencies [46cd08aa1]:
    • grafast@0.0.1-beta.3

0.0.1-beta.2

Patch Changes

  • Updated dependencies [23bd3c291]:
    • grafast@0.0.1-beta.2

0.0.1-beta.1

Patch Changes

  • cbd987385 Thanks @benjie! - Bump all packages to beta

  • Updated dependencies [cbd987385]:

    • grafast@0.0.1-beta.1
    • ruru@2.0.0-beta.1
    • graphile-config@0.0.1-beta.1
    • @graphile/lru@5.0.0-beta.1

0.0.1-alpha.16

Patch Changes

  • Updated dependencies [dfefdad3c]:
    • grafast@0.0.1-alpha.16

0.0.1-alpha.15

Patch Changes

0.0.1-alpha.14

Patch Changes

  • Updated dependencies [d99d666fb]:
    • grafast@0.0.1-alpha.14

0.0.1-alpha.13

Patch Changes

0.0.1-alpha.12

Patch Changes

0.0.1-alpha.11

Patch Changes

  • Updated dependencies [644938276]:
    • graphile-config@0.0.1-alpha.5
    • grafast@0.0.1-alpha.11
    • ruru@2.0.0-alpha.8

0.0.1-alpha.10

Patch Changes

0.0.1-alpha.9

Patch Changes

0.0.1-alpha.8

Patch Changes

  • Updated dependencies [dd3ef599c]:
    • grafast@0.0.1-alpha.8

0.0.1-alpha.7

Patch Changes

0.0.1-alpha.6

Patch Changes

  • Updated dependencies [f75926f4b]:
    • grafast@0.0.1-alpha.6

0.0.1-alpha.5

Patch Changes

0.0.1-alpha.4

Patch Changes

0.0.1-alpha.3

Patch Changes

0.0.1-alpha.2

Patch Changes

  • #305 3cf35fdb4 Thanks @benjie! - 🚨 Ruru is now a CommonJS module, no longer an ESM module.

    Ruru CLI now reads options from a graphile.config.ts file if present.

    It's now possible to customize the HTML that Ruru is served with (specifically the meta, title, stylesheets, header JS, body content, body JS, and init script), either via configuration:

    import { defaultHTMLParts } from "ruru/server";

const preset: GraphileConfig.Preset = {
  //...
  ruru: {
    htmlParts: {
      titleTag: "<title>GraphiQL with Grafast support - Ruru!</title>",
      metaTags:
        defaultHTMLParts.metaTags +
        `<meta name="viewport" content="width=device-width, initial-scale=1" />`,
    },
  },
};

    or via a plugin, which allows you to change it on a per-request (per-user) basis:

    const RuruMetaPlugin: GraphileConfig.Plugin = {
  name: "RuruMetaPlugin",
  version: "0.0.0",
  grafserv: {
    hooks: {
      ruruHTMLParts(_info, parts, extra) {
        // extra.request gives you access to request details, so you can customize `parts` for the user

        parts.metaTags += `<meta name="viewport" content="width=device-width, initial-scale=1" />`;
      },
    },
  },
};

  • #307 7c45eaf4e Thanks @benjie! - 🚨 'application/x-www-form-urlencoded' is now opt-in (unless you're using the V4 preset).

    CSRF and CORS are tricky topics. When you use PostGraphile as part of a larger system, it's your responsibility to ensure that you don't open yourself up to CSRF/etc issues (e.g. by using CSRF/XSRF tokens, by using SameSite cookie policies, by checking the Origin of requests, or by using a combination of these or other techniques).

    Out of the box, PostGraphile does not use cookies, so any cross-origin requests are harmless because an attacker without the actual user token in hand can only execute unauthenticated requests.

    However, once cookies (and sessions) enter the equation, suddenly CSRF becomes a risk. Normally you cannot submit an Content-Type: application/json request cross origins (unless you've enabled CORS), so this content type doesn't open CSRF issues on its own, but Content-Type: application/x-www-form-urlencoded can be submitted cross origins without CORS policies. The attacker won't be able to view the response, but that doesn't mean they can't cause havoc by triggering dangerous mutations using the user's credentials.

    We've decided to take the stance of making application/x-www-form-urlencoded opt-in; you can opt-in via your graphile.config.ts (or equivalent) like so:

    import { DEFAULT_ALLOWED_REQUEST_CONTENT_TYPES } from "grafserv";

const preset: GraphileConfig.Preset = {
  //...

  grafserv: {
    //...

    allowedRequestContentTypes: [
      ...DEFAULT_ALLOWED_REQUEST_CONTENT_TYPES,
      "application/x-www-form-urlencoded",
    ],
  },
};

    If you're using the V4 preset then we pull in the V4 behavior of enabling this content type by default (since you presumably already have protections in place); however we recommend disabling this media type if you're not using it:

    import { DEFAULT_ALLOWED_REQUEST_CONTENT_TYPES } from "grafserv";

const preset: GraphileConfig.Preset = {
  //... extends V4 preset ...

  grafserv: {
    //...

    allowedRequestContentTypes: DEFAULT_ALLOWED_REQUEST_CONTENT_TYPES,
  },
};

    Note that this media type is not currently part of the GraphQL-over-HTTP specification so disabling it does not make your server non-compliant.

  • Updated dependencies [3cf35fdb4, 3df3f1726]:

    • ruru@2.0.0-alpha.2
    • grafast@0.0.1-alpha.2

0.0.1-alpha.1

Patch Changes

0.0.1-1.3

Patch Changes

  • #297 90ed0cb7a Thanks @benjie! - Overhaul websocket handling in Grafserv providing cleaner integration with Grafast.

  • #297 56be761c2 Thanks @benjie! - Grafserv now has a plugin system (via graphile-config), first plugin hook enables manipulating the incoming request body which is useful for persisted operations.

  • #297 1a012bdd7 Thanks @benjie! - Tweaked error handling codepaths, extensions can be passed through now and status codes improved.

  • Updated dependencies [8d270ead3, b4eaf89f4]:
    • grafast@0.0.1-1.3
    • graphile-config@0.0.1-1.2
    • ruru@2.0.0-1.2

0.0.1-1.2

Patch Changes

  • Updated dependencies [7dcb0e008]:
    • grafast@0.0.1-1.2

0.0.1-1.1

Patch Changes

0.0.1-0.25

Patch Changes

0.0.1-0.24

Patch Changes

  • Updated dependencies [11e7c12c5]:
    • graphile-config@0.0.1-0.6
    • grafast@0.0.1-0.22
    • ruru@2.0.0-0.12

0.0.1-0.23

Patch Changes

  • #229 a06b8933f Thanks @benjie! - Rename 'eventStreamRoute' to 'eventStreamPath' for consistency with 'graphqlPath' and 'graphiqlPath'. V4 preset unaffected.
  • Updated dependencies [f5a04cf66, b795b3da5]:
    • grafast@0.0.1-0.21
    • ruru@2.0.0-0.11

0.0.1-0.22

Patch Changes

  • #226 6a846e009 Thanks @benjie! - Enable users to use Grafserv alongside other websocket-enabled entities in their final server.
  • Updated dependencies [aac8732f9]:
    • grafast@0.0.1-0.20

0.0.1-0.21

Patch Changes

  • Updated dependencies [397e8bb40]:
    • grafast@0.0.1-0.19

0.0.1-0.20

Patch Changes

0.0.1-0.19

Patch Changes

  • Updated dependencies [f48860d4f]:
    • grafast@0.0.1-0.17

0.0.1-0.18

Patch Changes

  • Updated dependencies [df89aba52]:
    • grafast@0.0.1-0.16

0.0.1-0.17

Patch Changes

0.0.1-0.16

Patch Changes

0.0.1-0.15

Patch Changes

  • Updated dependencies [e5b664b6f]:
    • grafast@0.0.1-0.13

0.0.1-0.14

Patch Changes

  • #200 1e5671cdb Thanks @benjie! - Add support for websocket GraphQL subscriptions (via graphql-ws) to grafserv and PostGraphile (currently supporting Node, Express, Koa and Fastify)

  • #200 5b634a78e Thanks @benjie! - Standardize on serv.addTo interface, even for Node

  • Updated dependencies [4f5d5bec7, e11698473, 25f5a6cbf]:

    • grafast@0.0.1-0.12
    • ruru@2.0.0-0.10

0.0.1-0.13

Patch Changes

  • 0ab95d0b1 - Update sponsors.

  • #195 752ec9c51 Thanks @benjie! - Fix handling of HTTP errors and allow for 204 status code responses. Add CORS hack to enable graphql-http auditing.

  • Updated dependencies [0ab95d0b1, 4783bdd7c, 652cf1073]:
    • grafast@0.0.1-0.11
    • graphile-config@0.0.1-0.5
    • ruru@2.0.0-0.9

0.0.1-0.12

Patch Changes

  • Updated dependencies [842f6ccbb]:
    • graphile-config@0.0.1-0.4
    • grafast@0.0.1-0.10
    • ruru@2.0.0-0.8

0.0.1-0.11

Patch Changes

  • #176 11d6be65e Thanks @benjie! - Fix issue with plugin versioning. Add more TSDoc comments. New getTerminalWidth() helper.
  • Updated dependencies [19e2961de, 11d6be65e]:
    • graphile-config@0.0.1-0.3
    • grafast@0.0.1-0.9
    • ruru@2.0.0-0.7

0.0.1-0.10

Patch Changes

  • Updated dependencies [208166269]:
    • grafast@0.0.1-0.8

0.0.1-0.9

Patch Changes

0.0.1-0.8

Patch Changes

  • c4213e91d - Add pgl.getResolvedPreset() API; fix Ruru respecting graphqlPath setting; replace 'instance' with 'pgl'/'serv' as appropriate; forbid subscriptions on GET

0.0.1-0.7

Patch Changes

  • 9b296ba54 - More secure, more compatible, and lots of fixes across the monorepo

  • Updated dependencies [9b296ba54]:

    • grafast@0.0.1-0.6
    • ruru@2.0.0-0.5
    • graphile-config@0.0.1-0.2

0.0.1-0.6

Patch Changes

  • Updated dependencies [cd37fd02a]:
    • grafast@0.0.1-0.5

0.0.1-0.5

Patch Changes

  • 768f32681 - Fix peerDependencies ranges

  • Updated dependencies [768f32681]:

    • grafast@0.0.1-0.4
    • ruru@2.0.0-0.4

0.0.1-0.4

Patch Changes

  • Updated dependencies [0983df3f6]:
    • ruru@2.0.0-0.3

0.0.1-0.3

Patch Changes

  • d11c1911c - Fix dependencies

  • Updated dependencies [d11c1911c]:

    • grafast@0.0.1-0.3
    • ruru@2.0.0-0.2
    • graphile-config@0.0.1-0.1

0.0.1-0.2

Patch Changes

0.0.1-0.1

Patch Changes

  • Updated dependencies [55f15cf35]:
    • grafast@0.0.1-0.1

0.0.1-0.0

Patch Changes

  • #125 91f2256b3 Thanks @benjie! - Initial changesets release

  • Updated dependencies [91f2256b3]:

    • ruru@2.0.0-0.0
    • @graphile/lru@5.0.0-0.1
    • grafast@0.0.1-0.0
    • graphile-config@0.0.1-0.0