search

hasura / graphql-engine

Blazing fast, instant realtime GraphQL APIs on your DB with fine grained access control, also trigger webhooks on database events.
https://hasura.io
Apache License 2.0
31.13k stars 2.76k forks source link

docs: examples of mutation by anonymous role #308

Open rajoshighosh opened 6 years ago

rajoshighosh commented 6 years ago

There are quite a few common use-cases around capturing mutations from anonymous users but without making it too easy for malicious users to spam the backend.

  1. Likes or visit counter
  2. other examples

Reasonable ways to determine a unique anonymous user:

  1. client generated session-id. Possible con: not terribly hard for a sophisticated user to fake
  2. IP based value. Possible con: users on a campus network might have UX issues with their likes getting rejected
  3. recaptcha based value. Possible con: ugh UX

(Via @thangngoc and @7777 on discord)

shahidhk commented 6 years ago

@rajoshighosh @coco98 Can we move this to https://github.com/hasura/graphql-engine-docs ?

shahidhk commented 6 years ago

Moved to https://github.com/hasura/graphql-engine-docs/issues/78

shahidhk commented 6 years ago

re-opening as https://github.com/hasura/graphql-engine-docs/issues/78 is archived

joanrodriguez commented 3 years ago

That would be sweet yes.

joanrodriguez commented 3 years ago

In my example, someone fills out a form and only has to sign-up at the last step of the form...