Make graphQL provider rely on code generatoin rather than runtime introspection

marmelab / react-admin

A frontend Framework for single-page applications on top of REST/GraphQL APIs, using TypeScript, React and Material Design

http://marmelab.com/react-admin

MIT License

24.99k stars 5.25k forks source link

Make graphQL provider rely on code generatoin rather than runtime introspection #6639

Open fzaninotto opened 3 years ago

fzaninotto commented 3 years ago

Problem

GraphQL introspection queries are often disabled in production for security reasons.

But the graphql dataProvider depends on this introspection to read the schema and build the queries.

So when a graphQL API is "secured", the admin doesn't work anymore.

Solution

The GraphQL dataProvider can rely on introspection queries to avoid asking the user to write all queries by hand, but this can only be in development, and must lead to a generated dataProvider.

We musn't rely on introspction queries in production.

oklas commented 3 years ago

Just to clarify. What exactly is meant by generated dataProvider? The introspection queries returns the data. The existing dataProvider forms internal data structures based on this data. And then it works on those data structures.

Introspection queries in the product and development versions coincide (or should coincide in the part related to react-adimin) by definition.

Thus, at the development stage, it is necessary to create a dataset that matches with the mentioned internal data structures of dataProvider of react-admin (or dataset must allow to form it data structures). Create dataset is building a json file I mean of course. And dataProvider can continue to work mostly as is or with some changes with built dataset.

If so, it will be good. Probably this one will even speed up the loading and start. This can reduce the time from a quarter to a half or more of a second when running on the same workstation (even without taking into account the transmission over the network)

oklas commented 3 years ago

I would like to notice may be obvious that:

building the dataset should allow users to use it without involving special webpack configuration etc., so that users can use tools like create-react-app
the system should provide users with the ability to modify or extend the dataset by specifying hooks when building or editing the dataset after building

djhi commented 3 years ago

It's already possible to bypass the introspection and pass the schema yourself so I'm not sure about what we should add or modify here. That means, you can already save the introspection query result in a json file and use it

OoDeLally commented 3 years ago

Indeed, the schema can be generated. I made a npm command for it:

{
  "update-api-graphql-schema": "get-graphql-schema http://myapi/graphql --json > ./src/api-graphql-schema.json"
}

Only limitation is that one has not to forget to run it at each schema modification. It would be better to have the CI run it automatically at build time, however I cannot guarantee that the API will be available at that time. So this will do for now.

OoDeLally commented 1 year ago

Sorry, I've moved on from this project, I have no memory of that specific issue. Hope you find a way.