Autogenerated Graphql APIs usually expose all operation which could be considered "unsafe" in several application context.
Allow lists are often required to prevent exploitation of such graphql apis.
Allow lists are difficult to track on the client side it is not possible to know if the query described in the client is allowed or now. We need a better way
Downsides of using Graphql over REST
Difficult to implement middlewares for graphql apis
Difficult to perform response caching
Some might even say that writing a graphql query in the client code is ugly :P
How can we solve it?
Provide the ability to compile a graphql query into an HTTP based RPC call.
Create a new source CompiledGraphqlSource
This will leverage the compile functionality of the graphql provider to pre-compile a graphql query
The source would then feed into the rpc provider which while generate a typed REST API for our query
If you want this feature to be implemented, give it a thumbs up reaction, so that we can determine which features are important to you.
👍
The problem faced currently?
Security risk of autogenerated Graphql APIs
Downsides of using Graphql over REST
How can we solve it?
Provide the ability to compile a graphql query into an HTTP based RPC call.
CompiledGraphqlSourcegraphqlprovider to pre-compile a graphql queryrpcprovider which while generate a typed REST API for our query