Skip to content

Latest commit

 

History

History

server

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
prisma
prisma
 
 
src
src
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
docker-compose.yml
docker-compose.yml
 
 
package.json
package.json
 
 
tsconfig.json
tsconfig.json
 
 
yarn.lock
yarn.lock
 
 

README.md

GraphQL Server with Authentication & Permissions

This example shows how to implement a GraphQL server with an email-password-based authentication workflow and authentication rules, based on Prisma, graphql-yoga, graphql-shield & GraphQL Nexus.

How to use

1. Download example & install dependencies

Install Node dependencies:

yarn

2. Launch Prisma with Docker

This example is based on Docker. If you don't have Docker installed, you can get it from here. Use the Docker Compose CLI to launch the Docker containers specified in docker-compose.yml:

docker-compose up -d

3. Set up database & deploy Prisma datamodel

To deploy the datamodel for this example, run the following command:

yarn prisma deploy

You can now use Prisma Admin to view and edit your data by appending /_admin to your Prisma endpoint.

4. Start the GraphQL server

Launch your GraphQL server with this command:

yarn start

Navigate to http://localhost:4000 in your browser to explore the API of your GraphQL server in a GraphQL Playground.

5. Using the GraphQL API

The schema that specifies the API operations of your GraphQL server is defined in ./src/schema.graphql. Below are a number of operations that you can send to the API using the GraphQL Playground.

Feel free to adjust any operation by adding or removing fields. The GraphQL Playground helps you with its auto-completion and query validation features.

Retrieve all published posts and their authors

query {
  feed {
    id
    title
    content
    published
    author {
      id
      name
      email
    }
  }
}
See more API operations

Register a new user

You can send the following mutation in the Playground to sign up a new user and retrieve an authentication token for them:

mutation {
  signup(name: "Alice", email: "alice@prisma.io", password: "graphql") {
    token
  }
}

Log in an existing user

This mutation will log in an existing user by requesting a new authentication token for them:

mutation {
  login(email: "alice@prisma.io", password: "graphql") {
    token
  }
}

Check whether a user is currently logged in with the me query

For this query, you need to make sure a valid authentication token is sent along with the Bearer-prefix in the Authorization header of the request:

{
  "Authorization": "Bearer __YOUR_TOKEN__"
}

With a real token, this looks similar to this:

{
  "Authorization": "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiJjanAydHJyczFmczE1MGEwM3kxaWl6c285IiwiaWF0IjoxNTQzNTA5NjY1fQ.Vx6ad6DuXA0FSQVyaIngOHYVzjKwbwq45flQslnqX04"
}

Inside the Playground, you can set HTTP headers in the bottom-left corner:

Once you've set the header, you can send the following query to check whether the token is valid:

{
  me {
    id
    name
    email
  }
}

Create a new draft

You need to be logged in for this query to work, i.e. an authentication token that was retrieved through a signup or login mutation needs to be added to the Authorization header in the GraphQL Playground.

mutation {
  createDraft(
    title: "Join the Prisma Slack"
    content: "https://slack.prisma.io"
  ) {
    id
    published
  }
}

Publish an existing draft

You need to be logged in for this query to work, i.e. an authentication token that was retrieved through a signup or login mutation needs to be added to the Authorization header in the GraphQL Playground. The authentication token must belong to the user who created the post.

mutation {
  publish(id: "__POST_ID__") {
    id
    published
  }
}

Note: You need to replace the __POST_ID__-placeholder with an actual id from a Post item. You can find one e.g. using the filterPosts-query.

Search for posts with a specific title or content

You need to be logged in for this query to work, i.e. an authentication token that was retrieved through a signup or login mutation needs to be added to the Authorization header in the GraphQL Playground.

{
  filterPosts(searchString: "graphql") {
    id
    title
    content
    published
    author {
      id
      name
      email
    }
  }
}

Retrieve a single post

You need to be logged in for this query to work, i.e. an authentication token that was retrieved through a signup or login mutation needs to be added to the Authorization header in the GraphQL Playground.

{
  posts(id: "__POST_ID__") {
    id
    title
    content
    published
    author {
      id
      name
      email
    }
  }
}

Note: You need to replace the __POST_ID__-placeholder with an actual id from a Post item. You can find one e.g. using the filterPosts-query.

Delete a post

You need to be logged in for this query to work, i.e. an authentication token that was retrieved through a signup or login mutation needs to be added to the Authorization header in the GraphQL Playground. The authentication token must belong to the user who created the post.

mutation {
  deletePost(id: "__POST_ID__") {
    id
  }
}

Note: You need to replace the __POST_ID__-placeholder with an actual id from a Post item. You can find one e.g. using the filterPosts-query.

6. Changing the GraphQL schema

To make changes to the GraphQL schema, you need to manipulate the Query and Mutation types.

Note that the start script also starts a development server that automatically updates your schema every time you save a file. This way, the auto-generated GraphQL schema updates whenever you make changes in to the Query or Mutation types inside your TypeScript code.

Next steps