We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

GraphQL in the wild

00:00
subtitles
off
playback rate
1
subtitles
off
English (auto-generated)
playback rate
0.25
0.5
0.75
1
1.25
1.5
1.75
2
quality
576p
56
 Cite
 Share
 Download Purchase
No logo availableDjangoCon US
 Dee, Arianne

Formal Metadata

Title
GraphQL in the wild
Title of Series
Part Number
48
Number of Parts
48
Author
Contributors
License
CC Attribution - ShareAlike 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal and non-commercial purpose as long as the work is attributed to the author in the manner specified by the author or licensor and the work or content is shared also in adapted form only under the conditions of this
Identifiers
Publisher
Release Date
Language

Content Metadata

Subject Area
Genre
Abstract
Since being released by Facebook in 2015, GraphQL has gained a lot of hype for being the best thing since sliced bread and REST APIs. But what is all the hype about and how does GraphQL fare in the real world? As a Django developer who has been using GraphQL in production since September 2017, I will discuss how we have addressed real-world concerns like performance and security. I will also highlight some of the joys of using GraphQL and why we have stopped writing REST APIs for new features. If you have never heard of GraphQL or have never used the Graphene library, have no fear. There will be an overview of what GraphQL is, as well as a demo on how to incorporate it into a Django project using Graphene.
00:00
Graph (mathematics)Product (business)Multiplication signProjective planeFront and back endsXMLUMLComputer animation
01:01
Field (computer science)BitGraph (mathematics)Projective planeWordView (database)Server (computing)CodePattern recognitionElectronic mailing listLattice (order)Flow separationClient (computing)Product (business)Theory of relativityWater vaporRight angleDifferent (Kate Ryan album)Multiplication signComputing platformData managementSerial portTask (computing)Total S.A.Peer-to-peerData miningFeedbackMathematicsDescriptive statisticsField (computer science)Data structureNormal (geometry)Computer animation
04:48
RankingTask (computing)StatisticsData managementWeb pageArithmetic progressionObject (grammar)Self-organizationSinc functionTask (computing)Graph (mathematics)Information securityRepresentational state transferSystem callEndliche ModelltheorieProduct (business)2 (number)Pairwise comparisonGraphical user interfaceResultantPoint (geometry)BitBootingStructural loadWordDisk read-and-write headNumberMultiplication signSoftwareRight angleComputer animation
07:13
Repository (publishing)Inheritance (object-oriented programming)File viewerVariable (mathematics)Graph (mathematics)Multiplication signBitRepository (publishing)Demo (music)File viewerFront and back endsSoftware frameworkLogicDatabaseDebuggerQuery languageMobile appEndliche ModelltheorieMachine visionGravitationPersonal digital assistantComputer animation
08:52
Inclusion mapType theoryPower (physics)Field (computer science)Product (business)DebuggerWebsiteMobile appRevision controlFacebookMultiplication signGraph (mathematics)Reading (process)Source codeApproximationOpen sourceComputer animationXMLUML
10:16
Graph (mathematics)Software frameworkClient (computing)Library (computing)BuildingGoogolVideo trackingSource codeDisintegrationInstallation artMeta elementData modelTask (computing)Vertex (graph theory)Query languageRootObject (grammar)Object-relational mappingQuery languageGraph (mathematics)Endliche ModelltheorieTask (computing)Library (computing)Object (grammar)Type theoryAutomatic differentiationParameter (computer programming)Uniform resource locatorVariable (mathematics)2 (number)Installation artMobile appBitRootComputer animation
12:20
Electronic mailing listVertex (graph theory)Meta elementData modelFile formatQuery languageDigital filterTriangleBitField (computer science)Graph (mathematics)BlogEndliche ModelltheorieGenderArmLibrary (computing)Type theoryString (computer science)Resolvent formalismRight angleSound effectComputer animation
13:21
Digital filterTask (computing)Projective planeCountingFilter <Stochastik>Arithmetic progressionRepresentational state transferComputer animation
14:17
Cursor (computers)Meta elementData modelInterface (computing)Query languageObject (grammar)Social classContext awarenessAverageTask (computing)Arrow of timeConnected spaceCursor (computers)FacebookDescriptive statisticsInterface (computing)Scripting languageGraph (mathematics)CountingField (computer science)Filter <Stochastik>MathematicsElectronic mailing listBookmark (World Wide Web)Social classQuery languageComputer animationDiagram
15:54
Product (business)Task (computing)Data typeQuery languageGlass floatAverageInterface (computing)Variable (mathematics)ImplementationRaw image formatStatisticsView (database)Descriptive statisticsAreaQuery languageArithmetic progressionStatisticsFeedbackGraph (mathematics)Field (computer science)CASE <Informatik>Type theoryBitSubject indexingComplex (psychology)Process (computing)Endliche ModelltheorieSoftware frameworkDifferent (Kate Ryan album)Structural loadView (database)DebuggerForm (programming)Computer animation
18:05
Archaeological field surveyForm (programming)Graph (mathematics)Object (grammar)Chaos (cosmogony)DebuggerXML
18:52
Front and back endsError messageString (computer science)Graph (mathematics)Computer wormDependent and independent variablesDatabaseDampingType theoryoutputAuthorizationThomas BayesComputer animation
19:33
Query languageDigital filterTask (computing)Variable (mathematics)Graph (mathematics)Connectivity (graph theory)Query languageVariable (mathematics)Message passingMathematicsResultantComputer animation
20:26
Task (computing)Atomic numberInformationContext awarenessField (computer science)Object (grammar)Graph (mathematics)CASE <Informatik>Field (computer science)DataflowEndliche ModelltheorieDisk read-and-write headType theoryoutputMereologyFrame problemSocial classTerm (mathematics)GenderFront and back endsAtomic numberDampingInterior (topology)
21:57
Task (computing)Electric currentQuery languageoutputVariable (mathematics)Client (computing)LogicRaw image formatoutputFile viewerMereologyVariable (mathematics)LogicRight angleSoftware developerDebuggerClient (computing)Computer animation
22:34
Punched cardCodeExecution unitSource codeAuthorizationRaw image formatExtension (kinesiology)AuthenticationDensity of statesService (economics)Query languageRepository (publishing)Limit (category theory)Error messageMessage passingMaxima and minimaCalculationVertex (graph theory)Bit rateLibrary (computing)Graph (mathematics)Software bugQuery languageTotal S.A.AuthorizationAuthenticationField (computer science)Resolvent formalismCellular automatonLatent heatLogicMathematicsDefault (computer science)Order (biology)Front and back endsSocial classAreaConnected spaceBit rateComputer configurationMaxima and minimaLimit (category theory)Multiplication signCountingDenial-of-service attackIdentifiabilityLoop (music)InfinitySet (mathematics)System callFiber (mathematics)Classical physicsSource codeSoftware developerProduct (business)Type theoryDatabaseForcing (mathematics)NumberView (database)Electronic mailing listFormal languageGraph (mathematics)Raw image formatMetaprogrammierungDebuggerPoint (geometry)Server (computing)Computer animation
29:04
System callCountingMultiplication signSlide ruleQuery languageCellular automatonNumberBootingDefault (computer science)System callCountingComputer animation
30:12
BootingQuery languageDatabaseMultiplication signFacebookBootingMaxima and minimaStapeldateiQuery languageField (computer science)System callSquare numberComputer animation
30:58
CountingNumberCountingQuery languageGraph (mathematics)Entire functionDebuggerLengthComputer animation
31:52
WhiteboardCodeWikiGraph (mathematics)Client (computing)Object (grammar)Instance (computer science)Query languageParsingParsingDependent and independent variablesSet (mathematics)Raw image formatService (economics)ImplementationAuthorizationLogicFile formatBlog2 (number)Query languageGraph (mathematics)Denial-of-service attackSoftware developerBit rateSpring (hydrology)VideoconferencingWeb 2.0Library (computing)Serial portTheorySet (mathematics)OntologyCASE <Informatik>File formatInformationAuthorizationSensitivity analysisBitSoftware maintenanceDatabaseGoodness of fitProjective planeComputer animation
34:27
DatabaseRight angleMultiplication signAuthorizationSequelMeeting/Interview
35:06
Multiplication signLevel (video gaming)Data modelSoftware frameworkAuthorizationTable (information)MereologyConnected spaceField (computer science)Endliche ModelltheorieTerm (mathematics)AngleComputer animation
36:04
Query languageoutputVariable (mathematics)ImplementationRaw image formatObject (grammar)Electronic mailing listRing (mathematics)CircleEndliche ModelltheorieDifferent (Kate Ryan album)1 (number)Type theoryMereologyLogicElectronic mailing listMappingNormal (geometry)Graph (mathematics)Computer animationXML
36:57
Meta elementCodeInterior (topology)Glass floatData modelDigital filterPoint (geometry)Form (programming)Endliche ModelltheorieRight angleDistanceKey (cryptography)Reverse engineeringSet (mathematics)Default (computer science)ResultantSubsetMultiplication signTask (computing)Field (computer science)Functional (mathematics)Resolvent formalismElectronic mailing listReal numberQuery languageWeb pageCartesian coordinate systemAuthorizationCASE <Informatik>Graph (mathematics)QuicksortProduct (business)Revision controlFilter <Stochastik>Series (mathematics)Pattern recognitionClient (computing)InformationMereologyView (database)MathematicsNumbering schemeTerm (mathematics)Connected spaceExtension (kinesiology)Library (computing)Descriptive statisticsDifferent (Kate Ryan album)Latent heatMobile appServer (computing)Uniform resource locatorSoftware developerUtility softwareElectric generatorComputer animationLecture/Conference
42:32
XML
Transcript: English(auto-generated)
00:01
to my talk. I know there's a pretty awesome talk happening at the same time so I really appreciate it. First off a show of hands. Who here has used
00:27
explored a GraphQL API before? Has tried to implement a GraphQL schema in the back end on a side project? A couple people. And who here has used
00:44
it in production? One person yay! So your questions can be directed at her as well afterwards. So thank you. My talk today is called GraphQL in the Wild. Some
01:02
people here like lemurs so I added that in. So now I know a bit about your experience. I'm gonna talk a little bit about mine. I have I would say I'm a generalist. Have done a lot of stuff in the past. You can read about in my bio but related to this talk I taught myself Django about two years ago as
01:24
the only employee at a startup. Then I realized I needed some mentorship and I worked at Seven Geese. They were using Django and I've been there for one and a half years. So we're based in Vancouver, Canada. We're about 30 employees total but back then there were like four back-end engineers and
01:45
two of them were doing separate things. So they're kind of just two of us and then like four front-end engineers. And we and so my co-worker Tony who is amazing is very curious about new things and was into interested in trying
02:00
out GraphQL kind of you know early on. And so we have been using GraphQL in production for about a year. In the talk description it says 2017 and I think all their sixes got changed into seven because it happened in a different one too. So yeah it's been about a year. There have been a lot of
02:23
talks. There's a lot of resources online about GraphQL in general. Not as much about using it in Python but I wanted to focus this talk less so on like an intro to GraphQL and more about what we've done to move it from like cool pet projects to using it in production and how it's helped us. But
02:45
there will be an overview of that but I'm gonna kind of breeze through it a little bit so that there's room for questions at the end and then if you have questions about it we can kind of go back. So first of all let's talk about REST. REST is pretty awesome. You can you know you've got that
03:03
separation of client and server code. You can not update the server and still have like mobile views and and just different views of the same stuff and yeah it's great right. We all loved our DRF. I actually haven't been I only have like a few months of DRF experience so I know more about
03:23
GraphQL. But there are some issues with REST. One thing was that we were noticing a lot of performance issues. One thing is when you're trying to get related data so you've got you know your normal list view that's cool but what if you want like a dashboard view and so you want to show a lot of
03:43
related data you know you have to go into this nested structure each one of those endpoints is like a different request. So that takes a long time because you need a lot of requests. Another thing is the amount of time it was taking for serialization. That ended up being the vast majority of the
04:03
performance issues we were seeing per request. For example our user resource you know so what 7Geese does is we have a performance management platform so you can set goals you can have meetings with your managers and give peer feedback and give peer recognitions and a lot of all of that
04:22
is user focus right so we're sending the the user with everything. Our user extended user resource has 34 fields in it. Only four of them are important so we're wasting about 88% of the data that we're getting back from the server. So REST was still working for us performance issues aside but then
04:44
the designers came up with this dashboard that to build. It looks like this you know you can see my objective my objectives or my goals the tasks that are related to those goals the overall progress and stats my latest
05:01
update to the goals but then this is also on the page and all of the goals related to my co-workers and my manager and then just for fun some summaries about the organization and the team that I'm on. So for an example bunch of data that we need to get from that we were shaking in our boots about like how we
05:23
were going to do this with REST right and so we had a little bit of a challenge. My co-worker Tony had used GraphQL before he thought this might be a good time to check it try it out. He and I had a little bit of a friendly competition going. I would try to use our REST API endpoints. I didn't have to
05:44
worry about versioning. I could like reduce the number of data I was sending per resource and he was going to look at GraphQL. The winner of this challenge if I won I would get to name his about-to-be-born baby boy.
06:08
My mom I'm Filipino my mom is a travel agent we have weird names she knows someone whose child is named Spaghetti 88 so I was just gonna take that so so Tony's son was gonna be named Spaghetti 88 Anguarilli so and if
06:26
he won he I would not get to name his son so it was on and our results were with REST this is what it looked like in the Chrome inspector about the
06:42
network calls there were a lot of them and in GraphQL it looked like this so comparison about ten point three seconds overall and five point five a lot of that is just loading stuff so what is this crazy voodoo magic like and how how do we actually use this in production we wanted to know there
07:04
were you know the security guys like what about this and what about this and what about this and we're like oh I think we can solve them so as many of you know github is one of the major players to move to a graph QL API and we all love and trust github right so if they could do it we could do it we
07:24
actually did it about the same time and I'm just gonna show you quickly a little bit about what that looks like so here is the graphical app it is awesome it's like swagger but way better or the Django rest framework stuff so I want a new query and so I am the viewer let's see I want some
07:48
repositories and I only want to get the first ten this is weird stuff that I'll go over briefly later and let's see oh those have some issues cool no I
08:08
don't want that right now because this is just a demo but let's see where that comes up so so I can see my name I've got a few repositories in here but
08:23
pretty much graph QL you can it's a query language it defines how you query data from your API's it's similar to SQL which is a query language for your databases but this is above the layer of databases this is
08:41
API business of a logic you can have totally different models in the back end from what you display in the front end and that's actually highly encouraged so according to github the ability to define precisely the data you want and only the data you want is a powerful advantage over rest API some
09:06
of these advantages include yeah the data that you want and nothing more nested fields and strong typing so does it play well with Django the answer is kind of since this is really powerful for front end and JavaScript and
09:26
especially react also Facebook I forgot to mention Facebook was the people who actually created graph QL they've been using it internally in production since 2012 they had this issue with getting too much data especially for
09:41
their mobile app that doesn't need as much data as their website and they open-sourced it they announced it in January 2015 so about two years ago open-sourced it about half a year later and now you know it's just grown and evolved over time but because it's more for the front end I think the
10:03
JavaScript communities have really taken to it there's like five different versions of it in node and in Django we've got graphene which is pretty cool it's pretty easy but there are some drawbacks so here is the github read me for it so you can just use it in Python it has hooks to work with Django
10:25
especially their ORM you can also use SQL alchemy and maybe P we sometime in the future that's been there for like a year so how do we set it up it's like two seconds PIP install graphene Django add it to your installed apps
10:42
and set the URL that you want all of graph QL to go to so graph QL it has a single endpoint and you send the data that you want in the query and your variables either through the get query parameters or through the post
11:01
body so that can be anywhere I'm calling it graph QL it also has it comes built in with that graphical app which you can explore it everything with so so that's it mostly then you have to define your queries and your and
11:21
schema it's as simple as this if you're using Django you just say hey I've got everything in red by the way sorry for anyone who's colored wine hopefully you can see it but like Django object type is in red I wanted to do that so you can see what exactly is coming from the graphene
11:41
library or the Django graphene library so it wasn't so long so yeah say it's a Django object type you're creating a node and it's going to be so besides your nodes you have to define how you're going to enter the
12:02
schema so your root query so here I'm just saying its goals because this is the kind of data that I'm working with in my company and then you can resolve goals in a certain way by saying here's the query set to look at and then add it to your schema so here is a little bit of a drawing
12:24
that I overlaid with things I got from the Apollo blog thanks Apollo so you've got the triangles is where you're entering the schema and then you can use graph QL to traverse the rest of it and the yellow bits are the nodes and then all the little things coming off of it are like fields of that
12:42
node so graphene will take that automatically from your Django models you can exclude things of course you can also define custom nodes so for the user node if I want full name I can say full name is this type string and string is from the graphene library and then resolve it and so whenever you
13:05
have resolved anything that's like a field you can have a resolver for and I'm because I'm going to talk about resolvers later a bit so you can say what it returns great so that's pretty easy so I'm just gonna show you a bit
13:24
about all that stuff I've done just now what that looks like that will get us this goals I've got some tasks and they each have a name so that's it for now
13:51
so that gets you that and so you can use this on top of any project that you're using regardless of whether you have a REST API or not so next adding
14:02
filters and pagination this makes it a little more complicated so you've got goals and name and progress but how do we get certain things like what the total count is and how do we do pagination and filter on them so these
14:20
red arrows are now going to be called connections we're going to add a few different things and so when you are when you have like a many to one or many-to-many relationship it's going to now be called edges so that you can do things like get the total count of the edges or get these things called
14:41
cursor for pagination and I'm just gonna and then you can also use you can filter you see oh no anyways it also adds it also adds filtering so how you get that is something called relay Facebook relay has it is kind of
15:01
like Redux for JavaScript it but let's not worry about that you you don't have to use relay in JavaScript to use the relay pagination features in graphene so all you do is say I'm using this relay node interface and that changes all of your connections to changes your list to connections and
15:26
then you can use something called Django filter connection field and that adds the ability to define your Django filters class that you want to use and so you can use your Django filters on every node lastly or almost lastly we
15:42
have kind of built-in documentation which is one of my favorite features of graph QL so I can just say here is the description of this field and then what that ends up looking like is in these docs I can go into query I can
16:02
look at goal node I can look at oh no sorry that is a mistake where did I add it to anyways here so if I go into progress I can see the description just in here but you can also you almost never need
16:21
descriptions because they should be describing themselves ideally hey then there's a lot of other fancy stuff that you get which we're not going to talk about but if you have questions you can ask me outside and pretty much the answer is it can do everything pretty much everything that you want it to do
16:41
you might need a little bit of tweaking but we've added our own new fields we can return different Django model types on the same node using unions everything like that so you've got some pretty cool stuff there are some pros for graph QL it's like self explorable like you don't have to
17:05
send anything else up and it's pretty fun you've got easy documentation I find it personally more intuitive to implement than Django rest framework and that's just on the backside like you know in building API's there's a whole load of benefits for the front end so what makes what are some use cases that make
17:27
it better than rest so as we saw that before those complex views if you want summaries dashboards stats they your node don't have to be connected at all to Django models you can return whatever you want so we have a
17:41
stats node that does a lot of processing in the back end and send it to the front and we were good this way that you know that was about September to November we were only using graph QL for complex views and gets but then
18:04
we had this other challenge we were building this feedback form and we wanted to create a survey builder that would autosave and the front end people had tried implementing it already in rest there was like all this stuff we
18:21
were using like reactive like rxjs to to do certain things you know determining when you're creating a new object so a post versus when you're updating an object versus when you're deleting it things have to be done in the right order and if you if something failed you have to remember what else
18:44
needs to come back come after it so we had this idea to use graph QL for it it ended up working really well so instead of doing each item we just like send it a big payload and the back end it's up to the back end to figure
19:05
out how to save everything so that what's in the database actually looks like with a payload that you got so if you've got a successful response you know that what you're showing is actually what's on the back end and you know you could do this without graph QL but the benefits of doing it
19:21
with graph QL are the type checking you don't have to check each input that yes this is a float yes this is a string because it'll it'll do all that for you and and give you an error if it's not right so there are these things called mutations instead of queries so those are the two main
19:40
components of graph QL and how you set that up this is what it looks like in the end you've got a mutation here you can pass in some variables and pass those variables into the mutation and then when you press and when you send it what is in here is another query and that's the data that you get back
20:06
that's the result of doing those that mutation so you know have you if you've ever had this problem where you change some data something else then changes and so you need to do another request to see how it affected it
20:20
that's all in one request now and you just yeah define what you want to so you can define some inputs they're like nodes but there's actually no quick way that I know of of getting the input types from the Django model you
20:41
kind of to build these yourself and in that way it's different from a put or a patch because you're not you you're not supposed to think about it in terms of I have this object I want to change this field to this in this it's more like I want to mutate this object in some way I want to do something to it and the back end should have a better understanding about
21:02
what that means and do it itself that was not supposed to be like that so yeah you can define a mutation like so you have the graph to all mutation class you define what inputs you're taking in I'm actually only taking in
21:25
an int and a float in this case and not the inputs that I showed on the previous brain but I wanted to show you how it could be done and and then the goal part is defining what node is being returned by it so that's what you can query on when you're actually doing the mutation for your return
21:43
data and then you do a bunch of stuff make sure it's atomic and then you just add it as a mutation onto your schema that's you okay so looking back
22:00
at our graphical a viewer you know you can see that where the different parts fit in the inputs the return data the variables and so this simplifies the client side logic that they have to do you don't have to yeah along with the gets and the rights the front end loves it if you want to make your front
22:24
end developers happy think about using it but what's the catch and so this is the more important part of the talk so one thing is that graphene is the only library that you know is really viable to you to implement a graph QL
22:44
schema and Django and Python it was released about a year ago and you can see since then there hasn't been that much activity on it there it is a library and there hasn't been a ton of contributions and so there are bugs there are you know so is released in 2016 the docs are not super complete if
23:08
you have questions often you have to ask a question as an issue in the in github also sometimes it lags behind the graph QL specs so for example total count is in the graph QL specifications but as far as I know
23:23
is still not yet in the graphene library so we had to build that ourselves there are some bugs with the resolvers if it kind of has some weird logic so we've had to rewrite a lot of that logic about how things get resolved because you know first we want to return the resolver query set
23:45
then we want to filter on that and then we want to do other stuff and the order that it does it by default is not right and lastly one of the big things is that the source code is quite complicated there's a lot of meta
24:01
programming in it and as someone who's only an intermediate Python developer it's kind of hard to dive in and make the changes that you want to make so I would say that's kind of the biggest hurdle to using it so yeah the real world is messy and you're not going to want to use graphene exactly
24:25
in the way that it was made this is not actually spaghetti 88 just a baby I found in Giphy but yeah the real world is messy and graph QL is just a language it's not telling you how you should do certain things like
24:44
authentication and authorization and and caching and stuff like that so we had to dress it still so first what about permissions you know for us permissions were a really big issue because we have different companies
25:05
using our product people from one company should not be able to see any of the data from another company so one option that is kind of what the graphing doc say you should do is perform authorization on each resolver
25:20
and that would be a pain in the butt we don't want to have to call our drf authorization class every time we want to get a connection the other option is to extend graphene to perform that authorization on every connection which is what we did and what I encourage you to do it's not like drf it doesn't have all these hooks to like you know put your custom
25:44
logic here you know you have to you have to actually extend the classes what we did if any of you have tried to do it so we first of all added to each
26:00
node what the drf class that we're we're using for authorization is and then we extended Django filter connection field on the connection resolver we added the user authentication so are they logged in can they actually see any data and then when you resolve the connection we say
26:21
okay from your node we know you're supposed to have this authorization class we'll apply those authorization limits on the original query set and then that's what you should use to do the rest of it so that's pretty good that's a solvable issue if not it's like even though it kind of takes some effort but what if someone is requesting too much data we've got
26:44
denial of service doesn't necessarily have to be an attack it could just be someone is requesting too much data and it's hogging up time on your server and so what we did because you know you can traverse as much as you want graph QL has some things like you can't do cyclical things you
27:03
can't have an infinite loop which is good but you can just like have someone like a script create like a really big amount of stuff so what we went with at first which is the easiest way of doing it is having a whitelist for the allowed query so we actually had all of our queries in the back end in
27:22
Python and gave each of them an identifier and then the front end would have to call that graph QL query by its name and so that way we were allowed to say these are only the queries that anyone can run on graph QL that you know works it works up to a point and it definitely had its
27:46
downside so we were trying to move away from that so another thing you can do which github first did is add a maximum limit to any connection so there's at first was 30 now it's a hundred so every time you want to get
28:02
a list of stuff you have to define how much you want they also have implemented a maximum query cost which is something that we have only just done last month finally so you can say you know you can max access five
28:20
thousand nodes on any given query and this is how github calculates theirs we do it a little differently but you know having it there is awesome and it enforces limits as well because we just said if you don't have a limit then we're assuming you're getting a thousand and something graph QL also
28:42
has is rate limiting based on query cost so before there'd be three API had a certain rate limit now you can't that rate limit doesn't make as much sense since you can grab so much more data so it has a different way of calculating the cost that's based on the number of database connections that
29:00
you're actually getting and so they rate limit you based on that and so lastly what about performance and for some people this is the big elephant everyone uses this so I add it to my slide so sometimes these queries take a lot of time and Django graphene doesn't really at first especially at the
29:27
beginning didn't really do much to focus on performance and it mostly focused on getting it to work since b1 has came out that was like a big performance improvement but there's still a lot more that can be done for example by default it doesn't do select related and prefetch related when it
29:45
resolves the query as it traverses it which is not necessarily the it's not the most performance something we also did is reduce the number of count calls other so something you can do instead is have something that looks at the entire
30:05
query and and adds things to it and resolve it all at once so that brings us to the data loader this is Facebook's answer to the performance issues so initially like without the data loader this could take 13 database
30:28
calls for all these different fields right it's a lot of database queries but what the data loader does is it analyzes everything which returns a promise and then it batches grabbing things so if you have a bunch of users
30:45
here in the friends that have the same PK then you don't have to get them multiple times you just get them in one big batch so having a max query cost also helps with the performance issue and for us one of the biggest thing is
31:02
just front-end education about how to use graph QL since this was a back-end initiative you know they were like hey okay we'll use it that's cool and they really liked it but they didn't necessarily know much about it and they it more as a back-end thing than a front-end thing and so they're like we'll get all the data especially before we had the query cost and they
31:23
were doing things like this where they're saying I have all these goals give me the idea of all of them and then in the front end I'm just going to count the entire length and that's gonna then that's all I need and we're like I actually don't get any of that and just get the count if you're only going to show to like either the full name or if there's more
31:45
than to one person than just the number of people then just grab the first person and this is you know 30 comments on here this is one of the longer issues in github about graphene and you know you can follow it it
32:04
keeps changing it's kind of interesting he's added a whole bunch of new stuff but there's still more work to be done so there are some considerations it's still a young library I'm hoping Cyrus isn't here today is he no okay the
32:23
maintainer like I was hoping to like maybe we could sprint on it tomorrow but I actually don't know how much he's into that but yeah I could use some work because especially because graph QL is just a query language and it doesn't specify how to do things so how would graphene know
32:41
what to do about these things yeah and then authorization denial of service and performance are some of the big things that you have to look at if you are using it so should you use it who is maybe considering using it now after this talk that's cool so go for it if it's just a side project and
33:05
for fun it is really fun to know and to like have as a tool that you know so also if rest is causing some performance issues that you're like I actually don't know how to get around this I could replace all my serializers serializers with something faster but you know that's a lot of
33:23
work also if your rest format is making it difficult to read or write things and importantly though you have the resources and like development experience to know how to extend it in the way that you want and you know
33:44
hold up just like back off a little bit I mean you should still try to do it but think about it if you have a lot of sensitive information and or you're trying to create a public API in which case you have to worry about rate limiting and query costs and you don't have enough development resources
34:03
to do it or not enough experience to know how to extend it so that's pretty much it there's a lot of great resources on the web the zero to graph QL video is you know probably the one that's posted everywhere about
34:24
a good intro yeah and so thank you very much I thank you what database engines do you recommend for the for supporting this I'm not sure we use my
34:47
sequel and is that what you mean by database engine okay yeah because you can it really it doesn't matter I don't think maybe for performance it could be
35:02
a lot better for one or the other but I can't say for sure first of all thank you I've been wanting to learn more about this for a long time so it's great to have somebody who's experienced explain it to us I think the part of it that I don't quite understand is how do I have to do something special when I create my data models like if I like to make lots
35:24
of little like Union tables for permissions and stuff like that is that does that work with this can I just use what I already have or do I have to redesign the way that I handle I store my data to use this stuff I don't exactly know what you mean by union models but we've used all of our same
35:45
authorization from Jenga rest framework there you can just kind of like add things to the node so we added an authorization model to the node so if you have other things that you want and then a higher level the Django connection field what's the node oh yeah no thank you so so the yellow
36:14
circles are nodes and so in this example it's like list user and to do
36:21
our different nodes that for us they relate to our models very yeah so so it's just like that does that make sense so there's the the parts of the graph that you can traverse that are not scalar types so so they're the
36:41
ones that you create yourself and they're the ones that you yeah define based on your models or the way that your business logic is as like a resource it's like a resource right so if I if I'm assuming that that maps to like a normal Django model that I have what if I have a foreign key yeah
37:02
how does does is just grab graphene do the kind of the right reversal to the foreign keys for me automatically is that the whole point it does do it automatically but you can also you'd also can add as much or as little as you want to it so for example this goal node if I don't have this it'll
37:31
still have tasks or well actually my models are my models are actually different because I'm showing a some something not based on the OKR goal
37:40
methodology that we use so if I remove these fields it'll have a key results which is like tasks already on it but it's just the default settings I can do this to say actually change that field from the original name key
38:03
results to the name tasks and then I can add different things in here so I can add a description for the docs I can for different fields you can add the defaults and whatever and then if you want to limit the subset of tasks that actually receives because right now it's getting all of them actually I would
38:26
need to do this if I need to change the name right now it's getting all of them you can also use the resolver to change the functionality of what the default is and send you know a filtered list of tasks down and so this
38:48
is the query set that it's going to return from the resolver and then the authorization is going to be on that and any filters that you add are going to be on that first of all thanks for the talk is really great I was curious
39:06
when creating graph QL endpoints in practice in a real production application do you find yourself making basically one giant graph QL like endpoint that you can get everything or do you like tailor it to more specific pages or use cases like how do you divide that up yeah so we do have one
39:25
big schema that you can access from you know all these different nodes but that's based on our app if you wanted to have different endpoints you can easily do that in URLs and just have different versions of the schema in different places actually yeah I think there's some sort of setting to say
39:46
which view uses which schema and I think right now that's in the settings up I actually don't remember I think it might just look for it automatically but you can just set up two different schemas if that works for you do you have a recommendation on what like in your experience over the last
40:01
year so like what has worked better for you is it easier just to keep everything in one place yeah because you don't know when you're gonna need something from from a different part of the app like ours are all kind of interrelated anyways so it makes sense to have all that information available like a user for a user I need to know everything that they've done how
40:21
many recognitions have they received how many goals have they created and checked into so that makes sense for us sure yeah that makes sense thanks I saw the the interactive like query builder where you can start building your query yeah does that mean that the server is exposing some
40:42
sort of schema to the client I mean because something that I would like to do in the client side is have a schema that I can use either to validate data as it comes in or to auto generate forms instead of having to actually create the form tags if I if if graph QL is exposing the schema I was
41:03
wondering if I can use that in JavaScript yeah so it has introspection and can tell you what the schema is and people have used it think in typescript I don't know if it works very well but it is possible to
41:21
get what that schema is another thing I didn't mention is when we use the whitelisting query method we actually didn't expose that view to the outside world you could only use it in development just you know so other
41:41
people couldn't run stuff on it yeah so all of those extensions you've made like for the authorization your extensions to the filter connection field are those things that we can expect to see an upstream graphene at some point I'm really hoping so I think now that I've given this talk there's more
42:02
incentive for us to get things merged and not just like keep it in our own utility library besides that like I think what we should do is add pull requests to it and regardless of whether they get merged you can see what we've done and just copy it into yours that's our time sorry so
42:26
let's thank Ariane for her great talk