We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

GraphQL in the wild

00:00

Formal Metadata

Title
GraphQL in the wild
Title of Series
Part Number
48
Number of Parts
48
Author
Contributors
License
CC Attribution - ShareAlike 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal and non-commercial purpose as long as the work is attributed to the author in the manner specified by the author or licensor and the work or content is shared also in adapted form only under the conditions of this
Identifiers
Publisher
Release Date
Language

Content Metadata

Subject Area
Genre
Abstract
Since being released by Facebook in 2015, GraphQL has gained a lot of hype for being the best thing since sliced bread and REST APIs. But what is all the hype about and how does GraphQL fare in the real world? As a Django developer who has been using GraphQL in production since September 2017, I will discuss how we have addressed real-world concerns like performance and security. I will also highlight some of the joys of using GraphQL and why we have stopped writing REST APIs for new features. If you have never heard of GraphQL or have never used the Graphene library, have no fear. There will be an overview of what GraphQL is, as well as a demo on how to incorporate it into a Django project using Graphene.
Graph (mathematics)Product (business)Multiplication signProjective planeFront and back endsXMLUMLComputer animation
Field (computer science)BitGraph (mathematics)Projective planeWordView (database)Server (computing)CodePattern recognitionElectronic mailing listLattice (order)Flow separationClient (computing)Product (business)Theory of relativityWater vaporRight angleDifferent (Kate Ryan album)Multiplication signComputing platformData managementSerial portTask (computing)Total S.A.Peer-to-peerData miningFeedbackMathematicsDescriptive statisticsField (computer science)Data structureNormal (geometry)Computer animation
RankingTask (computing)StatisticsData managementWeb pageArithmetic progressionObject (grammar)Self-organizationSinc functionTask (computing)Graph (mathematics)Information securityRepresentational state transferSystem callEndliche ModelltheorieProduct (business)2 (number)Pairwise comparisonGraphical user interfaceResultantPoint (geometry)BitBootingStructural loadWordDisk read-and-write headNumberMultiplication signSoftwareRight angleComputer animation
Repository (publishing)Inheritance (object-oriented programming)File viewerVariable (mathematics)Graph (mathematics)Multiplication signBitRepository (publishing)Demo (music)File viewerFront and back endsSoftware frameworkLogicDatabaseDebuggerQuery languageMobile appEndliche ModelltheorieMachine visionGravitationPersonal digital assistantComputer animation
Inclusion mapType theoryPower (physics)Field (computer science)Product (business)DebuggerWebsiteMobile appRevision controlFacebookMultiplication signGraph (mathematics)Reading (process)Source codeApproximationOpen sourceComputer animationXMLUML
Graph (mathematics)Software frameworkClient (computing)Library (computing)BuildingGoogolVideo trackingSource codeDisintegrationInstallation artMeta elementData modelTask (computing)Vertex (graph theory)Query languageRootObject (grammar)Object-relational mappingQuery languageGraph (mathematics)Endliche ModelltheorieTask (computing)Library (computing)Object (grammar)Type theoryAutomatic differentiationParameter (computer programming)Uniform resource locatorVariable (mathematics)2 (number)Installation artMobile appBitRootComputer animation
Electronic mailing listVertex (graph theory)Meta elementData modelFile formatQuery languageDigital filterTriangleBitField (computer science)Graph (mathematics)BlogEndliche ModelltheorieGenderArmLibrary (computing)Type theoryString (computer science)Resolvent formalismRight angleSound effectComputer animation
Digital filterTask (computing)Projective planeCountingFilter <Stochastik>Arithmetic progressionRepresentational state transferComputer animation
Cursor (computers)Meta elementData modelInterface (computing)Query languageObject (grammar)Social classContext awarenessAverageTask (computing)Arrow of timeConnected spaceCursor (computers)FacebookDescriptive statisticsInterface (computing)Scripting languageGraph (mathematics)CountingField (computer science)Filter <Stochastik>MathematicsElectronic mailing listBookmark (World Wide Web)Social classQuery languageComputer animationDiagram
Product (business)Task (computing)Data typeQuery languageGlass floatAverageInterface (computing)Variable (mathematics)ImplementationRaw image formatStatisticsView (database)Descriptive statisticsAreaQuery languageArithmetic progressionStatisticsFeedbackGraph (mathematics)Field (computer science)CASE <Informatik>Type theoryBitSubject indexingComplex (psychology)Process (computing)Endliche ModelltheorieSoftware frameworkDifferent (Kate Ryan album)Structural loadView (database)DebuggerForm (programming)Computer animation
Archaeological field surveyForm (programming)Graph (mathematics)Object (grammar)Chaos (cosmogony)DebuggerXML
Front and back endsError messageString (computer science)Graph (mathematics)Computer wormDependent and independent variablesDatabaseDampingType theoryoutputAuthorizationThomas BayesComputer animation
Query languageDigital filterTask (computing)Variable (mathematics)Graph (mathematics)Connectivity (graph theory)Query languageVariable (mathematics)Message passingMathematicsResultantComputer animation
Task (computing)Atomic numberInformationContext awarenessField (computer science)Object (grammar)Graph (mathematics)CASE <Informatik>Field (computer science)DataflowEndliche ModelltheorieDisk read-and-write headType theoryoutputMereologyFrame problemSocial classTerm (mathematics)GenderFront and back endsAtomic numberDampingInterior (topology)
Task (computing)Electric currentQuery languageoutputVariable (mathematics)Client (computing)LogicRaw image formatoutputFile viewerMereologyVariable (mathematics)LogicRight angleSoftware developerDebuggerClient (computing)Computer animation
Punched cardCodeExecution unitSource codeAuthorizationRaw image formatExtension (kinesiology)AuthenticationDensity of statesService (economics)Query languageRepository (publishing)Limit (category theory)Error messageMessage passingMaxima and minimaCalculationVertex (graph theory)Bit rateLibrary (computing)Graph (mathematics)Software bugQuery languageTotal S.A.AuthorizationAuthenticationField (computer science)Resolvent formalismCellular automatonLatent heatLogicMathematicsDefault (computer science)Order (biology)Front and back endsSocial classAreaConnected spaceBit rateComputer configurationMaxima and minimaLimit (category theory)Multiplication signCountingDenial-of-service attackIdentifiabilityLoop (music)InfinitySet (mathematics)System callFiber (mathematics)Classical physicsSource codeSoftware developerProduct (business)Type theoryDatabaseForcing (mathematics)NumberView (database)Electronic mailing listFormal languageGraph (mathematics)Raw image formatMetaprogrammierungDebuggerPoint (geometry)Server (computing)Computer animation
System callCountingMultiplication signSlide ruleQuery languageCellular automatonNumberBootingDefault (computer science)System callCountingComputer animation
BootingQuery languageDatabaseMultiplication signFacebookBootingMaxima and minimaStapeldateiQuery languageField (computer science)System callSquare numberComputer animation
CountingNumberCountingQuery languageGraph (mathematics)Entire functionDebuggerLengthComputer animation
WhiteboardCodeWikiGraph (mathematics)Client (computing)Object (grammar)Instance (computer science)Query languageParsingParsingDependent and independent variablesSet (mathematics)Raw image formatService (economics)ImplementationAuthorizationLogicFile formatBlog2 (number)Query languageGraph (mathematics)Denial-of-service attackSoftware developerBit rateSpring (hydrology)VideoconferencingWeb 2.0Library (computing)Serial portTheorySet (mathematics)OntologyCASE <Informatik>File formatInformationAuthorizationSensitivity analysisBitSoftware maintenanceDatabaseGoodness of fitProjective planeComputer animation
DatabaseRight angleMultiplication signAuthorizationSequelMeeting/Interview
Multiplication signLevel (video gaming)Data modelSoftware frameworkAuthorizationTable (information)MereologyConnected spaceField (computer science)Endliche ModelltheorieTerm (mathematics)AngleComputer animation
Query languageoutputVariable (mathematics)ImplementationRaw image formatObject (grammar)Electronic mailing listRing (mathematics)CircleEndliche ModelltheorieDifferent (Kate Ryan album)1 (number)Type theoryMereologyLogicElectronic mailing listMappingNormal (geometry)Graph (mathematics)Computer animationXML
Meta elementCodeInterior (topology)Glass floatData modelDigital filterPoint (geometry)Form (programming)Endliche ModelltheorieRight angleDistanceKey (cryptography)Reverse engineeringSet (mathematics)Default (computer science)ResultantSubsetMultiplication signTask (computing)Field (computer science)Functional (mathematics)Resolvent formalismElectronic mailing listReal numberQuery languageWeb pageCartesian coordinate systemAuthorizationCASE <Informatik>Graph (mathematics)QuicksortProduct (business)Revision controlFilter <Stochastik>Series (mathematics)Pattern recognitionClient (computing)InformationMereologyView (database)MathematicsNumbering schemeTerm (mathematics)Connected spaceExtension (kinesiology)Library (computing)Descriptive statisticsDifferent (Kate Ryan album)Latent heatMobile appServer (computing)Uniform resource locatorSoftware developerUtility softwareElectric generatorComputer animationLecture/Conference
XML
Transcript: English(auto-generated)
to my talk. I know there's a pretty awesome talk happening at the same time so I really appreciate it. First off a show of hands. Who here has used
explored a GraphQL API before? Has tried to implement a GraphQL schema in the back end on a side project? A couple people. And who here has used
it in production? One person yay! So your questions can be directed at her as well afterwards. So thank you. My talk today is called GraphQL in the Wild. Some
people here like lemurs so I added that in. So now I know a bit about your experience. I'm gonna talk a little bit about mine. I have I would say I'm a generalist. Have done a lot of stuff in the past. You can read about in my bio but related to this talk I taught myself Django about two years ago as
the only employee at a startup. Then I realized I needed some mentorship and I worked at Seven Geese. They were using Django and I've been there for one and a half years. So we're based in Vancouver, Canada. We're about 30 employees total but back then there were like four back-end engineers and
two of them were doing separate things. So they're kind of just two of us and then like four front-end engineers. And we and so my co-worker Tony who is amazing is very curious about new things and was into interested in trying
out GraphQL kind of you know early on. And so we have been using GraphQL in production for about a year. In the talk description it says 2017 and I think all their sixes got changed into seven because it happened in a different one too. So yeah it's been about a year. There have been a lot of
talks. There's a lot of resources online about GraphQL in general. Not as much about using it in Python but I wanted to focus this talk less so on like an intro to GraphQL and more about what we've done to move it from like cool pet projects to using it in production and how it's helped us. But
there will be an overview of that but I'm gonna kind of breeze through it a little bit so that there's room for questions at the end and then if you have questions about it we can kind of go back. So first of all let's talk about REST. REST is pretty awesome. You can you know you've got that
separation of client and server code. You can not update the server and still have like mobile views and and just different views of the same stuff and yeah it's great right. We all loved our DRF. I actually haven't been I only have like a few months of DRF experience so I know more about
GraphQL. But there are some issues with REST. One thing was that we were noticing a lot of performance issues. One thing is when you're trying to get related data so you've got you know your normal list view that's cool but what if you want like a dashboard view and so you want to show a lot of
related data you know you have to go into this nested structure each one of those endpoints is like a different request. So that takes a long time because you need a lot of requests. Another thing is the amount of time it was taking for serialization. That ended up being the vast majority of the
performance issues we were seeing per request. For example our user resource you know so what 7Geese does is we have a performance management platform so you can set goals you can have meetings with your managers and give peer feedback and give peer recognitions and a lot of all of that
is user focus right so we're sending the the user with everything. Our user extended user resource has 34 fields in it. Only four of them are important so we're wasting about 88% of the data that we're getting back from the server. So REST was still working for us performance issues aside but then
the designers came up with this dashboard that to build. It looks like this you know you can see my objective my objectives or my goals the tasks that are related to those goals the overall progress and stats my latest
update to the goals but then this is also on the page and all of the goals related to my co-workers and my manager and then just for fun some summaries about the organization and the team that I'm on. So for an example bunch of data that we need to get from that we were shaking in our boots about like how we
were going to do this with REST right and so we had a little bit of a challenge. My co-worker Tony had used GraphQL before he thought this might be a good time to check it try it out. He and I had a little bit of a friendly competition going. I would try to use our REST API endpoints. I didn't have to
worry about versioning. I could like reduce the number of data I was sending per resource and he was going to look at GraphQL. The winner of this challenge if I won I would get to name his about-to-be-born baby boy.
My mom I'm Filipino my mom is a travel agent we have weird names she knows someone whose child is named Spaghetti 88 so I was just gonna take that so so Tony's son was gonna be named Spaghetti 88 Anguarilli so and if
he won he I would not get to name his son so it was on and our results were with REST this is what it looked like in the Chrome inspector about the
network calls there were a lot of them and in GraphQL it looked like this so comparison about ten point three seconds overall and five point five a lot of that is just loading stuff so what is this crazy voodoo magic like and how how do we actually use this in production we wanted to know there
were you know the security guys like what about this and what about this and what about this and we're like oh I think we can solve them so as many of you know github is one of the major players to move to a graph QL API and we all love and trust github right so if they could do it we could do it we
actually did it about the same time and I'm just gonna show you quickly a little bit about what that looks like so here is the graphical app it is awesome it's like swagger but way better or the Django rest framework stuff so I want a new query and so I am the viewer let's see I want some
repositories and I only want to get the first ten this is weird stuff that I'll go over briefly later and let's see oh those have some issues cool no I
don't want that right now because this is just a demo but let's see where that comes up so so I can see my name I've got a few repositories in here but
pretty much graph QL you can it's a query language it defines how you query data from your API's it's similar to SQL which is a query language for your databases but this is above the layer of databases this is
API business of a logic you can have totally different models in the back end from what you display in the front end and that's actually highly encouraged so according to github the ability to define precisely the data you want and only the data you want is a powerful advantage over rest API some
of these advantages include yeah the data that you want and nothing more nested fields and strong typing so does it play well with Django the answer is kind of since this is really powerful for front end and JavaScript and
especially react also Facebook I forgot to mention Facebook was the people who actually created graph QL they've been using it internally in production since 2012 they had this issue with getting too much data especially for
their mobile app that doesn't need as much data as their website and they open-sourced it they announced it in January 2015 so about two years ago open-sourced it about half a year later and now you know it's just grown and evolved over time but because it's more for the front end I think the
JavaScript communities have really taken to it there's like five different versions of it in node and in Django we've got graphene which is pretty cool it's pretty easy but there are some drawbacks so here is the github read me for it so you can just use it in Python it has hooks to work with Django
especially their ORM you can also use SQL alchemy and maybe P we sometime in the future that's been there for like a year so how do we set it up it's like two seconds PIP install graphene Django add it to your installed apps
and set the URL that you want all of graph QL to go to so graph QL it has a single endpoint and you send the data that you want in the query and your variables either through the get query parameters or through the post
body so that can be anywhere I'm calling it graph QL it also has it comes built in with that graphical app which you can explore it everything with so so that's it mostly then you have to define your queries and your and
schema it's as simple as this if you're using Django you just say hey I've got everything in red by the way sorry for anyone who's colored wine hopefully you can see it but like Django object type is in red I wanted to do that so you can see what exactly is coming from the graphene
library or the Django graphene library so it wasn't so long so yeah say it's a Django object type you're creating a node and it's going to be so besides your nodes you have to define how you're going to enter the
schema so your root query so here I'm just saying its goals because this is the kind of data that I'm working with in my company and then you can resolve goals in a certain way by saying here's the query set to look at and then add it to your schema so here is a little bit of a drawing
that I overlaid with things I got from the Apollo blog thanks Apollo so you've got the triangles is where you're entering the schema and then you can use graph QL to traverse the rest of it and the yellow bits are the nodes and then all the little things coming off of it are like fields of that
node so graphene will take that automatically from your Django models you can exclude things of course you can also define custom nodes so for the user node if I want full name I can say full name is this type string and string is from the graphene library and then resolve it and so whenever you
have resolved anything that's like a field you can have a resolver for and I'm because I'm going to talk about resolvers later a bit so you can say what it returns great so that's pretty easy so I'm just gonna show you a bit
about all that stuff I've done just now what that looks like that will get us this goals I've got some tasks and they each have a name so that's it for now
so that gets you that and so you can use this on top of any project that you're using regardless of whether you have a REST API or not so next adding
filters and pagination this makes it a little more complicated so you've got goals and name and progress but how do we get certain things like what the total count is and how do we do pagination and filter on them so these
red arrows are now going to be called connections we're going to add a few different things and so when you are when you have like a many to one or many-to-many relationship it's going to now be called edges so that you can do things like get the total count of the edges or get these things called
cursor for pagination and I'm just gonna and then you can also use you can filter you see oh no anyways it also adds it also adds filtering so how you get that is something called relay Facebook relay has it is kind of
like Redux for JavaScript it but let's not worry about that you you don't have to use relay in JavaScript to use the relay pagination features in graphene so all you do is say I'm using this relay node interface and that changes all of your connections to changes your list to connections and
then you can use something called Django filter connection field and that adds the ability to define your Django filters class that you want to use and so you can use your Django filters on every node lastly or almost lastly we
have kind of built-in documentation which is one of my favorite features of graph QL so I can just say here is the description of this field and then what that ends up looking like is in these docs I can go into query I can
look at goal node I can look at oh no sorry that is a mistake where did I add it to anyways here so if I go into progress I can see the description just in here but you can also you almost never need
descriptions because they should be describing themselves ideally hey then there's a lot of other fancy stuff that you get which we're not going to talk about but if you have questions you can ask me outside and pretty much the answer is it can do everything pretty much everything that you want it to do
you might need a little bit of tweaking but we've added our own new fields we can return different Django model types on the same node using unions everything like that so you've got some pretty cool stuff there are some pros for graph QL it's like self explorable like you don't have to
send anything else up and it's pretty fun you've got easy documentation I find it personally more intuitive to implement than Django rest framework and that's just on the backside like you know in building API's there's a whole load of benefits for the front end so what makes what are some use cases that make
it better than rest so as we saw that before those complex views if you want summaries dashboards stats they your node don't have to be connected at all to Django models you can return whatever you want so we have a
stats node that does a lot of processing in the back end and send it to the front and we were good this way that you know that was about September to November we were only using graph QL for complex views and gets but then
we had this other challenge we were building this feedback form and we wanted to create a survey builder that would autosave and the front end people had tried implementing it already in rest there was like all this stuff we
were using like reactive like rxjs to to do certain things you know determining when you're creating a new object so a post versus when you're updating an object versus when you're deleting it things have to be done in the right order and if you if something failed you have to remember what else
needs to come back come after it so we had this idea to use graph QL for it it ended up working really well so instead of doing each item we just like send it a big payload and the back end it's up to the back end to figure
out how to save everything so that what's in the database actually looks like with a payload that you got so if you've got a successful response you know that what you're showing is actually what's on the back end and you know you could do this without graph QL but the benefits of doing it
with graph QL are the type checking you don't have to check each input that yes this is a float yes this is a string because it'll it'll do all that for you and and give you an error if it's not right so there are these things called mutations instead of queries so those are the two main
components of graph QL and how you set that up this is what it looks like in the end you've got a mutation here you can pass in some variables and pass those variables into the mutation and then when you press and when you send it what is in here is another query and that's the data that you get back
that's the result of doing those that mutation so you know have you if you've ever had this problem where you change some data something else then changes and so you need to do another request to see how it affected it
that's all in one request now and you just yeah define what you want to so you can define some inputs they're like nodes but there's actually no quick way that I know of of getting the input types from the Django model you
kind of to build these yourself and in that way it's different from a put or a patch because you're not you you're not supposed to think about it in terms of I have this object I want to change this field to this in this it's more like I want to mutate this object in some way I want to do something to it and the back end should have a better understanding about
what that means and do it itself that was not supposed to be like that so yeah you can define a mutation like so you have the graph to all mutation class you define what inputs you're taking in I'm actually only taking in
an int and a float in this case and not the inputs that I showed on the previous brain but I wanted to show you how it could be done and and then the goal part is defining what node is being returned by it so that's what you can query on when you're actually doing the mutation for your return
data and then you do a bunch of stuff make sure it's atomic and then you just add it as a mutation onto your schema that's you okay so looking back
at our graphical a viewer you know you can see that where the different parts fit in the inputs the return data the variables and so this simplifies the client side logic that they have to do you don't have to yeah along with the gets and the rights the front end loves it if you want to make your front
end developers happy think about using it but what's the catch and so this is the more important part of the talk so one thing is that graphene is the only library that you know is really viable to you to implement a graph QL
schema and Django and Python it was released about a year ago and you can see since then there hasn't been that much activity on it there it is a library and there hasn't been a ton of contributions and so there are bugs there are you know so is released in 2016 the docs are not super complete if
you have questions often you have to ask a question as an issue in the in github also sometimes it lags behind the graph QL specs so for example total count is in the graph QL specifications but as far as I know
is still not yet in the graphene library so we had to build that ourselves there are some bugs with the resolvers if it kind of has some weird logic so we've had to rewrite a lot of that logic about how things get resolved because you know first we want to return the resolver query set
then we want to filter on that and then we want to do other stuff and the order that it does it by default is not right and lastly one of the big things is that the source code is quite complicated there's a lot of meta
programming in it and as someone who's only an intermediate Python developer it's kind of hard to dive in and make the changes that you want to make so I would say that's kind of the biggest hurdle to using it so yeah the real world is messy and you're not going to want to use graphene exactly
in the way that it was made this is not actually spaghetti 88 just a baby I found in Giphy but yeah the real world is messy and graph QL is just a language it's not telling you how you should do certain things like
authentication and authorization and and caching and stuff like that so we had to dress it still so first what about permissions you know for us permissions were a really big issue because we have different companies
using our product people from one company should not be able to see any of the data from another company so one option that is kind of what the graphing doc say you should do is perform authorization on each resolver
and that would be a pain in the butt we don't want to have to call our drf authorization class every time we want to get a connection the other option is to extend graphene to perform that authorization on every connection which is what we did and what I encourage you to do it's not like drf it doesn't have all these hooks to like you know put your custom
logic here you know you have to you have to actually extend the classes what we did if any of you have tried to do it so we first of all added to each
node what the drf class that we're we're using for authorization is and then we extended Django filter connection field on the connection resolver we added the user authentication so are they logged in can they actually see any data and then when you resolve the connection we say
okay from your node we know you're supposed to have this authorization class we'll apply those authorization limits on the original query set and then that's what you should use to do the rest of it so that's pretty good that's a solvable issue if not it's like even though it kind of takes some effort but what if someone is requesting too much data we've got
denial of service doesn't necessarily have to be an attack it could just be someone is requesting too much data and it's hogging up time on your server and so what we did because you know you can traverse as much as you want graph QL has some things like you can't do cyclical things you
can't have an infinite loop which is good but you can just like have someone like a script create like a really big amount of stuff so what we went with at first which is the easiest way of doing it is having a whitelist for the allowed query so we actually had all of our queries in the back end in
Python and gave each of them an identifier and then the front end would have to call that graph QL query by its name and so that way we were allowed to say these are only the queries that anyone can run on graph QL that you know works it works up to a point and it definitely had its
downside so we were trying to move away from that so another thing you can do which github first did is add a maximum limit to any connection so there's at first was 30 now it's a hundred so every time you want to get
a list of stuff you have to define how much you want they also have implemented a maximum query cost which is something that we have only just done last month finally so you can say you know you can max access five
thousand nodes on any given query and this is how github calculates theirs we do it a little differently but you know having it there is awesome and it enforces limits as well because we just said if you don't have a limit then we're assuming you're getting a thousand and something graph QL also
has is rate limiting based on query cost so before there'd be three API had a certain rate limit now you can't that rate limit doesn't make as much sense since you can grab so much more data so it has a different way of calculating the cost that's based on the number of database connections that
you're actually getting and so they rate limit you based on that and so lastly what about performance and for some people this is the big elephant everyone uses this so I add it to my slide so sometimes these queries take a lot of time and Django graphene doesn't really at first especially at the
beginning didn't really do much to focus on performance and it mostly focused on getting it to work since b1 has came out that was like a big performance improvement but there's still a lot more that can be done for example by default it doesn't do select related and prefetch related when it
resolves the query as it traverses it which is not necessarily the it's not the most performance something we also did is reduce the number of count calls other so something you can do instead is have something that looks at the entire
query and and adds things to it and resolve it all at once so that brings us to the data loader this is Facebook's answer to the performance issues so initially like without the data loader this could take 13 database
calls for all these different fields right it's a lot of database queries but what the data loader does is it analyzes everything which returns a promise and then it batches grabbing things so if you have a bunch of users
here in the friends that have the same PK then you don't have to get them multiple times you just get them in one big batch so having a max query cost also helps with the performance issue and for us one of the biggest thing is
just front-end education about how to use graph QL since this was a back-end initiative you know they were like hey okay we'll use it that's cool and they really liked it but they didn't necessarily know much about it and they it more as a back-end thing than a front-end thing and so they're like we'll get all the data especially before we had the query cost and they
were doing things like this where they're saying I have all these goals give me the idea of all of them and then in the front end I'm just going to count the entire length and that's gonna then that's all I need and we're like I actually don't get any of that and just get the count if you're only going to show to like either the full name or if there's more
than to one person than just the number of people then just grab the first person and this is you know 30 comments on here this is one of the longer issues in github about graphene and you know you can follow it it
keeps changing it's kind of interesting he's added a whole bunch of new stuff but there's still more work to be done so there are some considerations it's still a young library I'm hoping Cyrus isn't here today is he no okay the
maintainer like I was hoping to like maybe we could sprint on it tomorrow but I actually don't know how much he's into that but yeah I could use some work because especially because graph QL is just a query language and it doesn't specify how to do things so how would graphene know
what to do about these things yeah and then authorization denial of service and performance are some of the big things that you have to look at if you are using it so should you use it who is maybe considering using it now after this talk that's cool so go for it if it's just a side project and
for fun it is really fun to know and to like have as a tool that you know so also if rest is causing some performance issues that you're like I actually don't know how to get around this I could replace all my serializers serializers with something faster but you know that's a lot of
work also if your rest format is making it difficult to read or write things and importantly though you have the resources and like development experience to know how to extend it in the way that you want and you know
hold up just like back off a little bit I mean you should still try to do it but think about it if you have a lot of sensitive information and or you're trying to create a public API in which case you have to worry about rate limiting and query costs and you don't have enough development resources
to do it or not enough experience to know how to extend it so that's pretty much it there's a lot of great resources on the web the zero to graph QL video is you know probably the one that's posted everywhere about
a good intro yeah and so thank you very much I thank you what database engines do you recommend for the for supporting this I'm not sure we use my
sequel and is that what you mean by database engine okay yeah because you can it really it doesn't matter I don't think maybe for performance it could be
a lot better for one or the other but I can't say for sure first of all thank you I've been wanting to learn more about this for a long time so it's great to have somebody who's experienced explain it to us I think the part of it that I don't quite understand is how do I have to do something special when I create my data models like if I like to make lots
of little like Union tables for permissions and stuff like that is that does that work with this can I just use what I already have or do I have to redesign the way that I handle I store my data to use this stuff I don't exactly know what you mean by union models but we've used all of our same
authorization from Jenga rest framework there you can just kind of like add things to the node so we added an authorization model to the node so if you have other things that you want and then a higher level the Django connection field what's the node oh yeah no thank you so so the yellow
circles are nodes and so in this example it's like list user and to do
our different nodes that for us they relate to our models very yeah so so it's just like that does that make sense so there's the the parts of the graph that you can traverse that are not scalar types so so they're the
ones that you create yourself and they're the ones that you yeah define based on your models or the way that your business logic is as like a resource it's like a resource right so if I if I'm assuming that that maps to like a normal Django model that I have what if I have a foreign key yeah
how does does is just grab graphene do the kind of the right reversal to the foreign keys for me automatically is that the whole point it does do it automatically but you can also you'd also can add as much or as little as you want to it so for example this goal node if I don't have this it'll
still have tasks or well actually my models are my models are actually different because I'm showing a some something not based on the OKR goal
methodology that we use so if I remove these fields it'll have a key results which is like tasks already on it but it's just the default settings I can do this to say actually change that field from the original name key
results to the name tasks and then I can add different things in here so I can add a description for the docs I can for different fields you can add the defaults and whatever and then if you want to limit the subset of tasks that actually receives because right now it's getting all of them actually I would
need to do this if I need to change the name right now it's getting all of them you can also use the resolver to change the functionality of what the default is and send you know a filtered list of tasks down and so this
is the query set that it's going to return from the resolver and then the authorization is going to be on that and any filters that you add are going to be on that first of all thanks for the talk is really great I was curious
when creating graph QL endpoints in practice in a real production application do you find yourself making basically one giant graph QL like endpoint that you can get everything or do you like tailor it to more specific pages or use cases like how do you divide that up yeah so we do have one
big schema that you can access from you know all these different nodes but that's based on our app if you wanted to have different endpoints you can easily do that in URLs and just have different versions of the schema in different places actually yeah I think there's some sort of setting to say
which view uses which schema and I think right now that's in the settings up I actually don't remember I think it might just look for it automatically but you can just set up two different schemas if that works for you do you have a recommendation on what like in your experience over the last
year so like what has worked better for you is it easier just to keep everything in one place yeah because you don't know when you're gonna need something from from a different part of the app like ours are all kind of interrelated anyways so it makes sense to have all that information available like a user for a user I need to know everything that they've done how
many recognitions have they received how many goals have they created and checked into so that makes sense for us sure yeah that makes sense thanks I saw the the interactive like query builder where you can start building your query yeah does that mean that the server is exposing some
sort of schema to the client I mean because something that I would like to do in the client side is have a schema that I can use either to validate data as it comes in or to auto generate forms instead of having to actually create the form tags if I if if graph QL is exposing the schema I was
wondering if I can use that in JavaScript yeah so it has introspection and can tell you what the schema is and people have used it think in typescript I don't know if it works very well but it is possible to
get what that schema is another thing I didn't mention is when we use the whitelisting query method we actually didn't expose that view to the outside world you could only use it in development just you know so other
people couldn't run stuff on it yeah so all of those extensions you've made like for the authorization your extensions to the filter connection field are those things that we can expect to see an upstream graphene at some point I'm really hoping so I think now that I've given this talk there's more
incentive for us to get things merged and not just like keep it in our own utility library besides that like I think what we should do is add pull requests to it and regardless of whether they get merged you can see what we've done and just copy it into yours that's our time sorry so
let's thank Ariane for her great talk