GraphQL pre-approved queries

Question

I read that Facebook's internal servers accept any queries in dev mode, and these are cached. In production, only a pre-approved/cached query is permitted. This was mentioned as a model which other servers should adopt.

Does someone know what tools do they use for that? Does this process is described more detailed somewhere?

Answer 1

I don't know how it's down in facebook but I can explain how I did it in GraphQL Guru. As graphql is language agnostic I'll explain without being language specific.

The way persisted queries work is a client sends a query with a unique id and variables to a graphql (persisted query ready) server.

{ "id": "1234", "varibles": { "firtName": "John", "lstName": "Smith" } }

For the id don't use a hash of the query as the this results in long id names of varying sizes, which kind of defeats the purpose.

On your server, create a file with the same name as the persisted query id, which contains the actual graphql query. Or save it in a database.

To get the graphql query you will need to intercept it via middleware. The middleware retrieves the graphql query via its id and passes the query on to the graphql endpoint. Depending on how the query was defined the middleware may need to parse it. Also, it is in the middleware where you can whitelist if the persisted query id does not exist.

Then the graphql endpoint process the query as normal.

You can see a nodejs example here https://github.com/otissv/guru-express-server/blob/master/src/routes/graphql-route.js