Ability to replace `nodeId` creation logic for specific or all types

[hos]

Feature description

It would be very helpful to be able to replace the logic how nodeId is generated for tables or any other autogenerated resources. This will allow us to encrypt or mask restricted content in the nodeId. Which will be especially useful for the projects that are migrating to postgraphile.

Motivating example

Example:

When a resource.primary_key is a restricted information, we want to return to the user the primary key, but encrypted, so only the server can decrypt the value, which will allow us to mask the data but the server will be able to understand what have been masked. In a system where there is already a large code designed around the idea that resource.primary_key is a restricted information, the only thing that is missing is to also hide it in the nodeId. It's possible to introduce a new resource with a primary key which is not related to the original resource and also add a relation between those 2 resources that only the server can access, but it can be easily avoided by allowing us to change the logic of generating and reading the nodeId.

Breaking changes

I'm not await what this will break, but I guess that internally, postgraphile is using the content of the nodeId, so if we are adding an option to replace the logic, maybe we will also need an API which will return the data postgraphile needs? Like

{
  write: (resource) => `any string that the "read" function below understands`,
  read: (nodeId) => ({original: [Type, id], otherExtractedData: 'data' }),
  // The "original" field is what postgraphile needs
}

Supporting development

I [tick all that apply]:

• am interested in building this feature myself
• am interested in collaborating on building this feature
• am willing to help testing this feature before it's released
• am willing to write a test-driven test suite for this feature (before it exists)
• am a Graphile sponsor ❤️
• have an active support or consultancy contract with Graphile

[benjie]

You're right that the NodeID needs read and write capabilities - or encode and decode more specifically. Fortunately; we built that functionality right in! We have:

• NodeIdCodecBase64JSONPlugin - this encodes a NodeId via base64(JSON.stringify(values))
• NodeIdCodecPipeStringPlugin - this encodes a NodeId via values.join('|') (and is only suitable for use with values that cannot contain a | symbol!)

You can also add your own codecs by creating a plugin like one of these.

The issue is that when we register a table we always register it using the base64JSON encoding:

crystal/graphile-build/graphile-build-pg/src/plugins/PgTableNodePlugin.ts

Lines 158 to 161 in 6401dea

	build.registerNodeIdHandler({
	typeName: tableTypeName,
	codec: build.getNodeIdCodec!("base64JSON"),
	deprecationReason: tagToString(

However, this needn't be the case. You could add a smart tag to change the encoding, and do something like:

codec:
  build.getNodeIdCodec(
    codec.extensions?.tags?.nodeIdCodec
    ?? firstSource?.extensions?.tags?.nodeIdCodec
    ?? build.options?.defaultNodeIdCodec
    ?? 'base64JSON'
  ),

If you were to do so, I'd want to see tests showing this working for all the expected places:

• get node by ID
• mutate node by ID (update/delete)
• Relay preset mutation references (create/update mutation with a foreign key column value identified by ID)
• mutation payload ID
• anywhere else you can think of that an ID is used

Ideally you could reuse a load of the existing tests and just set a global defaultNodeIdCodec and update the values in the snapshots/tests as expected.

I'd absolutely love to see this functionality, but it's incredibly low priority for me. I'd love to see some really cool ID codecs, such as ones that perform encryption/decryption, or ones that do Slack-style GUID prefixes to indicate the type of resource.