|
1 | | -TODO: what about inflight request deduplication |
| 1 | +<!-- TODO: what about inflight request deduplication --> |
| 2 | + |
| 3 | +<!-- |
| 4 | +http://ec2-52-28-73-22.eu-central-1.compute.amazonaws.com:8080 |
| 5 | +--> |
| 6 | + |
| 7 | +<!-- |
| 8 | +NOTE: for enabling clipboard on non-https |
| 9 | +chrome://flags/#unsafely-treat-insecure-origin-as-secure |
| 10 | +--> |
2 | 11 |
|
3 | 12 | # bun init |
4 | 13 |
|
@@ -736,6 +745,49 @@ TODO: explain that if you would like to rate limit the whole gateway it would be |
736 | 745 |
|
737 | 746 | Commit |
738 | 747 |
|
| 748 | +# persisted docuemnts |
| 749 | +
|
| 750 | +However, the best way to protect yourself is to use trusted documents |
| 751 | +
|
| 752 | +also known as persisted documents or operations |
| 753 | +
|
| 754 | +lets set that up, first we create a list of allowed queries |
| 755 | +
|
| 756 | +```json |
| 757 | +{ |
| 758 | + "q1": "{ posts { title content author { name liked { title } } } }" |
| 759 | +} |
| 760 | +``` |
| 761 | +
|
| 762 | +then we set up the gateway.config.ts |
| 763 | +
|
| 764 | +```ts |
| 765 | +persistedDocuments: { |
| 766 | + getPersistedOperation: async (key) => { |
| 767 | + const docs = await Bun.file("./docs.json").json(); |
| 768 | + return docs[key]; |
| 769 | + }, |
| 770 | +} |
| 771 | +``` |
| 772 | +
|
| 773 | +now we allow only queries from the whitelist file |
| 774 | +
|
| 775 | +show in graphiql |
| 776 | +
|
| 777 | +then do |
| 778 | +
|
| 779 | +```sh |
| 780 | +curl "http://localhost:4000/graphql?documentId=q1" | jq |
| 781 | +``` |
| 782 | +
|
| 783 | +for the sake of the remaining workshop examples |
| 784 | +
|
| 785 | +I'll allow arbitrary ops |
| 786 | +
|
| 787 | +```ts |
| 788 | +allowArbitraryOperations: true; |
| 789 | +``` |
| 790 | +
|
739 | 791 | # edfs |
740 | 792 |
|
741 | 793 | Enough about security, I'd like to get to something interesting |
@@ -1049,6 +1101,7 @@ In order to publish, we have to set up an access token with perms: |
1049 | 1101 | - tracing |
1050 | 1102 | - usage |
1051 | 1103 | - publish |
| 1104 | +- app deploys |
1052 | 1105 |
|
1053 | 1106 | Then we are going to store the token into our `hive.json` file |
1054 | 1107 |
|
@@ -1104,6 +1157,47 @@ Ok this is looking fine, lets see the status of our gateway |
1104 | 1157 |
|
1105 | 1158 | Great, it's pulling from the CDN! |
1106 | 1159 |
|
| 1160 | +Let's also use app deplyoments and move our trusted documents |
| 1161 | +
|
| 1162 | +to hive console as well! |
| 1163 | +
|
| 1164 | +We need to deploy the app and activate it |
| 1165 | +
|
| 1166 | +```sh |
| 1167 | +bun hive app:create \ |
| 1168 | + --target "graphql-conf-2025/proj/development" \ |
| 1169 | + --name "conf" \ |
| 1170 | + --version "1.0.0" \ |
| 1171 | + docs.json |
| 1172 | +``` |
| 1173 | +
|
| 1174 | +```sh |
| 1175 | +bun hive app:publish \ |
| 1176 | + --target "graphql-conf-2025/proj/development" \ |
| 1177 | + --name "conf" \ |
| 1178 | + --version "1.0.0" |
| 1179 | +``` |
| 1180 | +
|
| 1181 | +and then set it up in gateway.config.ts |
| 1182 | +
|
| 1183 | +```ts |
| 1184 | +persistedDocuments: { |
| 1185 | + // allowArbitraryOperations: true, |
| 1186 | + allowArbitraryDocuments: true, |
| 1187 | + type: "hive", |
| 1188 | + endpoint: "", |
| 1189 | + token: "", |
| 1190 | +} |
| 1191 | +``` |
| 1192 | +
|
| 1193 | +great, lets try it |
| 1194 | +
|
| 1195 | +```sh |
| 1196 | +curl "http://localhost:4000/graphql?documentId=q1" | jq |
| 1197 | +``` |
| 1198 | +
|
| 1199 | +Works! |
| 1200 | +
|
1107 | 1201 | Before we show off the awesome tracing feature, lets first show how to set up usage reporting. |
1108 | 1202 |
|
1109 | 1203 | ```ts |
|
0 commit comments