- authenticate with Auth0, get JWT
-
me
query (with JWT asAuthorization
header) - validate JWT
- return user specific data (like
id
,name
, etc)
- authenticate with Auth0, get JWT
- signup mutation (with JWT and any app-specific data)
- validate JWT and user data (e.g. user already exists, etc)
- create new user
- Auth0 JWT used for authorization
- authenticate with Auth0, get JWT
- create new user / login
- JWT used for authorization
- RS256 example
NODE_PATH="server"
🚀 Advanced starter code for a scalable, production-ready GraphQL server for Node.js, including authentication and realtime functionality with GraphQL subscriptions.
- Scalable GraphQL Server:
graphql-yoga
based on Apollo Server & Express - GraphQL-native database: Includes GraphQL database binding to Graphcool (running on MySQL)
- Out-of-the-box support for GraphQL Playground & Tracing
- Simple data model – easy to adjust
- Preconfigured
graphql-config
setup - Authentication based on email & password
- Realtime functionality with GraphQL subscriptions (coming soon)
You need to have the following things installed:
- Node 8+
- Graphcool CLI:
npm i -g graphcool@beta
- GraphQL CLI:
npm i -g graphql-cli
- GraphQL Playground desktop app (optional): Download
# Bootstrap GraphQL server in directory `my-app`, based on `node-advanced` boilerplate
graphql create my-app --boilerplate node-advanced
# Navigate to the new project
cd my-app
# Deploy the Graphcool database
graphcool deploy
# Start server (runs on http://localhost:4000)
yarn start
# Open Playground to explore GraphQL API
yarn playground
Alternative: Clone repo
# Clone the repo and navigate into project directory
git clone https://github.com/graphql-boilerplates/node-graphql-server.git
cd node-graphql-server/advanced
# Deploy the Graphcool database
graphcool deploy
# Install node dependencies
yarn install
# Start server (runs on http://localhost:4000)
yarn start
# Open Playground to explore GraphQL API
yarn playground
yarn start
starts GraphQL serveryarn debug
starts GraphQL server in debug mode (open chrome://inspect/#devices to debug)yarn playground
opens the GraphQL Playgroundyarn build
builds the applicationyarn deploy
deploys GraphQL server tonow
.env
Contains important environment variables for development. Read about how it works here..graphqlconfig.yml
GraphQL configuration file containing the endpoints and schema configuration. Used by thegraphql-cli
and the GraphQL Playground. Seegraphql-config
for more information.graphcool.yml
: The root configuration file for your database service (documentation).
database/datamodel.graphql
contains the data model that you define for the project (written in SDL).database/schema.generated.graphql
defines the database schema. It contains the definition of the CRUD API for the types in your data model and is generated based on yourdatamodel.graphql
. You should never edit this file manually, but introduce changes only by alteringdatamodel.graphql
and rungraphcool deploy
.
server/schema.graphql
defines your application schema. It contains the GraphQL API that you want to expose to your client applications.server/index.js
is the entry point of your server, pulling everything together and starting theGraphQLServer
fromgraphql-yoga
.server/resolvers/
contains the actual business logic of your application. In GraphQL, you implement resolver functions that resolve a specific query being requested.
Access to the Graphcool API is secured by a secret. This also applies to the introspection query. Using the latest version of GraphQL Playground, the Authorization
header should automatically be setup with a proper JWT signing the secret. If that's not the case, you can follow these steps to access your API:
- Visit http://jwtbuilder.jamiekurtz.com/
- Replace the
Key
at the bottom of the page with your secret from the.env
file - Click
Create signed JWT
and copy the obtained token - Now, to access the schema, use the
Authorization: Bearer <token>
header, or in the GraphQL Playground set it as JSON:{ "Authorization": "Bearer <token>" }
- Reload the schema in the Playground (the refresh-button is located right next to the URL of the server)
Note: Currently, no content of the signed JWT is verified by the database! This will be implemented according to this proposal at a later stage.
Your feedback is very helpful, please share your opinion and thoughts! If you have any questions, join the #graphql-boilerplate
channel on our Slack.