How to run a query with Apollo GraphQL? - graphql

I am trying to figure out how to write a query in Apollo GraphQL.
I have a schema and have run the application in development mode. I have authenticated through the front end.
I expect that I should be able to follow this documentation and query the user.
I can see from the studio, that the Me query should be capable of checking for my first name (which I can see is recorded in the database), but when I press run in Apollo Studio, I get a null response to the query.
Is there an assumed step to get this working that needs to be taken before queries can be run? It gets worse when I try to do a query on the users table generally. That returns a not authenticated error (I have authenticated in the local environment in the dev app).
I'm struggling to connect the dots between the documentation that shows how this is expected to run queries and the starting point. I suspect that these documents have been prepared with the expectation that users know something fundamental about how to engage with them. I'm looking for disclosure as to what those assumptions might be. I can see from this question that there is a need for an authorisation header, (although my error is to do with authentication rather than authorisation). However, in my studio, the headers tab is empty. How do I populate it and what do I use to populate it?
I can see from the Apollo dev tool that it is trying to use a logged in query. I don't understand what drives this query in the Apollo Studio. Inside the localhost web app (which is running), I am logged in. When I try and run that query in the dev tools, the isLoggedIn (name of the query) is underlined, with an error explanation appearing that says:
Cannot query field "isLoggedIn" on type "Query".
The response shows:
{
"data": {}
}
I am lost for a starting point to find something to try and solve.
I think, based on a comment in this Odyssey tutorial, that the sandbox does not know how to connect to my psql data (not sure about this, but how could it know what queries I have, and not know which data has been stored in the attributes on the schema?). My env variables include my psql attributes and my prisma migrate is up to date. How can I let the sandbox know where the data is stored?
I am trying to learn using this boilerplate repo.
For my next attempt, I tried using the login mutation to generate a token, that I could try adding to the header. I don't know if it needs to be added under the name 'authorization' or 'token', so I made headers with both attribute names and added the same token to each of them.
I tried running the me and user query again, and get a mouthful of gibberish in the response.
The link in the response text goes to a page that has the following error message:
> <Error> <Code>NoSuchKey</Code> <Message>The specified key does not
> exist.</Message> </Error>
When I try going through the process of adding an APOLLO_KEY to my env variables and starting the server, I get an error that says "Unable to reach server". When I run the diagnose script on that error, I get:
Could not find any problems with the endpoint. Would you please to let
us know about this at explorer-feedback#apollographql.com 🙏
I created a new api key and tried again and am able to connect. I am able to run a login mutation and can return my first name inside that mutation, but I cannot do it from the me or user query - those queries still return the unauthenticated error response.
I have tried adding the authorization token to the header field both with and without "", and I have tried labelling that attribute as each of authorization, Authorization, token and then each of those inside "". None of them seems to make any difference to whether I can run a query. How can I find the name of the header token that Apollo Studio Explorer will accept?
I also tried the syntax suggested in this post, which is key Authorization and value "Bearer token" (there are double quotation marks around that string and a space between the word Bearer (capitalised) and the token string). There are no curly braces. That doesn't work either.
I have also tried expressing it as shown in this page of the Apollo documentation, which I think means that the key of the header value should be Authorization and the value should be the word Bearer, immediately followed by the token string generated in the output of the Login migration, inside {{ }}. When I try this, I get the same response as each of the other attempts described above.
There is a difference in the responses though, I get an unauthenticated response on the user query, and a null response on the me query.
One final strange observation: the studio returns the above error and null responses, but if I use the apollo client dev tools in the browser console, I can run the same Me query and get the result.
The user query still returns an unauthenticated error when I run it in the dev tools.
I'd also note that I can ask for the firstName attribute, inside the Login mutation, and receive them back in that response. However, I can't access them inside a Me query itself.
The next thing I investigated was how the resolver was managing the data. The boilerplate includes a resolver with:
import { AuthenticationError } from "apollo-server-express"
import { createMethodDecorator } from "type-graphql"
import { ResolverContext } from "../resolverContext"
export function UseAuth(roles?: string[]): any {
return createMethodDecorator<ResolverContext>(async ({ context: { req } }, next) => {
const argRoles = roles || []
if (req?.currentUser) {
if (argRoles.length === 0) return next()
if (argRoles.includes(req.currentUser.role)) return next()
throw new AuthenticationError("Not authorized")
} else {
throw new AuthenticationError("Not authenticated")
}
})
}
I wondered if maybe the role wasn't being considered. But I can see that it is inside the login mutation, but is not in a query.
Is there a 'for dummies' guide to getting started with apollo graphql?


I hope this spares someone some angst.
The format that works in Apollo Studio Explorer is
Key: Authorization
Value: Bearer[space][token]
There are no curly braces and no quotation marks in any of this. See this post for more discussion about this.

Related

Laravel - retrieve data inside controller – POST x PATCH

First important information: I’m new to laravel, so your patience is appreciated.
I’m currently migrating a framework of mine to laravel, so I’m in the early stages.
Currently, I’m trying to set up an API endpoint to make small changes on some records. I’ve already managed to set up a API for inserting records and works perfectly. However, for setting up an API for small changes (patch), I’m having difficulties, probably because I’m not fully familiar with laravel’s Request class.
My successful insert set up looks like this:
\routes\api.php
Route::post('/categories/',[ApiCategoriesInsertController::class, 'insertCategories'], function($insertCategoriesResults) {
return response()->json($insertCategoriesResults);
})->name('api.categories.insert');
\app\Http\Controllers\ApiCategoriesInsertController.php
// some code
public function insertCategories(Request $req): array
{
$this->arrCategoriesInsertParameters['_tblCategoriesIdParent'] = $req->post('id_parent');
// some code
}
With this set up, I’m able to retrieve “id_parent” data set through POST.
So, I tried to do exactly the same architecture for patch, but doesn’t seem to work:
\routes\api.php
Route::patch('/records/',[ApiRecordsPatchController::class, 'patchRecords'], function($patchRecordsResults) {
return response()->json($patchRecordsResults);
})->name('api.records.patch');
\app\Http\Controllers\ApiRecordsPatchController.php
// some code
public function patchRecords(Request $req): array
{
$this->arrRecordsPatchParameters['_strTable'] = $req->post('strTable');
// some code
}
In this case, I´m using postman (PATCH request), testing the data in the "Body tab" with key "strTable" and value "123xxx" and I´m receiving “strTable” as null.
Any idea of why this is happening or if I should use another method in the Request class?
Thanks!

You can access parameters on the Request object using one of the following methods:
$req->strTable;
// or
$req->input('strTable');
The input method also accepts a second parameter which will be used as the default return value if the key is not present in the Request.
If you want to check whether or not the Request contains a value before you attempt to access it, you can use filled:
if ($req->filled('strTable')) {
// The request contains a value
}

Turns out that the way I had set up was in fact working and retrieving data:
$req->post('strTable');
The problem was in how I was testing it. In postman, there are several options to configure:
form-data
x-www-form-urlencoded
raw
binary
I had already switched to x-www-form-urlencoded to test it, but I forgot to fill the “key” and “value” information again. I didn’t realize that the fields blank as we switch between them.
Summing it up: It works when x-www-form-urlencoded selected but doesn’t work with form-data selected. Don’t know what the difference between them yet, but I’ll research it further.
By the way, it worked also with the suggestion from Rube Hart:

Correct way to return REST Api response

I am developing a REST API for a website, let's say i have a POST endpoint('/users/create') which i want to create the user if they don't already exist and return the user as a result.
What this would look like is:
#PostMapping(value = "/users/create")
public User createUser(#RequestBody UserDTO form)
The problem with this is that when the user is successfully created there is no problem just returning the user with a response code 200. The problem comes when I am doing input validation and for example a user with that email already exists and i want to return user: null and some sort of message as to what specifically failed in the user creation. I've thought about multiple posibilities such as creating a custom object that has fields for both an object of any type ( user in this case ) and a message along with it, as well as using HttpServletResponse / ResponseEntity. They all seem like they are overcomplicating something that should be realtively simple in my eyes and i don't know which approach is the best. First time posting so excuse me if i'm a bit all over the place.

there probaly is an solution which uses the Http error system but as an alternative I would use an if statement on both sides, which checks if the user already exists and if it does it sends user:error or something like that. The client side then has to check if the anwser is a user or error and if it is error a pre programmed message is shown

Verify graphql query

I'm building a simple platform using graphql as api gateway and a frontend that send some queries to this api, I'm blocked on how can I validate a query before run it to avoid malicious query to be ran. I was thinking to use persistgraphql but I just noticed that is now archived so I'm not sure if it's a good idea to use it, the second problem is that the api and the frontend are in 2 different repo so I didn't find yet a solution to whitelisting the query in the frontend and use this whitelist in the api...what's the best solution to whitelist a query with graphql?

If your concern is limiting access to certain fields based on who is making the request, then you should implement some kind of authorization strategy. You can populate the context with information about the logged in user and then use this information inside your resolvers for the fields you want to protect to determine whether the value of the field should be returned or not.
const resolvers = {
User: {
somePrivateField: (user, args, ctx) => {
// Make sure the request is from a logged in user and the user making the
// request is the same as the requested user OR the user is an admin
if (ctx.user && ( ctx.user.id === user.id || ctx.user.isAdmin )) {
return user.somePrivateField
}
// throw an error or just return null or undefined to resolve the field to
// null in the event authorization fails
}
}
}
More sophisticated strategies are possible using directives or existing libraries like graphql-shield.
Of course, certain fields that may exist on your database model -- like passwords -- should probably never be exposed in your API in the first place.

How to send graphql query by postman?

I use
POST type
URL http://######/graphql
Body:
query: "query: "{'noteTypes': {'name', 'label', 'labelColor', 'groupName', 'groupLabel', 'imageUrl'}}"
But it return
"message": "Must provide query string."

There's a better way to do it using the REST client Insomnia
Docs are here, how to send graphql queries: https://support.insomnia.rest/article/61-graphql
Below are the steps for postman
Step 1.
Run the GraphiQL in Chrome, open the Chrome Dev Console, click the Network tab, and make the query from graphiql, when you make the query, network tab will show the graphql request...
Step 2.
From the graphql request copy the request query, Select the Copy as cURL (cmd)
Step 3.
Open Postman, In the Top-Left click on the Import button, after you click Import you have to click the Paste Raw Text, and paste the copied cURL request as done in step2 after it's done click the Import
Step 4.
Postman is ready to send the Graphql request, Just Click on the Send Button, you will see the Response in the Response Box in body as below
Step 5.
To see how the query is being sent click on the Body tab next to Headers, you will get know how to provide the fields from postman in JSON format.
e.g: edges {\n node {\n id\n jobId\n }\n, If you want to view another field then you need to add it in with the suffix \n
like if need name then : edges {\n node {\n id\n jobId\n name\n }\n
\n here just means to represent a new line. Instead, you can make it simpler by providing a clear and illustrative JSON like below
===========================================================================
Note: The body type must be raw with application/json content-type. So, the query must be a valid JSON with quotes ".."
{
"query":"{viewer {user {edges {node {id jobId name }}}}}"
}
===========================================================================
you can directly start from step 5 if you know how to send the query in body and other things too that needs to be required while making a request from postman
With simplified JSON

You don't need INSOMNIA in case the GraphQL server responds to Content-type: application/graphql or postman.setEnvironmentVariable,
Just do it:
In Headers tab:
Content-Type: application/graphql
In Body tab, "raw" selected, put your query

Adding this for anyone searching on the topic ... you can utilize and test GraphQL calls far better and more easily with Insomnia:
https://insomnia.rest
It's been fantastic for GraphQL development.

There's a simple way to do it. Use a pre-request script to stringify the payload (source).
Step 1.
In the body of the request put a placeholder for the payload.
{
"query":{{query}}
}
Step 2.
Create the payload in the pre-request script and store it in an environment variable.
postman.setEnvironmentVariable("query", JSON.stringify(
`
{
search(query: "test", type: ISSUE, first: 10) {
issueCount
edges {
node {
... on Issue {
title
id
state
closed
repository {
name
}
}
}
}
}
}
`
));
That's it.

UPDATE 8-2019 - I know this is old, but regarding POSTMAN, if you haven't figured it out already, they do have a graphql (beta) option for posting body. There is no need to add any additional headers.

UPDATE 2:
It's not practical use POSTMAN, because the are working yet in a easy way to add headers, that take longtime, and i think POSTMAN is not made for work naturally with graphql,
you can follow the progress about that here:
https://github.com/postmanlabs/postman-app-support/issues/1669
I recommend to use another packages plugin like:
the best (like postman , but profile and sync price 5$ monthly):
https://insomnia.rest/
others:
https://github.com/andev-software/graphql-ide
https://github.com/imolorhe
for graphiql (no add headers possibility) you need to set three things (it's not easy to type):
Header:
Content-Type: application/json
Body:
Choose Ray < optiongroup
Choose JSON (application/json) < selectbox
Compose javascript object with "query" and the "value" of your graph query. Like all objects in js it'sneeded the propery and the value , in this case "quote" is the property, the value must be with double quotes. Inside the value (graphl string) you dont compose js objects, so you dont need use doble quotes, it's just a string.
{"query":"{ allQuotes { text } }" }
the problem is you need type all in a single line, no like grapIql... there is a post requirement in postman github so is easy work with graphql:

Postman just released inbuilt GraphQL support in version 7.2.
This version supports
Sending GraphQL queries in request body as POST requests
Support for GraphQL variables
Creating APIs in Postman with GraphQL schema type
Query autocompletion integrated with user defined GraphQL schemas
Please give it a try and give us your feedback on the tracking thread on our community forum

I faced the same problem when I try to used graphQl query using POSTMAN,
In POSTMAN send data from the raw tab with json type.
Query Command:
{"query":"{user(id:902){id,username,DOB}}"}
Mutations Command:
{ "query": "mutation {createMutations(reviewer:36, comments:\"hello\",data_id: 1659, approved: true ){id}}" }
#commnent: String Type
#data_id:Int Type
#approved:Boolean Type

If you're using Visual Studio, I have written a plugin to convert GraphQL to Restful body
https://marketplace.visualstudio.com/items?itemName=orasik.graphql-to-rest-queries

Postman has recently launched its out of box support for GraphQL: https://blog.getpostman.com/2019/06/18/postman-v7-2-supports-graphql/
Below is the screenshot of testing GraphQL locally:
Note: Running GraphQL locally using spring-boot https://www.baeldung.com/spring-graphql

Deriving from EstevĂŁo Lucas' answer.
You can also use header Content-type: application/json on postman
And define the body with:
{
"query": "{ your_query }"
}
This is easily constructed on the client side to form a request payload.
e.g.
Output:

Checkout https://github.com/hasura/graphqurl - curl for GraphQL:
CLI for making GraphQL queries with autocomplete
Run GraphiQL locally against any endpoint (with custom headers)
Use as a library with nodejs or from the browser
Supports subscriptions
I am one of the authors.
gq https://gentle-anchorage-72051.herokuapp.com/v1alpha1/graphql -i

IF we can pass header type, Then add the header Content-type: application/graphql
Below link can be used as reference:
link description here

By adding header we can run graphql query in the postman
Content-type: application/graphql

Writing data to model from POST request (Odoo 9.0)

I have the following model:
class LibraryBook(models.Model):
_name = 'library.book'
name = fields.Char('Title', required=True)
date_release = fields.Date("Release Date")
author_ids = fields.Many2many("res.partner", string="Authors")
I'm new to Odoo and trying to understand the basics of how to save data to my model from a POST request like the following
curl -i -X POST --data "name=Odoo%20-%20Much%20Mystery,%20Wow&author_id=Doge" http://0.0.0.0:8069/test
I found a way doing this by setting the csrf parameter in my controller to false like so:
[...]
#http.route('/test', type='http', auth='public',methods=['POST'], website=True, csrf=False)
def test(self, **kwargs):
record = request.env['library.book'].sudo()
record.create(kwargs)
I'm wondering now if there is a way to avoid setting csrf=false since I've read that it's a bad idea to do so in general. Also, what would I need to get rid of that .sudo()? Not setting csrf=false leads to a 400 BAD REQUEST with Invalid CSRF token. Removing sudo() leads to a 500 INTERNAL SERVER ERROR. In Odoo Development Cookbook it says in one example with auth='none'
Lack of a user is also why we have to sudo() all our calls to model methods in the example code
Assuming I would expect a POST request from an API, is it possible to associate it with a user so I don't have to sudo()?
I would very much appreciate any clarification on this.
UPDATE
So I just found this (line 817):
if the form is accessed by an external third party (e.g. REST API endpoint, payment gateway callback) you will need to disable CSRF
protection (and implement your own protection if necessary) by
passing the csrf=False parameter to the route decorator.
which I guess leaves only one question open, regarding sudo.

SUDO()
creates a new environment with the provided user set, uses the administrator if none is provided (to bypass access rights/rules in safe contexts), returns a copy of the recordset it is called on using the new environment:
Odoo does not allow public users to create, update, delete a record.
If we want to create a record from the public users then we need to create a record with the sudo().
Create record object as administrator
request.env['library.book'].sudo().create(vals)
I hope this may help you.
for more information you can navigate to following links :
https://www.odoo.com/documentation/9.0/reference/orm.html
Thanks

Resources