Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.

Wrapping and Securing REST APIs with GraphQL

295 visualizaciones

Publicado el

Your frontend developers are pushing to get started with GraphQL, but you don't have the backend capacity to migrate your existing REST APIs to GraphQL? Or you want to have a GraphQL API next to your existing endpoints that are based on REST? In this talk, I'll show how to create a Node.js/Express server that wraps existing REST APIs into one single GraphQL endpoint, while also keeping security in mind.

Publicado en: Tecnología
  • Sé el primero en comentar

Wrapping and Securing REST APIs with GraphQL

  1. 1. Who is this for? @gethackteam
  2. 2. @gethackteam
  3. 3. @gethackteam
  4. 4. What to do…? 🤔 @gethackteam
  5. 5. A little bit about myself first… @gethackteam
  6. 6. Roy Derks @gethackteam
  7. 7. @gethackteam Suppose you’re working on this great project
  8. 8. @gethackteam TITLE CATEGORIES PRICE REST API Database
  9. 9. @gethackteam Let’s have a look at a REST API
  10. 10. …that return fixed data structures REST APIs have multiple endpoints… @gethackteam
  11. 11. @gethackteam TITLE CATEGORIES PRICE PRODUCTSPRODUCTS PRODUCTS THUMBNAILS PRODUCTS REVIEWS PRODUCTS CATEGORIES PRODUCTS CATEGORIES REST API
  12. 12. @gethackteam TITLE CATEGORIES PRICE PRODUCTSPRODUCTS PRODUCTS THUMBNAILS PRODUCTS REVIEWS PRODUCTS CATEGORIES PRODUCTS CATEGORIES REST API 1
  13. 13. @gethackteam TITLE CATEGORIES PRICE PRODUCTSPRODUCTS PRODUCTS THUMBNAILS PRODUCTS REVIEWS PRODUCTS CATEGORIES PRODUCTS CATEGORIES REST API 2 1
  14. 14. @gethackteam TITLE CATEGORIES PRICE PRODUCTSPRODUCTS PRODUCTS THUMBNAILS PRODUCTS REVIEWS PRODUCTS CATEGORIES PRODUCTS CATEGORIES REST API 2 3 1
  15. 15. I hear you thinking @gethackteam
  16. 16. @gethackteam
  17. 17. @gethackteam
  18. 18. @gethackteam So you continue… (as the brave frontend developer you are)
  19. 19. @gethackteam So you continue… (as the brave developer you are)
  20. 20. @gethackteam TITLE CATEGORIES PRICE PRODUCTSPRODUCTS PRODUCTS THUMBNAILS PRODUCTS REVIEWS PRODUCTS CATEGORIES PRODUCTS CATEGORIES REST API 1 2 3
  21. 21. …that return fixed data structures REST APIs have multiple endpoints… @gethackteam
  22. 22. @gethackteam PRODUCTSPRODUCTS PRODUCTS THUMBNAILS PRODUCTS REVIEWS PRODUCTS CATEGORIES PRODUCTS CATEGORIES REST API
  23. 23. @gethackteam PRODUCTSPRODUCTS PRODUCTS THUMBNAILS PRODUCTS REVIEWS PRODUCTS CATEGORIES PRODUCTS CATEGORIES REST API
  24. 24. @gethackteam PRODUCTSPRODUCTS PRODUCTS THUMBNAILS PRODUCTS REVIEWS PRODUCTS CATEGORIES PRODUCTS CATEGORIES REST API
  25. 25. @gethackteam PRODUCTSPRODUCTS PRODUCTS THUMBNAILS PRODUCTS REVIEWS PRODUCTS CATEGORIES PRODUCTS CATEGORIES REST API
  26. 26. @gethackteam PRODUCTSPRODUCTS PRODUCTS THUMBNAILS PRODUCTS REVIEWS PRODUCTS CATEGORIES PRODUCTS CATEGORIES REST API
  27. 27. @gethackteam PRODUCTSPRODUCTS PRODUCTS THUMBNAILS PRODUCTS REVIEWS PRODUCTS CATEGORIES PRODUCTS CATEGORIES REST API
  28. 28. @gethackteam PRODUCTSPRODUCTS PRODUCTS THUMBNAILS PRODUCTS REVIEWS PRODUCTS CATEGORIES PRODUCTS CATEGORIES REST API
  29. 29. @gethackteam TITLE CATEGORIES PRICE PRODUCTSPRODUCTS PRODUCTS THUMBNAILS PRODUCTS RATINGS PRODUCTS CATEGORIES PRODUCTS CATEGORIES REST API
  30. 30. @gethackteam TITLE CATEGORIES PRICE PRODUCTSPRODUCTS PRODUCTS THUMBNAILS PRODUCTS RATINGS PRODUCTS CATEGORIES PRODUCTS CATEGORIES REST API 1
  31. 31. @gethackteam TITLE CATEGORIES PRICE PRODUCTSPRODUCTS PRODUCTS THUMBNAILS PRODUCTS RATINGS PRODUCTS CATEGORIES PRODUCTS CATEGORIES REST API 1 2
  32. 32. @gethackteam TITLE CATEGORIES PRICE PRODUCTSPRODUCTS PRODUCTS THUMBNAILS PRODUCTS RATINGS PRODUCTS CATEGORIES PRODUCTS CATEGORIES REST API 1 2 3
  33. 33. @gethackteam
  34. 34. @gethackteam
  35. 35. What to do…? 🤔 @gethackteam
  36. 36. @gethackteam A. B. C. What to do…? 🤔
  37. 37. @gethackteam A. B. C. What to do…? 🤔
  38. 38. @gethackteam GraphQL REST
  39. 39. You have multiple options! (unfortunately we can’t discuss all) @gethackteam
  40. 40. You have multiple options! (unfortunately we can’t discuss all) @gethackteam
  41. 41. @gethackteam Create your own GraphQL server (it’s easier than you think)
  42. 42. @gethackteam Create your own GraphQL server (it’s easier than you think)
  43. 43. How to construct your schema? @gethackteam
  44. 44. REST API @gethackteam PRODUCTSPRODUCTS PRODUCTS THUMBNAILS PRODUCTS REVIEWS PRODUCTS CATEGORIES PRODUCTS CATEGORIES PRODUCTSPRODUCTS PRODUCTS THUMBNAILS PRODUCTS RATINGS PRODUCTS CATEGORIES PRODUCTS CATEGORIES GraphQL Schema
  45. 45. @gethackteam Schema PRODUCTSPRODUCTS PRODUCTS THUMBNAILS PRODUCTS REVIEWS PRODUCTS CATEGORIES PRODUCTS CATEGORIES GraphQL
  46. 46. @gethackteam Schema PRODUCTSPRODUCTS PRODUCTS THUMBNAILS PRODUCTS REVIEWS PRODUCTS CATEGORIES PRODUCTS CATEGORIES GraphQL
  47. 47. @gethackteam Schema PRODUCTSPRODUCTS PRODUCTS THUMBNAILS PRODUCTS REVIEWS PRODUCTS CATEGORIES PRODUCTS CATEGORIES GraphQL
  48. 48. @gethackteam Schema PRODUCTSPRODUCTS PRODUCTS THUMBNAILS PRODUCTS REVIEWS PRODUCTS CATEGORIES PRODUCTS CATEGORIES GraphQL
  49. 49. @gethackteam http://bit.ly/2moBLQV GraphQL server with Express
  50. 50. @gethackteam Express server
  51. 51. @gethackteam Express server Use resolvers to fetch the REST endpoints
  52. 52. TITLE CATEGORIES PRICE @gethackteam
  53. 53. TITLE CATEGORIES PRICE 1 @gethackteam
  54. 54. TITLE CATEGORIES PRICE 1 2 @gethackteam
  55. 55. TITLE CATEGORIES PRICE 1 2 3 @gethackteam
  56. 56. @gethackteam TITLE CATEGORIES PRICE
  57. 57. @gethackteam TITLE CATEGORIES PRICE 1
  58. 58. @gethackteam TITLE CATEGORIES PRICE 1
  59. 59. @gethackteam TITLE CATEGORIES PRICE 1
  60. 60. That was easy right? @gethackteam
  61. 61. But comes with two challenges… @gethackteam
  62. 62. @gethackteam Authentication Caching
  63. 63. @gethackteam Authentication Caching
  64. 64. For this I like to use JSON Web Tokens (JWT) @gethackteam
  65. 65. But comes with two challenges… @gethackteam
  66. 66. But comes with two challenges… @gethackteam Never add private information!
  67. 67. @gethackteam JWT API
  68. 68. @gethackteam /login JWT API
  69. 69. @gethackteam /login JWT API
  70. 70. @gethackteam JWT API
  71. 71. @gethackteam JWT /products API
  72. 72. @gethackteam JWT /products Only returns data with a valid JWT API
  73. 73. JWTs are passed with every request @gethackteam
  74. 74. @gethackteam
  75. 75. @gethackteam Passed to the GraphQL server
  76. 76. Remember the resolvers? @gethackteam
  77. 77. @gethackteam
  78. 78. @gethackteam Use resolvers to fetch the REST endpoints
  79. 79. @gethackteam
  80. 80. @gethackteam They can access the request headers
  81. 81. From there you can just send them along with fetch() @gethackteam
  82. 82. @gethackteam
  83. 83. @gethackteam Send them along with the fetch() request
  84. 84. Your REST API doesn’t have authentication? @gethackteam
  85. 85. You can use an authentication server @gethackteam
  86. 86. @gethackteam JWT API
  87. 87. @gethackteam /login JWT API
  88. 88. @gethackteam /login JWT API
  89. 89. @gethackteam /login JWT API
  90. 90. @gethackteam /login JWT API
  91. 91. @gethackteam JWT API
  92. 92. /products @gethackteam JWT API
  93. 93. /products @gethackteam JWT API
  94. 94. /products @gethackteam JWT Only returns data with a valid JWT API
  95. 95. Or create your own one! @gethackteam
  96. 96. @gethackteam
  97. 97. @gethackteam Encode and decode JWTs
  98. 98. But comes with two challenges… @gethackteam
  99. 99. But comes with two challenges… @gethackteam JsonWebToken.sign()
  100. 100. But comes with two challenges… @gethackteam
  101. 101. But comes with two challenges… @gethackteam JsonWebToken.verify()
  102. 102. @gethackteam Authentication Caching
  103. 103. @gethackteam Authentication Caching
  104. 104. @gethackteam http://bit.ly/2lFLemp GraphQL server with Apollo & Express
  105. 105. Apollo Data sources @gethackteam
  106. 106. Apollo Data sources @gethackteam Use models to fetch the REST endpoints
  107. 107. @gethackteam TITLE CATEGORIES PRICE
  108. 108. @gethackteam TITLE CATEGORIES PRICE 1
  109. 109. @gethackteam TITLE CATEGORIES PRICE 1
  110. 110. @gethackteam TITLE CATEGORIES PRICE 1
  111. 111. @gethackteam TITLE CATEGORIES PRICE 1
  112. 112. It helps you with caching requests @gethackteam
  113. 113. @gethackteam Apollo Data sources
  114. 114. @gethackteam Cached by default!! Apollo Data sources
  115. 115. You can also use memcached or redis @gethackteam
  116. 116. @gethackteam Apollo Data sources
  117. 117. @gethackteam Get data from request headers Apollo Data sources
  118. 118. @gethackteam Apollo Data sources
  119. 119. @gethackteam So you can pass them forward to the REST API Apollo Data sources
  120. 120. So what do we want? @gethackteam
  121. 121. @gethackteam
  122. 122. @gethackteam
  123. 123. Want to learn more? Search: Roy Derks@gethackteam https://auth0.com/docs https://www.apollographql.com/docs/

×