Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
github.com/99designs/gqlgen
gqlgen is a Go library for building GraphQL servers without any fuss.
map[string]interface{}
here.Still not convinced enough to use gqlgen? Compare gqlgen with other Go graphql implementations
mkdir example
cd example
go mod init example
Add github.com/99designs/gqlgen
to your project's tools.go
printf '//go:build tools\npackage tools\nimport (_ "github.com/99designs/gqlgen"\n _ "github.com/99designs/gqlgen/graphql/introspection")' | gofmt > tools.go
go mod tidy
Initialise gqlgen config and generate models
go run github.com/99designs/gqlgen init
go mod tidy
Start the graphql server
go run server.go
More help to get started:
If you think you've found a bug, or something isn't behaving the way you think it should, please raise an issue on GitHub.
We welcome contributions, Read our Contribution Guidelines to learn more about contributing to gqlgen
When you have nested or recursive schema like this:
type User {
id: ID!
name: String!
friends: [User!]!
}
You need to tell gqlgen that it should only fetch friends if the user requested it. There are two ways to do this:
Write a custom model that omits the friends field:
type User struct {
ID int
Name string
}
And reference the model in gqlgen.yml
:
# gqlgen.yml
models:
User:
model: github.com/you/pkg/model.User # go import path to the User struct above
If you want to keep using the generated model, mark the field as requiring a resolver explicitly in gqlgen.yml
like this:
# gqlgen.yml
models:
User:
fields:
friends:
resolver: true # force a resolver to be generated
After doing either of the above and running generate we will need to provide a resolver for friends:
func (r *userResolver) Friends(ctx context.Context, obj *User) ([]*User, error) {
// select * from user where friendid = obj.ID
return friends, nil
}
You can also use inline config with directives to achieve the same result
directive @goModel(model: String, models: [String!]) on OBJECT
| INPUT_OBJECT
| SCALAR
| ENUM
| INTERFACE
| UNION
directive @goField(forceResolver: Boolean, name: String, omittable: Boolean) on INPUT_FIELD_DEFINITION
| FIELD_DEFINITION
type User @goModel(model: "github.com/you/pkg/model.User") {
id: ID! @goField(name: "todoId")
friends: [User!]! @goField(forceResolver: true)
}
Yes! You can by remapping it in config as seen below:
models:
ID: # The GraphQL type ID is backed by
model:
- github.com/99designs/gqlgen/graphql.IntID # a go integer
- github.com/99designs/gqlgen/graphql.ID # or a go string
- github.com/99designs/gqlgen/graphql.UintID # or a go uint
This means gqlgen will be able to automatically bind to strings or ints for models you have written yourself, but the first model in this list is used as the default type and it will always be used when:
There isn't any way around this, gqlgen has no way to know what you want in a given context.
These were added in v0.17.14 to allow accessing common interface fields without casting to a concrete type. However, certain fields, like Relay-style Connections, cannot be implemented with simple getters.
If you'd prefer to not have getters generated in your interfaces, you can add the following in your gqlgen.yml
:
# gqlgen.yml
omit_getters: true
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.