Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@graphcms/prisma-binding
Advanced tools
[![CircleCI](https://circleci.com/gh/graphcool/prisma-binding.svg?style=shield)](https://circleci.com/gh/graphcool/prisma-binding) [![npm version](https://badge.fury.io/js/prisma-binding.svg)](https://badge.fury.io/js/prisma-binding)
GraphQL Binding for Prisma services (GraphQL Database)
prisma-binding
provides a convenience layer for building GraphQL servers on top of Prisma services. In short, it simplifies implementing your GraphQL resolvers by delegating execution of queries (or mutations) to the API of the underlying Prisma database service.
Here is how it works:
prisma.graphql
(contains the full CRUD API)app.graphql
Prisma
with information about your Prisma service (such as its endpoint and the path to the database schema definition)Note: If you're using a GraphQL boilerplate project (e.g. with
graphql create
), the Prisma binding will already be configured and a few example resolvers implemented for you. You can either try the dynamic binding (e.g. in thenode-basic
boilerplate) or a static binding (e.g in thetypescript-basic
boilerplate).
yarn add prisma-binding
# or
npm install --save prisma-binding
Consider the following data model for your Prisma service:
type User {
id: ID! @unique
name: String
}
If you instantiate Prisma
based on this service, you'll be able to send the following queries/mutations:
// Instantiate `Prisma` based on concrete service
const prisma = new Prisma({
typeDefs: 'schemas/database.graphql',
endpoint: 'https://us1.prisma.sh/demo/my-service/dev'
secret: 'my-super-secret-secret'
})
// Retrieve `name` of a specific user
prisma.query.user({ where { id: 'abc' } }, '{ name }')
// Retrieve `id` and `name` of all users
prisma.query.users(null, '{ id name }')
// Create new user called `Sarah` and retrieve the `id`
prisma.mutation.createUser({ data: { name: 'Sarah' } }, '{ id }')
// Update name of a specific user and retrieve the `id`
prisma.mutation.updateUser({ where: { id: 'abc' }, data: { name: 'Sarah' } }, '{ id }')
// Delete a specific user and retrieve the `id`
prisma.mutation.deleteUser({ where: { id: 'abc' } }, '{ id }')
Under the hood, each of these function calls is simply translated into an actual HTTP request against your Prisma service (using graphql-request
).
The API also allows to ask whether a specific node exists in your Prisma database:
// Ask whether a post exists with `id` equal to `abc` and whose
// `author` is called `Sarah` (return boolean value)
prisma.exists.Post({
id: 'abc',
author: {
name: 'Sarah'
}
})
constructor(options: PrismaOptions): Prisma
The PrismaOptions
type has the following fields:
Key | Required | Type | Default | Note |
---|---|---|---|---|
typeDefs | Yes | string | - | Type definition string or file path to the schema definition of your Prisma service (typically a file called database.graphql ) |
endpoint | Yes | string | - | The endpoint of your Prisma service |
secret | Yes | string | - | The secret of your Prisma service |
fragmentReplacements | No | FragmentReplacements | null | A list of GraphQL fragment definitions, specifying fields that are required for the resolver to function correctly |
debug | No | boolean | false | Log all queries/mutations to the console |
query
and mutation
query
and mutation
are public properties on your Prisma
instance. They both are of type Query
and expose a number of auto-generated delegate resolver functions that are named after the fields on the Query
and Mutation
types in your Prisma database schema.
Each of these delegate resolvers in essence provides a convenience API for sending queries/mutations to your Prisma service, so you don't have to spell out the full query/mutation from scratch and worry about sending it over HTTP. This is all handled by the delegate resolver function under the hood.
Delegate resolver have the following interface:
(args: any, info: GraphQLResolveInfo | string): Promise<T>
The input arguments are used as follows:
args
: An object carrying potential arguments for the query/mutationinfo
: An object representing the selection set of the query/mutation, either expressed directly as a string or in the form of GraphQLResolveInfo
(you can find more info about the GraphQLResolveInfo
type here)The generic type T
corresponds to the type of the respective field.
exists
exists
also is a public property on your Prisma
instance. Similar to query
and mutation
, it also exposes a number of auto-generated functions. However, it exposes only a single function per type. This function is named according to the root field that allows the retrieval of a single node of that type (e.g. User
for a type called User
). It takes a where
object as an input argument and returns a boolean
value indicating whether the condition expressed with where
is met.
This function enables you to easily check whether a node of a specific type exists in your Prisma database.
request
The request
method lets you send GraphQL queries/mutations to your Prisma service. The functionality is identical to the auto-generated delegate resolves, but the API is more verbose as you need to spell out the full query/mutation. request
uses graphql-request
under the hood.
Here is an example of how it can be used:
const query = `
query ($userId: ID!){
user(id: $userId) {
id
name
}
}
`
const variables = { userId: 'abc' }
prisma.request(query, variables)
.then(result => console.log(result))
// sample result:
// {"data": { "user": { "id": "abc", "name": "Sarah" } } }
forwardTo
If you just want to forward a query to the exact same underlying prisma query, you can use forwardTo
:
const {forwardTo} = require('prisma-binding')
const resolvers = {
Query: {
posts: forwardTo('db')
}
}
const server = new GraphQLServer({
typeDefs: './src/schema.graphql',
resolvers,
context: req => ({
...req,
db: new Prisma({
typeDefs: 'src/generated/prisma.graphql',
endpoint: '...',
secret: 'mysecret123',
}),
debug: true,
}),
})
server.start(
() => console.log(`Server is running on http://localhost:4000`),
)
FAQs
[![CircleCI](https://circleci.com/gh/graphcool/prisma-binding.svg?style=shield)](https://circleci.com/gh/graphcool/prisma-binding) [![npm version](https://badge.fury.io/js/prisma-binding.svg)](https://badge.fury.io/js/prisma-binding)
We found that @graphcms/prisma-binding demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.