Product
Introducing Enhanced Alert Actions and Triage Functionality
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.
express-graphql
Advanced tools
Readme
Create a GraphQL HTTP server with any HTTP web framework that supports connect styled middleware, including Connect itself and Express.
npm install --save express-graphql
Then mount express-graphql
as a route handler:
const express = require('express');
const graphqlHTTP = require('express-graphql');
const app = express();
app.use('/graphql', graphqlHTTP({
schema: MyGraphQLSchema,
graphiql: true
}));
app.listen(4000);
The graphqlHTTP
function accepts the following options:
schema
: A GraphQLSchema
instance from graphql-js
.
A schema
must be provided.
graphiql
: If true
, presents GraphiQL when the route with a
/graphiql
appended is loaded in a browser. We recommend that you set
graphiql
to true
when your app is in development, because it's
quite useful. You may or may not want it in production.
rootValue
: A value to pass as the rootValue
to the graphql()
function from graphql-js
.
context
: A value to pass as the context
to the graphql()
function from graphql-js
. If context
is not provided, the
request
object is passed as the context.
pretty
: If true
, any JSON response will be pretty-printed.
formatError
: An optional function which will be used to format any
errors produced by fulfilling a GraphQL operation. If no function is
provided, GraphQL's default spec-compliant formatError
function will be used.
validationRules
: Optional additional validation rules queries must
satisfy in addition to those defined by the GraphQL spec.
Once installed at a path, express-graphql
will accept requests with
the parameters:
query
: A string GraphQL document to be executed.
variables
: The runtime values to use for any GraphQL query variables
as a JSON object.
operationName
: If the provided query
contains multiple named
operations, this specifies which operation should be executed. If not
provided, a 400 error will be returned if the query
contains multiple
named operations.
raw
: If the graphiql
option is enabled and the raw
parameter is
provided raw JSON will always be returned instead of GraphiQL even when
loaded from a browser.
GraphQL will first look for each parameter in the URL's query-string:
/graphql?query=query+getUser($id:ID){user(id:$id){name}}&variables={"id":"4"}
If not found in the query-string, it will look in the POST request body.
If a previous middleware has already parsed the POST body, the request.body
value will be used. Use multer
or a similar middleware to add support
for multipart/form-data
content, which may be useful for GraphQL mutations
involving uploading files. See an example using multer.
If the POST body has not yet been parsed, express-graphql will interpret it depending on the provided Content-Type header.
application/json
: the POST body will be parsed as a JSON
object of parameters.
application/x-www-form-urlencoded
: this POST body will be
parsed as a url-encoded string of key-value pairs.
application/graphql
: The POST body will be parsed as GraphQL
query string, which provides the query
parameter.
By default, the express request is passed as the GraphQL context
.
Since most express middleware operates by adding extra data to the
request object, this means you can use most express middleware just by inserting it before graphqlHTTP
is mounted. This covers scenarios such as authenticating the user, handling file uploads, or mounting GraphQL on a dynamic endpoint.
This example uses express-session
to provide GraphQL with the currently logged-in session.
const session = require('express-session');
const graphqlHTTP = require('express-graphql');
const app = express();
app.use(session({ secret: 'keyboard cat', cookie: { maxAge: 60000 }}));
app.use('/graphql', graphqlHTTP({
schema: MySessionAwareGraphQLSchema,
graphiql: true
}));
Then in your type definitions, you can access the request via the third "context" argument in your resolve
function:
new GraphQLObjectType({
name: 'MyType',
fields: {
myField: {
type: GraphQLString,
resolve(parentValue, args, request) {
// use `request.session` here
}
}
}
});
During development, it's useful to get more information from errors, such as
stack traces. Providing a function to formatError
enables this:
formatError: error => ({
message: error.message,
locations: error.locations,
stack: error.stack
})
FAQs
Production ready GraphQL HTTP middleware.
The npm package express-graphql receives a total of 254,841 weekly downloads. As such, express-graphql popularity was classified as popular.
We found that express-graphql demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 7 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Product
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.
Security News
Polyfill.io has been serving malware for months via its CDN, after the project's open source maintainer sold the service to a company based in China.
Security News
OpenSSF is warning open source maintainers to stay vigilant against reputation farming on GitHub, where users artificially inflate their status by manipulating interactions on closed issues and PRs.