Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
graphql-redis-subscriptions
Advanced tools
The graphql-redis-subscriptions package is a GraphQL subscription manager that uses Redis as a Pub/Sub mechanism. It allows you to implement real-time features in your GraphQL API by leveraging Redis for message passing and event handling.
Basic Subscription Setup
This code demonstrates how to set up a basic subscription using graphql-redis-subscriptions. It defines a GraphQL schema with a subscription type and sets up a resolver to handle the subscription. The pubsub.publish method is used to publish events to the subscription.
const { RedisPubSub } = require('graphql-redis-subscriptions');
const pubsub = new RedisPubSub();
const typeDefs = `
type Query {
_: Boolean
}
type Subscription {
messageSent: String
}
`;
const resolvers = {
Subscription: {
messageSent: {
subscribe: () => pubsub.asyncIterator(['MESSAGE_SENT'])
}
}
};
// Somewhere in your code, you can publish an event
pubsub.publish('MESSAGE_SENT', { messageSent: 'Hello, world!' });
Custom Redis Client
This code demonstrates how to use a custom Redis client with graphql-redis-subscriptions. It uses the ioredis package to create custom Redis clients for the publisher and subscriber, allowing for more control over the Redis connection settings.
const Redis = require('ioredis');
const { RedisPubSub } = require('graphql-redis-subscriptions');
const options = {
host: 'localhost',
port: 6379,
retryStrategy: times => {
return Math.min(times * 50, 2000);
}
};
const pubsub = new RedisPubSub({
publisher: new Redis(options),
subscriber: new Redis(options)
});
Filtering Subscriptions
This code demonstrates how to filter subscriptions using the withFilter function from graphql-subscriptions. It allows you to filter events based on custom logic, such as only sending events to specific users.
const { withFilter } = require('graphql-subscriptions');
const { RedisPubSub } = require('graphql-redis-subscriptions');
const pubsub = new RedisPubSub();
const typeDefs = `
type Query {
_: Boolean
}
type Subscription {
messageSent(userId: ID): String
}
`;
const resolvers = {
Subscription: {
messageSent: {
subscribe: withFilter(
() => pubsub.asyncIterator('MESSAGE_SENT'),
(payload, variables) => {
return payload.userId === variables.userId;
}
)
}
}
};
// Somewhere in your code, you can publish an event
pubsub.publish('MESSAGE_SENT', { messageSent: 'Hello, user!', userId: '123' });
graphql-subscriptions is a package that provides a simple Pub/Sub implementation for GraphQL subscriptions. It is more generic and does not rely on any specific messaging system, making it more flexible but potentially less performant for large-scale applications compared to graphql-redis-subscriptions.
graphql-mqtt-subscriptions is a package that uses MQTT as the Pub/Sub mechanism for GraphQL subscriptions. It is suitable for applications that already use MQTT for messaging and need to integrate real-time features into their GraphQL API. It offers similar functionality to graphql-redis-subscriptions but uses a different underlying messaging protocol.
graphql-kafka-subscriptions is a package that uses Apache Kafka as the Pub/Sub mechanism for GraphQL subscriptions. It is designed for high-throughput and distributed systems, making it suitable for large-scale applications that require robust and scalable messaging solutions. It offers similar functionality to graphql-redis-subscriptions but is tailored for Kafka.
This package implements the PubSubEngine Interface from the graphql-subscriptions package and also the new AsyncIterator interface. It allows you to connect your subscriptions manager to a Redis Pub Sub mechanism to support multiple subscription manager instances.
At first, install the graphql-redis-subscriptions
package:
npm install graphql-redis-subscriptions
As the graphql-subscriptions package is declared as a peer dependency, you might receive warning about an unmet peer dependency if it's not installed already by one of your other packages. In that case you also need to install it too:
npm install graphql-subscriptions
Define your GraphQL schema with a Subscription
type:
schema {
query: Query
mutation: Mutation
subscription: Subscription
}
type Subscription {
somethingChanged: Result
}
type Result {
id: String
}
Now, let's create a simple RedisPubSub
instance:
import { RedisPubSub } from 'graphql-redis-subscriptions';
const pubsub = new RedisPubSub();
Now, implement your Subscriptions type resolver, using the pubsub.asyncIterator
to map the event you need:
const SOMETHING_CHANGED_TOPIC = 'something_changed';
export const resolvers = {
Subscription: {
somethingChanged: {
subscribe: () => pubsub.asyncIterator(SOMETHING_CHANGED_TOPIC),
},
},
}
Subscriptions resolvers are not a function, but an object with
subscribe
method, that returnsAsyncIterable
.
Calling the method asyncIterator
of the RedisPubSub
instance will send redis a SUBSCRIBE
message to the topic provided and will return an AsyncIterator
binded to the RedisPubSub instance and listens to any event published on that topic.
Now, the GraphQL engine knows that somethingChanged
is a subscription, and every time we will use pubsub.publish
over this topic, the RedisPubSub
will PUBLISH
the event over redis to all other subscribed instances and those in their turn will emit the event to GraphQL using the next
callback given by the GraphQL engine.
pubsub.publish(SOMETHING_CHANGED_TOPIC, { somethingChanged: { id: "123" }});
export const resolvers = {
Subscription: {
somethingChanged: {
subscribe: (_, args) => pubsub.asyncIterator(`${SOMETHING_CHANGED_TOPIC}.${args.relevantId}`),
},
},
}
export const resolvers = {
Subscription: {
somethingChanged: {
subscribe: (_, args) => pubsub.asyncIterator(`${SOMETHING_CHANGED_TOPIC}.${args.relevantId}.*`, { pattern: true })
},
},
}
import { withFilter } from 'graphql-subscriptions';
export const resolvers = {
Subscription: {
somethingChanged: {
subscribe: withFilter(
(_, args) => pubsub.asyncIterator(`${SOMETHING_CHANGED_TOPIC}.${args.relevantId}`),
(payload, variables) => payload.somethingChanged.id === variables.relevantId,
),
},
},
}
RedisPubSub
constructor can be passed a configuration object to enable some advanced features.
export interface PubSubRedisOptions {
connection?: RedisOptions | string;
triggerTransform?: TriggerTransform;
connectionListener?: (err?: Error) => void;
publisher?: RedisClient;
subscriber?: RedisClient;
reviver?: Reviver;
serializer?: Serializer;
deserializer?: Deserializer;
messageEventName?: string;
pmessageEventName?: string;
}
option | type | default | description |
---|---|---|---|
connection | object | string | undefined | the connection option is passed as is to the ioredis constructor to create redis subscriber and publisher instances. for greater controll, use publisher and subscriber options. |
triggerTransform | function | (trigger) => trigger | deprecated |
connectionListener | function | undefined | pass in connection listener to log errors or make sure connection to redis instance was created successfully. |
publisher | function | undefined | must be passed along side subscriber . see #creating-a-redis-client |
subscriber | function | undefined | must be passed along side publisher . see #creating-a-redis-client |
reviver | function | undefined | see #using-a-custom-reviver |
serializer | function | undefined | see #using-a-custom-serializerdeserializer |
deserializer | function | undefined | see #using-a-custom-serializerdeserializer |
messageEventName | string | undefined | see #receiving-messages-as-buffers |
pmessageEventName | string | undefined | see #receiving-messages-as-buffers |
The basic usage is great for development and you will be able to connect to a Redis server running on your system seamlessly. For production usage, it is recommended to pass a redis client (like ioredis) to the RedisPubSub constructor. This way you can control all the options of your redis connection, for example the connection retry strategy.
import { RedisPubSub } from 'graphql-redis-subscriptions';
import * as Redis from 'ioredis';
const options = {
host: REDIS_DOMAIN_NAME,
port: PORT_NUMBER,
retryStrategy: times => {
// reconnect after
return Math.min(times * 50, 2000);
}
};
const pubsub = new RedisPubSub({
...,
publisher: new Redis(options),
subscriber: new Redis(options)
});
Some Redis use cases require receiving binary-safe data back from redis (in a Buffer). To accomplish this, override the event names for receiving messages and pmessages. Different redis clients use different names, for example:
library | message event | message event (Buffer) | pmessage event | pmessage event (Buffer) |
---|---|---|---|---|
ioredis | message | messageBuffer | pmessage | pmessageBuffer |
node-redis | message | message_buffer | pmessage | pmessage_buffer |
import { RedisPubSub } from 'graphql-redis-subscriptions';
import * as Redis from 'ioredis';
const pubsub = new RedisPubSub({
...,
// Tells RedisPubSub to register callbacks on the messageBuffer and pmessageBuffer EventEmitters
messageEventName: 'messageBuffer',
pmessageEventName: 'pmessageBuffer',
});
Also works with your Redis Cluster
import { RedisPubSub } from 'graphql-redis-subscriptions';
import { Cluster } from 'ioredis';
const cluster = new Cluster(REDIS_NODES); // like: [{host: 'ipOrHost', port: 1234}, ...]
const pubsub = new RedisPubSub({
...,
publisher: cluster,
subscriber: cluster
});
You can learn more on the ioredis
package here.
By default, Javascript objects are (de)serialized using the JSON.stringify
and JSON.parse
methods.
You may pass your own serializer and/or deserializer function(s) as part of the options.
The deserializer
will be called with an extra context object containing pattern
(if available) and channel
properties, allowing you to access this information when subscribing to a pattern.
import { RedisPubSub } from 'graphql-redis-subscriptions';
import { someSerializer, someDeserializer } from 'some-serializer-library';
const serialize = (source) => {
return someSerializer(source);
};
const deserialize = (sourceOrBuffer, { channel, pattern }) => {
return someDeserializer(sourceOrBuffer, channel, pattern);
};
const pubSub = new RedisPubSub({ ..., serializer: serialize, deserializer: deserialize });
By default, Javascript objects are serialized using the JSON.stringify
and JSON.parse
methods.
This means that not all objects - such as Date or Regexp objects - will deserialize correctly without a custom reviver, that work out of the box with the default in-memory implementation.
For handling such objects, you may pass your own reviver function to JSON.parse
, for example to handle Date objects the following reviver can be used:
import { RedisPubSub } from 'graphql-redis-subscriptions';
const dateReviver = (key, value) => {
const isISO8601Z = /^(\d{4})-(\d{2})-(\d{2})T(\d{2}):(\d{2}):(\d{2}(?:\.\d*)?)Z$/;
if (typeof value === 'string' && isISO8601Z.test(value)) {
const tempDateNumber = Date.parse(value);
if (!isNaN(tempDateNumber)) {
return new Date(tempDateNumber);
}
}
return value;
};
const pubSub = new RedisPubSub({ ..., reviver: dateReviver });
pubSub.publish('Test', {
validTime: new Date(),
invalidTime: '2018-13-01T12:00:00Z'
});
pubSub.subscribe('Test', message => {
message.validTime; // Javascript Date
message.invalidTime; // string
});
import { RedisPubSub } from 'graphql-redis-subscriptions';
const pubsub = new RedisPubSub();
const subscriptionManager = new SubscriptionManager({
schema,
pubsub,
setupFunctions: {},
});
Recently, graphql-subscriptions package added a way to pass in options to each call of subscribe. Those options are constructed via the setupFunctions object you provide the Subscription Manager constructor. The reason for graphql-subscriptions to add that feature is to allow pub sub engines a way to reduce their subscription set using the best method of said engine. For example, Meteor's live query could use Mongo selector with arguments passed from the subscription like the subscribed entity id. For Redis, this could be a bit more simplified, but much more generic. The standard for Redis subscriptions is to use dot notations to make the subscription more specific. This is only the standard but I would like to present an example of creating a specific subscription using the channel options feature.
First I create a simple and generic trigger transform
const triggerTransform = (trigger, {path}) => [trigger, ...path].join('.');
Then I pass it to the RedisPubSub
constructor.
const pubsub = new RedisPubSub({
triggerTransform,
});
Lastly, I provide a setupFunction for commentsAdded
subscription field.
It specifies one trigger called comments.added
and it is called with the channelOptions object that holds repoName
path fragment.
const subscriptionManager = new SubscriptionManager({
schema,
setupFunctions: {
commentsAdded: (options, {repoName}) => ({
'comments.added': {
channelOptions: {path: [repoName]},
},
}),
},
pubsub,
});
When I call subscribe
like this:
const query = `
subscription X($repoName: String!) {
commentsAdded(repoName: $repoName)
}
`;
const variables = {repoName: 'graphql-redis-subscriptions'};
subscriptionManager.subscribe({query, operationName: 'X', variables, callback});
The subscription string that Redis will receive will be comments.added.graphql-redis-subscriptions
.
This subscription string is much more specific and means the the filtering required for this type of subscription is not needed anymore.
This is one step towards lifting the load off of the GraphQL API server regarding subscriptions.
Please refer to https://github.com/Grokzen/docker-redis-cluster documentation to start a cluster
$ docker run --rm -p 6379:6379 redis:alpine
$ export REDIS_CLUSTER_IP=0.0.0.0; docker run -e "IP=0.0.0.0" --rm -p 7006:7000 -p 7001:7001 -p 7002:7002 -p 7003:7003 -p 7004:7004 -p 7005:7005 grokzen/redis-cluster
npm run test
FAQs
A graphql-subscriptions PubSub Engine using redis
The npm package graphql-redis-subscriptions receives a total of 145,560 weekly downloads. As such, graphql-redis-subscriptions popularity was classified as popular.
We found that graphql-redis-subscriptions demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.