Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
graphql-sequelize-generator
Advanced tools
A set of tools to easily generate a Graphql API from sequelize models.
Graphql-Sequelize-Generator (GSG) is a set of tools that will allow you to easily generate a graphql API from your sequelize models.
The tools provided by this library will allow you to:
To use GSG in your project, run:
yarn add graphql-sequelize-generator
# or "npm i --save graphql-sequelize-generator"
Caution: GSG requires at least Node v9.11.2 or greater as it is using async/await.
Example - adding a GraphQL API to my express:
const express = require("express");
const {
generateModelTypes,
generateGraphqlExpressMiddleware
} = require("graphql-sequelize-generator");
const models = require("./models");
const types = generateModelTypes(models);
graphqlSchemaDeclaration.user = {
model: models.user,
actions: ["list", "create"]
};
const server = generateApolloServer({
graphqlSchemaDeclaration,
types,
models
});
const app = express();
server.applyMiddleware({
app,
path: "/graphql"
});
Example - Add a custom mutation related to a model.
graphqlSchemaDeclaration.user = {
model: models.user,
actions: ["list", "create"],
additionalMutations: {
serverStatistics = {
type: new GraphQLObjectType({
name: "serverStatistics",
description: "Statistics about the server",
fields: {
serverBootDate: { type: GraphQLString }
}
}),
resolve: async (source, args, context, info) => {
return {
serverBootDate: context.bootDate
};
}
}
}
}
Example - Select only configuration
graphqlSchemaDeclaration.user = {
model: models.user,
actions: ["list"] // Other available options: ['list', 'create', 'update', 'delete', 'count']
};
Example queries - Query associations
{
company(order: "reverse:name", limit: 50) {
id
name
departments {
id
users {
id
name
}
}
}
serverStatistics {
serverBootDate
}
}
Example configuration - All options:
const server = generateApolloServer({
graphqlSchemaDeclaration,
types,
models,
customMutations: {
/* ...
your custom mutations that are not related to any declared models.
... */
},
// Apollo server options can be passed here.
apolloServerOptions: {
playground: true,
context: addDataloaderContext,
extensions: [
() => new ApolloNewrelicExtension(),
() => new ErrorTrackingExtension()
],
tracing: true,
// Example of socket security hook.
subscriptions: {
path: '/api/graphql',
onConnect: async (connectionParams, webSocket) => {
return getSubscriptionAccountAndUserFromJWT(connectionParams)
}
}
},
pubSubInstance
})
);
You can check the [test schema](examples which contains all of the feature available in the library.
Explore the API documentation and examples to learn more.
One thing that makes this library possible is dataloader sequelize. Those limitations are so inherited:
Only plain requests are batched, meaning requests with includes and transactions are skipped. The batching does handle limit, and where but different limits and wheres are placed in different batches. Currently this module only leverages the batching functionality from dataloader, caching is disabled.
It will mostly impact you if you try to inject tables in the include property through the before hook.
For example when trying to limit the listing of companies:
Instead of that:
list: {
before: async (findOptions, args, context) => {
if (typeof findOptions.include === "undefined") {
findOptions.include = [];
}
findOptions.include.push({
model: models.user,
where: {
id: context.myUserId
}
});
return findOptions;
};
}
Try to do this if possible:
list: {
before: async (findOptions, args, context) => {
if (typeof findOptions.where === "undefined") {
findOptions.where = {};
}
findOptions.where = {
$and: [findOptions.where, { id: context.myAllowedCompaniesIds }]
};
return findOptions;
};
}
Check out contributing guide to get an overview of open-source development at Matters.
Tests can be run with:
yarn test
A test server can be started with generated seeds with:
yarn start
It will make available a Graphiql interface at this url
This is available through this configuration:.
You can use the property "excludeFields".
graphqlSchemaDeclaration.user = {
model: models.user,
actions: ["list"],
excludeFields: ["password", "preferences"] // Individual fields or generated models can be exluded.
};
FAQs
A set of tools to easily generate a Graphql API from sequelize models.
The npm package graphql-sequelize-generator receives a total of 29 weekly downloads. As such, graphql-sequelize-generator popularity was classified as not popular.
We found that graphql-sequelize-generator demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.