--- sidebar: auto --- # Guide to Super Graph Super Graph is a service that instantly and without code gives you a high performance and secure GraphQL API. Your GraphQL queries are auto translated into a single fast SQL query. No more spending weeks or months writing backend API code. Just make the query you need and Super Graph will do the rest. Super Graph has a rich feature set like integrating with your existing Ruby on Rails apps, joining your DB with data from remote APIs, Role and Attribute based access control, Support for JWT tokens, DB migrations, seeding and a lot more. ## Features - Role and Attribute based access control - Works with existing Ruby-On-Rails apps - Automatically learns database schemas and relationships - Full text search and aggregations - Rails authentication supported (Redis, Memcache, Cookie) - JWT tokens supported (Auth0, etc) - Join database with remote REST APIs - Highly optimized and fast Postgres SQL queries - GraphQL queries and mutations - A simple config file - High performance GO codebase - Tiny docker image and low memory requirements - Fuzz tested for security - Database migrations tool - Database seeding tool ## Try the demo app ```bash # clone the repository git clone https://github.com/dosco/super-graph # setup the demo rails app & database and run it docker-compose run rails_app rake db:create db:migrate db:seed # run the demo docker-compose up # signin to the demo app (user1@demo.com / 123456) open http://localhost:3000 # try the super graph web ui open http://localhost:8080 ``` ::: tip DEMO REQUIREMENTS This demo requires `docker` you can either install it using `brew` or from the docker website [https://docs.docker.com/docker-for-mac/install/](https://docs.docker.com/docker-for-mac/install/) ::: #### Trying out GraphQL We fully support queries and mutations. For example the below GraphQL query would fetch two products that belong to the current user where the price is greater than 10. #### GQL Query ```graphql query { users { id email picture : avatar password full_name products(limit: 2, where: { price: { gt: 10 } }) { id name description price } } } ``` #### JSON Result ```json { "data": { "users": [ { "id": 1, "email": "odilia@west.info", "picture": "https://robohash.org/simur.png?size=300x300", "full_name": "Edwin Orn", "products": [ { "id": 16, "name": "Sierra Nevada Style Ale", "description": "Belgian Abbey, 92 IBU, 4.7%, 17.4°Blg", "price": 16.47 }, ... ] } ] } } ``` ::: tip Testing with a user In development mode you can use the `X-User-ID: 4` header to set a user id so you don't have to worries about cookies etc. This can be set using the *HTTP Headers* tab at the bottom of the web UI. ::: In another example the below GraphQL mutation would insert a product into the database. The first part of the below example is the variable data and the second half is the GraphQL mutation. For mutations data has to always ben passed as a variable. ```json { "data": { "name": "Art of Computer Programming", "description": "The Art of Computer Programming (TAOCP) is a comprehensive monograph written by computer scientist Donald Knuth", "price": 30.5 } } ``` ```graphql mutation { product(insert: $data) { id name } } ``` ## Why Super Graph Let's take a simple example say you want to fetch 5 products priced over 12 dollars along with the photos of the products and the users that owns them. Additionally also fetch the last 10 of your own purchases along with the name and ID of the product you purchased. This is a common type of query to render a view in say an ecommerce app. Lets be honest it's not very exciting write and maintain. Keep in mind the data needed will only continue to grow and change as your app evolves. Developers might find that most ORMs will not be able to do all of this in a single SQL query and will require n+1 queries to fetch all the data and assembly it into the right JSON response. What if I told you Super Graph will fetch all this data with a single SQL query and without you having to write a single line of code. Also as your app evolves feel free to evolve the query as you like. In our experience Super Graph saves us hundreds or thousands of man hours that we can put towards the more exciting parts of our app. #### GraphQL Query ```graphql query { products(limit 5, where: { price: { gt: 12 } }) { id name description price photos { url } user { id email picture : avatar full_name } } purchases( limit 10, order_by: { created_at: desc } , where: { user_id: { eq: $user_id } } ) { id created_at product { id name } } } ``` #### JSON Result ```json "data": { "products": [ { "id": 1, "name": "Oaked Arrogant Bastard Ale", "description": "Coors lite, European Amber Lager, Perle, 1272 - American Ale II, 38 IBU, 6.4%, 9.7°Blg", "price": 20, "photos: [{ "url": "https://www.scienceworld.ca/wp-content/uploads/science-world-beer-flavours.jpg" }], "user": { "id": 1, "email": "user0@demo.com", "picture": "https://robohash.org/sitaliquamquaerat.png?size=300x300&set=set1", "full_name": "Mrs. Wilhemina Hilpert" } }, ... ] }, "purchases": [ { "id": 5, "created_at": "2020-01-24T05:34:39.880599", "product": { "id": 45, "name": "Brooklyn Black", } }, ... ] } ``` ## Get Started Super Graph can generate your initial app for you. The generated app will have config files, database migrations and seed files among other things like docker related files. You can then add your database schema to the migrations, maybe create some seed data using the seed script and launch Super Graph. You're now good to go and can start working on your UI frontend in React, Vue or whatever. ```bash # Download and install Super Graph. You will need Go 1.13 or above git clone https://github.com/dosco/super-graph && cd super-graph && make install ``` And then create and launch you're new app ```bash # create a new app and change to it's directory super-graph new blog; cd blog # setup the app database and seed it with fake data. Docker compose will start a Postgres database for your app docker-compose run blog_api ./super-graph db:setup # and finally launch Super Graph configured for your app docker-compose up ``` Lets take a look at the files generated by Super Graph when you create a new app ```bash super-graph new blog > created 'blog' > created 'blog/Dockerfile' > created 'blog/docker-compose.yml' > created 'blog/config' > created 'blog/config/dev.yml' > created 'blog/config/prod.yml' > created 'blog/config/seed.js' > created 'blog/config/migrations' > created 'blog/config/migrations/100_init.sql' > app 'blog' initialized ``` ### Docker files Docker Compose is a great way to run multiple services while developing on your desktop or laptop. In our case we need Postgres and Super Graph to both be running and the `docker-compose.yml` is configured to do just that. The Super Graph service is named after your app postfixed with `_api`. The Dockerfile can be used build a containr of your app for production deployment. ```bash docker-compose run blog_api ./super-graph help ``` ### Config files All the config files needs to configure Super Graph for your app are contained in this folder for starters you have two `dev.yaml` and `prod.yaml`. When the `GO_ENV` environment variable is set to `development` then `dev.yaml` is used and the prod one when it's set to `production`. Stage and Test are the other two environment options, but you can set the `GO_ENV` to whatever you like (eg. `alpha-test`) and Super Graph will look for a yaml file with that name to load config from. ### Seed.js Having data flowing through your API makes building your frontend UI so much easier. When creafting say a user profile wouldn't it be nice for the API to return a fake user with name, picture and all. This is why having the ability to seed your database is important. Seeding cn also be used in production to setup some initial users like the admins or to add an initial set of products to a ecommerce store. Super Graph makes this easy by allowing you to write your seeding script in plan old Javascript. The below file that auto-generated for new apps uses our built-in functions `fake` and `graphql` to generate fake data and use GraphQL mutations to insert it into the database. ```javascript // Example script to seed database var users = []; for (i = 0; i < 10; i++) { var data = { full_name: fake.name(), email: fake.email() } var res = graphql(" \ mutation { \ user(insert: $data) { \ id \ } \ }", { data: data }) users.push(res.user) } ``` You can generate the following fake data for your seeding purposes. Below is the list of fake data functions supported by the built-in fake data library. For example `fake.image_url()` will generate a fake image url or `fake.shuffle_strings(['hello', 'world', 'cool'])` will generate a randomly shuffled version of that array of strings or `fake.rand_string(['hello', 'world', 'cool'])` will return a random string from the array provided. ``` // Person person name name_prefix name_suffix first_name last_name gender ssn contact email phone phone_formatted username password // Address address city country country_abr state state_abr status_code street street_name street_number street_prefix street_suffix zip latitude latitude_in_range longitude longitude_in_range // Beer beer_alcohol beer_hop beer_ibu beer_blg beer_malt beer_name beer_style beer_yeast // Cars vehicle vehicle_type car_maker car_model fuel_type transmission_gear_type // Text word sentence paragraph question quote // Misc generate boolean uuid // Colors color hex_color rgb_color safe_color // Internet url image_url domain_name domain_suffix ipv4_address ipv6_address simple_status_code http_method user_agent user_agent_firefox user_agent_chrome user_agent_opera user_agent_safari // Date / Time date date_range nano_second second minute hour month day weekday year timezone timezone_abv timezone_full timezone_offset // Payment price credit_card credit_card_cvv credit_card_number credit_card_number_luhn credit_card_type currency currency_long currency_short // Company bs buzzword company company_suffix job job_description job_level job_title // Hacker hacker_abbreviation hacker_adjective hacker_ingverb hacker_noun hacker_phrase hacker_verb //Hipster hipster_word hipster_paragraph hipster_sentence // File extension mine_type // Numbers number numerify int8 int16 int32 int64 uint8 uint16 uint32 uint64 float32 float32_range float64 float64_range shuffle_ints mac_address //String digit letter lexify rand_string shuffle_strings numerify ``` ### Migrations Easy database migrations is the most important thing when building products backend by a relational database. We make it super easy to manage and migrate your database. ```bash super-graph db:new create_users > created migration 'config/migrations/101_create_users.sql' ``` Migrations in Super Graph are plain old Postgres SQL. Here's an example for the above migration. ```sql -- Write your migrate up statements here CREATE TABLE public.users ( id bigint GENERATED ALWAYS AS IDENTITY PRIMARY KEY, full_name text, email text UNIQUE NOT NULL CHECK (length(email) < 255), created_at timestamptz NOT NULL NOT NULL DEFAULT NOW(), updated_at timestamptz NOT NULL NOT NULL DEFAULT NOW() ); ---- create above / drop below ---- -- Write your down migrate statements here. If this migration is irreversible -- then delete the separator line above. DROP TABLE public.users ``` We would encourage you to leverage triggers to maintain consistancy of your data for example here are a couple triggers that you can add to you init migration and across your tables. ```sql -- This trigger script will set the updated_at column everytime a row is updated CREATE OR REPLACE FUNCTION trigger_set_updated_at() RETURNS TRIGGER SET SCHEMA 'public' LANGUAGE 'plpgsql' AS $$ BEGIN new.updated_at = now(); RETURN new; END; $$; ... -- An exmple of adding this trigger to the users table CREATE TRIGGER set_updated_at BEFORE UPDATE ON public.users FOR EACH ROW EXECUTE PROCEDURE trigger_set_updated_at(); ``` ```sql -- This trigger script will set the user_id column to the current -- Super Graph user.id value everytime a row is created or updated CREATE OR REPLACE FUNCTION trigger_set_user_id() RETURNS TRIGGER SET SCHEMA 'public' LANGUAGE 'plpgsql' AS $$ BEGIN IF TG_OP = 'UPDATE' THEN new.user_id = old.user_id; ELSE new.user_id = current_setting('user.id')::int; END IF; RETURN new; END; $$; ... -- An exmple of adding this trigger to the blog_posts table CREATE TRIGGER set_user_id BEFORE INSERT OR UPDATE ON public.blog_posts FOR EACH ROW EXECUTE PROCEDURE trigger_set_user_id(); ``` ## How to GraphQL GraphQL (GQL) is a simple query syntax that's fast replacing REST APIs. GQL is great since it allows web developers to fetch the exact data that they need without depending on changes to backend code. Also if you squint hard enough it looks a little bit like JSON :smiley: The below query will fetch an `users` name, email and avatar image (renamed as picture). If you also need the users `id` then just add it to the query. ```graphql query { user { full_name email picture : avatar } } ``` Multiple tables can also be fetched using a single GraphQL query. This is very fast since the entire query is converted into a single SQL query which the database can efficiently run. ```graphql query { user { full_name email } products { name description } } ``` ### Fetching data To fetch a specific `product` by it's ID you can use the `id` argument. The real name id field will be resolved automatically so this query will work even if your id column is named something like `product_id`. ```graphql query { products(id: 3) { name } } ``` Postgres also supports full text search using a TSV index. Super Graph makes it easy to use this full text search capability using the `search` argument. ```graphql query { products(search: "ale") { name } } ``` ### Sorting To sort or ordering results just use the `order_by` argument. This can be combined with `where`, `search`, etc to build complex queries to fit you needs. ```graphql query { products(order_by: { cached_votes_total: desc }) { id name } } ``` ### Filtering Super Graph support complex queries where you can add filters, ordering,offsets and limits on the query. For example the below query will list all products where the price is greater than 10 and the id is not 5. ```graphql query { products(where: { and: { price: { gt: 10 }, not: { id: { eq: 5 } } } }) { name price } } ``` #### Nested where clause targeting related tables Sometimes you need to query a table based on a condition that applies to a related table. For example say you need to list all users who belong to an account. This query below will fetch the id and email or all users who belong to the account with id 3. ```graphql query { users(where: { accounts: { id: { eq: 3 } } }) { id email } }` ``` #### Logical Operators Name | Example | Explained | --- | --- | --- | and | price : { and : { gt: 10.5, lt: 20 } | price > 10.5 AND price < 20 or | or : { price : { greater_than : 20 }, quantity: { gt : 0 } } | price >= 20 OR quantity > 0 not | not: { or : { quantity : { eq: 0 }, price : { eq: 0 } } } | NOT (quantity = 0 OR price = 0) #### Other conditions Name | Example | Explained | --- | --- | --- | eq, equals | id : { eq: 100 } | id = 100 neq, not_equals | id: { not_equals: 100 } | id != 100 gt, greater_than | id: { gt: 100 } | id > 100 lt, lesser_than | id: { gt: 100 } | id < 100 gte, greater_or_equals | id: { gte: 100 } | id >= 100 lte, lesser_or_equals | id: { lesser_or_equals: 100 } | id <= 100 in | status: { in: [ "A", "B", "C" ] } | status IN ('A', 'B', 'C) nin, not_in | status: { in: [ "A", "B", "C" ] } | status IN ('A', 'B', 'C) like | name: { like "phil%" } | Names starting with 'phil' nlike, not_like | name: { nlike "v%m" } | Not names starting with 'v' and ending with 'm' ilike | name: { ilike "%wOn" } | Names ending with 'won' case-insensitive nilike, not_ilike | name: { nilike "%wOn" } | Not names ending with 'won' case-insensitive similar | name: { similar: "%(b\|d)%" } | [Similar Docs](https://www.postgresql.org/docs/9/functions-matching.html#FUNCTIONS-SIMILARTO-REGEXP) nsimilar, not_similar | name: { nsimilar: "%(b\|d)%" } | [Not Similar Docs](https://www.postgresql.org/docs/9/functions-matching.html#FUNCTIONS-SIMILARTO-REGEXP) has_key | column: { has_key: 'b' } | Does JSON column contain this key has_key_any | column: { has_key_any: [ a, b ] } | Does JSON column contain any of these keys has_key_all | column: [ a, b ] | Does JSON column contain all of this keys contains | column: { contains: [1, 2, 4] } | Is this array/json column a subset of value contained_in | column: { contains: "{'a':1, 'b':2}" } | Is this array/json column a subset of these value is_null | column: { is_null: true } | Is column value null or not ### Aggregations You will often find the need to fetch aggregated values from the database such as `count`, `max`, `min`, etc. This is simple to do with GraphQL, just prefix the aggregation name to the field name that you want to aggregrate like `count_id`. The below query will group products by name and find the minimum price for each group. Notice the `min_price` field we're adding `min_` to price. ```graphql query { products { name min_price } } ``` Name | Explained | --- | --- | avg | Average value count | Count the values max | Maximum value min | Minimum value stddev | [Standard Deviation](https://en.wikipedia.org/wiki/Standard_deviation) stddev_pop | Population Standard Deviation stddev_samp | Sample Standard Deviation variance | [Variance](https://en.wikipedia.org/wiki/Variance) var_pop | Population Standard Variance var_samp | Sample Standard variance All kinds of queries are possible with GraphQL. Below is an example that uses a lot of the features available. Comments `# hello` are also valid within queries. ```graphql query { products( # returns only 30 items limit: 30, # starts from item 10, commented out for now # offset: 10, # orders the response items by highest price order_by: { price: desc }, # no duplicate prices returned distinct: [ price ] # only items with an id >= 30 and < 30 are returned where: { id: { and: { greater_or_equals: 20, lt: 28 } } }) { id name price } } ``` In GraphQL mutations is the operation type for when you need to modify data. Super Graph supports the `insert`, `update`, `upsert` and `delete`. You can also do complex nested inserts and updates. When using mutations the data must be passed as variables since Super Graphs compiles the query into an prepared statement in the database for maximum speed. Prepared statements are are functions in your code when called they accept arguments and your variables are passed in as those arguments. ### Insert ```json { "data": { "name": "Art of Computer Programming", "description": "The Art of Computer Programming (TAOCP) is a comprehensive monograph written by computer scientist Donald Knuth", "price": 30.5 } } ``` ```graphql mutation { product(insert: $data) { id name } } ``` #### Bulk insert ```json { "data": [{ "name": "Art of Computer Programming", "description": "The Art of Computer Programming (TAOCP) is a comprehensive monograph written by computer scientist Donald Knuth", "price": 30.5 }, { "name": "Compilers: Principles, Techniques, and Tools", "description": "Known to professors, students, and developers worldwide as the 'Dragon Book' is available in a new edition", "price": 93.74 }] } ``` ```graphql mutation { product(insert: $data) { id name } } ``` ### Update ```json { "data": { "price": 200.0 }, "product_id": 5 } ``` ```graphql mutation { product(update: $data, id: $product_id) { id name } } ``` #### Bulk update ```json { "data": { "price": 500.0 }, "gt_product_id": 450.0, "lt_product_id:": 550.0 } ``` ```graphql mutation { product(update: $data, where: { price: { gt: $gt_product_id, lt: lt_product_id } }) { id name } } ``` ### Delete ```json { "data": { "price": 500.0 }, "product_id": 5 } ``` ```graphql mutation { product(delete: true, id: $product_id) { id name } } ``` #### Bulk delete ```json { "data": { "price": 500.0 } } ``` ```graphql mutation { product(delete: true, where: { price: { eq: { 500.0 } } }) { id name } } ``` ### Upsert ```json { "data": { "id": 5, "name": "Art of Computer Programming", "description": "The Art of Computer Programming (TAOCP) is a comprehensive monograph written by computer scientist Donald Knuth", "price": 30.5 } } ``` ```graphql mutation { product(upsert: $data) { id name } } ``` #### Bulk upsert ```json { "data": [{ "id": 5, "name": "Art of Computer Programming", "description": "The Art of Computer Programming (TAOCP) is a comprehensive monograph written by computer scientist Donald Knuth", "price": 30.5 }, { "id": 6, "name": "Compilers: Principles, Techniques, and Tools", "description": "Known to professors, students, and developers worldwide as the 'Dragon Book' is available in a new edition", "price": 93.74 }] } ``` ```graphql mutation { product(upsert: $data) { id name } } ``` Often you will need to create or update multiple related items at the same time. This can be done using nested mutations. For example you might need to create a product and assign it to a user, or create a user and his products at the same time. You just have to use simple json to define you mutation and Super Graph takes care of the rest. ### Nested Insert Create a product item first and then assign it to a user ```json { "data": { "name": "Apple", "price": 1.25, "created_at": "now", "updated_at": "now", "user": { "connect": { "id": 5 } } } } ``` ```graphql mutation { product(insert: $data) { id name user { id full_name email } } } ``` Or it's reverse, create the user first and then his product ```json { "data": { "email": "thedude@rug.com", "full_name": "The Dude", "created_at": "now", "updated_at": "now", "product": { "name": "Apple", "price": 1.25, "created_at": "now", "updated_at": "now" } } } ``` ```graphql mutation { user(insert: $data) { id full_name email product { id name price } } } ``` ### Nested Update Update a product item first and then assign it to a user ```json { "data": { "name": "Apple", "price": 1.25, "user": { "connect": { "id": 5 } } } } ``` ```graphql mutation { product(update: $data, id: 5) { id name user { id full_name email } } } ``` Or it's reverse, update a user first and then his product ```json { "data": { "email": "newemail@me.com", "full_name": "The Dude", "product": { "name": "Banana", "price": 1.25, } } } ``` ```graphql mutation { user(update: $data, id: 1) { id full_name email product { id name price } } } ``` #### Pagination This is a must have feature of any API. When you want your users to go thought a list page by page or implement some fancy infinite scroll you're going to need pagination. There are two ways to paginate in Super Graph. Limit-Offset This is simple enough but also inefficient when working with a large number of total items. Limit, limits the number of items fetched and offset is the point you want to fetch from. The below query will fetch 10 results at a time starting with the 100th item. You will have to keep updating offset (110, 120, 130, etc ) to walk thought the results so make offset a variable. ```graphql query { products(limit: 10, offset: 100) { id slug name } } ``` #### Cursor This is a powerful and highly efficient way to paginate though a large number of results. Infact it does not matter how many total results there are this will always be lighting fast. You can use a cursor to walk forward of backward though the results. If you plan to implement infinite scroll this is the option you should choose. When going this route the results will contain a cursor value this is an encrypted string that you don't have to worry about just pass this back in to the next API call and you'll received the next set of results. The cursor value is encrypted since its contents should only matter to Super Graph and not the client. Also since the primary key is used for this feature it's possible you might not want to leak it's value to clients. You will need to set this config value to ensure the encrypted cursor data is secure. If not set a random value is used which will change with each deployment breaking older cursor values that clients might be using so best to set it. ```yaml # Secret key for general encryption operations like # encrypting the cursor data secret_key: supercalifajalistics ``` Paginating forward through your results ```graphql query { products(first: 10, after: "MJoTLbQF4l0GuoDsYmCrpjPeaaIlNpfm4uFU4PQ=") { slug name } } ``` Paginating backward through your results ```graphql query { products(last: 10, before: "MJoTLbQF4l0GuoDsYmCrpjPeaaIlNpfm4uFU4PQ=") { slug name } } ``` ```graphql "data": { "products": [ { "slug": "eius-nulla-et-8", "name" "Pale Ale" }, { "slug": "sapiente-ut-alias-12", "name" "Brown Ale" } ... ], "products_cursor": "dJwHassm5+d82rGydH2xQnwNxJ1dcj4/cxkh5Cer" } ``` ## Using Variables Variables (`$product_id`) and their values (`"product_id": 5`) can be passed along side the GraphQL query. Using variables makes for better client side code as well as improved server side SQL query caching. The build-in web-ui also supports setting variables. Not having to manipulate your GraphQL query string to insert values into it makes for cleaner and better client side code. ```javascript // Define the request object keeping the query and the variables seperate var req = { query: '{ product(id: $product_id) { name } }' , variables: { "product_id": 5 } } // Use the fetch api to make the query fetch('http://localhost:8080/api/v1/graphql', { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify(req), }) .then(res => res.json()) .then(res => console.log(res.data)); ``` ## GraphQL with React This is a quick simple example using `graphql.js` [https://github.com/f/graphql.js/](https://github.com/f/graphql.js/) ```js import React, { useState, useEffect } from 'react' import graphql from 'graphql.js' // Create a GraphQL client pointing to Super Graph var graph = graphql("http://localhost:3000/api/v1/graphql", { asJSON: true }) const App = () => { const [user, setUser] = useState(null) useEffect(() => { async function action() { // Use the GraphQL client to execute a graphQL query // The second argument to the client are the variables you need to pass const result = await graph(`{ user { id first_name last_name picture_url } }`)() setUser(result) } action() }, []); return (