GraphQL Basics Flashcards
What is GraphQL?
GraphQL is a query language for your API.
Compare GraphQL and REST.
- Multiple round trips (REST) vs one single request (GraphQL).
- Over fetching and under fetching (REST) vs tailor-made queries (GraphQL).
- No need to expose a new API when a UI refactor is needed.
What are the two main types requests of GraphQL?
- Query
- Mutation
What is an alias?
You can’t query for the same field with different arguments. Aliases let you rename the result of a field with anything you want.
What are fragments?
Fragments are GraphQL’s reusable units. They let you build sets of fields and then include them in multiple queries.
How query and mutation fields are executed?
Query fields are executed in parallel, mutation fields run in series, one after the other.
What GraphQL Client can do? (6 items)
- Communicate with the server (send requests and receive responses)
- Integrate with view components and update the UI
- Cache query results
- Handle errors and validate schema
- Provide local state management
- Provide pagination
What are resolvers?
The resolver function is a function that resolves a value for a type/field in the GraphQL Schema.
Four responsibilities of GraphQL Server
- Schema and Resolver Functions
- Network Layer
- GraphQL Execution Engine
- Batched Resolving
3 Field Level Directives
- @include
- @skip
- @deprecated
Can query and mutations go in one request togehter?
No, they need to go separately.
GraphiQL or Apollo playground doesn’t support it, but official documentation says it could be possible in multi-operation documents.
Is this correct
addNewSession(session: Session): Session
No, param session must be Input rather than Type
How to create a mapping between Enum and the internal model?
Just create a resolver for GraphQL enum.
In object {ENUM: ‘mappedValue’} key is GraphQL enum whereas ‘mappedValue’ is a value from the internal model.
Assuming that Session contains speakers taken via REST endpoint, that doesn’t work. What will be returned for:
query {
sessions {
title
id
speakers {
name
}
}
}
- n errors for every session (errors section)
- n sessions with speakers = null (data section)
What is a Union?
It is a construction allowing to return of two (or more) different types.
It can be used to discard the error section and return errors or data in the data section of the response.
What can we do with Apollo Studio?
Register schemas and monitor usage.
What is operation name?
Any operation can be prefixed by operation type (query/mutation/subscription) and operation name.
Required in multi-operation documents.
What are operation types?
- query
- mutation
- subscription
Can fragments use variables?
Fragments can access variables declared in the query or mutation.
3 types of variables.
- Scalars
- Enums
- Input types
What is an inline fragment?
It’s a fragment defined withing a query. Used for interfaces and unions.
Is it possible to find out the concrete type (when the union or interface was used)?
Yes, using meta field like __typename
Is it correct
type Starship {
id: ID!name: String!
length(unit: LengthUnit! = METER): Float
}
No, only optional arguments can have default values.
Is Date an official scalar type?
No, it has to be implemented as custom scalar type.
Is
myField: null
valid for
myField: [String]!
?
No
Do you need to provide interface fields in a type implementing an interface?
Yes.
Can input type contain a field being a type?
No, it has to be also an input type.
Can input type fields have arguments?
No.
Can fragment refer to itself?
No, as this could result in an unbounded result!
Can we return type without specifying any field?
No, the graph leaves must be scalar type.
Can you ask GraphQL for a schema?
Yes, using __schema query.
Why type/name is null for fields
id: ID!
friends: [String]
appearsIn: [Episode!]!
Because they are wrapper types (not null/list) and ofType must be used to find out what is the type.
What is a requirement for plural identifying root fields?
It is a requirement that array in the response is the same size as the array passed as an argument, and that the order in the response will match the order in the argument.
How to see changes after mutation?
It depends what mutation is doing.
- For update cache will be auto-updated provided that mutation is returning mutated field
- For insert/delete cache will have to be updated manually
Compare Cookie Auth and Header Auth in context of vulnerability.
- Cookie is vulnerable to CSRF
- Header is vulnerable to XSS
Where authorization can be put? (3 options)
- in resolvers
- in model
- using schema directives
Mention 3 threats related to using GraphQL
- Multiple requests withing a short time
- Deeply nested queries
- Complex queries
How to protect against query complexity in Apollo Server?
- Install library graphql-validation-complexity
- Define cost above which query is rejected
- Use schema directive to define cost of retrieving specific fields (otherwise default one is used)
3 Apollo client Features for Managing State
- creating and updating virtual or local-only fields in GQL
- creating and updating global or reactive variables stored in the Apollo Client instance
- fetching local-only fields that include reactive variables resulting in full state management in your app
Is DataLoader caching data?
No, it is just for batching.
What is a DataLoader pattern?
- Resolver stores id
- Resolver returns promise
- DataLoader request all ids
