Open Collective
Open Collective
Loading

GraphQL Shield

GraphQL server permissions as another abstraction layer of logic.

Contribute


Become a financial contributor.

Financial Contributions

Membership
Backer

Join us for $10.00 per month and support us

$10 USD / month

Latest activity by


+ 4
Recurring contribution
Sponsor

Join us for $100.00 per month and support us

$100 USD / month

Latest activity by


Custom contribution
Donation
Make a custom one-time or recurring contribution.

Latest activity by


+ 13

Top financial contributors

Individuals

1
Isaac Duran

$175 USD since Aug 2018

2
Nilan Marktanner

$57 USD since May 2018

3
Jason Brown

$55 USD since Jun 2018

4
SpeedProjects, Inc.

$20 USD since Sep 2021

5
Patrick Gidich

$20 USD since Nov 2021

6
Pia Mancini

$10 USD since May 2018

7
Oleksandr Mieliekh

$10 USD since Mar 2019

8
Jamie Barton

$8 USD since May 2018

9
Suraj Keshri

$5 USD since Jan 2020

10
Rigin Oommen

$1 USD since Nov 2021

Organizations

1
GraphCMS

$1,900 USD since May 2018

2
ScrapingBee

$630 USD since Oct 2019

3
Hitabis GmbH

$300 USD since Mar 2019

4
QuestMate

$70 USD since Mar 2021

5
Open Collective

$25 USD since May 2019

6
Scraper API 2

$18 USD since Oct 2018

7
Affiliate Genius

$10 USD since Aug 2018

GraphQL Shield is all of us

Our contributors 19

Thank you for supporting GraphQL Shield.

GraphCMS

Sponsor

$1,900 USD

Awesome project! We would love to see more cont...

ScrapingBee

Backer

$630 USD

Hitabis GmbH

$300 USD

Isaac Duran

Backer

$175 USD

QuestMate

Backer

$70 USD

Nilan Marktanner

Backer

$57 USD

Thanks for working on this great project!

Jason Brown

Backer

$55 USD

SpeedProjects...

$20 USD

Patrick Gidich

$20 USD

Budget


Transparent and open finances.

+$10.00USD
Completed
Contribution #54359
+$10.00USD
Completed
Contribution #54359
+$10.00USD
Completed
Contribution #54359
$
Today’s balance

$219.98 USD

Total raised

$2,779.68 USD

Total disbursed

$2,559.70 USD

Estimated annual budget

$120.00 USD

About


GraphQL Shield

Permissions done the way they should be - abstracted away as another layer of logic.

The new way of thinking about permissions 🧠

There are mainly two methods of describing your permission logic in GraphQL server. You can write schema directives, or you include the logic inside every one of your resolvers. I hate the first one. It mixes the reasoning behind your application with a schema. In my opinion, the schema should only define the model, not the logic as well. On the other hand, you could describe your permission logic within your resolvers, but then again DRY - horrible! What if there were a third unforeseen option that might save the day?

GraphQL Shield for the win 🏆

GraphQL shield abstracts away your permission layer and allows you to reuse your ruleset in an intuitive yet straightforward way. Under the hood, there's a V8 shield engine. We know how vital the execution time of a query is and made significant optimisations to permission caching. Not only do we store resolved permission results, but also create cache maps up front to predetermine the best way to process the request.

Defining permissions is as comfortable as thinking about them. We are reusing a familiar API from GraphQL server and combining it with intuitive shield logic. Check out how simple it is to create an authentication mechanism.

import { rule, shield, allow } from 'graphql-shield'

const typeDefs = `
  type Query {
    viewer: Viewer
    fruits: [Fruit!]!
  }

  type Fruit {
    name: String!
    count: Int!
  }

  type Viewer {
    cart: [Fruit!]!
  }
`

// Rules

const isAuthenticated = rule()((parent, args, ctx, info) => {
  return ctx.user !== null && parent.mad === false
})

// Permissions

const permissions = shield({
  Query: allow,
  Fruit: {
    name: allow,
    count: isAuthenticated
  }
  Viewer: isAuthenticated,
})

Join the party 🎉

We love working on Shield and believe it is thoroughly changing the way we approach writing permission logic of our servers. Join our collective and support development of this fantastic tool!

Our team