GraphQL Shield
GraphQL server permissions as another abstraction layer of logic.
Contribute
Become a financial contributor.
Financial Contributions
Top financial contributors
Individuals
$175 USD since Aug 2018
$57 USD since May 2018
$55 USD since Jun 2018
$20 USD since Sep 2021
$20 USD since Nov 2021
$10 USD since May 2018
$10 USD since Mar 2019
$8 USD since May 2018
$5 USD since Jan 2020
$1 USD since Nov 2021
Organizations
$1,900 USD since May 2018
$620 USD since Oct 2019
$300 USD since Mar 2019
$70 USD since Mar 2021
$25 USD since May 2019
$18 USD since Oct 2018
$10 USD since Aug 2018
GraphQL Shield is all of us
Our contributors 19
Thank you for supporting GraphQL Shield.
Matic Zavadlal
Dmitry Til
ScrapingBee
Backer
$620 USD
Hitabis GmbH
$300 USD
Isaac Duran
Backer
$175 USD
QuestMate
Backer
$70 USD
Jason Brown
Backer
$55 USD
Open Collective
$25 USD
SpeedProjects...
$20 USD
Patrick Gidich
$20 USD
Budget
Transparent and open finances.
$211.72 USD
$2,771.42 USD
$2,559.70 USD
$120.00 USD
About
GraphQL Shield
Permissions done the way they should be - abstracted away as another layer of logic.
The new way of thinking about permissions 🧠
There are mainly two methods of describing your permission logic in GraphQL server. You can write schema directives, or you include the logic inside every one of your resolvers. I hate the first one. It mixes the reasoning behind your application with a schema. In my opinion, the schema should only define the model, not the logic as well. On the other hand, you could describe your permission logic within your resolvers, but then again DRY - horrible! What if there were a third unforeseen option that might save the day?
GraphQL Shield for the win 🏆
GraphQL shield abstracts away your permission layer and allows you to reuse your ruleset in an intuitive yet straightforward way. Under the hood, there's a V8 shield engine. We know how vital the execution time of a query is and made significant optimisations to permission caching. Not only do we store resolved permission results, but also create cache maps up front to predetermine the best way to process the request.
Defining permissions is as comfortable as thinking about them. We are reusing a familiar API from GraphQL server and combining it with intuitive shield logic. Check out how simple it is to create an authentication mechanism.
import { rule, shield, allow } from 'graphql-shield'
const typeDefs = `
type Query {
viewer: Viewer
fruits: [Fruit!]!
}
type Fruit {
name: String!
count: Int!
}
type Viewer {
cart: [Fruit!]!
}
`
// Rules
const isAuthenticated = rule()((parent, args, ctx, info) => {
return ctx.user !== null && parent.mad === false
})
// Permissions
const permissions = shield({
Query: allow,
Fruit: {
name: allow,
count: isAuthenticated
}
Viewer: isAuthenticated,
})
Join the party 🎉
We love working on Shield and believe it is thoroughly changing the way we approach writing permission logic of our servers. Join our collective and support development of this fantastic tool!
Our team
Matic Zavadlal
Dmitry Til