Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Don't expose GraphQL Playground #1743

Closed
nikolasburk opened this issue Mar 2, 2020 · 8 comments
Closed

Don't expose GraphQL Playground #1743

nikolasburk opened this issue Mar 2, 2020 · 8 comments
Assignees
@pimeys
Labels
kind/bug A reported bug.
Milestone
Preview 25

Comments

@nikolasburk
Copy link
Member

nikolasburk commented Mar 2, 2020
edited by janpio

As discussed in this Slack conversation, it is currently possible to access a GraphQL Playground that exposes a CRUD GraphQL API when using Prisma. To do so, you need to enable the info log level in the PrismaClient instructor and navigate your browser to the URL that's printed like this:

prisma:info  Started http server on 127.0.0.1:37157

On tools like Codesandbox this open port is also recognized, and offered to users by default to open a browser with that:

image

Since GraphQL is an implementation detail of Prisma 2.0, I believe we should not expose the GraphQL Playground.
@divyenduz divyenduz added this to the Preview 24 New milestone Mar 3, 2020
@mavilein
Copy link
Member

mavilein commented Mar 3, 2020

Internal Note: the playground route should be dependant on an env var. We will add this env var to our local .envrc

@ansarizafar
Copy link

Why not just add authorization and expose graphql endpoint like https://github.com/genie-team/graphql-genie/tree/master/plugins/authentication

@peteralbert
Copy link

Both, the playground and the GraphQL access to the DB is really useful to us - as it allows us to build tooling on top of GraphQL instead of SQL! For instance, in Prisma 1 when seeding the database, we have an elaborate set of scripts that creates all entries via GQL - and uses the created UIDs to link the created items. Changing this to SQL is possible - but would remove a huge advantage of Prisma!

Alternatively, would it be possible to expose the Prisma Studio access? I.e. Prisma Studio send the queries and mutations (in TS instead of GQL) via WebSockets to the server, executes them and returns the result. If it would be possible to do the same manually via a REST endpoint, this would allow the above functionality, too...

@homoky
Copy link

homoky commented Mar 4, 2020

Yes, GraphQL Playground is really great. Studio is not powerful enough in some cases.

@divyenduz divyenduz modified the milestones: Preview 24 New, Preview 25 Mar 13, 2020
@Fonz001
Copy link

Fonz001 commented Mar 15, 2020

In Prisma 1, the playground was my place-2-be... I never used SQL directly. I'd be in favor of having this exposed.

I also noticed that the whole Prisma concept is slightly harder to explain now that Prisma is no longer a separate GraphQL server:

"An (almost complete) ORM system that works very well with GraphQL"

vs.

"A GraphQL server over your database"

I hope this helps!

@janpio janpio mentioned this issue Mar 16, 2020
Closed
@sorenbs
Copy link
Member

sorenbs commented Mar 16, 2020
edited by schickling

@ansarizafar @peteralbert @homoky @Fonz001 and others interested in using the GraphQL Playground,

It is important to understand that Prisma2 does not provide a GraphQL server. Instead, what you are seeing is an internal implementation detail that currently looks very much like GraphQL. It is not actually compliant GraphQL and it will most certainly change in the future to be even less GraphQL compliant.
The right way to think about this is as the internal wire protocol between the query engine and Prisma Client.

What we will do now: keep the modified GraphQL playground, but hide it by default. You will have to set an environment variable to access it.

What you should do now: you can keep using at as before, but please understand that it will break in small unexpected ways in the future because it is an undocumented implementation detail. The following are suggestions for how you could deal with various use cases where you might currently be relying on the modified GraphQL Playground:

Replacing the undocumented GraphQL Playground

Powerful data access: If you are using the GraphQL playground because Prisma Studio is not powerful enough for you, you should open feature requests. We intend for Studio to be a very flexible and powerful data management UI, and we would appreciate your suggestions.

Automatically generate data mutations: If you are relying on the GraphQL endpoint to programmatically generate a lot of mutations to create data, either for seeding a database or fulfil some complex workflow, you should adopt Prisma Client. Prisma Client is a type-safe data access library that has been designed to simplify tasks like this. If you are not using JavaScript/TypeScript or Go, then you should reconsider if Prisma is the right tool for you.

Building a GraphQL API: If you are using the internal and undocumented Prisma 2 GraphQL endpoint to build a GraphQL API, then you should really strongly consider to change direction. This is unsupported and will not be a happy journey for you. Instead you should investigate Nexus, which represents the culmination of 4 years of our experience building database-backed GraphQL APIs

I hope this helps shed some light on our decision.

@pimeys
Copy link
Contributor

pimeys commented Mar 19, 2020

Talked with Dom and we agreed I'll do the ticket.

@pimeys pimeys assigned pimeys and unassigned dpetrick Mar 19, 2020
@pimeys pimeys mentioned this issue Mar 19, 2020
Merged
@pimeys
Copy link
Contributor

pimeys commented Mar 19, 2020

Merged to master

@pimeys pimeys closed this as completed Mar 19, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@pimeys pimeys

Labels
kind/bug A reported bug.
Projects
None yet
Milestone
Preview 25
Development

No branches or pull requests