What’s New In GRANDstack?

 

There’s been a lot of activity in the GRANDstack world recently so in this post we review some of the new features and take a look at what community members have been working on.

GRANDstack is a fullstack framework for building applications using GraphQL, React, Apollo, and Neo4j Database.

Implementing authorization in GraphQL has long been an area of interest for developers working with GraphQL. Beginning in version 2.4.0 of neo4j-graphql.js we’ve introduced features to make implementing authorization easier. Specifically, we’ve added authorization specific schema directives that work with JSON Web Tokens (JWTs) out of the box, and the ability to access context values in Cypher queries.

Schema Directives

Based on the prototype described in this post, “Authorization In GraphQL Using Custom Schema Directives”, you can now make use of the following authorization schema directives in your GraphQL type definitions with neo4j-graphql.js:

  • isAuthenticated
  • hasRole
  • hasScope
 

You can read more about using schema directives for securing your GraphQL API in the docs here, or see the example project and post here.

Context Values Into Cypher Query

Another authorization feature in neo4j-graphql.js is the ability to access values from the context object in a Cypher query specified in @cypherdirective. This is useful when using authorization middleware (such as Passport) that adds user information to the request object, or to access a JWT token that contains user information to be matched against the database.

Here’s how it works: First, add a cypherParams object to the context. Here’s how that looks when using Apollo Server:

const server = new ApolloServer({   
context: ({req}) => ({
driver,
cypherParams: {
currentUserId: req.user.id
}
})
})

Any values within cypherParamin the context object will then be available in Cypher queries making use of the @cypher schema directive as Cypher parameters. Here we look up the currently authenticated user by using the currentUserId value that we added to the context object above:

type Query {
currentUser: User @cypher(statement: """
MATCH (u:User {id: $cypherParams.currentUserId})
RETURN u
""")
}

You can read more about these authorization features in the neo4j-graphql.js documentation.

GraphQL Foundation

In March, the Linux Foundation announced the formation of the GraphQL Foundation, a neutral group set up to provide governance and vendor-neutral stewardship for GraphQL. This includes oversight of funding, operations and marketing resources for the GraphQL community. Neo4j is happy to be included in this group as a founding member.

 
Neo4j joined the newly formed GraphQL Foundation as a founding member in March.

As Emil says, GraphQL and GRANDstack have been a huge boost for developers using Neo4j and we want to make sure this continues:

“Neo4j is pleased to support GraphQL, due to its unique ability to enable front-end developers, API developers and data architects to all work with the same graph-based data model. Our GraphQL integration and GRANDstack have already helped thousands of developers build graph applications with Neo4j, thanks to the huge developer productivity gain of GraphQL and the graph thinking mindset it brings for both developers and API consumers. The GraphQL Foundation is an important step to cement today’s most relevant standard for building APIs and we’re honored to join as founding members to help steward GraphQL as the ecosystem continues to evolve.”
— Emil Eifrem, CEO and Co-Founder, Neo4j

Neo4j GraphQL Java

The neo4j-graphql.js library has been an important component of GRANDstack for those building node.js APIs, but what if you want to use languages other than node.js? To support Java / JVM based APIs we’ve been working on neo4j-graphql-java, a JVM library to translate GraphQL queries and mutations to Cypher for use with Neo4j.

 
neo4j-graphql-java milestone release 2 is now available!

neo4j-graphql-java has had a second milestone release earlier this week with loads of new features such as

Please give it a try, check out the project’s documentation, and open issues for any feedback.

 
A slide from Rhys Evans’s talk “A Field Guide To The Financial Times”

From The Community

The GRANDstack community has been working on some great projects, here’s just a few that we’d like to share with you.

  • Gavin Williams from Quandercame on the Neo4j Online Meetup and shared how to build a GraphQL API with Neo4j. You can find the video here.
  • Rhys Evans from The Financial Times presented “A Field Guide To The Financial Times” where he shared how the FT is using GRANDstack. You can find the slides here.
  • Matt Ross from Comcast created a video course on Egghead “Build a Neo4j & GraphQL API” where he shows how to use neo4j-graphql.js to generate a GraphQL API backed by Neo4j using only GraphQL type definitions.
  • Erik Rahm, Senior Software Engineer at CyberGRX, released grand-stack-seed, a GRANDstack seed project with built in local auth, Facebook OAuth, and sample GraphQL types, queries, and mutations.

Share Your GRANDstack story

Do you have a neat GRANDstack project you’ve been working on? Please consider sharing your story by submitting a talk to GraphQL Summit in San Francisco or ping me to be an author on the GRANDstack blog.