GraphQL at Facebook

Facebook’s GraphQL Stack Dan Schafer

{ me { name } }

{ "me": { "name": "Daniel Schafer" } } { me
{ name } }

{ me { name profilePicture { width height url }
} }

{ "me": { "name": "Daniel Schafer", "profilePicture": { "width": 50,
"height": 50, "url": "https://cdn/50.jpg" } } } { me { name profilePicture { width height url } } }

query Q { me { name birthday teammates { name
birthday } } }

query Q { me { name birthday teammates { name
birthday } } } { "me": { "name": "Daniel Schafer", "birthday": "Jan 17", "teammates": [ { "name": "Lee Byron", "birthday": "Dec 18" }, { "name": "Laney Kuenzel", "birthday": "Jan 25" } ] } }

query Q { me { ...BasicInfo teammates { ...BasicInfo }
} } fragment BasicInfo on User { name birthday } { "me": { "name": "Daniel Schafer", "birthday": "Jan 17", "teammates": [ { "name": "Lee Byron", "birthday": "Dec 18" }, { "name": "Laney Kuenzel", "birthday": "Jan 25" } ] } }

graphql.org

GraphQL: How?

How do I implement authorization? How do I make GraphQL
eﬃcient? How do I cache my results?

Facebook’s GraphQL Stack

Think Graphs, not Endpoints

Single Source of Truth

Thin API layer

Authorization

“A Todo Item can only be seen by its creator.”

What is a Todo Item?

http://api.todoapp.com/todo/4

http://api.todoapp.com/todo/4 Too interface-speciﬁc

SELECT * FROM todoitems WHERE id = 4

SELECT * FROM todoitems WHERE id = 4 GET todoitem:4

SELECT * FROM todoitems WHERE id = 4 Storage Detail
GET todoitem:4

External Interfaces Storage Layer

External Interfaces Business Logic Storage Layer

GraphQL Business Logic Storage Layer

What is a Todo Item?

class TodoItem { constructor(id: number, title: string, isDone: boolean) {
this.id = id; this.title = title; this.isDone = isDone; } };

http://sujaytrivedi.blogspot.com/2015/03/object-oriented-programming-oop-in-c.html

https://upload.wikimedia.org/wikipedia/commons/b/b8/Policy_Admin_Component_Diagram.PNG

class TodoItem { constructor(id: number, title: string, isDone: boolean) {
this.id = id; this.title = title; this.isDone = isDone; } };

class TodoItem { constructor(data: TodoItemData) { this.id = data.id; this.title
= data.title; this.isDone = data.isDone; } // Single source of truth for fetching static async gen(id: number): Promise<?TodoItem> { const data = await Redis.get("ti:" + id); // Nullable return data ? new TodoItem(data) : null; } }

Implementing Authorization

class TodoItem { // Single source of truth for fetching
static async gen(id: number): Promise<?TodoItem> { const data = await Redis.get("ti:" + id); // Nullable return data ? new TodoItem(data) : null; } }

static async gen(id: number): Promise<?TodoItem> { const data = await Redis.get("ti:" + id); // Nullable // Single source of truth for authorization return data ? new TodoItem(data) : null; } }

static async gen(id: number): Promise<?TodoItem> { const data = await Redis.get("ti:" + id); // Nullable if (data === null) return null; const canSee = checkCanSee(data); return canSee ? new TodoItem(data) : null; } }

static async gen(id: number): Promise<?TodoItem> { const data = await Redis.get("ti:" + id); // Nullable if (data === null) return null; const canSee = checkCanSee(data); return canSee ? new TodoItem(data) : null; } } function checkCanSee(data: Object) { // A Todo Item can only be seen by its creator }

static async gen(id: number): Promise<?TodoItem> { const data = await Redis.get("ti:" + id); // Nullable if (data === null) return null; const canSee = checkCanSee(data); return canSee ? new TodoItem(data) : null; } } function checkCanSee(data: Object) { return (data.creatorID === /* authenticated user ID */); }

static async gen( viewer: Viewer, id: number): Promise<?TodoItem> { const data = await Redis.get("ti:" + id); // Nullable if (data === null) return null; const canSee = checkCanSee(data); return canSee ? new TodoItem(data) : null; } } function checkCanSee(data: Object) { return (data.creatorID === /* authenticated user ID */); }

static async gen( viewer: Viewer, id: number): Promise<?TodoItem> { const data = await Redis.get("ti:" + id); // Nullable if (data === null) return null; const canSee = checkCanSee(viewer, data); return canSee ? new TodoItem(data) : null; } } function checkCanSee(viewer: Viewer, data: Object) { return (data.creatorID === viewer.userID); }

class TodoItem { static async gen( viewer: Viewer, id: number):
Promise<?TodoItem>; // No other public constructors } class TodoList { static async gen( viewer: Viewer, id: number): Promise<?TodoList>; // No other public constructors }

Authorization in GraphQL

todoItem: { type: TodoItemType, resolve: (obj) => /* ??? */
}

todoItem: { type: TodoItemType, resolve: (obj) => /* ??? */
} // ... graphql(schema, "{todoItem}");

todoItem: { type: TodoItemType, resolve: (obj) => TodoItem.gen(viewer, id) }
// ... graphql(schema, "{todoItem}");

todoItem: { type: TodoItemType, args: { id: { type: GraphQLID
} }, resolve: (obj, {id}) => TodoItem.gen(viewer, id) } // ... graphql(schema, "{todoItem(id: 4)}");

} }, resolve: (obj, {id}, viewer) => TodoItem.gen(viewer, id) } // ... graphql(schema, "{todoItem(id: $id)}", viewer);

} }, resolve: (obj, {id}, viewer) => TodoItem.gen(viewer, id) } // ... const viewer = Viewer.fromAuthToken(request.auth_token); graphql(schema, "{todoItem(id: $id)}", viewer);

Eﬃciency

{ me { name bestFriend { name } friends(first: 5)
{ name bestFriend { name } } } }

{ name bestFriend { name } } } } GET u:1 GET u:2 LRANGE friends:1 0 5 GET u:3 GET u:4 GET u:5 GET u:6 GET u:7 GET u:8 GET u:9 GET u:10 GET u:11 GET u:12 redis.log

{ name bestFriend { name } } } } GET u:1 GET u:2 LRANGE friends:1 0 -1 GET u:3 GET u:4 GET u:5 GET u:6 GET u:7 GET u:8 GET u:9 GET u:10 GET u:11 GET u:12 redis.log

{ name bestFriend { name } } } } GET u:1 GET u:2 LRANGE friends:1 0 5 GET u:3 GET u:4 GET u:5 GET u:6 GET u:7 redis.log

{ name bestFriend { name } } } } GET u:1 GET u:2 LRANGE friends:1 0 5 MGET u:2 u:3 u:4 u:5 u:6 MGET u:8 u:9 u:10 u:11 u:12 redis.log

Implementing Batching in GraphQL

DataLoader

https://github.com/facebook/dataloader

const userDataLoader = new DataLoader( ids => Redis.mget(ids.map(id => "m:"
+ id)) ); class User { static async gen(v: Viewer, id: number): Promise<?User> { const rawData = await Redis.get("u:" + id); // Do authorization ... return rawData === null ? new TodoItem(rawData) : null; } }

const userDataLoader = new DataLoader( ids => Redis.mget(ids.map(id => "u:"
+ id)) ); class User { static async gen(v: Viewer, id: number): Promise<?User> { const rawData = await Redis.get("u:" + id); // Do authorization ... return rawData === null ? new TodoItem(rawData) : null; } }

+ id)) ); class User { static async gen(v: Viewer, id: number): Promise<?User> { const rawData = await userDataLoader.load(id); // Do authorization ... return rawData === null ? new TodoItem(rawData) : null; } }

Caching

+ id)) ); class User { static async gen(v: Viewer, id: number): Promise<?User> { const rawData = await userDataLoader.load(id); // Do authorization ... return rawData === null ? new TodoItem(rawData) : null; } }

Clients?

const userType = new GraphQLObjectType({ name: 'User', fields: () =>
({ id: { type: GraphQLID, resolve: (user) => user.getID() } }) });

{ me { id profilePhoto { id } } }

{ me: { id: "1", profilePhoto: { id: "1" } } }

What do we want in IDs?

Unique Cache Key

Globally Unique Cache Key

Globally Unique Cache Key Refetch Identiﬁer

Globally Unique Cache Key Refetch Identiﬁer Client Comprehension?

Globally Unique Cache Key Refetch Identiﬁer Opaque to Clients

({ id: { type: GraphQLID, resolve: (user) => user.getID() } }) });

({ id: { type: GraphQLID, resolve: (user) => base64("user:" + user.getID()) } }) });

{ me: { id: "dXNlcjoxCg==", profilePhoto: { id: "cGhvdG86MQo=" } } }

Facebook’s GraphQL Stack

Think Graphs, not Endpoints

Thin API layer

graphql.org

GraphQL at Facebook

GraphQL at Facebook

More Decks by Dan Schafer

Other Decks in Programming

Featured

Transcript