Guzfolio is a cryptocurrency portfolio tracker with the purpose of using it as a pattern for the implementation of good practices in the development of API's in GraphQL using Go. As main dependency we will use gqlgen to generate our API, probably the best option.
- Download and install Go 1.13 or greater
- Configure Postgres database connection
- [OPTIONAL] Download and install Postgres
- Export (or configure in your favourite IDE) with environment variable
PG_CONNECTION_STRING
postgres://user:pass@localhost:5432/db_name?sslmode=disable
- Initialize database schema and seed with some fake data
go run datastore/seed/seed.go
- Set
JWT_SECRETenvironment variable with a cool password to sign your tokensJWT_SECRET=my_best_kept_secret
- Start the server running the following command:
go run server/*
I have chosen a JSON Web Token (JWT) authorization because is a compact and self-contained way for securely transmitting information between parties as a JSON object, and they are commonly used. In a traditional REST API, when applying the authorization pattern, using a middleware, we can choose which routes to secure and which are not, in this way we can separate the typical register/login calls from the rest of the API that we want to secure.
In the case of GraphQL we only have one endpoint, and we cannot use the schema to define the register/login mutations, to be honest, in a production environment, the authentication server would be separated in another service, generating the tokens that would be used in the service to consume.
I have created two register/login endpoints outside of the GraphQL API context to be able to generate the necessary tokens to be able to authenticate. To authenticate with the GraphQL API you have to register as a new user or login with an existing user (default pass is guzfolio1234) in the next endpoints:
- register new user
/auth/[email protected]&password=guzfolio1234&name=default_name
- login with existing user
/auth/[email protected]&password=guzfolio1234
- you can log in with some default users if you have run seed.go like:
- [email protected]:guzfolio1234 -> default user
- [email protected]:guzfolio1234 -> default admin user
When you obtain your JWT token you can use it in the header of your calls to the GraphQL service with the name
"Authorization" and value "Bearer xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx". If you are using the Playground you can
include the following JSON in the HTTP HEADERS section at the bottom.
{
"Authorization": "Bearer xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
}type Query {
profile: User!
user(id:ID!): User!
allUsers: [User!]!
allCurrencies: [Currency!]!
}
type Mutation {
createUser(input: CreateUserInput!): User!
createPortfolio(input: CreatePortfolioInput!): Portfolio!
createCurrency(input: CreateCurrencyInput!): Currency!
createTransaction(input: CreateTransactionInput!): Transaction!
}| Tech | Description |
|---|---|
| gqlgen | Go generate based graphql server library |
| go-chi | Lightweight, idiomatic and composable router for building Go HTTP services |
| go-gorm | Fantastic ORM library for Golang, aims to be developer friendly |
| dataloaden | Go generate based DataLoader |
| jwt-go | Golang implementation of JSON Web Tokens (JWT) |
- A simple, no fuss, example thats updated regularly to stay current with the API landscape
- Youtube Golang Grapqhql + gqlgen tutorial
- Other resources