Jump to content
dadish

GraphQL for ProcessWire

Recommended Posts

15 minutes ago, Nurguly Ashyrov said:

Now I don't really know how to go on with this thread. Should we abandon it and start new thread in the modules section? Or maybe this thread could be moved to modules section? What @moderators think of this?

Personally I think that this thread already includes so much great content that it'd be a shame to abandon it -- not to mention that it's more than likely that folks looking for details about this module would end up here anyway.

It's your choice obviously, but if you want, I (or any other moderator here) would be more than happy to move this thread to the modules section. Just let us know when you have decided what to do with it :) 

  • Like 2

Share this post


Link to post
Share on other sites
2 hours ago, teppo said:

Personally I think that this thread already includes so much great content that it'd be a shame to abandon it -- not to mention that it's more than likely that folks looking for details about this module would end up here anyway.

It's your choice obviously, but if you want, I (or any other moderator here) would be more than happy to move this thread to the modules section. Just let us know when you have decided what to do with it :) 

I agree with you on that. I think it would be best if we move this thread to modules section. So, please move it to the modules section. Then after I will update my first post of this thread a bit and add a module tag I guess :) 

  • Like 3

Share this post


Link to post
Share on other sites
On 18/03/2017 at 1:29 PM, Nurguly Ashyrov said:

I agree with you on that. I think it would be best if we move this thread to modules section. So, please move it to the modules section. Then after I will update my first post of this thread a bit and add a module tag I guess :) 

Moved :)

  • Like 2

Share this post


Link to post
Share on other sites
50 minutes ago, teppo said:

Moved :)

Thank you @teppo! I knew I can count on you! :cool:

  • Like 3

Share this post


Link to post
Share on other sites

I am trying to use this module in the frontend. I added the following code:
 

<button class="graphBtn">Fetch data!</button>
<script src="<?php echo $config->urls->templates?>js/axios.js"></script>
<script>
  var $button = document.querySelector('.graphBtn');
  $button.addEventListener('click', function (e) {
    e.preventDefault();
    axios.post('/graphql/', {
      query: `
      {
        basic_page{
          list{
            title,
            summary,
            url
          }
        }
      }
      `
    })
      .then(response => {
        console.log(response.data);
      });
  });
</script>

And this is what I get back:

{
  "errors": [ { "message": "Must provide an operation." } ]
}

Do you know why? If I try the query in the GraphiQl admin I get the right data back. Do I have the wrong permissions set in the module?
 

Share this post


Link to post
Share on other sites
1 hour ago, microcipcip said:

...

Do you know why? If I try the query in the GraphiQl admin I get the right data back. Do I have the wrong permissions set in the module?

No, it's not the permissions. You're doing everything properly.

I never tried this module with axios before, therefore this error is new to me. It turns out that axios sets the Content-Type header to application/json;charset=UTF-8 instead of application/json. That's where the problem was, because the ProcessGraphQL module would parse json payload only if Content-Type was set to just application/json. I changed the behavior and now it will look to your query in json payload if Content-Type contains application/json string in it. Please grab the latest version of the module and try again. It should work now.

Thank you for taking time to report the issue.

  • Like 6

Share this post


Link to post
Share on other sites

Now it works!! This is so cool...I wish I could like this thread twice :). Do you have any plan of adding the RepeaterField?

I don't know if it has been mentioned in this thread yet, but I found this cool GraphQL tutorial that may be useful for someone new to GraphQL. When I learn GraphQL properly I'll test this module more, as I think it has huge potential for introducing FrontEnd devs to ProcessWire.

  • Like 5

Share this post


Link to post
Share on other sites
19 minutes ago, microcipcip said:

Now it works!! This is so cool...I wish I could like this thread twice :). Do you have any plan of adding the RepeaterField?

I am happy it works now :). The plan is to add support for all core fieldtypes. That includes RepeaterField also. I will try to keep everyone updated via this thread, and you can also keep with the changelog.

  • Like 6

Share this post


Link to post
Share on other sites

Hi, and thanks for this great module :)

Can you provide an example on how to create/update a page from GraphQL API ?

Tried it without success...

 

Thank you !

Share this post


Link to post
Share on other sites
On 3/21/2017 at 7:59 PM, mvdesign said:

Hi, and thanks for this great module :)

Can you provide an example on how to create/update a page from GraphQL API ?

Hi @mvdesign. So sorry that I could not respond earlier. I decided to make an introduction video for this module to help people that are trying to use it. But then, I never made a screencast video before, and on top of that, the last time I spoke english was 2011. So I had to take dozens of try-outs till I got something watchable.

So here is the video. It shows how you would create/update pages with this module. The video is far from OK, so I will probably record another one after I get some feedback. Until then please refer to this video to learn about how the module works.

 

  • Like 23

Share this post


Link to post
Share on other sites

Fantastic video @Nurguly Ashyrov - really well put together and great English - I don't know how you come across so clearly given that you haven't spoken it in 6 years!

I am really excited to start using this module. The one thing I noticed which seemed a little weird to me was that by default the skyscraper-editor (or guest) user didn't have access to fields until you enabled field level access control and explicitly gave them view access (~35:10 min mark in video). By default in ProcessWire, anyone can view a field if field level access control is turned off. Only once it is turned on are any restrictions applied. Does that make sense, or did I misinterpret something?

Thanks again - this is going to be so very useful!

 

  • Like 3

Share this post


Link to post
Share on other sites

Thanks @adrian! I rerecorded the video many times before I could make it watchable. Trust me, you wouldn't say the same thing for the very first ones :D 

About the field access rules. Yeah that's true. By default the behavior is the opposite to the one in ProcessWire. I think it would be better for security if the module initially treats everything private. But I get what you mean. In cases where you have dozens of fields in one template, it would be too tedious to configure access for each of them. That's why there is an option to reverse the behavior in the advanced section of the module configuration. You can learn more about it here. This option basically makes all fields without Access rules available to the public and you can restrict access by enabling rules only to couple ones.

  • Like 9

Share this post


Link to post
Share on other sites

 

3 minutes ago, Nurguly Ashyrov said:

I think it would be better for security if the module initially treats everything private.

+1

Also, normally a public query interface should not serve all data by default, as that would allow for pretty easy data harvesting.

  • Like 2

Share this post


Link to post
Share on other sites

awesome screencast, nurguly. easy to follow, well explained and well spoken. it helped me a lot to get a better understanding what your module does and what could be done!

i'm curious what will be built on top of this :)

  • Like 2

Share this post


Link to post
Share on other sites
19 minutes ago, Nurguly Ashyrov said:

Thanks @adrian! I rerecorded the video many times before I could make it watchable. Trust me, you wouldn't say the same thing for the very first ones :D 

About the field access rules. Yeah that's true. By default the behavior is the opposite to the one in ProcessWire. I think it would be better for security if the module initially treats everything private. But I get what you mean. In cases where you have dozens of fields in one template, it would be too tedious to configure access for each of them. That's why there is an option to reverse the behavior in the advanced section of the module configuration. You can learn more about it here. This option basically makes all fields without Access rules available to the public and you can restrict access by enabling rules only to couple ones.

Thanks for the explanation and for the "Grant Field Access" config option. I definitely see your logic behind treating access the other way around. I guess I was just considering the situation where you have a regular web site where you want to be able to use the PW API as well as GraphQL. In this situation I would have no problem with all fields being accessible, so great that option is available!

  • Like 2

Share this post


Link to post
Share on other sites

Super-useful video and your command of English is really impressive: you are more articulate than many native speakers! :D

It's very slick what the GraphQL devs have done with the GraphiQL tool - so nice having the documentation explorer right there inside the tool.

Thanks for the video, and also a separate thanks for updating the Skyscrapers profile and making the export of that available. Would it be okay to mention your repo of that over in the Skyscrapers Profile thread so people can use it until we have an official profile release by Ryan?

  • Like 1

Share this post


Link to post
Share on other sites

@Nurguly Ashyrov awesome cast! Thanks for making all this and taking your time to make it awesome :) This is really cool stuff and opens up a lot of possibilities.

  • Like 3

Share this post


Link to post
Share on other sites
5 hours ago, Robin S said:

Thanks for the video, and also a separate thanks for updating the Skyscrapers profile and making the export of that available. Would it be okay to mention your repo of that over in the Skyscrapers Profile thread so people can use it until we have an official profile release by Ryan?

Sure, by all means.

5 hours ago, Soma said:

@Nurguly Ashyrov awesome cast! Thanks for making all this and taking your time to make it awesome :) This is really cool stuff and opens up a lot of possibilities.

Thanks. I am glad you like it @Soma.

  • Like 1

Share this post


Link to post
Share on other sites

Just playing around a little with it and it's amazing having a blast. 

Just wanted to mention I got caught by a redirect scenario and language stuff. :) If you have multilange installed and configured to have language segments "/en/", "/de/" ...  so trying out ajax requests to "/graphql/" would redirect to "/en/graphql/ " but you get a response:

{"errors":[{"message":"Must provide an operation."}]}

So it took me a while to figure out and was looking at the query instead. Doing the request to "/en/graphql/" works flawless.

I was testing the languages and the graphql pages you create don't have alternative languages active. This also might get you caught, when graphql is installed when there is more than 1 language set up.

Permission so far seem to work. The template access setting seem no to be inherited, I guess that is intentional? I may have missed it and it was mentioned. Then I'm sorry.  – Like in a default install "home" has guest view access enabled, so all pages inherit that (unless you set it no to). But I had to give basic-page explicit guest view access to get querying. I think it's ok to not have all templates inherit access for graphQL. 

Thanks and keep up the good work!

 

  • Like 5

Share this post


Link to post
Share on other sites

How does the date field work? I get "Not valid resolved type for field \"datetime\"" datetime being the name of the field in my case.

Edit: Forget it I'm dumb, forgot to allow the field. It's unusual to not have access as superuser. But the error message is a little missleading :)

Edit: Lol hmm I added it to allowed fields and still same error. System fields "created",  "modified" work fine.

Also if you only want to get one specific page is it correct to do for example a

{
  basic_page(s: "id=1001"){ 
    list{ 
      title
    }
  }
}

or are there any other methods?

Edit:

Something else would be image Pageimage is there any support for creating sizes? I see there's something but I don't understand it yet. 

Edit: Ok I got it. I have to enable "size" for image first images the it work nicely:

... images{ size(width: 150, height: 0) { url } } ... 

So we can request a size that doesn't exist and it will create it if we have rights to do so. Thats would be pretty cool. Would be crazy to allow some stranger creating 1million sizes through public API :). But still if one has write access it is possible, but maybe thats no real issue. 

I'm still trying to grasp the concept of graphQL and your implementation in PW. So every new Fieldtype and InputfieldType would have to be implemented to work with graphQL?

  • Like 1

Share this post


Link to post
Share on other sites

I think I have found a possible solution for @bernhard  and @LostKobrakai  concerns about the ability to perform queries in the frontend.

You could use the persisted queries technique, basically you can install this npm package (there's also this webpack plugin) that will scan your code and remove the graphQL client side queries and save them to an external JSON file. Then in the PHP side you could load this JSON file and give GraphQL the right query based on the query id sent from the client side (I think you can also send variables along the query id, so the query is not "static").

I guess that if a malicious user sends a standard graphQL query you could just intercept that, so if it is not a valid id from the generated JSON file you won't execute graphQL.

  • Like 1

Share this post


Link to post
Share on other sites
On 3/31/2017 at 6:31 PM, Soma said:

Just wanted to mention I got caught by a redirect scenario and language stuff. :) If you have multilange installed and configured to have language segments "/en/", "/de/" ...  so trying out ajax requests to "/graphql/" would redirect to "/en/graphql/ " but you get a response:


{"errors":[{"message":"Must provide an operation."}]}

So it took me a while to figure out and was looking at the query instead. Doing the request to "/en/graphql/" works flawless.

Yeah, I had my nightmares with this situation too. There are lots of scenarios when ProcessWire could redirect your ajax requests and the graphql will not receive the query. The ones that I had encountered were:

  • If the url ends without slash: ...website.com/graphql ==> ...website.com/graphql/
  • If there is now www prefix: website.com/graphql/ ==> www.website.com/graphq/

And now I guess when languages are enabled you also gotta make sure ProcessWire is not redirecting you to the respective language url of the graphql api. I haven't tested the module with the languages enabled yet, but I am sure there would be some additional caveats.

On 3/31/2017 at 6:31 PM, Soma said:

Permission so far seem to work. The template access setting seem no to be inherited, I guess that is intentional? I may have missed it and it was mentioned. Then I'm sorry.  – Like in a default install "home" has guest view access enabled, so all pages inherit that (unless you set it no to). But I had to give basic-page explicit guest view access to get querying. I think it's ok to not have all templates inherit access for graphQL. 

Yes, that's the expected behavior. Unfortunately to support permission inheritance would be too expensive. Because it means to check template permissions of each ancestor of each returned page. I think the module is already slow and supporting permission inheritance would make it even slower. I guess I have to mention about not supporting permission inheritance somewhere in the documentation of the module.

23 hours ago, Soma said:

... Lol hmm I added it to allowed fields and still same error. System fields "created",  "modified" work fine.

That's right, it turns out there was a bug. I pushed an update regarding the datetime field. Grab the latest version of the module and it should work properly.

23 hours ago, Soma said:

Also if you only want to get one specific page is it correct to do for example a


{
  basic_page(s: "id=1001"){ 
    list{ 
      title
    }
  }
}

or are there any other methods?

Yep. That's the way. I know, it's ugly. But I can't think of a less verbose way to return a single page from the api. We could, of course introduce an additional field for each template like basic_page_single or something. But I don't think it's worth it, plus it will make the schema bigger for very little gain.

23 hours ago, Soma said:

So we can request a size that doesn't exist and it will create it if we have rights to do so. Thats would be pretty cool. Would be crazy to allow some stranger creating 1million sizes through public API :). But still if one has write access it is possible, but maybe thats no real issue. 

I'm still trying to grasp the concept of graphQL and your implementation in PW. So every new Fieldtype and InputfieldType would have to be implemented to work with graphQL?

I totally agree. We can't allow everyone to create images. The size field of the image type creates images only if the user has an edit permission on that image field. It is still available to the users who do not have edit permission, but only for getting existing variations, and it should return null if there isn't an image variation with the requested size.

Edit: By the way, thanks a lot for the feedback.

  • Like 4

Share this post


Link to post
Share on other sites

@Nurguly Ashyrov Thanks for the video ! i'm using your module with Vue.js for a web application, really nice. I'm juste facing a problem right now, i get an error when trying to get checkboxes : Not valid resolved type for field \"checkbox_name\" (the field access is allowed in graphql settings). Any idea ?

 

  • Like 1

Share this post


Link to post
Share on other sites
18 minutes ago, mvdesign said:

@Nurguly Ashyrov Thanks for the video ! i'm using your module with Vue.js for a web application, really nice. I'm juste facing a problem right now, i get an error when trying to get checkboxes : Not valid resolved type for field \"checkbox_name\" (the field access is allowed in graphql settings). Any idea ?

Yes. It was my bad. I did not make sure the FieldtypeCheckbox always returned a boolean. I think it returns 0/1 in ProcessWire. Anyways, just patched it. Update to the latest version and it should work.

Edit: As always, thanks for the feedback.

  • Like 2

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By MoritzLost
      This is a new module that provides a simple solution to clearing all your cache layers at once, and an extensible interface to perform various cache-related actions.
      The simple motivation behind this module was that I was tired of manually clearing caches in several places after deploying a change on a live site. The basic purpose of this module is a simple Clear all caches link in the Setup menu which clears out all caches, no matter where they hide. You can customize what exactly the module does through it's configuration menu:
      Expire or delete all cache entries in the database, or selectively clear caches by namespace ($cache API) Clear the the template render cache. Clear out specific folders inside your site's cache directory (/site/assets/cache) Refresh version strings for static assets to bust client-side browser caches (this requires some setup, see the full documentation for details). This is the basic function of the module. However, you can also add different cache management action through the API and execute them through the module's interface. For this advanced usage, the module provides:
      An interface to see all available cache actions and execute them. A system log and logging output on the module page to see verify what the module is doing. A CacheControlTools class with utility functions to clear out different caches. An API to add cache actions, execute them programmatically and even modify the default action. Permission management, allowing you granular control over which user roles can execute which actions. The complete documentation can be found in the module's README.
      Beta release
      Note that I consider this a Beta release. Since the module is relatively aggressive in deleting some caches, I would advise you to install in on a test environment before using it on a live site.
      Let me know if you're getting any errors, have trouble using the module or if you have suggestions for improvement!
      In particular, can someone let me know if this module causes any problems with the ProCache module? I don't own or use it, so I can't check. As far as I can tell, ProCache uses a folder inside the cache directory to cache static pages, so my module should be able to clear the ProCache site cache as well, I'd appreciate it if someone can test that for me.
      Future plans
      If there is some interest in this, I plan to expand this to a more general cache management solution. I particular, I would like to add additional cache actions. Some ideas that came to mind:
      Warming up the template render cache for publicly accessible pages. Removing all active user sessions. Let me know if you have more suggestions!
      Links
      https://github.com/MoritzLost/ProcessCacheControl ProcessCacheControl in the Module directory

    • By joshua
      This module is (yet another) way for implementing a cookie management solution.
      Of course there are several other possibilities:
      - https://processwire.com/talk/topic/22920-klaro-cookie-consent-manager/
      - https://github.com/webmanufaktur/CookieManagementBanner
      - https://github.com/johannesdachsel/cookiemonster
      - https://www.oiljs.org/
      - ... and so on ...
      In this module you can configure which kind of cookie categories you want to manage:

      You can also enable the support for respecting the Do-Not-Track (DNT) header to don't annoy users, who already decided for all their browsing experience.
      Currently there are four possible cookie groups:
      - Necessary (always enabled)
      - Statistics
      - Marketing
      - External Media
      All groups can be renamed, so feel free to use other cookie group names. I just haven't found a way to implement a "repeater like" field as configurable module field ...
      When you want to load specific scripts ( like Google Analytics, Google Maps, ...) only after the user's content to this specific category of cookies, just use the following script syntax:
      <script type="optin" data-type="text/javascript" data-category="statistics" data-src="/path/to/your/statistic/script.js"></script> <script type="optin" data-type="text/javascript" data-category="marketing" data-src="/path/to/your/mareketing/script.js"></script> <script type="optin" data-type="text/javascript" data-category="external_media" data-src="/path/to/your/external-media/script.js"></script> <script type="optin" data-type="text/javascript" data-category="marketing">console.log("Inline scripts are also working!");</script> The type has to be "optin" to get recognized by PrivacyWire, the data-attributes are giving hints, how the script shall be loaded, if the data-category is within the cookie consents of the user. These scripts are loaded asynchronously after the user made the decision.
      If you want to give the users the possibility to change their consent, you can use the following Textformatter:
      [[privacywire-choose-cookies]] It's planned to add also other Textformatters to opt-out of specific cookie groups or delete the whole consent cookie.
      You can also add a custom link to output the banner again with a link / button with following class:
      <a href="#" class="privacywire-show-options">Show Cookie Options</a> <button class="privacywire-show-options">Show Cookie Options</button> This module is still in development, but we already use it on several production websites.
      You find it here: https://github.com/blaueQuelle/privacywire/tree/master
      Download: https://github.com/blaueQuelle/privacywire/archive/master.zip
      I would love to hear your feedback 🙂
      Edit: Updated URLs to master tree of git repo
       
    • By David Karich
      Admin Page Tree Multiple Sorting
      ClassName: ProcessPageListMultipleSorting
      Extend the ordinary sort of children of a template in the admin page tree with multiple properties. For each template, you can define your own rule. Write each template (template-name) in a row, followed by a colon and then the additional field names for sorting.
      Example: All children of the template "blog" to be sorted in descending order according to the date of creation, then descending by modification date, and then by title. Type:
      blog: -created, -modified, title  Installation
      Copy the files for this module to /site/modules/ProcessPageListMultipleSorting/ In admin: Modules > Check for new modules. Install Module "Admin Page Tree Multible Sorting". Alternative in ProcessWire 2.4+
      Login to ProcessWire backend and go to Modules Click tab "New" and enter Module Class Name: "ProcessPageListMultipleSorting" Click "Download and Install"   Compatibility   I have currently tested the module only under PW 2.6+, but think that it works on older versions too. Maybe someone can give a feedback.     Download   PW-Repo: http://modules.processwire.com/modules/process-page-list-multiple-sorting/ GitHub: https://github.com/FlipZoomMedia/Processwire-ProcessPageListMultipleSorting     I hope someone can use the module. Have fun and best regards, David
    • By dimitrios
      Hello,
      this module can publish content of a Processwire page on a Facebook page, triggered by saving the Processwire page.
      To set it up, configure the module with a Facebook app ID, secret and a Page ID. Following is additional configuration on Facebook for developers:
      Minimum Required Facebook App configuration:
      on Settings -> Basics, provide the App Domains, provide the Site URL, on Settings -> Advanced, set the API version (has been tested up to v3.3), add Product: Facebook Login, on Facebook Login -> Settings, set Client OAuth Login: Yes, set Web OAuth Login: Yes, set Enforce HTTPS: Yes, add "https://www.example.com/processwire/page/" to field Valid OAuth Redirect URIs. This module is configurable as follows:
      Templates: posts can take place only for pages with the defined templates. On/Off switch: specify a checkbox field that will not allow the post if checked. Specify a message and/or an image for the post.
      Usage
      edit the desired PW page and save; it will post right after the initial Facebook log in and permission granting. After that, an access token is kept.
       
      Download
      PW module directory: http://modules.processwire.com/modules/auto-fb-post/ Github: https://github.com/kastrind/AutoFbPost   Note: Facebook SDK for PHP is utilized.


×
×
  • Create New...