Jump to content
dadish

GraphQL for ProcessWire

Recommended Posts

15 minutes ago, Nurguly Ashyrov said:

Now I don't really know how to go on with this thread. Should we abandon it and start new thread in the modules section? Or maybe this thread could be moved to modules section? What @moderators think of this?

Personally I think that this thread already includes so much great content that it'd be a shame to abandon it -- not to mention that it's more than likely that folks looking for details about this module would end up here anyway.

It's your choice obviously, but if you want, I (or any other moderator here) would be more than happy to move this thread to the modules section. Just let us know when you have decided what to do with it :) 

  • Like 2

Share this post


Link to post
Share on other sites
2 hours ago, teppo said:

Personally I think that this thread already includes so much great content that it'd be a shame to abandon it -- not to mention that it's more than likely that folks looking for details about this module would end up here anyway.

It's your choice obviously, but if you want, I (or any other moderator here) would be more than happy to move this thread to the modules section. Just let us know when you have decided what to do with it :) 

I agree with you on that. I think it would be best if we move this thread to modules section. So, please move it to the modules section. Then after I will update my first post of this thread a bit and add a module tag I guess :) 

  • Like 3

Share this post


Link to post
Share on other sites
On 18/03/2017 at 1:29 PM, Nurguly Ashyrov said:

I agree with you on that. I think it would be best if we move this thread to modules section. So, please move it to the modules section. Then after I will update my first post of this thread a bit and add a module tag I guess :) 

Moved :)

  • Like 2

Share this post


Link to post
Share on other sites
50 minutes ago, teppo said:

Moved :)

Thank you @teppo! I knew I can count on you! :cool:

  • Like 3

Share this post


Link to post
Share on other sites

I am trying to use this module in the frontend. I added the following code:
 

<button class="graphBtn">Fetch data!</button>
<script src="<?php echo $config->urls->templates?>js/axios.js"></script>
<script>
  var $button = document.querySelector('.graphBtn');
  $button.addEventListener('click', function (e) {
    e.preventDefault();
    axios.post('/graphql/', {
      query: `
      {
        basic_page{
          list{
            title,
            summary,
            url
          }
        }
      }
      `
    })
      .then(response => {
        console.log(response.data);
      });
  });
</script>

And this is what I get back:

{
  "errors": [ { "message": "Must provide an operation." } ]
}

Do you know why? If I try the query in the GraphiQl admin I get the right data back. Do I have the wrong permissions set in the module?
 

Share this post


Link to post
Share on other sites
1 hour ago, microcipcip said:

...

Do you know why? If I try the query in the GraphiQl admin I get the right data back. Do I have the wrong permissions set in the module?

No, it's not the permissions. You're doing everything properly.

I never tried this module with axios before, therefore this error is new to me. It turns out that axios sets the Content-Type header to application/json;charset=UTF-8 instead of application/json. That's where the problem was, because the ProcessGraphQL module would parse json payload only if Content-Type was set to just application/json. I changed the behavior and now it will look to your query in json payload if Content-Type contains application/json string in it. Please grab the latest version of the module and try again. It should work now.

Thank you for taking time to report the issue.

  • Like 6

Share this post


Link to post
Share on other sites

Now it works!! This is so cool...I wish I could like this thread twice :). Do you have any plan of adding the RepeaterField?

I don't know if it has been mentioned in this thread yet, but I found this cool GraphQL tutorial that may be useful for someone new to GraphQL. When I learn GraphQL properly I'll test this module more, as I think it has huge potential for introducing FrontEnd devs to ProcessWire.

  • Like 5

Share this post


Link to post
Share on other sites
19 minutes ago, microcipcip said:

Now it works!! This is so cool...I wish I could like this thread twice :). Do you have any plan of adding the RepeaterField?

I am happy it works now :). The plan is to add support for all core fieldtypes. That includes RepeaterField also. I will try to keep everyone updated via this thread, and you can also keep with the changelog.

  • Like 6

Share this post


Link to post
Share on other sites

Hi, and thanks for this great module :)

Can you provide an example on how to create/update a page from GraphQL API ?

Tried it without success...

 

Thank you !

Share this post


Link to post
Share on other sites
On 3/21/2017 at 7:59 PM, mvdesign said:

Hi, and thanks for this great module :)

Can you provide an example on how to create/update a page from GraphQL API ?

Hi @mvdesign. So sorry that I could not respond earlier. I decided to make an introduction video for this module to help people that are trying to use it. But then, I never made a screencast video before, and on top of that, the last time I spoke english was 2011. So I had to take dozens of try-outs till I got something watchable.

So here is the video. It shows how you would create/update pages with this module. The video is far from OK, so I will probably record another one after I get some feedback. Until then please refer to this video to learn about how the module works.

 

  • Like 23

Share this post


Link to post
Share on other sites

Fantastic video @Nurguly Ashyrov - really well put together and great English - I don't know how you come across so clearly given that you haven't spoken it in 6 years!

I am really excited to start using this module. The one thing I noticed which seemed a little weird to me was that by default the skyscraper-editor (or guest) user didn't have access to fields until you enabled field level access control and explicitly gave them view access (~35:10 min mark in video). By default in ProcessWire, anyone can view a field if field level access control is turned off. Only once it is turned on are any restrictions applied. Does that make sense, or did I misinterpret something?

Thanks again - this is going to be so very useful!

 

  • Like 3

Share this post


Link to post
Share on other sites

Thanks @adrian! I rerecorded the video many times before I could make it watchable. Trust me, you wouldn't say the same thing for the very first ones :D 

About the field access rules. Yeah that's true. By default the behavior is the opposite to the one in ProcessWire. I think it would be better for security if the module initially treats everything private. But I get what you mean. In cases where you have dozens of fields in one template, it would be too tedious to configure access for each of them. That's why there is an option to reverse the behavior in the advanced section of the module configuration. You can learn more about it here. This option basically makes all fields without Access rules available to the public and you can restrict access by enabling rules only to couple ones.

  • Like 9

Share this post


Link to post
Share on other sites

 

3 minutes ago, Nurguly Ashyrov said:

I think it would be better for security if the module initially treats everything private.

+1

Also, normally a public query interface should not serve all data by default, as that would allow for pretty easy data harvesting.

  • Like 2

Share this post


Link to post
Share on other sites

awesome screencast, nurguly. easy to follow, well explained and well spoken. it helped me a lot to get a better understanding what your module does and what could be done!

i'm curious what will be built on top of this :)

  • Like 2

Share this post


Link to post
Share on other sites
19 minutes ago, Nurguly Ashyrov said:

Thanks @adrian! I rerecorded the video many times before I could make it watchable. Trust me, you wouldn't say the same thing for the very first ones :D 

About the field access rules. Yeah that's true. By default the behavior is the opposite to the one in ProcessWire. I think it would be better for security if the module initially treats everything private. But I get what you mean. In cases where you have dozens of fields in one template, it would be too tedious to configure access for each of them. That's why there is an option to reverse the behavior in the advanced section of the module configuration. You can learn more about it here. This option basically makes all fields without Access rules available to the public and you can restrict access by enabling rules only to couple ones.

Thanks for the explanation and for the "Grant Field Access" config option. I definitely see your logic behind treating access the other way around. I guess I was just considering the situation where you have a regular web site where you want to be able to use the PW API as well as GraphQL. In this situation I would have no problem with all fields being accessible, so great that option is available!

  • Like 2

Share this post


Link to post
Share on other sites

Super-useful video and your command of English is really impressive: you are more articulate than many native speakers! :D

It's very slick what the GraphQL devs have done with the GraphiQL tool - so nice having the documentation explorer right there inside the tool.

Thanks for the video, and also a separate thanks for updating the Skyscrapers profile and making the export of that available. Would it be okay to mention your repo of that over in the Skyscrapers Profile thread so people can use it until we have an official profile release by Ryan?

  • Like 1

Share this post


Link to post
Share on other sites

@Nurguly Ashyrov awesome cast! Thanks for making all this and taking your time to make it awesome :) This is really cool stuff and opens up a lot of possibilities.

  • Like 3

Share this post


Link to post
Share on other sites
5 hours ago, Robin S said:

Thanks for the video, and also a separate thanks for updating the Skyscrapers profile and making the export of that available. Would it be okay to mention your repo of that over in the Skyscrapers Profile thread so people can use it until we have an official profile release by Ryan?

Sure, by all means.

5 hours ago, Soma said:

@Nurguly Ashyrov awesome cast! Thanks for making all this and taking your time to make it awesome :) This is really cool stuff and opens up a lot of possibilities.

Thanks. I am glad you like it @Soma.

  • Like 1

Share this post


Link to post
Share on other sites

Just playing around a little with it and it's amazing having a blast. 

Just wanted to mention I got caught by a redirect scenario and language stuff. :) If you have multilange installed and configured to have language segments "/en/", "/de/" ...  so trying out ajax requests to "/graphql/" would redirect to "/en/graphql/ " but you get a response:

{"errors":[{"message":"Must provide an operation."}]}

So it took me a while to figure out and was looking at the query instead. Doing the request to "/en/graphql/" works flawless.

I was testing the languages and the graphql pages you create don't have alternative languages active. This also might get you caught, when graphql is installed when there is more than 1 language set up.

Permission so far seem to work. The template access setting seem no to be inherited, I guess that is intentional? I may have missed it and it was mentioned. Then I'm sorry.  – Like in a default install "home" has guest view access enabled, so all pages inherit that (unless you set it no to). But I had to give basic-page explicit guest view access to get querying. I think it's ok to not have all templates inherit access for graphQL. 

Thanks and keep up the good work!

 

  • Like 5

Share this post


Link to post
Share on other sites

How does the date field work? I get "Not valid resolved type for field \"datetime\"" datetime being the name of the field in my case.

Edit: Forget it I'm dumb, forgot to allow the field. It's unusual to not have access as superuser. But the error message is a little missleading :)

Edit: Lol hmm I added it to allowed fields and still same error. System fields "created",  "modified" work fine.

Also if you only want to get one specific page is it correct to do for example a

{
  basic_page(s: "id=1001"){ 
    list{ 
      title
    }
  }
}

or are there any other methods?

Edit:

Something else would be image Pageimage is there any support for creating sizes? I see there's something but I don't understand it yet. 

Edit: Ok I got it. I have to enable "size" for image first images the it work nicely:

... images{ size(width: 150, height: 0) { url } } ... 

So we can request a size that doesn't exist and it will create it if we have rights to do so. Thats would be pretty cool. Would be crazy to allow some stranger creating 1million sizes through public API :). But still if one has write access it is possible, but maybe thats no real issue. 

I'm still trying to grasp the concept of graphQL and your implementation in PW. So every new Fieldtype and InputfieldType would have to be implemented to work with graphQL?

  • Like 1

Share this post


Link to post
Share on other sites

I think I have found a possible solution for @bernhard  and @LostKobrakai  concerns about the ability to perform queries in the frontend.

You could use the persisted queries technique, basically you can install this npm package (there's also this webpack plugin) that will scan your code and remove the graphQL client side queries and save them to an external JSON file. Then in the PHP side you could load this JSON file and give GraphQL the right query based on the query id sent from the client side (I think you can also send variables along the query id, so the query is not "static").

I guess that if a malicious user sends a standard graphQL query you could just intercept that, so if it is not a valid id from the generated JSON file you won't execute graphQL.

  • Like 1

Share this post


Link to post
Share on other sites
On 3/31/2017 at 6:31 PM, Soma said:

Just wanted to mention I got caught by a redirect scenario and language stuff. :) If you have multilange installed and configured to have language segments "/en/", "/de/" ...  so trying out ajax requests to "/graphql/" would redirect to "/en/graphql/ " but you get a response:


{"errors":[{"message":"Must provide an operation."}]}

So it took me a while to figure out and was looking at the query instead. Doing the request to "/en/graphql/" works flawless.

Yeah, I had my nightmares with this situation too. There are lots of scenarios when ProcessWire could redirect your ajax requests and the graphql will not receive the query. The ones that I had encountered were:

  • If the url ends without slash: ...website.com/graphql ==> ...website.com/graphql/
  • If there is now www prefix: website.com/graphql/ ==> www.website.com/graphq/

And now I guess when languages are enabled you also gotta make sure ProcessWire is not redirecting you to the respective language url of the graphql api. I haven't tested the module with the languages enabled yet, but I am sure there would be some additional caveats.

On 3/31/2017 at 6:31 PM, Soma said:

Permission so far seem to work. The template access setting seem no to be inherited, I guess that is intentional? I may have missed it and it was mentioned. Then I'm sorry.  – Like in a default install "home" has guest view access enabled, so all pages inherit that (unless you set it no to). But I had to give basic-page explicit guest view access to get querying. I think it's ok to not have all templates inherit access for graphQL. 

Yes, that's the expected behavior. Unfortunately to support permission inheritance would be too expensive. Because it means to check template permissions of each ancestor of each returned page. I think the module is already slow and supporting permission inheritance would make it even slower. I guess I have to mention about not supporting permission inheritance somewhere in the documentation of the module.

23 hours ago, Soma said:

... Lol hmm I added it to allowed fields and still same error. System fields "created",  "modified" work fine.

That's right, it turns out there was a bug. I pushed an update regarding the datetime field. Grab the latest version of the module and it should work properly.

23 hours ago, Soma said:

Also if you only want to get one specific page is it correct to do for example a


{
  basic_page(s: "id=1001"){ 
    list{ 
      title
    }
  }
}

or are there any other methods?

Yep. That's the way. I know, it's ugly. But I can't think of a less verbose way to return a single page from the api. We could, of course introduce an additional field for each template like basic_page_single or something. But I don't think it's worth it, plus it will make the schema bigger for very little gain.

23 hours ago, Soma said:

So we can request a size that doesn't exist and it will create it if we have rights to do so. Thats would be pretty cool. Would be crazy to allow some stranger creating 1million sizes through public API :). But still if one has write access it is possible, but maybe thats no real issue. 

I'm still trying to grasp the concept of graphQL and your implementation in PW. So every new Fieldtype and InputfieldType would have to be implemented to work with graphQL?

I totally agree. We can't allow everyone to create images. The size field of the image type creates images only if the user has an edit permission on that image field. It is still available to the users who do not have edit permission, but only for getting existing variations, and it should return null if there isn't an image variation with the requested size.

Edit: By the way, thanks a lot for the feedback.

  • Like 4

Share this post


Link to post
Share on other sites

@Nurguly Ashyrov Thanks for the video ! i'm using your module with Vue.js for a web application, really nice. I'm juste facing a problem right now, i get an error when trying to get checkboxes : Not valid resolved type for field \"checkbox_name\" (the field access is allowed in graphql settings). Any idea ?

 

  • Like 1

Share this post


Link to post
Share on other sites
18 minutes ago, mvdesign said:

@Nurguly Ashyrov Thanks for the video ! i'm using your module with Vue.js for a web application, really nice. I'm juste facing a problem right now, i get an error when trying to get checkboxes : Not valid resolved type for field \"checkbox_name\" (the field access is allowed in graphql settings). Any idea ?

Yes. It was my bad. I did not make sure the FieldtypeCheckbox always returned a boolean. I think it returns 0/1 in ProcessWire. Anyways, just patched it. Update to the latest version and it should work.

Edit: As always, thanks for the feedback.

  • Like 2

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By bernhard
      --- Please use RockFinder3 ---
    • By MoritzLost
      Cacheable Placeholders
      This module allows you to have pieces of dynamic content inside cached output. This aims to solve the common problem of having a mostly cacheable site, but with pieces of dynamic output here and there.  Consider this simple example, where you want to output a custom greeting to the current user:
      <h1>Good morning, <?= ucfirst($user->name) ?></h1> This snippet means you can't use the template cache (at least for logged-in users), because each user has a different name. Even if 99% of your output is static, you can only cache the pieces that you know won't include this personal greeting. A more common example would be CSRF tokens for HTML forms - those need to be unique by definition, so you can't cache the form wholesale.
      This module solves this problem by introducing cacheable placeholders - small placeholder tokens that get replaced during every request. The replacement is done inside a Page::render hook so it runs during every request, even if the response is served from the template cache. So you can use something like this:
      <h1>Good morning, {{{greeting}}}</h1> Replacement tokens are defined with a callback function that produces the appropriate output and added to the module through a simple hook:
      // site/ready.php wire()->addHookAfter('CachePlaceholders::getTokens', function (HookEvent $e) { $tokens = $e->return; $tokens['greeting'] = [ 'callback' => function (array $tokenData) { return ucfirst(wire('user')->name); } ]; $e->return = $tokens; }); Tokens can also include parameters that are parsed and passed to the callback function. There are more fully annotated examples and step-by-step instructions in the README on Github!
      Features
      A simple and fast token parser that calls the appropriate callback and runs automatically. Tokens may include multiple named or positional parameters, as well as multi-value parameters. A manual mode that allows you to replace tokens in custom pieces of cached content (useful if you're using the $cache API). Some built-in tokens for common use-cases: CSRF-Tokens, replacing values from superglobals and producing random hexadecimal strings. The token format is completely customizable, all delimiters can be changed to avoid collisions with existing tag parsers or template languages. Links
      Github Repository & documentation Module directory (pending approval) If you are interested in learning more, the README is very extensive, with more usage examples, code samples and usage instructions!
    • By Craig
      I've been using Fathom Analytics for a while now and on a growing number of sites, so thought it was about time there was a PW module for it.
      WayFathomAnalytics
      WayFathomAnalytics is a group of modules which will allow you to view your Fathom Analytics dashboard in the PW admin panel and (optionally) automatically add and configure the tracking code on front-end pages.
      Links
      GitHub Readme & documentation Download Zip Modules directory Module settings screenshot What is Fathom Analytics?
      Fathom Analytics is a simple, privacy-focused website analytics tool for bloggers and businesses.

      Stop scrolling through pages of reports and collecting gobs of personal data about your visitors, both of which you probably don't need. Fathom is a simple and private website analytics platform that lets you focus on what's important: your business.
      Privacy focused Fast-loading dashboards, all data is on a single screen Easy to get what you need, no training required Unlimited email reports Private or public dashboard sharing Cookie notices not required (it doesn't use cookies or collect personal data) Displays: top content, top referrers, top goals and more
    • By daniels
      This is a lightweight alternative to other newsletter & newsletter-subscription modules.
      You can find the Module in the Modules directory and on Github
      It can subscribe, update, unsubscribe & delete a user in a list in Mailchimp with MailChimp API 3.0. It does not provide any forms or validation, so you can feel free to use your own. To protect your users, it does not save any user data in logs or sends them to an admin.
      This module fits your needs if you...
      ...use Mailchimp as your newsletter / email-automation tool ...want to let users subscribe to your newsletter on your website ...want to use your own form, validation and messages (with or without the wire forms) ...don't want any personal user data saved in any way in your ProcessWire environment (cf. EU data regulation terms) ...like to subscribe, update, unsubscribe or delete users to/from different lists ...like the Mailchimp UI for creating / sending / reviewing email campaigns *I have only tested it with PHP 7.x so far, so use on owners risk
      EDIT:
      Since 0.0.4, instructions and changelog can be found in the README only. You can find it here  🙂
      If you have questions or like to contribute, just post a reply or create an issue or pr on github, thanks!
    • By MoritzLost
      Sorry for the convoluted title. I have a problem with Process modules that define a custom page using the page key through getModuleInfo (as demonstrated in this excellent tutorial by @bernhard). Those pages are created automatically when the module is installed. The problem is that the title of the page only gets set in the current language. That's not a problem if the current language (language of the superuser who is installing the module) is the default language; if it isn't, the Process page is missing a title in the default language. This has the very awkward effect that a user using the backend in the default language (or any other language) will see an empty entry in the setup menu:

      This screenshot comes from my Cache Control module which includes a Process page. Now I realize the description sounds obscure, but for us it's a common setup: We a multiple bilingual sites where the default language is German and the second language is English. While the clients use the CMS in German, as a developer I prefer the English interface, so whenever I install a Process module I get this problem.
      As a module author, is there a way to handle this situation? I guess it would be possible to use post-installation hooks or create the pages manually, but I very much prefer the declarative approach. The page title is already translatable (through the __ function), but of course at the time of installation there is no translation, and as far as I'm aware it's not possible to ship translations with a module so they are used automatically. Could this situation be handled better in the core? I would prefer if the module installation process would always set the title of the Process page in the default language, instead of the language of the current user.
×
×
  • Create New...