Apollo-client: Support for stored queries
We should think about how we could support queries that are stored on the server, where the client sends only the operation name and variables to the server.
helfer
All 9 comments
Is the idea that a server with this setup would no longer accept _any_ arbitrary queries at all? Or is it possible to have a mix?
stubailo
on 4 Jun 2016
I think a mix should be possible, i.e. send just the operation name for a stored query (in which case the client only needs to know the signature) or send the entire query if it's not a stored one.
helfer
on 4 Jun 2016
A strict mode where the server is only accepting operation name and variables would be nice as to effectively offer a protection against arbitrary queries.
tlvenn
on 30 Jun 2016
Has there been any movement on this? At this point, I'm using stored queries for _everything_ - I don't see a reasonable way around it.
Having even one circular reference anywhere in the query path (User -> Posts -> User) can exhaust heap memory in V8 and essential DOS the API. The only effective way to guard against it (that I can tell) is to statically analyse the query _before_ executing (which then prevents dynamic paths) or have some kind of hard timeout. Neither is ideal -- I can't find any tooling to do the former, and the latter requires a lot of work cleaning up stalled SQL connections, etc.
So, I'm preempting query shapes on a server whitelist and just need the server to send data like this...
{
"operationName": "login",
"variables": {
"email": "bla",
"password": "bla"
}
}
I could just copy/paste the same queries over the client, but this is just wasted transpilation bytes and unnecessary bandwidth, since the server ignores everything else anyway.
leebenson
on 17 Nov 2016
@leebenson I think @Poincare is working on a tool that would let us use prepared queries. I'm not sure how close to done it is.
@Poincare what's the status of prepared queries? If it's going to be done in the next month, I'd love to add it to the 1.0 roadmap.
helfer
on 17 Nov 2016
This blog post mentions Stored Queries: https://dev-blog.apollodata.com/apollo-server-0-2-graphql-with-express-connect-hapi-or-koa-7e06b0a8fdb1#.65ypgu625
Is this only for Apollo Server?
scf4
on 22 Nov 2016
@scf4 sorry for the late reply. Yes, that post was just referring to the server. Most likely we'll have something ready for the client by January.
helfer
on 13 Dec 2016
We've got it, and it didn't require any core changes! https://dev-blog.apollodata.com/persisted-graphql-queries-with-apollo-client-119fd7e6bba5#.7itzp5jo3
stubailo
on 17 Mar 2017
Is someone using approach: on dev environment support mix(persisted & arbitrary) and on prod environment support only persisted queries?
raderio
on 1 Nov 2017
Related issues
nlko
路
3Comments
stubailo
路
3Comments
skeithtan
路
3Comments
gregorskii
路
3Comments
joergbaier
路
3Comments
Most helpful comment
@leebenson I think @Poincare is working on a tool that would let us use prepared queries. I'm not sure how close to done it is.
@Poincare what's the status of prepared queries? If it's going to be done in the next month, I'd love to add it to the 1.0 roadmap.