Graphql-engine: validation before INSERT or UPDATE or DELETE

Hm..what kind of validations are you looking at?

On Wed, 26 Dec 2018 at 1:40 PM, hengsovandara notifications@github.com
wrote:

Now I am working on validation some fields which I don't want to validate
on the client's side. And I am using Lambda function to create trigger. All
works seem fine, but unfortunately, I want to create validations before the
INSERT and UPDATE. Are there any ways to do it?

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
https://github.com/hasura/graphql-engine/issues/1267, or mute the thread
https://github.com/notifications/unsubscribe-auth/AAIAWOCapdCbnTG-Uxfw9hV8j7hvPXaMks5u8y7fgaJpZM4Zhfl7
.

Example, I have validate the email format or some others format before submit to database. We can do client side, it is not most secure part to do on client side.

Ah. Makes sense!

Well in that case I would recommend just writing a custom mutation as a serverless function and using remote schemas to add that mutation :)

Your code can run the validation and then update the table using whatever library you like to connect to the database or the Hasura GraphQL API (using access-key so that you can run the mutation as admin).

We've been working on creating some examples here:
https://github.com/hasura/graphql-serverless

You can just deploy the serverless function and then add the URL as a remote schema!

If you need any help setting this up, we're on discord. Feel free to ask questions there too. :)
https://discord.gg/vBPpJkS

@coco98 Hello Again, I have another issue which related to add remote schema, that add GraphQL server URL from API-Gateway, and then the error was raised Adding schema failed "Error in $: key \"data\" not present". Could you show the solution for this, because I can't find any ways. Thanks

Hi All,

Respecting the value Hasura has brought to our product, but data validation is one of our concerns with Hasura.

I think it would be an amazing feature to have. There might be some possible ways but as I'm not really sure about the underlying implementation of Hasura these might not be really possible:

• Create pre-action triggers.

• Now Hasura has more meaningful errors related to DB constraints, what if there be a feature to even customise these messages more. It will at least avoid us creating custom endpoints to only handle a message which Hasura is already capable to handle.

• Define custom validation/messages rules on fields in the Console.

I would definitely think about this. Hasura seems to be a great thing, but not having the ability to validate user data seems a big security issue. In this form Hasura can't really use in production.

I came here looking for existing solutions for data validation on server side (which I feel is necessary vs client side for actual production projects). I was expecting to find some sort of pre-insert validation options in the Data tab somewhere but was surprised to not see anything.

At this point, this is really the only thing holding me back from promoting is to production systems. I also understand there may be mutation workarounds as suggested above that I need to look into.

@qarthandgi There are few ways to do data validations server side: https://hasura.io/docs/1.0/graphql/manual/schema/data-validations.html

We also developed Hasura Actions to tackle this problem in a general way: https://github.com/hasura/graphql-engine/issues/1291#issuecomment-613273473