Server Management

After getting started, here some things to keep in mind.

Rejecting Arbitrary Queries

With persisted queries, you can stop accepting arbitrary GraphQL input. This way, malicious users can’t run large or inappropriate queries on your server.

In short, you can ignore arbitrary GraphQL by skipping the first argument of MySchema.execute:

# app/controllers/graphql.rb

# Don't pass a query string; ignore `params[:query]`
MySchema.execute(
  context: context,
  variables: params[:variables],
  operation_name: params[:operationName],
)

However, take these points into consideration:

If those apply to you, you can apply some logic to query_string:

# Allow arbitrary GraphQL:
# - from staff users
# - in development
query_string = if current_user.staff? || Rails.env.development?
  params[:query]
else
  nil
end

MySchema.execute(
  query_string, # maybe nil, that's OK.
  context: context,
  variables: params[:variables],
  operation_name: params[:operationName],
)

Deleting Data

Clients can only add to the database, but as an administrator, you can also delete entries from the database. (Make sure you authorize access to the UI.)This is a dangerous operation: by deleting something, any clients who depend on that data will crash.

Some reasons to delete from the database are:

If this is true, you can use “Delete” buttons to remove individual operations or entire clients.

Integration with Your Application

It’s on the road map to add a Ruby API to OperationStore so that you can integrate it with your application. For example, you might:

If this interests you, please open an issue or email support@graphql.pro.