Hasura GraphQL Engine

基於 Postgres 的即時 GraphQL.
Instant Realtime GraphQL on Postgres.

Hasura GraphQL engine 提供了一個 Console 用於查詢和更新資料庫，並生成對應的

query
mutation

delete
insert
update

subscription

為了滿足個人使用的需求，採用 JWT 進行進行認證。

依然使用 k8s 進行安裝

apiVersion: extensions/v1beta1 kind: Deployment metadata: annotations: description: graphql-engine creationTimestamp: null name: graphql-engine namespace: {{.NAMESPACE}} spec: replicas: 1 revisionHistoryLimit: 5 selector: {} strategy: rollingUpdate: maxSurge: 1 maxUnavailable: 0 type: RollingUpdate template: metadata: creationTimestamp: null spec: containers: - env: - name: HASURA_GRAPHQL_DATABASE_URL value: postgres://hasura:hasura@hasura:5432/hasura - name: HASURA_GRAPHQL_ENABLE_CONSOLE value: "true" - name: HASURA_GRAPHQL_ACCESS_KEY value: hasura_grapthql_access_key - name: HASURA_GRAPHQL_JWT_SECRET value: {"type":"HS256", "key": "YOUR_JWT_SECRET"} image: hasura/graphql-engine:v1.0.0-alpha34 imagePullPolicy: Always name: graphql-engine resources: limits: cpu: 500m memory: 512Mi requests: cpu: 250m memory: 256Mi securityContext: privileged: false serviceAccountName: "" volumes: null status: {}

---
apiVersion: v1
kind: Service
metadata:
creationTimestamp: null
name: graphql-engine
namespace: {{.NAMESPACE}}
spec:
ports:
- name: tcp-8080-8080-ibox9
nodePort: 0
port: 8080
protocol: TCP
targetPort: 8080
selector: {}
type: ClusterIP
status:
loadBalancer: {}

啟動後使用上面設置的 HASURA_GRAPHQL_ACCESS_KEY 進行登錄

添加簡單的數據後進行查詢測試

許可權的設置方法比較多，這裡設置了兩種類型

在生成token的時候就要注意了，role 決定了所擁有的許可權，例如 user 只能查看

const raw = { id, username, userrole, https://hasura.io/jwt/claims: { x-hasura-allowed-roles: [admin, user, mod], x-hasura-default-role: userrole, x-hasura-user-id: `${id}`, x-hasura-user-name: username, }, };