GraphQL Shield

Open source

GraphQL server permissions as another abstraction layer of logic.

Contribute


Become a financial contributor.

Membership

Backer

Join us for $10.00 per month and support us

$10 USD / month

Latest activity by


+ 4
Recurring contribution

Sponsor

Join us for $100.00 per month and support us

$100 USD / month

Latest activity by


Custom contribution

Donation

Make a custom one-time or recurring contribution.

Latest activity by


+ 10

Top financial contributors

Organizations

1
GraphCMS

$1.9k USD since May 2018

2
Hitabis GmbH

$300 USD since Mar 2019

3
ScrapingBee

$220 USD since Oct 2019

4
QuestMate

$40 USD since Mar 2021

5
Open Collective

$25 USD since May 2019

6
Scraper API 2

$18 USD since Oct 2018

7
Affiliate Genius

$10 USD since Aug 2018

Individuals

1
Isaac Duran

$175 USD since Aug 2018

2
Nilan Marktanner

$57 USD since May 2018

3
Jason Brown

$55 USD since Jun 2018

4
Pia Mancini

$10 USD since May 2018

5
Oleksandr Mieliekh

$10 USD since Mar 2019

6
Jamie Barton

$8 USD since May 2018

7
Suraj Keshri

$5 USD since Jan 2020

GraphQL Shield is all of us

Our contributors 15

Thank you for supporting GraphQL Shield.

GraphCMS

Sponsor

$1,900 USD

Awesome project! We would love to see more cont...

Hitabis GmbH

$300 USD

ScrapingBee

Backer

$220 USD

Isaac Duran

Backer

$175 USD

Nilan Marktanner

Backer

$57 USD

Thanks for working on this great project!

Jason Brown

Backer

$55 USD

QuestMate

Backer

$40 USD

Scraper API 2

Backer

$18 USD

Affiliate Genius

Backer

$10 USD

Thanks for creating this!

Budget


Transparent and open finances.

$
Today’s balance

$140.64 USD

Total raised

$2,380.34 USD

Total disbursed

$2,239.70 USD

Estimated annual budget

$202.97 USD

About


GraphQL Shield

Permissions done the way they should be - abstracted away as another layer of logic.

The new way of thinking about permissions 🧠

There are mainly two methods of describing your permission logic in GraphQL server. You can write schema directives, or you include the logic inside every one of your resolvers. I hate the first one. It mixes the reasoning behind your application with a schema. In my opinion, the schema should only define the model, not the logic as well. On the other hand, you could describe your permission logic within your resolvers, but then again DRY - horrible! What if there were a third unforeseen option that might save the day?

GraphQL Shield for the win 🏆

GraphQL shield abstracts away your permission layer and allows you to reuse your ruleset in an intuitive yet straightforward way. Under the hood, there's a V8 shield engine. We know how vital the execution time of a query is and made significant optimisations to permission caching. Not only do we store resolved permission results, but also create cache maps up front to predetermine the best way to process the request.

Defining permissions is as comfortable as thinking about them. We are reusing a familiar API from GraphQL server and combining it with intuitive shield logic. Check out how simple it is to create an authentication mechanism.

import { rule, shield, allow } from 'graphql-shield'

const typeDefs = `
  type Query {
    viewer: Viewer
    fruits: [Fruit!]!
  }

  type Fruit {
    name: String!
    count: Int!
  }

  type Viewer {
    cart: [Fruit!]!
  }
`

// Rules

const isAuthenticated = rule()((parent, args, ctx, info) => {
  return ctx.user !== null && parent.mad === false
})

// Permissions

const permissions = shield({
  Query: allow,
  Fruit: {
    name: allow,
    count: isAuthenticated
  }
  Viewer: isAuthenticated,
})

Join the party 🎉

We love working on Shield and believe it is thoroughly changing the way we approach writing permission logic of our servers. Join our collective and support development of this fantastic tool!

Our team