Sure, if emojis could be infinitely extended with arbitrary images and were sent as their own messages instead of being embedded inline with other text. Replying to another message with a sticker also fills the role played by reactions on Facebook Messenger.
the implication of same-origin would affect all requests made from the client. you can serve malicious js from the server all day long but it would be restricted to only talking back to that same server.
Yet another tutorial about using a GraphQL client. It's nice but I think the hard part is implementing a GraphQL server. Are there any examples of a full blown GraphQL server, interpreting complex queries as SQL/NoSQL queries in a performant way?
> Are there any examples of a full blown GraphQL server
Sure! But here's the thing to know: the meat of a GraphQL server is in the schema. Every server implementation you see will have you define a schema, and then will execute queries against it. I would do the setup for the implementation in the language of your choice (instructions for which is usually listed in the README of the git repo), and then take a look at example schema, the most famous of which is the Star Wars schema:
> interpreting complex queries as SQL/NoSQL queries in a performant way
Something which is often confusing is that GraphQL is completely database agnostic. However you were fetching data from your database of choice before, you will continue to do. GraphQL has you define types (i.e. a user type, a blog post type, etc.), and then you tell it how to fetch that data. It could be a library for SQL, NoSQL, or even another API.
For example, imagine I define my GraphQL schema which is pretty similar to another GraphQL schema (of a remote API server).
Could I implement my GraphQL server's resolvers in such a way that they simply rewrite/reinterpret the incoming query by forwarding the (modified) query to the target remote GraphQL server? Or will it be very inefficient and very hard to write this kind of GraphQL-schema-to-similar-GraphQL-schema adapter?
To compare REST, one can imagine (a part of) your REST API being similar to another external REST API. It's relatively straightforward to have your HTTP handlers map to remote REST API endpoints and make the neccessary conversions. (Assuming your REST endpoints map relatively 1:1 to the other API's REST endpoints).
I'm still fairly new to GraphQL, so take this with a grain of salt, but it's my understanding that a idiomatic GraphQL server would implement a single purpose resolver function for _every single field_ in the schema, and these field resolvers would then compose together to resolve larger query fragments. Often a request caching & batching layer like Facebook's own DataLoader library is necessary to make data fetching efficient and performant under this model: http://graphql.org/learn/best-practices/#server-side-batchin...
So in other words, for parts of your schema that are similar to each other, you'd simply include and compose together the relevant resolver functions for the fields they share. The conceptual model is similar to reducer composition in Redux, where top-level reducers (analogous to the root query resolver in GraphQL) can delegate to child reducers each responsible for only a part of the application state (or child resolvers each responsible for resolving a single fragment of the whole query), and this delegation can continue to arbitrary depths.
EDIT: I see your question is actually about composing with third party GraphQL APIs, so I haven't really answered it. GraphQL resolvers are just functions that return data. So you can certainly just implement an async resolver that forwards the received GraphQL query to a remote API of interest, and take the response returned and merge/override it with additional data to form the response to your own query.
Depending on what you're looking for, it might not be straightforward with the normal high level utilities, but most libraries also provide lower level functions for parsing and such.
If you just want to grab an object for a certain edge than that's easy. Routing the entire query differently based on something at the root would also be easy, but routing it based on something deeply nested might be trickier, but still not too tricky.
I used the server tutorials in howtographql.com, they were very informative.
Scroll down to the hands on tutorials, the ones on the right are server-side tutorials. I still recommend you read through the beginner material as well!
Seconded - Tons of GraphQL + Apollo Client tutorials out there but not much on the server. I've been using Graph.cool which does the work for me but if I have to make a server it'll be a lot harder.
I created a boilerplate example that uses Hapi, Apollo Server, Knex (SQLite) & Webpack to give you an idea on how to get started. Apollo Server makes it easy for you understand how to write a GraphQL server by breaking it down into typeDefs and resolvers, that are needed to create your schema.
If an attacker has root access to your machine, he can easily:
* Extract passwords and session tokens from your browsers
* Keylog your system and wait for you to type a certain password
* MiTM your TLS connection to grab credentials
>This is not an argument at all. Let's consider the situation when individual service gets compromised. Attacker has thousands of salted hashes
Wait, who said they are hashed? Perhaps an irresponsible webmaster stored them in plaintext. Now, even if that service itself isn't very important, it's likely that certain users re-used the same(or a similar) passwords in more important services, such as Google.
Now, while you're right that using a single master password does pose a risk, there aren't other viable solutions to secure password authentication,
unless you;
Memorize a strong password for every service that you use
Never share passwords among the services
Don't store saved logins in your browser
Never link your services to your email (because then if your email account is pwned, your accounts in those services would be pwned too, another "all eggs in one basket" issue)
If you can do all of the above, then great, but most people can't.
>Memorize a strong password for every service that you use
I keep hearing this argument and i think people who use it just don't understand why password has to have high entropy (e.g. strong). It's not to stop attacker from bruteforcing login page (nobody is doing it nowadays), it's to stop attacker from cracking hash, if he gets it. If password is unique, it doesn't have to be strong.
>If you can do all of the above, then great, but most people can't.
And this stuff again... "Security is hard, just use this password manager, dum-dum." All you have to do, is divide your accounts into two groups: accounts you care about and accounts you don't. Most people would not have more than 4-5 accounts in the first group. Create and memorize strong password for them. For the second group, you couldn't care less, so use passmanager, that is the only good use case for it anyway.
I think this is actually a case for delegated authentication, you can quite simply let Facebook(or Google,MS or some other trusted auth provider) handle these things
instead of implementing them yourself. Use some form of social login(OAuth2/OpenID Connect)
On a similar note, Keepass can be used without admin rights with the portable version, so you can keep the portable executable along with the encrypted db file in some secure and accessible email account/web service that your network doesn't block.
I'm no mobile developer but I guess that being able to share classes and libraries(that are non UI/mobile specific, mostly services and domain/business logic) among all the .NET platforms. So you could use the same libraries for an android,ios, windows phone client, a desktop GUI client, a webserver, a static website.
This doesn't make sense. JSON is used because it's a handy data interchange format, but it doesn't mean it's the best tool for every job.
XML is a document markup language that is much, much better than JSON for describing interfaces and alike. And even then it's not really ideal for describing control flow and computations that are needed for any meaningful app that is not a static page (see XAML, AngularJS, FXML, - they do have some power but they're still tied to real programming languages: C#, Javascript, and Java, respectively.)
And all computers and devices made in the last century have no problem dealing with XML, HTML, JS over the wire - in fact this is exactly what web browsers have been doing. So even though you're dealing with native iOS apps and not webpages, that doesn't mean you can't use a similar XML format(or any other document markup language) along with a proper scripting language.
And if you insist on staying close to JSON, you could go an all JS approach and use JS(instead of JSON) to describe your views, and also be able to embed JS computations - this is exactly what React does, and does very well.
And again, JSON is not a document markup language, so optimizing it for displaying documents/interfaces seems futile when you can just use XML and save yourself and the interpreter some pain.
> use a similar XML format(or any other document markup language) along with a proper scripting language
That's not simple. JSON is simple. Yours is two things, JSON is one thing. And a lot of people are responding positively to this, so the author may be on to something. JSON is NOT the best language for full expressiveness, you're absolutely right about that. But it's simple, it's one single syntax (not two), and it feels like "just configuration" even though you're doing the same amount of logic.
> so optimizing it for displaying documents/interfaces seems futile
I mean, this guy did it, didn't he? And it's open source so now you can too.
I'm glad people build new things. This is cool. Maybe it'll catch on, maybe it won't, but I'm glad he used JSON and not XML+JS. We already have phonegap and cocoon for that ;).
There are plenty of great server-side languages and environments. C#,Java,Scala,Python,Ruby,Haskell.
If this was about JavaScript and Front-End I might've agreed with you (there are transpilers but interoperability with JS modules can be tricky), however in the realm of servers there's so much freedom.. so why choose PHP out of them all?
> plenty of great server-side languages and environments
Depending on the type of project, I would choose PHP over at least some of the languages you mentioned; I guess "great" is not a significant quality when making architectural choices.
Just to be clear: I was thinking about factors like performance, choice of servers, how easy it is to hire good developers, library ecosystem etc.
EDIT: obviously the "awesome aspects" mentioned by GP are a similarly unsubstantiated claim ;-)
The .NET CORE is now open source and cross platform. Cross platform compatibility with the exact same source code, and the killer features/speed of C# makes its my personal choice for a server-side language. I would like to add that C# devs are not cheap and also seem to be slightly more limited in today's market compared to PHP devs.
If you are running .NET code in production on a non-Windows platform today, then you and your team are probably braver and more willing to work around issues than most. I hope that running .NET code on Linux becomes the common case, but I suspect that we are still a couple of years away from that.
It might not be exactly what you had in mind as 'in production', but it's probably worth noting that Unity uses Mono as a core component, and it seems to be fairly popular on non-Windows platforms.
If you are building software that will be deployed by a large number of users, having PHP provided by every $3.99 & up hosting company can't be underestimated. Languages like Haskell are nonstarters.
