How To Dev

Introduction In previous articles, I have provided guidance on using GraphQL in project development, however, the flexibility of GraphQL also comes with security risks that are not fully supported by default. In this article, I will guide you through two simple but effective ways to enhance security including Limit data : This applies not only to GraphQL but also to Restful APIs, this is the minimum necessary action to prevent Massive Data Retrieval attacks, because by default when querying data, it will fetch all records in the table, if your database has millions of records, it will cause your system to suffer an Out of Memory (RAM crash) immediately due to processing and parsing a huge amount of JSON data. GraphQL deep limit : Prevent Deep Nested Query attacks, in practical use cases, tables will always have relations with each other. If hackers discover this relationship, they can write nested queries 20-30 levels deep (such as users -> orders -> products -> order -> us...

Introduction GraphQL is a powerful query language for APIs which optimizes performance by allowing the client side to accurately define the required data structure, completely overcoming the over-fetching and under-fetching disadvantages of traditional REST APIs. In this article we will set up the connection environment as follows: Client connects to NextJS server which acts as a middleware to forward the GraphQL payload to NestJS. You will see that most of the implementation on NestJS will be quite simple and most of the content is auto-generated code via prisma-nestjs-graphql. It is suitable for projects that have complex processing requirements concentrated on the frontend and applying GraphQL will bring high flexibility in querying data so that the team can focus on building features for the frontend effectively. Prerequisites Please take a look at this article where I have specific instructions on setting up GraphQL for NextJS, here on the FE side we will use @tanstack/react-query...