User authorization is a vital part of any business application. Every developer faces the authorization challenge. There are many ways to implement authorization in Django. Django has a built-in permission-based authorization system, and there are some third-party apps like django-guardian and django-rules.

In our previous article, we implemented Token-based authentication with
django-graphql-jwt. It has also some useful decorators to implement authorization.

But in this article, I will share a custom way to implement role-based authorization in GraphQL. Maybe in the next article, I will share some other ways of authorizations with Django’s built-in permission module.

Let’s start writing some code.

Read More

In all most every project we need user authentication. Django has session-based built-in user authentication and authorization support. But in modern days most of our applications are stateless, so, we are covering here stateless user authentication with JWT.

If you are following our previous articles, you already created a blog app with Graphene-Django. We did not add user authentication for our blog app. Here we will use django-graphql-jwt with Graphene-Django.

Let’s do some basic setup.

Read More

In GraphQL, we can do multiple inserts, update and delete at a time. The cool thing about GraphQL is we have a lot of control in our hands. In the GraphQL query, we can ask exactly what we need. As well as query, we can post as much data as we want with GraphQL mutation.

There are a lot of real-life scenarios where we need a bulk insert, update or delete. Specially, In our modern Single Page Applications (SPA), a user may create, update or delete multiple related items at a time. Though GraphQL makes it easy to send data for bulk upsert or delete, we need a fast, cleaner way to do it with Django. The main challenge here is, we have to do a faster, memory-efficient way to implement upsert with large batch size.

Read More

Introduction

Application security is an absolute necessity and it must be a top priority. To make our application secure, we must do server-side data validation. Because we can’t rely on client-side input validation. Certainly, client-side input validation can be manipulated in many ways, which will make our system vulnerable. Therefore, the same input validation must be performed on the server-side.

Any application can have errors. So, handling errors and returning back some informative messages to the end-user is very important. GraphQL does not send any status code with a response like REST. It sends an array called errors with the details of the error. The location and the path of the error are also included. So, handling errors in GraphQL looks pretty simple. But you may need custom error handling with server-side data validation. We will cover both types of error handling and server-side data validation in the following.

Read More