A better way to handle GraphQL Validations

validate-graphql is a simple and elegant module that provides you an easy way to validate your queries and mutation with your own logic and YUP validation module. This allows an excellent way to configure your own validation logic by accepting your own validation functions that can be executed before your resolver gets executed.

GitHub link = https://github.com/ganeshcse2991/validate-graphql
Npm link = https://www.npmjs.com/package/validate-graphql

Introduction:

I have been working with GraphQL for almost 2 years now. This article is targeted at developers who already use GraphQL. If you are completely new to GraphQL please read about it here and do come back.

IMO GraphQL is a non-opinionated framework. People follow different guides and approaches based on their convenience. It’s one of the major pros when it comes to GraphQL.

Queries and Mutations:

I am not going to explain what GraphQL queries and mutations are. You can relate it to GET and POST methods in REST respectively. You can read about it here.

A Sample Query:

getAllUsers: {
type: new GraphQLList(userType),
args: {
user_company: userCompanyField,
user_location: userLocationField,
user_title: userTitleField,
user_manager: userManagerField
},
resolve: resolveGetAllUsers
}

A Sample Mutation

createUser: {
type: userType,
args: {
name: userCompanyField,
company: userCompanyField,
location: userLocationField,
manager: userManagerField
},
resolve: resolveCreateUser
}

This is just a basic example of how a query and mutation looks like.

A Struggle with Validation:

The above examples contain the structure of GraphQL queries and mutations. It does provide an efficient way to validate the data type of your request fields — fields you have given in the args in the above example. But type validation alone is not enough to build a production-ready APIs. We need to validate args based on values too.

I have tried a few npm modules for validation in GraphQL. But the problem is, the tools I tried are validating once your method call goes into the resolver i.e the Service layer or the validation is done by configuring on the query and mutation itself which affects the design and code quality.

Let’s list out the basic layers of the GraphQL APIs:

1. Middlewares
2. Resolvers
3. Service layer
4. Cache layer
5. Database layer

One approach to handle validation is, your Service layer and Database layers can have helpers that can perform your validations.

But I am more concerned about the design here. In my opinion, every API should have a separate layer for validation. The Validation layer should not be tightly coupled with the Service layer. Also, your Validation layer cannot be completely isolated from the Database layer and the Cache layer.

So to conclude, I need my Validation layer to be executed first before my resolvers. Also, I want to isolate validations that involve database queries from the Service layer. So the best way is to introduce a Validation layer that will be executed before the resolvers and services.

An efficient way and better design:

I want GraphQL to validate the queries and mutations like below:

getAllUsers: {
type: new GraphQLList(userType),
args: {
user_company: userCompanyField,
user_location: userLocationField,
user_title: userTitleField,
user_manager: userManagerField
},
resolve: resolveGetAllUsers,
validate: validationFunction(args, context)
}
createUser: {
type: userType,
args: {
name: userCompanyField,
company: userCompanyField,
location: userLocationField,
manager: userManagerField
},
resolve: resolveCreateUser
validate: validationFunction(args, context)
}

Obviously, there is no in-built function in GraphQL that supports this behavior.

So I have written an NPM module to do the exact stuff which I mentioned in the above code.

I have added a README file on the NPM module and have explained it clearly on how to use it.

GitHub link — https://github.com/ganeshcse2991/validate-graphql

Npm link — https://www.npmjs.com/package/validate-graphql

Please go ahead and try if you are using NodeJS and GraphQL.

Thanks for reading this article.

I head technical development at Upshotly. We are excited about building tools for modern leaders to help them put their people at the heart of business success. If you think you benefited from this blog, please share it with your friends and co-workers! In case you have any queries, clarification, or an idea for my next blog, please let me know in the comments!