Check out a free preview of the full Advanced GraphQL, v2 course:
The "Code Base Overview" Lesson is part of the full, Advanced GraphQL, v2 course featured in this preview video. Here's what you'd learn in this lesson:

Scott gives a tour of the course code repository, shows where to find the GraphQL server, and explains that the authentication system is already set up.

Get Unlimited Access Now

Transcript from the "Code Base Overview" Lesson

>> So if you didn't get a chance to pull the repo down, pull it down. I'm just gonna give you a tour of what's happening. So if you're on the master branch, which you should, that's what we're gonna be starting. There's also a solution branch that has all the code that will be finishing for this curriculum.

[00:00:17] So you can always check that out for references, or if you just get to the point where you want to see how I did something, go check it out. There's no one way to do any of the stuff that we're doing today. There's many ways to do all the stuff we're doing today.

[00:00:30] So that's just a reference. Your implementation might also be pretty good, too. So anyway, walking into the source folder, you have a couple of files here. We have author js, you're gonna be im a lot of work in here for this exercise, we'll get to it. Directives, so we'll get to this later.

[00:00:46] Don't worry about what's in there. The index file, this is where we actually create our graph kill server. So the thing to note here is, we already have some type definitions, we have some resolvers. And we have this context object that's doing some authentication. So already have set up for you.

[00:01:03] And JWT based authentication system in the context objects. And basically, what I'm doing here, is I'm just grabbing the token, if there is a token from the authorization header, and I'm trying to see if I can straight that token for a user. And if I can, I pass it down on the context objects.

[00:01:20] That user may be null, this function handles any errors, if there is no token and there is no user, it won't break, it'll just set user to null and you'll just have a null user. So this doesn't block any execution from GraphQL. This is only for authorization.

[00:01:36] It's trying to figure out if the user is who they say they are, and if they're not, its job is not to break the execution of graph QL, because our whole server would be locked down, and that's not what we want. We don't want our whole server to be locked down because the user isn't authorized.

[00:01:53] Because we might have things that we don't care if you authorize or not. So we don't wanna lock it down. We just wanna figure out who you are and pass it down. If you're nobody, we're gonna pass nobody down. That's basically what's happening here. So all this is given to you for free.

[00:02:05] Resolvers, these are all the resolvers that I already created for our server. Once you look at the type definitions, you'll understand. Basically, this server is going to be based on a social network. So we have users, we have posts, users have settings, we have a feed, things like that.

[00:02:24] And these are all the resolvers for that. You'll notice in here that most of the resolvers are gonna be using the user for doing any type of interaction with our, our mock database here that I'll get to in a little bit. And you'll see a little comment up here that saying, pretty much any query or mutation resolver using a user for a database query requires authentication.

[00:02:47] So first is one that doesn't, this public resolver function for the feed, this has no authentication, cuz it's a public feed of posts. So you wouldn't need to authenticate this. But for instance, if you wanted to get a user's settings, well, yeah, you might need to be authenticated to get your own settings.

[00:03:03] So, and you know that, because we're using the user ID inside the database. Type definitions, here's exactly what our API looks like. We have some up here. We have AI type user, because social networks have users. We have an authenticated user, which is a user with a JWT on it.

[00:03:21] We have a post that users can use to create post, settings which belongs to a user. We have an invite used to invite people if you're a certain role. And then, we have a whole bunch of queries and stuff. So for instance, the queries we have here is be able to get yourself with me.

[00:03:40] You can get all the posts, you can get one post, you can get gesture settings, and you can get the public feed. And then, for mutations, you can update your settings. You can create a post, update yourself, you can do an invite, and you can sign up and sign in.

[00:03:55] So a lot of things that are given to you for free, so this seems like a complete server to you. And you're like, what is this course about? Yeah, this is just the beginning. Everything else is gonna be on top of that. So if this is all you know about GraphQL is how to do this.

[00:04:07] You're in the right course. And next thing here is we got this utils function. There's only one function here, and it's helpful for something later on today. It's formatting a date and stuff like that. And the last thing we'll talk about is the database. So I don't have a real database in here, because the dependency of that is just too crazy for this course.

[00:04:25] So I'm using something called the low db, which is low-database. And it's based of on a JSON file, so you have a JSON file here, that database rights to you synchronously. And then, I just went ahead and created some mock models very similar to what you have in an ORM, like Mongoose, or Sequelize, or something like that.

[00:04:44] That will basically give you all these methods. So findOne, findMany, updateOne, remove, createOne, createMany, stuff like that. So you'll have access to that models objects, which is basically this, models that settings, models that post, models not user, you have access to that, inside the context object, because I'm passing it down here.

[00:05:07] So all your resolvers will have access to DB and models. So you don't have to import any of that. I'm a big fan of trying to pass things down. To the resolvers, via context, as much as possible, without having an import them, cuz they're lot easier to test, and you can just mock those things out by injecting things into the arguments, versus having to mock things out that you imported up top.

[00:05:29] Cool, that's the tour of the repo also there's some tests in here, we'll get to test later, so you don't have to worry about that. As far as scripts package.json, if you run the yarn dev script, this will start the server and keep reloading it for you if you make changes, so you don't have to worry about anything.

[00:05:45] The start command is for production. And when we get the test, you have a test command that will run your test. But the command you interested in is gonna be Dev. So yarn dev or NPM run dev, cool. Any questions on the turning point? Yes.
>> So in index.js, you mentioned that the user, if getUsedFromToken fails, if there's no token whatever user is passed down is null, but I noticed that in the resolvers, you reference user ID for it or

>> Yeah.
>> How does Apollo server handle errors?
>> So after authentication, I'm sorry. Later today, we're gonna talk about error handling. But you're right, that will break. And what you're about to do right now is fix it. Cuz that's 100% gonna break. Yes, good question.