apps/www/_blog/2022-03-29-graphql-now-available.mdx
๐ pg_graphql has undergone significant enhancements since this announcement. Here is what is new:
GraphQL support is now in general availability on the Supabase platform via our open source PostgreSQL extension, pg_graphql.
pg_graphql enables you to query existing PostgreSQL databases using GraphQL, either from within SQL or over HTTP:
From SQL:
select graphql.resolve($$
{
accountCollection(first: 1) {
edges {
node {
id
firstName
address {
countryCode
}
}
}
}
}
$$);
or over HTTP:
curl -X POST https://<PROJECT_REF>.supabase.co/graphql/v1 \
-H 'apiKey: <API_KEY>'\
-H 'Content-Type: application/json' \
--data-raw '
{
"query":"{ accountCollection(first: 3) { edges { node { id } } } }"
}'
GraphQL types and fields are reflected from the SQL schema:
For example:
create table "Account" (
"id" serial primary key,
"email" varchar(255) not null,
"createdAt" timestamp not null,
"updatedAt" timestamp not null
);
Translates to the GraphQL base type
type Account {
id: Int!
email: String!
createdAt: DateTime!
updatedAt: DateTime!
}
And exposes bulk CRUD operations on the Query and Mutation types, complete with relay style keyset pagination, filters, and ordering and (optional) name inflection.
type Query {
accountCollection(
first: Int
last: Int
before: Cursor
after: Cursor
filter: AccountFilter
orderBy: [AccountOrderBy!]
): AccountConnection
}
type Mutation {
insertIntoAccountCollection(
objects: [AccountInsertInput!]!
): AccountInsertResponse
updateAccountCollection(
set: AccountUpdateInput!
filter: AccountFilter
atMost: Int! = 1
): AccountUpdateResponse!
deleteFromAccountCollection(
filter: AccountFilter
atMost: Int! = 1
): AccountDeleteResponse!
For a complete example with relationships, check out the API docs.
An advantage to embedding GraphQL directly in the database is that we can lean on PostgreSQL's built-in primitives for authentication and authorization.
The GraphQL types exposed by pg_graphql are filtered according to the SQL role's INSERT/UPDATE/DELETE permissions. At Supabase, each API request is resolved in the database using the role in the request's JWT.
Anonymous users receive the anon role, and logged in users get the authenticated role. In either case, pg_graphql resolves requests according to the SQL permissions.
The introspection schema is similarly filtered to limit exposed types and fields to those that the user has permission to access.
That means we can serve multiple GraphQL schemas for users of differing privilege levels from a single endpoint!
Another nice side effect of making PostgreSQL do the heavy lifting is that GraphQL queries respect your existing row level security policies right out-of-the-box. No additional configuration required.
To squeeze the most out of limited hardware we had to make a few significant optimizations:
GraphQL queries are always transpiled into exactly one SQL query
The SQL queries select and aggregate requested data into the shape of the GraphQL JSON response. In addition to solving the N+1 query problem, a common issue with GraphQL resolvers, GraphQL queries requiring multiple joins typically produce significantly less IO due to reduced data duplication.
For example, when selecting all comments for a blog post:
select
blog_posts.title,
comments.body as comment_body
from
blog_posts
join comments on blog_posts.id = comments.blog_post_id;
a SQL response would duplicate all data from the blog_posts table (title).
| title | comment_body |
| ---------- | ------------------------------ |
| F1sRt P0$T | this guy gets it! |
| F1sRt P0$T | you should re-write it in rust |
| F1sRt P0$T | 10% off daily vitamin http:... |
Compared to the equivalent GraphQL response.
{
"blogPostCollection": {
"edges": {
"node":
"title": "F1sRt P0$T"
"commentCollection": {
"edges": [
"node": {
"body": "this guy gets it!"
},
"node": {
"body": "you should re-write it in rust"
},
"node": {
"body": "10% off daily vitamin http:..."
}
]
}
}
}
}
}
Which has no duplication of data.
The difference in payload size is negligible in this case, but as the number of 1-to-many joins grows, data duplication in the SQL response grows geometrically.
Queries are cached as prepared statements
After a GraphQL query is transpiled to SQL, it is added to the prepared statement cache so subsequent requests with the same structure (think pagination) can skip the transpilation step.
Using prepared statements also allows PostgreSQL to skip the overhead of computing a query plan. For small, on-index, queries, the query planning step can take several times as long as the query's execution time, so the saving is significant at scale.
All operations are bulk
Finally, all reflected query and mutation fields support bulk operations to nudge users towards consuming the API efficiently. Batching similar operations reduces network round-trips and time spent in the database.
Result
As a result of these optimizations, the throughput of a โhello worldโ equivalent query on Supabase Free Plan hardware is:
To enable GraphQL in your Supabase instance, enable pg_graphql from the dashboard.
Or create the extension in your database
create extension pg_graphql;
And we're done!
The GraphQL endpoint is available at: https://<project_ref>.supabase.co/graphql/v1
We're excited to have worked with The Guild to show you how to use pg_graphql
and their tools to build a HackerNews clone.
The demo application showcases:
pg_graphql.pg_graphql generates standardized pagination types and fields as defined by the GraphQL Cursor Connections Specification.Now instead of using the Supabase PostgREST API to query your database ...
// using Supabase PostgREST
const { data, error } = await supabase
.from('profile')
.select('id, username, bio, avatarUrl, website')
... all data fetching and updates are done using the same GraphQL operations you know and love! ๐คฏ
// using GraphQL
query ProfilesQuery {
profileCollection {
edges {
node {
id
username
bio
avatarUrl
website
}
}
}
}
๐ย Get the code on GitHub here: github.com/supabase-community/supabase-graphql-example
This is just the start of what we hope to be a close collaboration with the Guild, whose expertise of the GraphQL ecosystem will guide the development of Supabase's GraphQL features. The Guild and Supabase share a similar approach to open source - we both favor collaboration and composability, making collaboration easy and productive.
Be sure to visit The Guild and follow them to stay informed of the latest developments in GraphQL.
Our first general availability release of pg_graphql supports:
In the near term, we plan to fully support array and json/b types. Longer term, we intend to support views and custom mutations from user defined functions.
Didn't see the feature you're interested in? Let us know