Slash GraphQL middleware requirement

I’m thinking about using Slash Graphql as a base for a new project. But I’m a bit struggling with the application architecture.

I want to use Next.JS for the frontend and Strapi for the static content, and Slash Graphql or Graphql on a Kubernetes cluster for the active part.

For the backend, I’m in doubt between .NET Core with Hot Chocolate or Node.JS. The last one would make the most sense as Next.JS supports functions, Netlify functions run on Node.JS, so everything would be streamlined using the same language (I would only need one extra developer instead of two).

I’m unsure about the identity provider. I would love one that supports passwordless authentication using the Android/IOS fingerprint reader to prevent account sharing but didn’t found one yet.

Lots of tutorials talk about talking to Dgraph directly from the frontend, but:

  1. I have some additional server-side requirements like creating objects from ZIP-files and XML, in-depth mathematical calculations, and AI functionality.

  2. I want to restrict the queries an authenticated user can execute, so I was thinking about adding persisted queries.

  3. I need to comply with the GDPR. So all queries should be logged to, for example, Seq.

Does this mean I need to decorate each database query with a NodeJS Apolo server layer on top?

So I presume this is the best architecture?

Client-side React code → Apolo Server on Netlify functions (AWS lambda) with persistent queries + logging to Seq → Dgraph

This added middleware proxy will introduce some complexity, especially when using the subscriptions, and code redundancy, but I think it’s currently the only way to restrict queries and add external logging to DGraph?

Upcoming lambda directive in 20.11 will handle most all of this.

It looks like the lambda functions will be supported only for transforming the output properties. Not for converting the input before storing or executing something general at a call (for adding persisted queries to limit the filters or logging to external services)?

What did you end up doing Laurens?

I suggest you add Firebase Authentication, ML Kit, and Firebase Storage for all of this.

There is nothing in the GDPR (as far as I know) that says you have to keep a log of queries. If you really want to protect the privacy, I suggest a combination of DGraph and Solid Pods before the user allows Dgraph to access anything.

Firebase Auth supports passwordless authentication VIA an email link. However, facial recognition and fingerprint auth are Hardware related. They will never be stored in software and should only be accessible via the hardware service. Web Auth API technically can do this even in a PWA, but every device is different. I would write a custom Flutter app with Firebase Auth for native support.

Not true with lambda mutations. You could throw an error to prevent the write. 21.03 also has post-hooks. This is about the 3rd use case for pre-hooks I have seen recently. Something similar will hopefully be added soon, but keep in mind you can just use a custom resolver to do whatever you want.

My suggested Stack for you: Slash GraphQL, Next.JS (Flutter for Native App Support), Netlify, Solid, Firebase Auth, ML Kit. If you need advanced Server Features, Google Cloud Build with Cloud Functions.