Skip to content
Ebn Sina
← Notes

GraphQL

Schema design, resolvers, subscriptions

  1. 00 GraphQL Building — Roadmap Ten chapters that go from 'a query is just a string' to a self-hosted GraphQL server with batched resolvers, auth, subscriptions, and depth limits behind nginx.
  2. 01 What GraphQL is and when to use it GraphQL is not a database, not a transport, and not a replacement for HTTP. It is a query language and a typed contract — and that distinction shapes every decision you make from here on.
  3. 02 Schema-first design The schema is your contract with every client that ever exists. The decisions you make in the first afternoon — types, nullability, IDs — are the ones you live with for years.
  4. 03 Running your first server graphql-yoga, end-to-end, in sixty lines. By the end of this chapter you will have a real GraphQL server on your laptop, queried with curl, talking to Postgres.
  5. 04 Resolvers and the execution tree A resolver is a function that returns a value. Stack them in a tree, and that tree is your API. Once you see the walk, every weird GraphQL bug becomes obvious.
  6. 05 The N+1 problem Your GraphQL server runs eleven SQL queries when it should run two. Every backend team learns this the hard way. This chapter is the diagnosis — chapter 6 is the cure.
  7. 06 DataLoader DataLoader is a tiny library that fixes the N+1 problem by batching loads inside an event loop tick, and caching by key for the duration of one request. Once you wire it in, your resolvers stay clean and the SQL graph collapses.
  8. 07 Mutations, input types, validation Writes are not just queries with side effects. They need input types, validation, transactions, idempotency, and a return shape that lets clients update their cache without a second fetch.
  9. 08 Authentication and authorization Auth in GraphQL is the same as in REST — JWTs or sessions on HTTP, identity on context — except every field is its own little endpoint that needs an authorization check. Get the layering right or it will haunt you.
  10. 09 Subscriptions over WebSockets Subscriptions are realtime queries — clients open a long-lived connection and the server pushes events as they happen. Different transport, different lifecycle, different failure modes than queries and mutations.
  11. 10 Production hardening and self-host Depth limits, complexity limits, persisted queries, error sanitisation, federation, and the full self-hosted nginx deploy. Everything between 'works on my laptop' and 'survives a hostile internet.'