Matthew Krick

Unpopular opinion: GraphQL has no business knowing what HTTP is. Doesn't matter if it travels via http, sse, websocket, webrtc, or carrier pigeon. It's the WHAT not the HOW.

@jasonbahl @chrisgrabinski @moon_meister @nextjs I believe layouts must be deterministic at build time, not SSR time. I assume that’s how they’ve managed to relax the global asset constraint & you can do things like import external css files in it. Still wrapping my head around v13 though. seems… complex

@chrisgrabinski @moon_meister @nextjs But then I want Next to then be able to do the cool stuff it does with Layouts like fetching the navigation/sidebar/content all in separate, queries...And for all pages that share the main layout, the nav doesn't need to be re-fetched, etc.

With the new @nextjs Layouts, is it possible to fetch something from an API, then depending on the response, decide which Layout to load? Or is it only possible to determine the layout based on url/path/segments?

@Lane8music can’t sleep. Where’s that brightest lights remix from tonight??

@sseraphini - If you're open source, PRing the codebase should be the final step before hiring 😉 - Onboarding checklist in @NotionHQ for the first 2 weeks. - Welcome video & code walkthroughs in @loom - 1:1 sync time with team members. There's still no substitute for human connection

How to onboard developers without meetings?

@simon_prickett Thank you Simon! Really appreciate your work making redis more accessible to everyone!

@mattkrick saw your Redis streams article, nice work! parabol.co/blog/scaling-g…

what do you use for code snippets in wordpress? @jasonbahl @garethaledavies

i have thought about this hacker news comment nearly every day since november ninth twenty seventeen

@jmhodges 💯GraphQL was meant to replace REST, not SQL. The current trend of generating graphql queries from a sql schema doesn’t scale.

GraphQL makes your public API equal to a generic database and -- worse -- a generic graph database. The amount of maintenance work is sky high. Locking the query capabilities down means you're just doing normal APIs but not locking it down means infinite performance work

GraphQL is a trap

@michlbrmly @n1rual @notrab @GraphQL @graphqlwtf oh that's cool! i imagine you could unjoin, merge, & cache the response across a few dataloaders, too... do you have an ORM between graphql and your database? i.e. how does it know to fetch some fields from postgres & others from redis?

@mattkrick @n1rual @notrab @GraphQL @graphqlwtf In my implementation this would translate into a single SQL query on the user table, joining order and then joining user. By default I limit nested joins to 3 levels, and after that things revert back to n+1 field resolvers. In practice it seems like a pragmatic compromise.

Who’s using DataLoader with @GraphQL? 🙋 It’s taken a few attempts to get this video done, but Monday’s @graphqlwtf episode will show how you can batch requests, and remove unnecessary calls to your database.

@notrab @n1rual @michlbrmly @GraphQL @graphqlwtf listen here you...

@mattkrick @n1rual @michlbrmly @GraphQL @graphqlwtf Fixed 🤪

@n1rual @michlbrmly @notrab @GraphQL @graphqlwtf I've always been interested in this. How do you use partials when the same node is buried behind a waterfall?

@michlbrmly @notrab @GraphQL @graphqlwtf This pattern is called "Lookaheads" 😇 engineering.zalando.com/posts/2021/03/…

shout out to all the wordpress + SPA + graphql developers

@sseraphini license your client work as MIT & host it on a $5 droplet after they pay

How to transition from a software house to a startup?

@KimMaida DHTML

I dare you to demonstrate how old you are in "developer years" in one sentence without stating any actual years

@BartoszJarocki more cat pics plz

@Steve8708 @builderio So Map is faster than Obj until I read 22x more than I write. ... not that I'm prematurely optimizing or anything 😅

So while you may not need this everywhere, some use cases that involve rapid updates and might benefit from this opt: - frameworks - gaming - animations using RAF - rendering like Figma or @builderio - spreadsheets - hardcore perf enthusiasts 😄 Any others I'm not thinking of?

Performance tip: if you need to set a lot of dynamic keys to an object, a Map can give you better perf Explanation in 🧵:

@Dopamine_Driven that sounds like a solid authentication approach! How do you handle things like, e.g. a mutation inviteToTeam(teamId) where you want to make sure the viewer has permissions to call that based on the teamId passed in as a variable?

@mattkrick Private Services using a class based dependency injection flow like Nestjs Then you can sync up the global context with the presence of an Authorization header, parse the JWT and decode completely to snag user ID, consume those in resolvers and as a way to verify auth status

GraphQL folks, how do you keep authorization out of your resolvers? GraphQL Shield? graphql-tools resolver composition? custom directives? Show me the way!

@motleydev centralized auth so hot right now, got those google zanzibar vibes 😉 research.google/pubs/pub48190/

@mattkrick This is the way. hasura.io/docs/latest/gr…

@jasonbahl Ah good distinction. I'm talking about operation-specific and type-specific authorization. e.g. Who gets to call the "inviteToTeam" mutation?

@mattkrick Similar to your opinion here, I kinda think GraphQL shouldn’t know what Authorization is. Other layers of the stack should, and GraphQL should resolve to those layers. 🤷‍♂️ A lot of these tools tie business logic to the GraphQL Schema. I think it should be a lower level.

@n1rual @shinzui Tell me more! I use graphql-jit to squeeze out every little bit of performance 😅 I've stayed away from graphql-middleware for that very reason, but what about new node versions has reduced the impact?

@mattkrick @shinzui Let us know if you have some more questions 😇 GraphQL Shield uses graphql-middleware which can have a huge impact on high traffic servers as it wraps all resolver functions instead of only affected ones. But that impact should be smaller on recent Node.js versions!

@shinzui Never heard of it, but what a fantastic blog post comparing it to shield (the-guild.dev/blog/graphql-a…). Thanks for the tip!

@mattkrick We use graphql-shield which works well. graphql-authz looks good also.