Issue #13 – Federated GraphQL
Scaling monolith applications can become a headache for teams. As the codebase grows, it becomes almost tedious to onboard new developers, at times small changes can break parts of the application. The question then is how do we design enterprise applications with all these future problems in mind? Well, when making architectural decisions, we need to account for the fact that our codebase could grow, maybe our API surface grows, new application features could be introduced, often we default to microservices as our solution.
Apollo Federation is an architecture for declaratively composing APIs into a unified graph. Each team can own their slice of the graph independently, empowering them to deliver autonomously and incrementally.
Federation is way of combining your GraphQL APIs into a single supergraph, it is Apollo‘s answer for developing GraphQL servers in a microservices architecture. Having a single graph is a way of staying true to Principled GraphQL, stating that to get the best out of GraphQL we need to access data and services from a single query. There is not that much difference in implementation between a normal single graph API and a federated subgraphed API, in federated the client interacts with the router, and the router is smart enough to know which requests need which subgraph.
In a federated architecture, your individual GraphQL APIs are called subgraphs, and they’re composed into a supergraph. By querying your supergraph, clients can query all of your subgraphs at the same time
Well, as your application grows, in the codebase, users, and features, you might need to scale the team also, now as the team grows, that does not necessarily mean that development time decreases, however, we need to ensure that development time decrease or stays the same. Federation, encourages a design principle called separation of concerns, meaning we could break down our team into sub-teams, working on specific products and features in this single unified graph, each team owns their subgraph, and as new members join, there is less scope to cover when onboarding developers.
NextAuth is an authentication solution for NextJS applications. Instead of taking a lot of development time trying to perfect authentication, you could just rely on NextAuth to lift the weight for you. The code that is on the front page is almost all you need to get your authentication up and running. Out of the box, it supports a wide pool of authentication providers, providers are services that can be used to sign in the user. With NextAuth there are four ways to sign in your users, a built-in OAuth Provider, a custom OAuth Provider, email, and credentials. It is not opinionated about what database you should use, can also be configured without a database. Another concept that comes with NextAuth is adapters, these are what connect your application to the database that you are using, and because you can set up your application without a database, adapters are optional.
That is it, no more authentication headaches!
A critical authentication bypass flaw in an NPM package could allow a malicious actor to take over a victim’s email account.
Do not worry that has been patched at the time of writing this. This flaw was related for applications that were using EmailProvider in versions before either v4.10.3 or v3.29.10
You can go through setting up authentication for your application with these guides:
Security breaches are happening by the day and having monitoring tools that can provide insight into how or what cause a breach is important.
AWS CloudTrail helps us monitor user activity across our infrastructure, not only is the monitoring at application level, but events in the AWS console are also monitored and logged, on the paid version you get access to AWS Cloudtrail Insights. Insights are events that Cloudtrail detects unusual activity.AWS Cloudtrail is enabled by default and is always on.
Checkout a list of features and pricing in the service
Gum
A tool for writing glamorous shell scripts.
Pocketbase
PocketBase is an open source backend consisting of embedded database (SQLite) with realtime subscriptions, built-in users management, convenient dashboard UI and simple REST-ish API.
Bun
Bun is a new JavaScript runtime with a native bundler, transpiler, task runner and npm client built-in.
