Over the past few months I’ve been writing a GraphQL series using the Go programming language. First we saw how to get started with GraphQL and Go, followed by an alternative way to handle data relationships by using resolvers on GraphQL objects. Going a step further we saw how to include JSON web tokens (JWT) for authorization on GraphQL objects, but without a database.

The logical next step in this GraphQL with Golang journey would be to wire up Couchbase to a fully functional GraphQL powered API that includes authorization with JSON web tokens (JWT). We’re going to see how to handle account creation, JWT validation, and working with live data through GraphQL queries.

Before diving into some design and development, if you haven’t seen my previous tutorials on the subject, you probably should. I wouldn’t recommend getting into the JWT side of things until you have an understanding of using GraphQL with Golang.

Including Couchbase in a GraphQL with JWT Application

Instead of reiterating on the process of creating a GraphQL powered application, we’re going to start from where we left off in the series. The previous JWT tutorial in the series left us with the following code:

Our goal now is to swap out all that mock data with real data that exists in Couchbase. We won’t worry about creating blog data in this tutorial, but if you want to learn about mutations, check out one of the previous tutorials.

The obvious first step towards using dynamic data is to set up our database, Couchbase. Create the following global variable to be used in each of our GraphQL objects:

With the global Bucket reference created, let’s establish a connection to our Couchbase cluster and open a bucket. This can be done in our project’s main function:

The above code assumes a locally running cluster and RBAC as well as Bucket information already created and defined. If you haven’t properly configured your Couchbase instance for this application, take a moment to do so.

Since we’re working with a NoSQL database and no longer mock data, our native Go structures need to change slightly:

By adding a Type property, we can write better queries because we can differentiate our data. Changing the Go data structures does not mean we need to update our GraphQL objects. What we expect to return versus what we expect to work with can be different.

In the previous example we were generating our JSON web token with passed information. In reality, we want to generate our JWT with actual account information. To make this possible, we need to create an endpoint for account creation:

The above function will take a username and password, hash the password with bcrypt, and insert it into the database. We’ll be querying the database for this account and comparing the hash with a password as a means of authentication. To do this, we should probably update our CreateTokenEndpoint function:

Notice that instead of taking the passed username and password and creating a JWT from it, we’re doing a database query. If the information doesn’t match what was passed, we’ll return an error, otherwise we’ll continue to create a JWT based on our username.

Assuming that we have a solid way to create accounts and generate JSON web tokens from them, we can begin altering our GraphQL objects to use Couchbase rather than mock data.

Inside the main function we have a rootQuery object with a blogs query as well as an account query. We’ll be defining our blogs query first and it would look something like this:

Instead of returning a mock list of blog data we are doing a N1QL query and returning the results. The Go data structure is mapped to our GraphQL object.

Even though we’re returning blog data through our N1QL query, the pageviews property is still protected with JWT as defined in the object.

The final query we have looks something like this:

Notice that we’re retrieving the decoded token information and using it as a parameter in our N1QL query. This is how we can query for a particular account based on the token data, or the currently signed in user.

Try creating some data in the database and see what happens.

Conclusion

We brought our GraphQL series with Go to a close by configuring Couchbase in our JWT authorization example. In reality, adding Couchbase didn’t change any of our JWT example, it just gave us a source of data to be used. If you dig through the previous tutorials in this series, you’ll get a deep dive into GraphQL which includes querying, mutating, and protecting queries as well as pieces of data. All the things you’d expect in a production ready API, but with GraphQL instead of a traditional REST API approach.

Posted by Nic Raboy, Developer Advocate, Couchbase

Nic Raboy is an advocate of modern web and mobile development technologies. He has experience in Java, JavaScript, Golang and a variety of frameworks such as Angular, NativeScript, and Apache Cordova. Nic writes about his development experiences related to making web and mobile development easier to understand.

Leave a reply