I’ve been a fan of Prisma for a while now - hacked on a project with graphcool. Congrats on the launch!
As it’s unbundled it doesn’t have (on purpose I think) a few things for a proper production deployment.
I’m working on a GraphQL front end server (Bunjil) designed to be the public bastion server in front of a Prisma/Prisma Cloud backend (though it works with any and multiple graphQL servers).
It’s probably too early to share this as I’m still writing the documentation, but here it is anyway.
The main additions are an authentication hook, and Policy Based Access Control similar to AWS IAM. I’ve found this style of authorisation amazingly powerful with GraphQL.
This gives you the ability to give a role access to say all types, or everything on the user type except ‘password’. Or block access to certain mutations.
I’m looking at how to hide specific mutations from the final scheme (to block ‘allUsers’ for example).
Yeah had a good play with and dive around the internals of graphql-yoga. Bunjil is intended to be pretty opinionated, and I needed to do some things a bit differently. Namely, a specific focus and opinion on security.
You could easily have Bunjil consume many upstream graphql-yoga in micro services for example.
Wow, that looks very cool! I've been following Graphcool since (before?) its release and my biggest criticism back then was "you are giving up control of your data if you are not controlling the database". This now completely flips that on its head and puts control over the database first.
Sadly I'll probably won't be working with a system involving GraphQL for some time, but when I will again, I'll definitely check out Prisma!
If someone were to use Prisma Cloud (or self-hosted) would they need to put another server in front of Prisma if they wanted to execute arbitrary code? For instance if I want a certain graphql mutation to first make a call to a 3rd-party api and then perform prisma data mutation based on that 3rd-party response would I need to orchestrate this on a server that sits in front of Prisma or does Prisma have the ability to run arbitrary node code?
By the way, graphcool and prisma are amazing ideas with really great UX execution and open-sourcing Prisma is also very cool so thanks!
EDIT: I think I know the answer now but just a suggestion- you might want to add a bit more contextual information as to how Prisma fits into a conventional stack. I know you guys are probably crazy busy so I imagine more copy/documentation is to come!
Prisma is an evolution of Graphcool Framework. Graphcool Framework is a complete backend as a service that enable you to create a database, configure permissions and write business logic that is deployed to serverless functions.
In contrast, Prisma focuses exclusively on the database aspect and brings many advancements compared to Graphcool.
We have created some nifty open source libraries to bring a lot of the same out-of-the-box experience provided by Graphcool Framework to more traditional GraphQL backend development with Prisma, including GraphQL Bindings that provide smart schema stitching and auto-complete in your editor as seen in the video on https://www.prismagraphql.com/
Prisma incorporates 2 years of learnings from operating Graphcool at scale and writing big applications with GraphQL. I'm super excited to be part of the community that is shaping around GraphQL and happy to answer any questions about GraphQL in general (especially from the backend perspective) or Prisma specifically.
Disclaimer I'm not from Graphcool or Prisma, but avid user of both
Prisma is the unbundled version of Graphcool.
Graphcool's main selling point was that everything was hosted: "The Parse for GraphQL".
Prisma's main selling point is that you can host your own database wherever you want and Prisma generates the Schema and TypeDefs for you based on CRUD operations. Compared to Graphcool, you get one instead of two endpoints (Relay and Simple API endpoints are the same in Prisma).
Now you can connect your client directly to the Prisma endpoint or you build a GraphQL Server (with graphql-yoga or apollo-server) between your client and database.
All resolvers (auth, file hosting, etc) are written on this GraphQL Server level.
Prisma is a lot more flexible and now also bigger enterprises with legacy databases can use them more easily.
Hope that answers your question. Again, I don't work there but really like their product.
As it’s unbundled it doesn’t have (on purpose I think) a few things for a proper production deployment.
I’m working on a GraphQL front end server (Bunjil) designed to be the public bastion server in front of a Prisma/Prisma Cloud backend (though it works with any and multiple graphQL servers).
It’s probably too early to share this as I’m still writing the documentation, but here it is anyway.
The main additions are an authentication hook, and Policy Based Access Control similar to AWS IAM. I’ve found this style of authorisation amazingly powerful with GraphQL.
This gives you the ability to give a role access to say all types, or everything on the user type except ‘password’. Or block access to certain mutations.
I’m looking at how to hide specific mutations from the final scheme (to block ‘allUsers’ for example).
https://bunjil.js.org
As most of the docs are still being written, the main two pages with more info are the api specs. The front page has a simple usage example.
https://bunjil.js.org/api/bunjil
https://bunjil.js.org/api/policy