Topics:

GraphQL Server using via @BlaineBublitz

GraphQL Server implemented with Warp, Diesel and async-graphql

Repo: https://github.com/phated/twentyfive-stars

  • This project uses warp as a web framework, but Blaine thinks [tide](tide = "0.8.0") is pretty cool. Tide is designed more for usability than performance and uses async-std as its async runtime.

  • Blaine was originally using juniper as a GraphQL server library, but several factors made developing with it painful: slow movement on async, lack of Relay support, etc. It caused him to put the project on hold.

  • Recently switched to using async-graphql and it has been a significant improvement. Async-graphql is a two-month old project and already has built-in Relay support, support for GraphQL subscriptions, uses procedural macros to provide GraphQL schema by default, has solid examples, and the maintainer responds very quickly to issues.

  • We can annotate GraphQL interfaces with an interface macro. For instance, you can add an id field to multiple structs with one macro. With field annotation, it exports everything that isn't hidden which is nice.

  • With async-graphql, there's ongoing discussion about whether the GraphQL Interfaces should be typechecked (they currently are). The alternative would be a panic on server startup. However, it takes a long time to start the server so you don't want to wait only to find out that you made a mistake.

  • Rust Traits map pretty well to GraphQL Interfaces, there was an issue about supporting interface implementation based on trait (the async-graphql maintainer responded to it during the presentation).

Attempting to Implement OAuth2 Dance with Rocket via @DanielPBank

Trying to implement the OAuth2 dance using the Rocket Web Framework and the oauth2 library.

Repo: https://github.com/danielbank/rust-oauth-rocket

  • Step 1: We start with the Google OAuth2 example code from the oauth2 library. The example creates an authorization URL that we can navigate to for requesting access the user's calendar and basic profile information using scopes. Afterwards, we are redirected back to our local server code which then uses a baked-in reqwest http_client to communicate with Google's Authorization Server for exchanging a received AuthCode for an access token.

  • Step 2: Basic Hello World Rocket example

  • Step 3: Expanding on the Rocket example to include static assets. We need to bring in rocket_contrib to do this.

  • Step 4: Now we have the static assets and the skeleton of an OAuth callback route which receives code and state as query string parameters and prints them out.

  • Step 5: Now we implement the same OAuth2 Google example. In our main function we create the Oauth2 client and share it to two routes using State. The first route (/oauth/authorize) creates the authorization url and redirects to it. The second route (/oauth/callback) handles the redirect back from Google and exchanging the authcode for a token. THIS IS STILL NOT SECURE: we need to compare the csrf_state.secret() that we get when creating the authorization url in /oauth/authorize with the state.secret() that we get back from Google in our /oauth/callback. To maintain this information across requests, we need to store it in some sort of a session. I was working on implementing this but ran out of time before the meetup.

Crates You Should Know

  • async-graphql: A GraphQL server library implemented in Rust
  • smol: A small and fast async runtime
  • oauth2: An extensible, strongly-typed implementation of OAuth2
  • rocket: Web framework for nightly with a focus on ease-of-use, expressibility, and speed.
  • rocket_contrib: Community contributed libraries for the Rocket web framework.