🚀 GraphQL Blog API (Node.js + Apollo + Express)

A production-style GraphQL API built using Node.js, Apollo Server, and Express.
This project demonstrates real-world GraphQL concepts including authentication, authorization, pagination, filtering, DataLoader optimization, and performance best practices.

---

📌 Features

✅ GraphQL Schema Design
✅ Interfaces & Unions
✅ Custom Scalars
✅ Filtering & Sorting
✅ Offset Pagination
✅ Cursor Pagination
✅ JWT Authentication
✅ Role-Based Authorization
✅ DataLoader (N+1 Problem Fix)
✅ Query Depth Limiting
✅ Modular Folder Structure
✅ Clean Service-Based Architecture

---

🛠️ Tech Stack

• Node.js
• Express.js
• Apollo Server
• GraphQL
• JSON Server (Mock Database)
• JWT (Authentication)
• bcryptjs (Password Hashing)
• DataLoader
• graphql-depth-limit

---

📁 Project Structure

src/
│
├── schema/
│   ├── typedefs/
│   │   ├── user.schema.js
│   │   ├── article.schema.js
│   │   ├── blog.schema.js
│   │
│   ├── resolvers/
│   │   ├── user.resolver.js
│   │   ├── article.resolver.js
│   │   ├── blog.resolver.js
│
├── loaders/
│   ├── user.loader.js
│   ├── blog.loader.js
│
├── services/
│   ├── user.service.js
│   ├── article.service.js
│
├── middleware/
│   ├── auth.middleware.js
│
├── utils/
│   ├── auth.js
│
├── config/
│   ├── db.js
│
├── server.js

---

⚙️ Installation

Clone the repository:

git clone https://github.com/your-username/graphql-blog-api.git

Move into project:

cd graphql-blog-api

Install dependencies:

npm install

---

▶️ Running the Server

Start JSON server (mock database):

npm run json-server

Start GraphQL server:

npm run dev

GraphQL Endpoint:

http://localhost:4000/graphql

---

🔐 Authentication Flow

Authentication is handled using JWT tokens.

Login Mutation

mutation {
  login(
    input: {
      email: "ali.khan@example.com"
      password: "password123"
    }
  )
}

Response:

{
  "token": "JWT_TOKEN_HERE"
}

Use token in headers:

{
  "Authorization": "Bearer YOUR_TOKEN"
}

---

👮 Authorization (Role-Based Access)

Supported roles:

• ADMIN
• USER

Example:

mutation {
  deleteArticle(id: "1")
}

Allowed only for:

ADMIN role

---

📦 DataLoader Optimization

This project uses DataLoader to fix:

N+1 Query Problem

Benefits:

• Batch requests
• Cache results
• Improve performance

Example:

context.loaders.userLoader.load(userId);

---

📄 Pagination Support

Supports:

Offset Pagination

query {
  articles(page: 1, limit: 5) {
    id
    title
  }
}

Cursor Pagination

query {
  articles(first: 5, after: "cursor-id") {
    edges {
      node {
        id
        title
      }
    }
  }
}

---

🔍 Filtering Example

query {
  articles(filter: {
    published: true
    rating_gte: 4
  }) {
    id
    title
  }
}

---

🧠 Custom Scalars

Used:

• DateTime
• JSON

Example:

createdAt: DateTime!

---

⚡ Performance Optimization

Implemented:

✅ DataLoader
✅ Depth Limiting

validationRules: [
  depthLimit(5)
]

Prevents:

Deep nested query attacks

---

🧪 Example Query

query {
  articles {
    id
    title
    user {
      id
      name
    }
    comments {
      id
      text
    }
  }
}

---

📌 Environment Variables

Create .env file:

PORT=4000
JWT_SECRET=my_secret_key

---

🚀 Production Best Practices Used

• Modular architecture
• Service-based logic
• Middleware authentication
• Context-based loaders
• Error-safe resolvers
• Token verification
• Role-based access control

---

📈 Learning Outcomes

This project covers:

• GraphQL Core Concepts
• API Performance Optimization
• Authentication Systems
• Authorization Systems
• Scalable Backend Architecture
• Production-Level API Design

---

🧑‍💻 Author

StackWise Dev GraphQL Backend Simple Learning Path.

---

📜 License

This project is open-source and available for learning purposes.