heroku - 如何保护部署到heroku的prisma端点
问题描述
我将 prisma PostgreSQL 和瑜伽服务器部署到 heroku,
但是 graphql 端点是公共的,任何人都可以从中变异。
有没有像 hasura 那样直接的方法: https ://docs.hasura.io/1.0/graphql/manual/deployment/securing-graphql-endpoint.html
PS:我没有使用docker来部署它,我通过prisma向导部署了所有东西:prisma console
解决方案
You need a Prisma "secret" to protect your endpoint so that only you and your applications can access/mutate the data. Prisma calls this a managementApiSecret
(see here).
I'm not very familiar with the Prisma console, but if you deploy your Prisma server to Heroku with something like a prisma.yml
file then you can specify a secret:
line like this: secret: ${env: PRISMA_SECRET}
. You can then set a Config Var in the settings for your Prisma server on Heroku where the key is PRISMA_SECRET
and the value is a random string. I believe you want to do the same thing when using the prisma deploy
command. So you're prisma.yml
should look something like this:
endpoint: ${env:PRISMA_ENDPOINT_PROD}
datamodel: datamodel.graphql
secret: ${env:PRISMA_SECRET}
hooks:
post-deploy:
- graphql get-schema -p prisma
Then you'll need to specify that same secret in your Yoga server so that it can access the Prisma server. It's hard to help you with this without seeing your code for the Yoga server, but mine uses the prisma-binding
package like this:
const { Prisma } = require('prisma-binding');
const db = new Prisma({
typeDefs: 'src/generated/prisma.graphql',
endpoint: process.env.PRISMA_ENDPOINT_PROD,
secret: process.env.PRISMA_SECRET,
debug: false, // Turn on to console.log queries and mutations
});
module.exports = db;
You can see that the Yoga server connects to the Prisma database with the secret specified. The Yoga server is deployed on Heroku and I've specified the PRISMA_SECRET
environment variable in the Heroku settings for the Yoga server.
This setup though will prevent you from going to your Prisma endpoint in your browser and manually querying and mutating the data in your database through the GraphQL playground. There may be a way around this but I'm not sure how. Also note that this won't give you the nice login interface that Hasura appears to give you.
If you want more code to follow you can view this GitHub repo by Wes Bos, which is what he uses for his course called "Fullstack Advanced React & GraphQL".
推荐阅读
- docker - 运行撰写 yml 文件 docker-compose.yml 的 Docker 堆栈部署命令错误
- java - 使短信中的某些文本能够在 android 上弹出复制选项
- javascript - 溢出正在父 div 后面发送下拉列表,z-index 不起作用
- python - 如何将此函数转换为 python 中的列表理解?
- r - 使用 ggraph 绘制双连词共现时出现问题,某些行不显示
- json - Angular4中的嵌套JSON循环
- postgresql - PostgreSQL 安装在 5432 端口
- swift - SwiftSoup 将正文中的文本包装到 div
- excel - Excel 中的 ActiveX 文本框在失去焦点时闪烁旧值
- ignite - Apache Ignite CacheConfiguration 对每个数据集重复吗?