Add hasura client and remove sequelize

[rubenabix]

Example

npm
graphql-request

const hasuraClient = new GraphQLClient(hasuraConfig.url, {
      headers: {
        Authorization: authorization
      }
    })

[adriexnet]

Hi @rubenabix, You want to use https://www.npmjs.com/package/graphql-request to take advantage of the powerful queries and mutations that hasura generate out the box to handle custom business logic?

[adriexnet]

@xavier506 @rubenabix I have a few concerns about to use graphql-request, let me explain it

It will work fine if the project allow us to keep all mutations and queries open to the logged user, but there are some cases where we can't have the query or mutation open, for example if the app have a shopping cart we cant allow to the user create a record in the purchase table or update the status of the order table so we can use hasura permissions to avoid access to create or edit mutation but it means that we can't use restricted mutations or queries even using the graphql-request with the Authorization header because those mutations or queries are not exposed to the world, so we still needs a way create a record in the purchase table when the payment gateway confirm the payment and also a way to edit the order status to "delivered" when the ERP integration execute an action to updated it or when some other actions happens, to can do it we still needs an ORM to can access the database without use queries or mutations from hasura, other case could be a BOT that will updated the transactions without user interaction so it will means use the hasura permissions to avoid the user can change the data directly skipping the business rules but again in that case we can't use graphql-request because hasura don't expose any mutation to update the table

Also I feel that graphql-request project its a little abandoned there are about 42 open issues and 40 open PR and the last commit in master branch its from Sep 21, 2018, besides the package its part of prisma-labs/graphcool other graphql engine

[rubenabix]

@adriexnet Maybe we can use only backend flag
https://hasura.io/docs/1.0/graphql/manual/auth/authorization/permission-rules.html#backend-only

graphql-request function is very basic: a POST, so we can use other client perhaps

[adriexnet]

@rubenabix but "Setting backend-only is currently available for insert mutations only." so we still have the problem with update actions

[rubenabix]

@kecoco16 What do you think?

[kecoco16]

@adriexnet @rubenabix @xavier506 to use any mutation or query without restrictions we can connect to the Hasura client using the admin secret key, so when we want to use a query or mutation with Hasura access control we can connect by passing the authorization header and when we don't want access control we can connect using the admin secret key

e.g.

Whit access control: we can only use the mutations or querys exposed to the specific user role

const hasuraClient = new GraphQLClient(hasuraConfig.url, {
   headers: {
      Authorization: authorization
   }
})

Whitout access control: we can use any query or mutation we want

const hasuraClient: new GraphQLClient(hasuraConfig.url, {
   headers: {
      'x-hasura-admin-secret': hasuraConfig.adminSecret
   }
})

And as Ruben says graphql-request is just a http client so we can use fetch if we want but whit graphql-request is a little more prettier.

This is the reason why we don't need an ORM we can do whatever we want through Hasura without writing extra code and without maintaining external libraries like sequelize.

[adriexnet]

@kecoco16 Thanks for the explanation, if that works for the case that I exposed before and you and @rubenabix agree that graphql-request it's the best approach it will be, I trust you 👍