That graphql.sql file is pretty amazing and is a great example of the power and flexibility of Postgres. It seems to dynamically generate the graph "database" -- a concept I would have recoiled in fear at the thought of implementing in SQL (well, Postgres SQL and it's niceties). Great work.
This looks great, and I love the idea of GraphQL and declaratively defining the data you need.
I understand this is alpha / proof-of-concept, and this is in no way meant as criticism, also not specific to this implementation, but just trying to figure out something:
What's the security model for GraphQL (at least as intended for javascript clients speaking to a backend)? Can we just pass the GraphQL from the client to the server and execute it? (In this case, directly on the PG database). What kind of security can be built around this?
I've been playing with getting a Postgres/GraphQL system working recently too. I decided that the definitions of the "edges" in the schema itself should declare what the user/viewer is capable of fetching via the GraphQL.
I started a very naive implementation of A-Relay-Like-Architecture (Arla) and built todomvc with it[1].... schema.js[2] declares the schema/nodes as well as the 'calls/edges' available for each node, which allows you to limit the visible rows/columns based on the $viewer id.
It's all a bit of an experiment... but I'm liking the GraphQL pattern so far.
>GraphpostgresQL is alpha quality and has undergone neither extensive optimization nor comprehensive testing. To use it for production workloads would needlessly tempt fate.
Hm. This looks nice especially now TitanDB is abandoned.
But the lack of updates for json/jsonb data remains a problem. It's really the only significant problem left for using Postgres for almost-everything, but it's a real issue.
If you find any issues -- or have some ideas for improvements -- let me know and I'll see what I can do.
I think a v2 release should really be in PLV8. PL/SQL is already there and is probably pretty performant; but it doesn't feel like the best option either from the standpoint of maintainability or community contributions.
Sure, I have a number of projects I'll probably mess around with. Will probably let you know via github if anything goes sour. Or if it's amazing as well!