{"id":18715139,"url":"https://github.com/cerbos/demo-graphql","last_synced_at":"2025-10-06T10:18:00.387Z","repository":{"id":38302389,"uuid":"352330779","full_name":"cerbos/demo-graphql","owner":"cerbos","description":"A Typescript GraphQL demo of integrating Cerbos with GQL","archived":false,"fork":false,"pushed_at":"2024-06-20T08:31:28.000Z","size":999,"stargazers_count":13,"open_issues_count":1,"forks_count":5,"subscribers_count":16,"default_branch":"main","last_synced_at":"2024-06-21T21:07:43.357Z","etag":null,"topics":["access-control","graphql","nodejs","policy","security","typescript"],"latest_commit_sha":null,"homepage":"https://cerbos.dev","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cerbos.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-03-28T13:02:20.000Z","updated_at":"2024-06-20T08:31:24.000Z","dependencies_parsed_at":"2023-12-27T14:46:07.083Z","dependency_job_id":"939088fb-14fe-48a4-9553-27976188cbd3","html_url":"https://github.com/cerbos/demo-graphql","commit_stats":null,"previous_names":[],"tags_count":12,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cerbos%2Fdemo-graphql","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cerbos%2Fdemo-graphql/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cerbos%2Fdemo-graphql/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cerbos%2Fdemo-graphql/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cerbos","download_url":"https://codeload.github.com/cerbos/demo-graphql/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":223518540,"owners_count":17158689,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["access-control","graphql","nodejs","policy","security","typescript"],"created_at":"2024-11-07T13:07:42.436Z","updated_at":"2025-10-06T10:17:55.342Z","avatar_url":"https://github.com/cerbos.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Demo GraphQL\n\nThis project showcases using Cerbos inside of a GraphQL server.\n\nTo enable batching of requests, the authorization calls are performed via a [dataloader](https://github.com/graphql/dataloader) instance which is configured per request in the [GraphQL server context](/src/context.ts) and automatically adds in the principal information from the request.\n\n## Setup\n\n- Have Node v22+ on your machine (recommend using NVM)\n- Run `npm install` to get the node dependencies.\n\n## Running\n\nTo boot the GraphQL server and Cerbos instance run `npm run start`\n\nOnce running, you can access GraphQL Playground [http://localhost:4000/](http://localhost:4000/). You must set a token (as per below) as a request header for the schema introspection to work.\n\n## Policies\n\n- IT can do everything\n- Users can create invoices\n- Users can view their invoices\n- Users can update their own un-approved invoices\n- Users can delete their own un-approved invoices\n- Managers view all invoices in their region\n- Managers update un-approved invoices in their region\n- Managers delete un-approved invoices in their region\n- Finance can view all invoices\n- Finance can approve all invoices\n\n## Sample Queries\n\nTo run these you need to set an HTTP header called `token` which identifies the user (and thus their permissions)\n\n![Setting token](auth.png)\n\nSome exampe tokens:\n\n- `key:sajit:it` is an IT Admin\n- `key:joe:finance` is an EMEA Finance person\n- `key:sally:sales` is an EMEA Salesperson\n- `key:zeena:sales` is an North America sales person\n- `key:john:manager-emea` is an EMEA Manager in sales\n- `key:brock:manager-na` is a North America Manager in sales\n\n### Get an Expense\n\n```\n{\n  expense(id: \"expense2\") {\n    id\n    amount\n    status\n    vendor {\n      name\n    }\n    createdBy {\n      name\n    }\n    approvedBy {\n      name\n    }\n  }\n}\n```\n\n### Approve an Expense\n\n```\nmutation {\n  approveExpense(id: \"expense1\")\n}\n```\n\n## Demo Video - Watch this demo with commentary\n\n\u003ca href=\"https://www.loom.com/share/cb213efcc1674229b0084a7198b232e5\"\u003e\n    \u003cp\u003eCerbos GraphQL Demo - Watch Video\u003c/p\u003e\n    \u003cimg style=\"max-width:300px;\" src=\"https://cdn.loom.com/sessions/thumbnails/cb213efcc1674229b0084a7198b232e5-with-play.gif\"\u003e\n\u003c/a\u003e\n\n## Playground\n\nLaunch the policy from this demo in our playground. Play with it to see how Cerbos behaves.\n\n\u003cP\u003e\u003ca href=\"https://play.cerbos.dev/p/XhkOi82fFKk3YW60e2c806Yvm0trKEje\"\u003e\u003cimg src=\"https://github.com/cerbos/express-jwt-cerbos/blob/main/docs/launch.jpg\"\u003e\u003c/a\u003e\u003c/p\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcerbos%2Fdemo-graphql","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcerbos%2Fdemo-graphql","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcerbos%2Fdemo-graphql/lists"}