GraphQL is becoming increasingly popular as an alternative to REST APIs, offering more flexibility and efficiency in data fetching. In this guide, we'll walk through setting up GraphQL and GraphiQL in a Rails application, using practical examples from a real-world implementation.
Prerequisites
Ruby on Rails 7.2+
Ruby 3.3+
Basic understanding of Rails applications
Step 1: Adding Required Gems
First, add the necessary gems to your Gemfile:
gem 'graphql', '2.3.14' gem 'graphiql-rails', '1.10.1' Step 2: Installing GraphQL
Run the following commands to install GraphQL and generate the base files:
bundle install rails generate graphql:install This will create the basic GraphQL structure in your Rails application:
app/ └── graphql/ ├── types/ │ ├── base_object.rb │ ├── base_enum.rb │ ├── base_input_object.rb │ ├── base_interface.rb │ ├── base_scalar.rb │ ├── base_union.rb │ ├── query_type.rb │ └── mutation_type.rb ├── mutations/ │ └── base_mutation.rb └── [your_app]_schema.rb Step 3: Setting Up GraphQL Controller
Create a GraphQL controller to handle requests:
class GraphqlController < ApplicationController def execute variables = prepare_variables(params[:variables]) query = params[:query] operation_name = params[:operationName] context = { current_user: current_user # This comes from ApplicationController } result = YourAppSchema.execute(query, variables: variables, context: context, operation_name: operation_name) render json: result rescue StandardError => e raise e unless Rails.env.development? handle_error_in_development(e) end private # ... [rest of the controller code] end Authentication Setup
The current_user method is defined in your ApplicationController. Here's how to set it up:
class ApplicationController < ActionController::API def auth_header request.headers['Authorization']&.split&.last end def current_user Current.user = User.find_by_token_for(:auth_token, auth_header) @current_user ||= Current.user end end This setup allows you to:
Extract the authentication token from the request headers
Find the corresponding user
Make the user available throughout your GraphQL resolvers via context
You can then access the current user in any resolver or mutation:
module Mutations class BaseMutation < GraphQL::Schema::RelayClassicMutation def current_user context[:current_user] end def authenticate_user! raise GraphQL::ExecutionError, 'Not authenticated' unless current_user end end end Step 4: Configuring GraphiQL
Add GraphiQL configuration in config/initializers/graphiql.rb:
GraphiQL::Rails.config.header_editor_enabled = true GraphiQL::Rails.config.title = 'Your API Name' Update your config/application.rb to handle cookies for GraphiQL:
config.middleware.use ActionDispatch::Cookies config.middleware.use ActionDispatch::Session::CookieStore config.middleware.insert_after(ActionDispatch::Cookies, ActionDispatch::Session::CookieStore) Step 5: Setting Up Routes
Add GraphQL routes to config/routes.rb:
Rails.application.routes.draw do post "/graphql", to: "graphql#execute" if !Rails.env.production? mount GraphiQL::Rails::Engine, at: "/graphiql", graphql_path: "/graphql" end end Step 6: CORS Configuration
If you're building an API, configure CORS in config/initializers/cors.rb:
Rails.application.config.middleware.insert_before 0, Rack::Cors do allow do origins "*" resource "*", headers: :any, methods: [:get, :post, :put, :patch, :delete, :options, :head] end end Best Practices
1. Structured Type Definitions
Organize your types in a modular way:
module Types class BaseObject < GraphQL::Schema::Object edge_type_class(Types::BaseEdge) connection_type_class(Types::BaseConnection) field_class Types::BaseField end end 2. Implement Base Mutations
Create a base mutation class for common functionality:
module Mutations class BaseMutation < GraphQL::Schema::RelayClassicMutation argument_class Types::BaseArgument field_class Types::BaseField input_object_class Types::BaseInputObject object_class Types::BaseObject end end 3. Error Handling
Implement consistent error handling across your GraphQL API:
module Mutations class BaseMutationWithErrors < BaseMutation field :errors, [String], null: true field :success, Boolean, null: false def handle_errors(record) { success: false, errors: record.errors.full_messages } end end end Testing Your Setup
After completing the setup, you can access GraphiQL at http://localhost:3000/graphiql in development. Try this query:
query { __schema { types { name } } } 
Security Considerations
Limit GraphiQL to non-production environments
Implement proper authentication
Use query depth limiting to prevent complex nested queries
Consider implementing rate limiting
Conclusion
With this setup, you have a solid foundation for building a GraphQL API in Rails. The included GraphiQL interface provides a powerful tool for testing and documenting your API during development.
Remember to:
Keep your schema well-organized
Implement proper error handling
Follow security best practices
Write comprehensive tests for your GraphQL endpoints
This setup provides a robust starting point for building scalable GraphQL APIs with Rails.
Happy Coding!
Top comments (0)