Category ROR

In the previous post, we created rails API in docker with MongoDB and GraphQL initializations. Then we went to create mutations for signup and sign-in users and testing those with RSpec. Now we continue with the project further by creating mutations and queries for user lists and to-dos which we will call tasks here.

Code Repo is the same as in previous post.

List Model with Testing:

To create a list model, write in terminal:

docker-compose run rails-api rails g model List name:string

This will create model, factory and rspec testing model files.

Modify list model to create relationship with user and validation.

todo-app/rails-api/app/models/list.rb

class List
  include Mongoid::Document
  field :name, type: String
  belongs_to :user

  validates :name, presence: true
end

Also add to user model:

todo-app/rails-api/app/models/user.rb

has_many :lists

Now update factory for testing suite:

todo-app/rails-api/spec/factories/lists.rb

FactoryBot.define do
  factory :list do
    name { "MyString" }
    association :user
  end
end

Finally, Create RSpec test for list model. I simply created the test for valid factory:

todo-app/rails-api/spec/models/list_spec.rb

require 'rails_helper'

RSpec.describe List, type: :model do
  it "has a valid factory" do
    list = FactoryBot.build(:list)
    expect(list.valid?).to be_truthy
  end
end

User’s lists Types, Mutations, and Queries:

Now create the List Type by writing in terminal:

docker-compose run rails-api rails g graphql:object list

todo-app/rails-api/app/graphql/types/list_type.rb

module Types
  class ListType < Types::BaseObject
    field :id, ID, null: false, description: "MongoDB List id string"
    field :name, String, null: false, description: "Name of the List"
    field :user, Types::UserType, null: false, description: "User of the List"
  end
end

Here we included a user that will automatically pick up by graphql because mongoid has the relationship. Same we add to users:

todo-app/rails-api/app/graphql/types/user_type.rb

field :lists, [Types::ListType], null: true, description: "User's Lists in the system" 

So while we are output user, we can output user's list because of has many relations.

Now we create list input type that will be simple one argument which is a name.

todo-app/rails-api/app/graphql/types/inputs/list_input.rb

module Types
  module Inputs
    class ListInput < BaseInputObject
      argument :name, String, required: true, description: "List Name"
    end
  end
end

Now we create mutations of create and delete list. First, we create a method of authenticate_user so that we can define which user’s list is being created. So put a method in base mutation file and GraphQL controller file.

todo-app/rails-api/app/controllers/graphql_controller.rb

class GraphqlController < ApplicationController
  # If accessing from outside this domain, nullify the session
  # This allows for outside API access while preventing CSRF attacks,
  # but you'll have to authenticate your user separately
  # protect_from_forgery with: :null_session
  require 'json_web_token'

  def execute
    variables = ensure_hash(params[:variables])
    query = params[:query]
    operation_name = params[:operationName]
    context = {
      # Query context goes here, for example:
      current_user: current_user,
      decoded_token: decoded_token
    }
    result = RailsApiSchema.execute(query, variables: variables, context: context, operation_name: operation_name)
    render json: result
  rescue => e
    raise e unless Rails.env.development?
    handle_error_in_development e
  end

  def current_user
    @current_user = nil
    if decoded_token
      data = decoded_token
      user = User.find(id: data[:user_id]) if data[:user_id].present?
      if data[:user_id].present? && !user.nil?
        @current_user ||= user
      end
    end
  end

  def decoded_token
    header = request.headers['Authorization']
    header = header.split(' ').last if header
    if header
      begin
        @decoded_token ||= JsonWebToken.decode(header)
      rescue JWT::DecodeError => e
        raise GraphQL::ExecutionError.new(e.message)
      rescue StandardError => e
        raise GraphQL::ExecutionError.new(e.message)
      rescue e
        raise GraphQL::ExecutionError.new(e.message)
      end
    end
  end

  private

  # Handle form data, JSON body, or a blank value
  def ensure_hash(ambiguous_param)
    case ambiguous_param
    when String
      if ambiguous_param.present?
        ensure_hash(JSON.parse(ambiguous_param))
      else
        {}
      end
    when Hash, ActionController::Parameters
      ambiguous_param
    when nil
      {}
    else
      raise ArgumentError, "Unexpected parameter: #{ambiguous_param}"
    end
  end

  def handle_error_in_development(e)
    logger.error e.message
    logger.error e.backtrace.join("\n")

    render json: { errors: [{ message: e.message, backtrace: e.backtrace }], data: {} }, status: 500
  end
end

todo-app/rails-api/app/graphql/mutations/base_mutation.rb

# The method authenticates the token
def authenticate_user
  unless context[:current_user]
    raise GraphQL::ExecutionError.new("You must be logged in to perform this action")
  end
end

Now mutations are simple:

todo-app/rails-api/app/graphql/mutations/lists/create_list.rb

module Mutations
  module Lists
    class CreateList < BaseMutation
      description "Create List for the user"

      # Inputs
      argument :input, Types::Inputs::ListInput, required: true

      # Outputs
      field :list, Types::ListType, null: false

      def resolve(input: nil)
        authenticate_user
        list = context[:current_user].lists.build(input.to_h)
        if list.save
          {list: list}
        else
          raise GraphQL::ExecutionError.new(list.errors.full_messages.join(","))
        end
      end
    end
  end
end

Delete list only requires ID and authenticate user will tell if user is trying to delete his/her list.

todo-app/rails-api/app/graphql/mutations/lists/delete_list.rb

module Mutations
  module Lists
    class DeleteList < BaseMutation
      description "Deleting a List from the user"

      # Inputs
      argument :id, ID, required: true

      # Outputs
      field :success, Boolean, null: false

      def resolve(id)
        authenticate_user
        list = context[:current_user].lists.find(id)
        if list && list.destroy
          {success: true}
        else
          raise GraphQL::ExecutionError.new("Error removing the list.")
        end
      end
    end
  end
end

Also, enable these two mutations in mutation type:

todo-app/rails-api/app/graphql/types/mutation_type.rb

# List
field :create_list, mutation: Mutations::Lists::CreateList
field :delete_list, mutation: Mutations::Lists::DeleteList

The RSpec test are now like signup sign-in:

todo-app/rails-api/spec/graphql/mutations/lists/create_list_spec.rb

require 'rails_helper'

module Mutations
  module Lists
    RSpec.describe CreateList, type: :request do
      describe '.resolve' do
        it 'creates a users list' do
          user = FactoryBot.create(:user)
          headers = sign_in_test_headers user
          query = <<~GQL
          mutation {
            createList(input: {name: "Test List"}) {
              list { 
                id
              }
            }
          }
          GQL
          post '/graphql', params: {query: query}, headers: headers
          expect(response).to have_http_status(200)
          json = JSON.parse(response.body)
          expect(json["data"]["createList"]["list"]["id"]).not_to be_nil
        end
      end
    end
  end
end

todo-app/rails-api/spec/graphql/mutations/lists/delete_list_spec.rb

require 'rails_helper'

module Mutations
  module Lists
    RSpec.describe DeleteList, type: :request do
      describe '.resolve' do
        it 'deletes a users list' do
          user = FactoryBot.create(:user)
          list = FactoryBot.create(:list, user_id: user.id)
          headers = sign_in_test_headers user
          query = <<~GQL
          mutation {
            deleteList(id: "#{list.id}") {
              success
            }
          }
          GQL
          post '/graphql', params: {query: query}, headers: headers
          expect(response).to have_http_status(200)
          json = JSON.parse(response.body)
          expect(json["data"]["deleteList"]["success"]).to be_truthy
        end
      end
    end
  end
end

Now run RSpec using the following command in terminal

docker-compose run rails-api bin/rspec

You can now see new mutations in the UI as well.

For Query, first update base query with same authenticate user method.

todo-app/rails-api/app/graphql/queries/base_query.rb

module Queries
  class BaseQuery < GraphQL::Schema::Resolver

    # The method authenticates the token
    def authenticate_user
      unless context[:current_user]
        raise GraphQL::ExecutionError.new("You must be logged in to perform this action")
      end
    end
  end
end

Now User List Query is simple like mutation.

todo-app/rails-api/app/graphql/queries/lists/user_lists.rb

module Queries
  module Lists
    class UserLists < BaseQuery
      description "Get the Cureent User Lists"

      type [Types::ListType], null: true

      def resolve
        authenticate_user
        context[:current_user].lists
      end

    end
  end
end

and to show user single list

todo-app/rails-api/app/graphql/queries/lists/list_show.rb

module Queries
  module Lists
    class ListShow < BaseQuery
      description "Get the selected list"

      # Inputs
      argument :id, ID, required: true, description: "List Id"

      type Types::ListType, null: true

      def resolve(id:)
        authenticate_user
        context[:current_user].lists.find(id)
      rescue
        raise GraphQL::ExecutionError.new("List Not Found")
      end

    end
  end
end

Furthermore, on the topic we should create me query for user

todo-app/rails-api/app/graphql/queries/users/me.rb

module Queries
  module Users
    class Me < BaseQuery
      description "Logged in user"

      # outputs
      type Types::UserType, null: false

      def resolve
        authenticate_user
        context[:current_user]
      end
    end
  end
end

As  me query can show all the data to create an app including user info, lists, and tasks as well.

Enable Queries by adding to query type.

todo-app/rails-api/app/graphql/types/query_type.rb

module Types
  class QueryType < Types::BaseObject
    # Add root-level fields here.
    # They will be entry points for queries on your schema.

    field :me, resolver: Queries::Users::Me
    field :user_lists, resolver: Queries::Lists::UserLists
    field :show_list, resolver: Queries::Lists::ListShow
  end
end

RSpec Tests are given in the repo code.

Task Model:

Create task model by writing in terminal

docker-compose run rails-api rails g model Task name:string done:boolean

and change the model to the following code

todo-app/rails-api/app/models/task.rb

class Task
  include Mongoid::Document
  field :name, type: String
  field :done, type: Boolean, default: false
  belongs_to :list

  validates :name, presence: true
end

Add the following in list model

todo-app/rails-api/app/models/list.rb

has_many :tasks

Factory and RSpec testing are in the repo.

Task Type, Mutation, and Queries:

Create task object in GraphQL

docker-compose run rails-api rails g graphql:object task

Add following code in task type

todo-app/rails-api/app/graphql/types/task_type.rb

module Types
  class TaskType < Types::BaseObject
    field :id, ID, null: false, description: "MongoDB Tassk id string"
    field :name, String, null: true, description: "Task's name"
    field :done, Boolean, null: true, description: "Task's status"
    field :list, Types::ListType, null: true, description: "Task's List"
  end
end

We added list as parent of task and similarly in list we show dependent task, and then we don’t need queries as list will be enough.

todo-app/rails-api/app/graphql/types/list_type.rb

field :tasks, [Types::TaskType], null: true, description: "List Tasks"

Now even making user’s me query can show user, lists, and list tasks if you want to.

Now we create input type which will be named of task:

todo-app/rails-api/app/graphql/types/inputs/task_input.rb

module Types
  module Inputs
    class TaskInput < BaseInputObject
      argument :name, String, required: true, description: "Task Name"
      argument :list_id, ID, required: true, description: "List Id to which it is to be input"
    end
  end
end

We now create three mutations create, delete and change status

todo-app/rails-api/app/graphql/mutations/tasks/create_task.rb

module Mutations
  module Tasks
    class CreateTask < BaseMutation
      description "Create Task in user's list"

      argument :input, Types::Inputs::TaskInput, required: true

      field :task, Types::TaskType, null: false

      def resolve(input: nil)
        authenticate_user
        list = context[:current_user].lists.find(input.list_id)
        if list
          task = list.tasks.build(name: input.name)
          if task.save
            {task: task}
          else
            raise GraphQL::ExecutionError.new(task.errors.full_messages.join(', '))
          end
        else
          raise GraphQL::ExecutionError.new("List Not Found")
        end
      end
    end
  end
end

todo-app/rails-api/app/graphql/mutations/tasks/delete_task.rb

module Mutations
  module Tasks
    class DeleteTask < BaseMutation
      description "Deleting a Task from the user's list"

      # Inputs
      argument :id, ID, required: true

      # Outputs
      field :success, Boolean, null: false

      def resolve(id)
        authenticate_user
        task = Task.find(id)
        if task && task.list.user == context[:current_user] && task.destroy
          {success: true}
        else
          raise GraphQL::ExecutionError.new("Task could not be found in the system")
        end
      end
    end
  end
end

todo-app/rails-api/app/graphql/mutations/tasks/change_task_status.rb

module Mutations
  module Tasks
    class ChangeTaskStatus < BaseMutation
      description "Deleting a Task from the user's list"

      # Inputs
      argument :id, ID, required: true

      # Outputs
      field :task, Types::TaskType, null: false

      def resolve(id)
        authenticate_user
        task = Task.find(id)
        if task && task.list.user == context[:current_user] && task.update(done: !task.done)
          {task: task}
        else
          raise GraphQL::ExecutionError.new("Task could not be found in the system")
        end
      end
    end
  end
end

Add to mutation type to enable:

todo-app/rails-api/app/graphql/types/mutation_type.rb

# Task
field :create_task, mutation: Mutations::Tasks::CreateTask
field :delete_task, mutation: Mutations::Tasks::DeleteTask
field :change_task_status, mutation: Mutations::Tasks::ChangeTaskStatus

All RSpec Testing is in Repo.


So now everything we need from a GraphQL API. Now we will create VueJS app for this To-Do App in the next part.

Happy Coding!

This article is written by Senior Solutions Architect, Sulman Baig from UNATION. With over 8 years of professional experience, Sulman is a Ruby on Rails developer with 5+ years of experience in Ruby, alongside NodeJS and VueJS.

Previously he worked at MailMunch as Principal Software Engineer, and as a CTO at GoGhoom.

Sulman has worked in agile environments with complex industrial-grade applications with technologies like Swagger REST API, MVC architectures and database architecture designs.