oxid-esales / graphql-base
OXID eSales GraphQL base module
Installs: 82 474
Dependents: 9
Suggesters: 1
Security: 0
Stars: 24
Watchers: 10
Forks: 14
Type:oxideshop-module
Requires
- php: ^8.2
- ext-json: *
- ecodev/graphql-upload: ^7.0.0
- laminas/laminas-diactoros: ^3.5
- lcobucci/jwt: ^4.1
- myclabs/php-enum: ^1.8
- symfony/cache: *
- thecodingmachine/graphqlite: ^7.0
Requires (Dev)
- ext-xdebug: *
- codeception/codeception: ^5.0
- codeception/module-asserts: ^3.0
- codeception/module-db: *
- codeception/module-phpbrowser: *
- codeception/module-rest: *
- mikey179/vfsstream: ~1.6.8
- oxid-esales/codeception-modules: dev-b-7.3.x
- oxid-esales/oxideshop-ce: dev-b-7.3.x
- phpmd/phpmd: ^2.11
- phpstan/phpstan: ^1.10
- phpunit/phpunit: ^10.4
- squizlabs/php_codesniffer: 3.*
Conflicts
- oxid-esales/oxideshop-ce: <7.3
- dev-b-7.2.x
- dev-b-7.3.x
- v11.0.0-rc.1
- v11.0.0-rc
- v10.0.0
- v10.0.0-rc.1
- v9.0.0
- v9.0.0-rc.1
- v8.1.1
- v8.1.0
- v8.0.1
- v8.0.0
- v7.0.2
- v7.0.1
- v7.0.0
- v6.0.3
- v6.0.2
- v6.0.1
- v6.0.0
- v5.2.1
- v5.2.0
- v5.2.0-rc2
- v5.2.0-rc1
- v5.1.1
- v5.1.0
- v5.0.0
- v4.0.0
- v3.2.0
- v3.1.3
- v3.1.2
- v3.1.1
- v3.1.0
- v3.0.0
- v2.5.0
- v2.4.1
- v2.4.0
- v2.3.0
- v2.2.0
- v2.1.0
- v2.0.0
- v1.3.3
- v1.3.2
- v1.3.1
- v1.3.0
- v1.2.0
- v1.1.2
- v1.1.1
- v1.1.0
- v1.0.0
- dev-b-8.0.x-entrypoint
- dev-b-8.0.-alpha1-rebased
- dev-b-7.3.x-check-refresh-OXDEV-8525
- dev-b-8.0-alpha1
- dev-b-8.0.x-converted_by_script-OXDEV-7248
- dev-b-8.0.x-GHA-OXDEV-7248
- dev-b-7.3.x-SPIKE-OXDEV-8525
- dev-b-8.0.x-converted
- dev-b-8.0.x-with-facts-OXDEV-7248
- dev-b-7.2.x-validate_token-OXDEV-8407
- dev-b-7.1.x
- dev-b-7.1.x-update-changelog-OXDEV-7726
- dev-b-7.0.x
- dev-b-7.1.x-invalidate_tokens-OXDEV-4018
- dev-b-7.1.x-OXDEV-8295
- dev-b-7.1.x-cleanup-workflow-OXDEV-8287
- dev-OXDEV-5415_prototype
- dev-b-6.5.x
- dev-b-6.4.x
- dev-b-7.0.x-outsourcing_doc_generation-OXDEV-7707
- dev-b-7.0.x-review_preparation-OXDEV-7003
- dev-b-7.0.x-update_documentation-OXDEV-6731
- dev-b-7.0.x-fix_translations
- dev-b-7.0.x-github_actions-OXDEV-6153
- dev-b-7.0.x_sonar_fix
- dev-b-6.5.x-update-phpstan
- dev-master
- dev-b-6.5.x-update_docs-OXDEV-6060
- dev-master-installable-OXDEV-5960
- dev-b-6.5.x_extend_docs
- dev-master-inject_variables-OXDEV-5257
- dev-SPIKE-hide_queries_mutations-OXDEV-4897
- dev-b-6.4.x_patch
- dev-b-6.4.x_graphqlite5
- dev-b-6.3.x
- dev-b-6.2.x
- dev-master-bump_jwt_version
- dev-master-PHP8
- dev-SPIKE-check-usage-of-subject-arg-in-authorization-is-allowed-OXDEV-4551
- dev-OXDEV-4383-graphql_upload-OXDEV-4479
- dev-master-spike_schema_visibility_notifications-OXDEV-4463
- dev-SPIKE-schema_visibility-OXDEV-4449
- dev-master-session_spike-OXDEV-4376
- dev-master-anonymous-spike-OXDEV-4354
- dev-SPIKE-account_schema_documentation
- dev-RESEARCH-hot-to-simplify-schema-script
- dev-SPIKE_codeception_xdebugging-OXDEV-3948
This package is auto-updated.
Last update: 2025-04-23 12:49:02 UTC
README
This module provides:
- a basic GraphQL implementation for the OXID eShop
- authorization and authentication using JWT
- a query to log you in and get a JWT for further authentication
Documentation
- Full documentation, including GraphQL schema, can be found here.
Usage
This assumes you have OXID eShop (at least OXID-eSales/oxideshop_ce: v7.3.0 component, which is part of the 7.3.0 compilation) up and running.
Branch Compatibility
- 11.0.x versions (or b-7.3.x branch) are compatible with latest shop compilation 7.3.x resp. b-7.3.x shop compilation branches
- 10.0.x versions (or b-7.2.x branch) are compatible with latest shop compilation 7.2.x resp. b-7.2.x shop compilation branches
- 9.x versions (or b-7.1.x branch) are compatible with latest shop compilation 7.1.x resp. b-7.1.x shop compilation branches
- 8.x versions (or b-7.0.x branch) are compatible with latest shop compilation: 7.0.x resp. b-7.0.x shop compilation branches
- 7.x versions (or b-6.5.x branch) are compatible with latest shop compilations: 6.5.x resp. b-6.5.x shop compilation branches
- 6.x versions (or b-6.4.x branch) are compatible with latest shop compilations: 6.4.x resp. b-6.4.x shop compilation branches
- 5.x versions (or b-6.3.x branch) are compatible with latest shop compilations: 6.3.x resp. b-6.3.x shop compilation branches (NOTE: no support for PHP 8 yet)
Install
# Install desired version of oxid-esales/graphql-base module, in this case - latest released 9.x version, While updating the version you should add additional flag --with-all-dependencies with below command.
$ composer require oxid-esales/graphql-base ^9.0.0 --with-all-dependencies
You should run migrations both after installing the module and after each module update:
$ vendor/bin/oe-eshop-doctrine_migration migrations:migrate oe_graphql_base
After requiring the module, you need to activate it, either via OXID eShop admin or CLI.
$ bin/oe-console oe:module:activate oe_graphql_base
Update
If you when to update this module from older version to new version. Then run below command to ensure that all dependencies including in the composer.lock are updated that are compatible with each other.
$ composer update --with-all-dependencies
How to use
You can use your favourite GraphQL client to explore the API, if you do not already have one installed, you may use Altair GraphQL Client.
To login and retrieve a token send the following GraphQL query to the server
query { token ( username: "noreply@oxid-esales.com", password: "admin" ) }
You could simply fire up your terminal and use curl to do a basic check
if the GraphQL base module is up and running as expected. To retrieve a valid
token you need to replace the username and password below with valid login
credentials.
$ curl http://oxideshop.local/graphql/ \ -H 'Content-Type: application/json' \ --data-binary '{"query":"query {token(username: \"noreply@oxid-esales.com\", password: \"admin\")}"}'
You should see a response similar to this:
{
"data": {
"token": "a-very-long-jwt"
}
}
This token is then to be send as your authorization with every request in the
HTTP Authorization header like this:
Authorization: Bearer a-very-long-jwt
How to use refresh tokens
To login and retrieve a refresh and access token send the following GraphQL query to the server:
query { login ( username: "noreply@oxid-esales.com", password: "admin" ) { refreshToken accessToken } }
The response should contain both requested tokens:
{
"data": {
"login": {
"accessToken": "the-same-long-jwt-token",
"refreshToken": "a-255-character-long-string"
}
}
}
The request will set an HttpOnly cookie with unique fingerprint.
The accessToken claims contain a hashed version of this fingerprint.
The access token should be sent as Bearer type authorization as described above.
After the access token's lifetime has elapsed, you will need to refresh it.
To do this you will need to send the following query:
query { refresh ( refreshToken: "your-refresh-token", fingerprintHash: "from-access-token-claims" ) }
If the token is valid and the hash matches the fingerprint sent as cookie, you will receive a fresh token as a response:
{
"data": {
"refresh": "a-new-long-jwt"
}
}
And along with it, a new fingerprint cookie and fingerprintHash claim in the jwt token.
How to extend
The information on extending any module can be found in the OXID eSales documentation.
How to extend GraphQL module types and implement your new mutations and queries is shown in OXID GraphQL API documentation.
Testing
Syntax check and static analysis
$ composer static
Unit/Integration/Acceptance tests
- install this module into a running OXID eShop
- reset shop's database
$ bin/oe-console oe:database:reset --db-host=db-host --db-port=db-port --db-name=db-name --db-user=db-user --db-password=db-password --force
- run Unit/Integration tests
$ ./vendor/bin/phpunit -c vendor/oxid-esales/graphql-base/tests/phpunit.xml
- run Acceptance tests
$ SELENIUM_SERVER_HOST=selenium MODULE_IDS=oe_graphql_base vendor/bin/codecept run acceptance -c vendor/oxid-esales/graphql-base/tests/codeception.yml
Development installation
To be able running the tests and other preconfigured quality tools, please install the module as a root package.
The next section shows how to install the module as a root package by using the OXID eShop SDK.
In case of different environment usage, please adjust by your own needs.
Development installation on OXID eShop SDK
The installation instructions below are shown for the current SDK for shop 7.3. Make sure your system meets the requirements of the SDK.
-
Ensure all docker containers are down to avoid port conflicts
-
Clone the SDK for the new project
echo MyProject && git clone https://github.com/OXID-eSales/docker-eshop-sdk.git $_ && cd $_
- Clone the repository to the source directory
git clone --recurse-submodules https://github.com/OXID-eSales/graphql-base-module.git --branch=b-7.3.x ./source
- Run the recipe to setup the development environment, you can decide which shop edition to install. Omitting the flag installs EE.
./source/recipes/setup-development.sh -s CE
You should be able to access the shop with http://localhost.local and the admin panel with http://localhost.local/admin (credentials: noreply@oxid-esales.com / admin)
Running tests locally
Check the "scripts" section in the composer.json file for the available commands. Those commands can be executed
by connecting to the php container and running the command from there, example:
make php composer tests-coverage
Commands can be also triggered directly on the container with docker compose, example:
docker compose exec -T php composer tests-coverage
Issues
To report issues with GraphQL module please use the OXID eShop bugtracking system.
Contributing
You like to contribute? 🙌 AWESOME 🙌
Go and check the contribution guidelines
Build with
License
OXID Module and Component License, see LICENSE file.