Typegate
This is the easiest way to get started, yet it's not publicly accessible. Signing up for the private beta will be available soon.
Using Docker
Install Docker and use the following compose.yml to launch a typegate node. For multi-instance production workloads, Redis and an S3 object store provider are required but the typegate will run using in-memory stores if no SYNC_* environment variable is detected. More details can be found here. In practice you might also want to add a database or other systems that the typegate can connect to.
services:
typegate:
image: ghcr.io/metatypedev/typegate:latest
ports:
- "7890:7890"
extra_hosts:
- "host.docker.internal:host-gateway"
environment:
# only for dev, generate secure values for production
TG_SECRET: "a4lNi0PbEItlFZbus1oeH/+wyIxi9uH6TpL8AIqIaMBNvp7SESmuUBbfUwC0prxhGhZqHw8vMDYZAGMhSZ4fLw=="
TG_ADMIN_PASSWORD: password
DEBUG: "true"
# launch the containers
docker compose up --detach
# watch the typegate logs
docker compose logs typegate --follow
Internal APIs
Most of the internal APIs are still unstable, and may change without notice. If you still want to experiment with them, you can use the GraphQL introspection to discover them.
- /typegate
- /prisma-migration
The typegate nodes - or typegates - are the central components of the ecosystems. They build and type check typegraphs, and expose them through a HTTP/GraphQL interface. They enforce the type safety of the data flows, connect to all the runtimes and orchestrate the execution of incoming requests.
Request lifecycle
When a new request fires a trigger, the typegate orchestrates the following stages:
- extract the secure request context from custom authentication or JSON Web Token (JWT)
- retrieve cached execution plan or compute a new one
- traverse the typegraph to create a DAG of the required types
- optimize the DAG to reduce the number of calls to the runtimes
- pre-compute all structural elements and data resolutions
- execute the plan
- type check the arguments
- verify lazily policies on the need
- run the DAG execution
- enforce the rate-limiting
- type check the response
- manage metadata of the request
HTTP/GraphQL interface
For now, the typegate nodes are only accessible through HTTP/1.1 and HTTP/2. More protocols could be supported in the future. Typegates expose a GraphQL interface which is the result of a typegraph projected onto corresponding GraphQL types. While this reduces the type safety of the data flowing, it makes more interoperable thanks to the many high-quality and well-known GraphQL tooling already available. The underlying types are also exposed in order for API clients to verify the underlying types.
GraphQL, being a query language, offers a great asset for Metatype's philosophy:
- Efficient querying: the client can specify exactly what data it needs, reducing the amount of over- or under-fetching
- Flexibility: allows for retrieving multiple resources in a single request, unlike REST, which often requires multiple ones
- Typing: GraphQL has a built-in type system that allows for better documentation and stronger validation of the requests
- Improved tooling: tools and libraries around GraphQL are rapidly growing and great a development experience
Configuration
Environment variables.
The following environment variables can be used to configure the typegate. SYNC_* variables have special semantics which you can read about here.
| Environment variables | Desc | Default |
|---|---|---|
| HOSTNAME | Hostname that typegate is deployed on. | getHostname() result. |
| TG_PORT | Tcp port to serve typegate APIs at. | 7890 |
| TG_ADMIN_PASSWORD | Password use by the CLI/SDK to configure the typegate. | Required |
| TG_SECRET | Symmetric key used to encrypt cookies and other things. | Required. |
| TMP_DIR | Top-level temporary directory. | $PWD/tmp |
| DEBUG | Enable debug output and other development paths. | false |
| TIMER_MAX_TIMEOUT_MS | Timeout for custom runtime functions and other proccesses. | 3000 |
| TIMER_POLICY_EVAL_RETRIES | Number of retries when evaluating policies that have timed out | 1 |
| TIMER_DESTROY_RESOURCES | Force abort and attempt to restart operations that did not respond after multiple retries | true |
| JWT_MAX_DURATION_SEC | The lifetime of generated JWT access tokens. | 30 * 24 * 3600 |
| JWT_REFRESH_DURATION_SEC | The lifetime of generated JWT refresh tokens. | 5 * 60 |
| SENTRY_DSN | ||
| SENTRY_SAMPLE_RATE | 1 | |
| SENTRY_TRACES_SAMPLE_RATE | 1 | |
| TRUST_PROXY | Whether to accept proxy headers when resolving request contexts. | false |
| TRUST_HEADER_IP | The header key on which to resolve request origin addresses. | X-Forwarded-For |
| DENO_V8_FLAGS | Flags for tuning the v8 javascript engine. Use the --help flag here to see what options are available. | |
| SYNC_REDIS_URL | URL to the Redis database. Must include the database number. | |
| SYNC_REDIS_PASSWORD | Redis database password, can be included in SYNC_REDIS_URL. | |
| SYNC_S3_HOST | Hostname of the S3 store. | |
| SYNC_S3_REGION | S3 region. | |
| SYNC_S3_ACCESS_KEY | Access key for the S3 store credentials. | |
| SYNC_S3_SECRET_KEY | Access key secret for the S3 store credentials. | |
| SYNC_S3_PATH_STYLE | true or false, force path style if true. | |
| SYNC_S3_BUCKET | The bucket to be used for the system (dedicated). |