A modern Rails API application with GraphQL interface for managing blogs and users. Features JWT authentication, role-based permissions, and a complete blog management system.
- Ruby 3.x
- Rails 8.x
- SQLite3 (default) or PostgreSQL
- Node.js (for GraphiQL interface)
-
Clone and setup
git clone <repository-url> cd rails-graphql bundle install
-
Database setup
rails db:create rails db:migrate rails db:seed
-
Start the server
rails server
-
Access GraphiQL IDE Visit: http://localhost:3000/graphiql
- GraphQL Setup & Usage Guide - Complete guide for GraphQL operations, mutations, and queries
- Roles & Permissions - Detailed documentation of the authentication and authorization system
- 🔐 JWT Authentication - Secure token-based authentication
- 👥 Role-Based Access Control - Author and Admin roles with different permissions
- 📝 Blog Management - Create, read, update, and delete blog posts
- 🔍 GraphQL API - Modern GraphQL interface with GraphiQL IDE
- 🛡️ Security - Strong password requirements and permission checks
- Backend: Ruby on Rails 8.x (API mode)
- API: GraphQL with graphql-ruby gem
- Authentication: JWT tokens with bcrypt
- Database: SQLite3 (development), configurable for production
- Development Tools: GraphiQL IDE for API exploration
- Users: Authentication and profile information
- Blogs: Blog posts with user associations
- Roles: Author and Admin role system
# JWT Secret (uses Rails.application.secret_key_base by default)
RAILS_MASTER_KEY=your_master_key_hereDefault: SQLite3 for development
Production: Configure in config/database.yml
# Run all tests
rails test
# Run specific test files
rails test test/models/user_test.rb
rails test test/models/blog_test.rb# Setup deployment configuration
kamal setup
# Deploy application
kamal deploy- Configure production database
- Set environment variables
- Precompile assets (if needed)
- Run migrations
- Start application server
# Sign up
mutation {
signUpMutation(input: {
firstName: "John"
lastName: "Doe"
email: "john@example.com"
username: "johndoe"
password: "MySecure123!"
}) {
user { id username }
token
errors
}
}
# Sign in
mutation {
signInMutation(input: {
username: "johndoe"
password: "MySecure123!"
}) {
token
error
user { id username role }
}
}# Create blog (requires authentication)
mutation {
blogCreate(input: {
title: "My First Post"
description: "Content of the blog post..."
}) {
blog {
id
title
description
userName
}
}
}
# Get all blogs (public)
query {
blogs {
id
title
description
createdAt
userName
}
}- Password Requirements: 8+ characters with mixed case, numbers, and special characters
- JWT Tokens: 24-hour expiration with secure signing
- Role-Based Permissions: Different access levels for authors and admins
- Input Validation: GraphQL type validation and custom validations
- Secure Headers: Proper authorization header handling
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
This project is licensed under the MIT License - see the LICENSE file for details.
- Documentation: Check the linked documentation files above
- Issues: Create an issue in the repository
- GraphiQL: Use the interactive GraphiQL interface for API exploration
Quick Links:
- GraphQL Operations Guide
- Security & Permissions
- GraphiQL Interface (when server is running)