GraphQL Authentication with Apollo and React

In this second part of my “GraphQL Authentication” series, I dive into the front-end and wire up a simple authentication system using React and Apollo client.

Phoenix and the Frontend

calcinator 3.0.0

Bug fixes for error handling and testing support led to incompatible changes in behaviours, but use generated code is updated as well, so no changes if you only use Calcinator.Resources.Ecto.Repo.


  • Can now return (and is preferred to return instead of a timeout exit) {:error, :timeout} from all Calcinator.Resources action @callbacks.
  • When structs are deleted directly instead of changesets, there’s no way to add constraints, such as no_assoc_constraint or assoc_constraint that would transform DB errors into validation errors, so Calcinator.delete/3 generate a changeset from Calcinator.Resources.changeset(struct, %{})
  • Make the Alembic.Document.t and Alembic.Error.t that Calcinator.Controller.Error uses internally available in Calcinator.Alembic.Document and Calcinator.Alembic.Error, respectively, so they can be reused in overrides and retort.
  • Pass :meta through Calcinator.Retort.query_options, which allows pass through of meta like from Calcinator.Meta.Beam, which is necessary for indirect callbacks through RPC calls for retort.
  • Move Calcinator.Meta.Beam key to module attribute to prevent typos.
  • Calcinator.Meta.beam.put_new_lazy allows beam information to only be set in meta if its not already there to allow for loops between Calcinator servers.

Bug Fixes

  • The Calcinator actions @spec and @doc include (hopefully) all the errors they can return now

    • {:error, :sandbox_access_disallowed}
    • {:error, :sandbox_token_missing}
    • {:error, :timeout}
  • Ensure Calcinator.Controller actions have case clauses for all the declared return types from Calcinator calls.
  • get_related_resources could not handle has_many related resources, specifically
  • Calcinator.JaSerializer.PhoenixView.get_related_resource/3 would not allow data to be a list.
  • Calcinator.RelatedView.render with data assumes the data was singular and “links” could be added to that “data” map.
  • Calcinator.authorized did not allow the unfiltered data to be list.
  • Fix source assigns for get_related_resource example: example still used pre-open-sourcing association and id_key.
  • Fix show_relationship example that was just wrong. The same assigns as get_related_resource should be used. Since at first I couldn’t figure out why showing a relationship would need a view module and I wrote the code, I added a note explaining its for the view_module.type/0 callback since relationships are resource identifiers with id and type.
  • assumed that [:related][:resource] was nil or a map, which didn’t handle the list for has_many relationships.

Incompatible Changes

  • Calcinator.Resources.allow_sandbox_access/1 must now return :ok | {:error, :sandbox_access_disallowed}. The previous {:already, :allowed | :owner} maps to :ok while :not_found maps to {:error, :sandbox_access_disallowed}.
  • If you previously had total coverage for all return types from Calcinator actions, they now also return {:error, :sandbox_access_disallowed} and {:error, :timeout}. Previously, instead of {:error, :sandbox_access_disallowed}, :not_found may been returned, but that was a bug that leaked an implementation detail from how DBConnection.Ownership works, so it was removed.
  • Calcinator.delete deletes a changeset instead of a resource struct
  • Calcinator.Resources.delete/1 must expect an Ecto.Changeset.tinstead of a resource struct
  • use Calcinator.Resources.Ecto.Repo generates delete/1 that expects an Ecto.Changeset.t and calls Calcinator.Resources.Ecto.Repo.delete/2, which now expects a changeset instead of resource struct as the second argument.
  • :meta is now a required key in Calcinator.Resources.query_options.
  • Calcinator.Resources.delete/2 must now accept both the Ecto.Changeset.t with any constraints and the Calcinator.Resources.query_options, so that the new meta key can be used to continue propagating the Calcinator.Meta.Beam from the original caller in a chain of calls.


ElixirWeekly: The Elixir Community Newsletter, covering community news you easily miss, shared on ElixirStatus and the web, in one email every Thursday.

WebSockex 0.1.3

Version 0.1.3 of WebSockex was just released!

The ChangeLog for this release includes:

  • WebSockex.start_link will no longer cause the calling process to exit on connection failure and will return a proper error tuple instead.
  • Change WebSockex.Conn.RequestError to WebSockex.RequestError.
  • Add handle_connect_failure to be invoked after initiating a connection fails. Fixes #5

Checkout the v0.1.2..v0.1.3 diff for more info.

Veritaserum: Simple sentiment analisys on Elixir

Hi there!

I just published Veritaserum, a simple sentiment analisys library for Elixir.

It’s based on the AFINN-165 word list, and it also supports:

  • emojis (❤️, 😱…)
  • boosters (very, really…)
  • negators (don’t, not…)

You can check the repo on github.

Metaprogramming Without Macros

New blog post on metaprogramming without writing macros, just using quote and unquote, and functions from Code and Macro.

Supporting multiple event stores in Commanded using an adapter based approach for Elixir

Announcing the release of Commanded v0.10 with support for using Greg Young’s Event Store.

Commanded is an open-source library you can use to build Elixir applications following the Command Query Responsibility Segregation and event sourcing (CQRS/ES) pattern.

This article describes how an Elixir behaviour and adapter approach was used to support multiple event stores.

GPIO_RPI v0.2.0 released

I released a new version of my GPIO_RPI library today. It started as a fork of elixir_ale, but focuses on the Raspberry Pi only.

This new version allows setting pullup register on initialisation of a pin, allows changing of the input/output direction and mode.

GenMetrics - GenServer and GenStage runtime metrics.

New Elixir library supports the collection and publication of GenServer and GenStage runtime metrics. Metrics data are generated by an introspection agent. No instrumentation is required within the GenServer or GenStage library or within your application source code.

Built-in support for pushing metrics data to statsd agents and Datadog too.

Find out more on the GitHub repo, read the HexDocs, or sit back and enjoy a GitPitch presentation.

Shameless plug: Check out @elixirstatus' other community project:

Credo, a new static code analysis tool that acts as a code linter, but also focusses on teaching coding practices and code consistency.

Take ownership of your data - Part 1

The difference between data modeling and database modeling:

Sobelow - 0.2.1

Security-focused static analysis for the Phoenix Framework: Github.

Sobelow automatically detects some types of the following security issues:

  • Insecure configuration
  • Cross-Site Scripting
  • SQL injection
  • Directory traversal
  • Unsafe serialization

alembic 3.3.0




  • #44 - @KronicDeth

    • Alembic.Document.from_ecto_changeset/2 converts the errors in ecto_changeset to Alembic.Error.t in a single Alembic.Document.t. Bypasses a bug in JaSerializer where it assumes all fields that don’t end in _id are attribute names, which leads to association names (as opposed to their foreign key) being put under /data/attributes. Alembic.Document.from_ecto_changeset reflects on the Ecto.Changeset.t data struct module to get the __schema__/1 information from the Ecto.Schema.t. It also assumes that if the field maps to no known attribute, association or foreign key, then the error should not have an Alembic.Source.t instead of defaulting to /data/attributes.
    • Update circle.yml

      • Erlang 19.3
      • Elixir 1.4.1

Bug Fixes

  • #43 - @KronicDeth

    • Allow Alembic.Error.t source to be nil
    • Lower minimum coverage because coverage number varies from run to run.

alembic 3.2.1


Bug Fixes

  • Allow Alembic.Error.t source to be nil

Testing HTTP requests in Elixir with ExVCR

A basic tutorial to setup ExVCR and how to filter sensitive data in the tests

Zuck, a Facebook API client

Just released Zuck, a Facebook API client for Elixir. Messenger and other cool features coming soon!

Matryoshka, an image transformation reverse proxy

Matryoshka, an image transformation reverse proxy written in elixir. Still in development, feel free to send PR’s :)

A build utility that allows you to to use mix packages in an elixir script

A build utility that allows you to to use mix packages in an elixir script.

Announcing a New Conference! Elixir with Love Conf

Elixir With Love is a proactive conference about introducing developers to this exciting new language and building a diverse Elixir community.

Why changes in Phoenix 1.3 are so important?

That’s a blog post about changes in structure and logic:

Cookie package released on hex

Client side or server side cookie should help when working with cookies.