today, I would not recommend GraphQL to most people, and what I think are better alternatives.
Attack surface
Authorisation
Rate limiting
Query parsing
Performance
Data fetching and the N+1 problem
Authorisation and the N+1 problem
Coupling
Complexity
And more...
Youtube generates revenue from user ad views, and it’s logical for the platform to implement restrictions to prevent people from downloading videos or even watching them on an unofficial client like YouTube Vanced. In this article, I will explain the technical details of these security mechanisms and how it’s possible to bypass them.
...
Since mid-2021, YouTube has included the query parameter
nin the majority of file URLs. This parameter needs to be transformed using a JavaScript algorithm located in the filebase.js, which is distributed with the web page. YouTube utilizes this parameter as a challenge to verify that the download originates from an “official” client. If the challenge is not resolved andnis not transformed correctly, YouTube will silently apply throttling to the video download.The JavaScript algorithm is obfuscated and changes frequently, so it’s not practical to attempt reverse engineering to understand it. The solution is simply to download the JavaScript file, extract the algorithm code, and execute it by passing the
nparameter to it.
...
Many projects currently use these techniques to circumvent the limitations put in place by YouTube in order to prevent video downloads. The most popular one is yt-dlp (a fork of youtube-dl) programmed in Python, but it includes its own custom JavaScript interpreter to transform the n parameter.
Très intéressant REX d'une migration du site d'une asso coûteux à maintenir vers des solutions "low-costs": Squarespace pour du Wordpress, Airtable en base de donnée et Glitch pour un backend minimal en NodeJS
He used a rate limiter for Airtable: https://glitch.com/edit/#!/airtable-api-proxy?path=README.md:1:0