Hi! I'm

Federico Calò

Software Developer | Technical Writer

I create modern web applications and custom digital tools to help businesses grow through technological innovation. My passion is combining computer science and economics to generate real value.

Contact Me

About Me

My passion for computer science was born at the Technical Commercial Institute of Maglie, where I discovered the power of programming and the fascination of creating digital solutions. From the start, I understood that computer science was not just code, but an extraordinary tool for turning ideas into reality.

During my studies in Business Information Systems, I began to interweave computer science and economics, understanding how technology can be the engine of growth for any business. This vision accompanied me to the University of Bari, where I obtained my degree in Computer Science, deepening my technical skills and passion for software development.

Today I put this experience at the service of businesses, professionals and startups, creating tailor-made digital solutions that automate processes, optimize resources and open new business opportunities. Because true innovation begins when technology meets the real needs of people.

My Skills

Data Analysis & Predictive Models

I transform data into strategic insights with in-depth analysis and predictive models for informed decisions

Process Automation

I create custom tools that automate repetitive operations and free up time for value-added activities

Custom Systems

I develop tailor-made software systems, from platform integrations to customized dashboards

const federico = {
  nome: "Federico Calò",
  ruolo: "Sviluppatore Software",
  città: "Bari, Italia",
  missione: "Aiutare attraverso l'informatica",
  passioni: [
    "Codice Pulito",
    "Innovazione",
    "Crescita Continua"
  ]
};

La Mia Missione

Credo fermamente che l'informatica sia lo strumento più potente per trasformare le idee in realtà e migliorare la vita delle persone.

🚀

Democratizzare la Tecnologia

La mia missione è rendere l'informatica accessibile a tutti: dalle piccole imprese locali alle startup innovative, fino ai professionisti che vogliono digitalizzare la propria attività. Ogni realtà merita di sfruttare le potenzialità del digitale.

💡

Unire Informatica ed Economia

Non è solo questione di scrivere codice: è capire come la tecnologia possa generare valore reale. Intrecciando competenze informatiche e visione economica, aiuto le attività a crescere, ottimizzare processi e raggiungere nuovi traguardi di efficienza e redditività.

🎯

Creare Soluzioni su Misura

Ogni attività è unica, e così devono esserlo le soluzioni. Sviluppo strumenti personalizzati che rispondono alle esigenze specifiche di ciascun cliente, automatizzando processi ripetitivi e liberando tempo per ciò che conta davvero: far crescere il business.

Trasforma la Tua Attività con la Tecnologia

December 2024

View

Master SQL

RoadMap.sh

Novembre 2024

View

Oracle Certified Foundations Associate

Oracle

October 2024

View

People Leadership Credential

Connect

Settembre 2024

💻 Languages & Technologies

☕Java

🐍Python

📜JavaScript

🅰️Angular

⚛️React

🔷TypeScript

🗄️SQL

🐘PHP

🎨CSS/SCSS

🔧Node.js

🐳Docker

🌿Git

💼

12/2024 - Presente

Custom Software Engineering Analyst

Accenture

Bari, Puglia, Italia · Ibrida Analisi e sviluppo di sistemi informatici attraverso l'utilizzo di Java e Quarkus in Health and Public Sector. Formazione continua su tecnologie moderne per la creazione di soluzioni software personalizzate ed efficienti e sugli agenti.

💼

06/2022 - 12/2024

Analista software e Back End Developer Associate Consultant

Links Management and Technology SpA

Esperienza nell'analisi di sistemi software as-is e flussi ETL utilizzando PowerCenter. Formazione completata su Spring Boot per lo sviluppo di applicazioni backend moderne e scalabili. Sviluppatore Backend specializzato in Spring Boot, con esperienza in progettazione di database, analisi, sviluppo e testing dei task assegnati.

💼

02/2021 - 10/2021

Programmatore software

Adesso.it (prima era WebScience srl)

Esperienza nell'analisi AS-IS e TO-BE, evoluzioni SEO ed evoluzioni website per migliorare le performance e l'engagement degli utenti.

🎓

2018 - 2025

Laurea in Informatica

Università degli Studi di Bari Aldo Moro

Bachelor's degree in Computer Science, focusing on software engineering, algorithms, and modern development practices.

📚

2013 - 2018

Diploma - Sistemi Informativi Aziendali

Istituto Tecnico Commerciale di Maglie

Technical diploma specializing in Business Information Systems, combining IT knowledge with business management.

Contattami

Hai un progetto in mente? Parliamone! Compila il form qui sotto e ti risponderò al più presto.

* Campi obbligatori. I tuoi dati saranno utilizzati solo per rispondere alla tua richiesta.

GraphQL: Query Language, Resolver and the N+1 Problem

GraphQL solves one of the fundamental problems of REST APIs: the client cannot control what data it receives. With REST, GET /users/123 always returns all user fields, even if the client only needs two. To upload a complete user profile with orders recent and produced, often need 3-4 separate HTTP calls. GraphQL eliminates this problem allowing the client to specify exactly the data needed in a single query.

But GraphQL introduces its own complexity: the N+1 problem and risk more insidious architectural, capable of transforming a query that seems harmless into a avalanche of dozens or hundreds of database queries. This guide explains how it works the resolver system, how the N+1 problem manifests itself, and how DataLoader solves this with automatic batching and caching.

What You Will Learn

GraphQL schema: types, queries, mutations and subscriptions
The Solving Loop: How GraphQL executes a query
Resolver: Functions that provide data for each field
The N+1 problem: how it manifests itself and why it is dangerous
DataLoader: batching and caching to solve N+1
Complete setup with Apollo Server and TypeScript

The GraphQL Schema: The Typed Contract

Every GraphQL API starts with the schema: a contract that defines all available types, queries (reads), mutations (writes) and subscriptions (real-time streams). The schema is written in SDL (Schema Definition Language):

// schema.graphql
type User {
  id: ID!
  name: String!
  email: String!
  createdAt: String!
  orders: [Order!]!       # Un utente ha molti ordini
  profile: UserProfile    # Nullable: non tutti gli utenti hanno un profilo
}

type Order {
  id: ID!
  total: Float!
  status: OrderStatus!
  createdAt: String!
  items: [OrderItem!]!   # Un ordine ha molti item
  user: User!            # Relazione bidirezionale
}

type OrderItem {
  id: ID!
  quantity: Int!
  price: Float!
  product: Product!      # L'item ha un prodotto
}

type Product {
  id: ID!
  name: String!
  price: Float!
  category: String!
}

type UserProfile {
  bio: String
  avatarUrl: String
  website: String
}

enum OrderStatus {
  PENDING
  CONFIRMED
  SHIPPED
  DELIVERED
  CANCELLED
}

# Query: operazioni di lettura (equivalente GET in REST)
type Query {
  user(id: ID!): User
  users(limit: Int = 20, offset: Int = 0): [User!]!
  order(id: ID!): Order
  searchProducts(query: String!, limit: Int = 10): [Product!]!
}

# Mutation: operazioni di scrittura (equivalente POST/PUT/DELETE)
type Mutation {
  createUser(input: CreateUserInput!): User!
  updateUser(id: ID!, input: UpdateUserInput!): User!
  deleteUser(id: ID!): Boolean!
  createOrder(input: CreateOrderInput!): Order!
}

# Subscription: stream real-time (WebSocket)
type Subscription {
  orderStatusChanged(orderId: ID!): Order!
  newUserRegistered: User!
}

input CreateUserInput {
  name: String!
  email: String!
  password: String!
}

input UpdateUserInput {
  name: String
  email: String
}

The Resolution Loop: How GraphQL Executes a Query

When a client sends a GraphQL query, the server executes it through a process called "resolution" that traverses the schema like a tree, calling the function resolvers for each required field:

// Questa query del client:
query {
  users(limit: 5) {
    id
    name
    orders {
      id
      total
      status
    }
  }
}

// Produce questo albero di risoluzione:
// 1. Query.users -> chiama il resolver "users"
// 2. Per ogni User restituito:
//    - User.id     -> valore direttamente dall'oggetto
//    - User.name   -> valore direttamente dall'oggetto
//    - User.orders -> chiama il resolver "orders" con parent = user
// 3. Per ogni Order dentro ogni User:
//    - Order.id     -> valore direttamente dall'oggetto
//    - Order.total  -> valore direttamente dall'oggetto
//    - Order.status -> valore direttamente dall'oggetto

Implement Resolvers with Apollo Server

A resolver is a function that knows how to retrieve data for a specific field. Each resolver receives four arguments: the parent (object of the parent element), the args (query arguments), the context (shared data such as database and authentication), and info (query metadata):

// src/resolvers/index.ts
import { Resolvers } from './generated/types'; // Tipi generati da GraphQL Code Generator
import DataLoader from 'dataloader';

// Context condiviso tra tutti i resolver
export interface GraphQLContext {
  db: DatabaseClient;
  currentUser: User | null;
  loaders: {
    userById: DataLoader<string, User>;
    ordersByUserId: DataLoader<string, Order[]>;
    productById: DataLoader<string, Product>;
  };
}

export const resolvers: Resolvers<GraphQLContext> = {
  Query: {
    // parent = {} (root query), args = { limit, offset }, ctx = context
    users: async (_, { limit = 20, offset = 0 }, { db, currentUser }) => {
      if (!currentUser) throw new GraphQLError('Authentication required', {
        extensions: { code: 'UNAUTHENTICATED' }
      });

      return db.users.findMany({
        take: Math.min(limit, 100), // Limite massimo di sicurezza
        skip: offset,
        orderBy: { createdAt: 'desc' }
      });
    },

    user: async (_, { id }, { db }) => {
      return db.users.findUnique({ where: { id } });
    },

    searchProducts: async (_, { query, limit }, { db }) => {
      return db.products.findMany({
        where: {
          OR: [
            { name: { contains: query, mode: 'insensitive' } },
            { category: { contains: query, mode: 'insensitive' } }
          ]
        },
        take: Math.min(limit, 50)
      });
    }
  },

  // Resolver per i campi del tipo User
  User: {
    // parent = User object, args = {}, ctx = context
    orders: async (user, _, { loaders }) => {
      // USA DataLoader invece di db.orders.findMany({ where: { userId: user.id } })
      // Spiegazione nella sezione successiva!
      return loaders.ordersByUserId.load(user.id);
    },

    profile: async (user, _, { db }) => {
      return db.userProfiles.findUnique({ where: { userId: user.id } });
    }
  },

  // Resolver per i campi del tipo Order
  Order: {
    items: async (order, _, { db }) => {
      return db.orderItems.findMany({ where: { orderId: order.id } });
    },

    user: async (order, _, { loaders }) => {
      return loaders.userById.load(order.userId);
    }
  },

  // Resolver per i campi del tipo OrderItem
  OrderItem: {
    product: async (item, _, { loaders }) => {
      return loaders.productById.load(item.productId);
    }
  },

  Mutation: {
    createUser: async (_, { input }, { db }) => {
      const hashedPassword = await bcrypt.hash(input.password, 12);
      return db.users.create({
        data: { ...input, password: hashedPassword }
      });
    },

    createOrder: async (_, { input }, { db, currentUser }) => {
      if (!currentUser) throw new GraphQLError('Authentication required');
      return db.orders.create({
        data: { ...input, userId: currentUser.id, status: 'PENDING' }
      });
    }
  }
};

Problem N+1: The Hidden Danger

The N+1 problem is the most common architectural risk in GraphQL. Imagine this query:

query {
  users(limit: 10) {    # 1 query: SELECT * FROM users LIMIT 10
    name
    orders {            # 10 query: SELECT * FROM orders WHERE userId = ?
      total             # Una per ogni utente!
    }
  }
}

This "innocent" query produces 11 database queries: 1 for users + 1 for each user for his orders. With 10 users that's 11 queries. With 100 users (if you increase the limit) there are 101. With 1000 users on an admin page? 1001 queries. The number of queries is N (users) + 1 — from here the name "N+1 problem".

// SENZA DataLoader: N+1 in azione
const User_orders = async (user, _, { db }) => {
  // Questa riga viene chiamata UNA VOLTA PER OGNI UTENTE nella lista
  return db.orders.findMany({ where: { userId: user.id } });
  // Con 10 utenti = 10 query separate al database
  // SELECT * FROM orders WHERE userId = '1'
  // SELECT * FROM orders WHERE userId = '2'
  // ... (10 volte!)
};

// SENZA DataLoader: prodotti per ogni item di ogni ordine
const OrderItem_product = async (item, _, { db }) => {
  return db.products.findUnique({ where: { id: item.productId } });
  // Se hai 10 utenti x 5 ordini x 3 items = 150 query solo per i prodotti!
};

DataLoader: The Solution to the N+1 Problem

DataLoader (created by Facebook, now maintained by the community) solves the N+1 problem with two mechanisms: batching (groups multiple requests into one single query) e caching (reuse results for the same key):

// src/loaders/index.ts
import DataLoader from 'dataloader';
import { DatabaseClient } from './db';

export function createLoaders(db: DatabaseClient) {
  return {
    // Batch function: riceve un ARRAY di chiavi, ritorna un ARRAY di risultati
    // L'ordine dei risultati DEVE corrispondere all'ordine delle chiavi
    userById: new DataLoader<string, User | null>(
      async (userIds) => {
        // UNA SOLA QUERY per tutti gli ID! (invece di N query)
        const users = await db.users.findMany({
          where: { id: { in: [...userIds] } }
        });

        // Mappa risultati mantenendo l'ordine originale delle chiavi
        const userMap = new Map(users.map(u => [u.id, u]));
        return userIds.map(id => userMap.get(id) ?? null);
      }
    ),

    ordersByUserId: new DataLoader<string, Order[]>(
      async (userIds) => {
        // UNA SOLA QUERY invece di N query
        const orders = await db.orders.findMany({
          where: { userId: { in: [...userIds] } }
        });

        // Raggruppa per userId
        const ordersByUser = new Map<string, Order[]>();
        for (const order of orders) {
          const existing = ordersByUser.get(order.userId) ?? [];
          ordersByUser.set(order.userId, [...existing, order]);
        }

        return userIds.map(id => ordersByUser.get(id) ?? []);
      },
      {
        // Ottimizzazione: raggruppa le chiavi duplicate
        cacheKeyFn: (key) => key,
        // Massimo 100 chiavi per batch (evita query enormi)
        maxBatchSize: 100
      }
    ),

    productById: new DataLoader<string, Product | null>(
      async (productIds) => {
        const products = await db.products.findMany({
          where: { id: { in: [...productIds] } }
        });
        const productMap = new Map(products.map(p => [p.id, p]));
        return productIds.map(id => productMap.get(id) ?? null);
      },
      {
        // Cache per tutta la durata della request (default)
        cache: true
      }
    )
  };
}

// Come funziona DataLoader internamente:
// 1. Il resolver chiama loader.load('userId-1') e loader.load('userId-2')
// 2. DataLoader aspetta il "tick" successivo di JavaScript
// 3. Raggruppa tutte le chiamate .load() accumulate in quel tick
// 4. Chiama la batch function UNA SOLA VOLTA con ['userId-1', 'userId-2']
// 5. Distribuisce i risultati ai chiamanti originali

With DataLoader: The Query Produces 3 Queries instead of 111

// Query: 10 utenti con 5 ordini ciascuno, ogni ordine con 3 prodotti

// SENZA DataLoader: 1 + 10 + 50 + 150 = 211 query database
// SENZA DataLoader con 100 utenti: 1 + 100 + 500 + 1500 = 2101 query!

// CON DataLoader:
// 1 query: SELECT * FROM users LIMIT 10
// 1 query: SELECT * FROM orders WHERE userId IN (1,2,3,...,10)
// 1 query: SELECT * FROM products WHERE id IN (product-id-1, ..., product-id-15)
// = 3 query totali, indipendentemente da quanti utenti/ordini/prodotti!

Complete Apollo Server Setup with TypeScript

// src/server.ts
import { ApolloServer } from '@apollo/server';
import { startStandaloneServer } from '@apollo/server/standalone';
import { readFileSync } from 'fs';
import { resolvers } from './resolvers';
import { createLoaders } from './loaders';
import { GraphQLContext } from './types';
import { db } from './db';
import { authenticateRequest } from './auth';

const typeDefs = readFileSync('./schema.graphql', 'utf8');

const server = new ApolloServer<GraphQLContext>({
  typeDefs,
  resolvers,

  // Plugin per logging e monitoring
  plugins: [
    // Log ogni richiesta in production
    {
      requestDidStart: async () => ({
        didResolveOperation: async ({ request, document }) => {
          console.log('GraphQL operation:', request.operationName);
        }
      })
    }
  ],

  // Limiti di sicurezza
  introspection: process.env.NODE_ENV !== 'production'
});

const { url } = await startStandaloneServer(server, {
  listen: { port: 4000 },

  context: async ({ req }) => {
    // I DataLoader devono essere creati PER REQUEST (non globali!)
    // Ogni request ha il suo scope di caching
    return {
      db,
      currentUser: await authenticateRequest(req.headers.authorization),
      loaders: createLoaders(db)
      // IMPORTANTE: crea nuovi loaders per ogni request
      // (altrimenti il cache persiste tra requests e puo causare
      // problemi di autorizzazione)
    };
  }
});

console.log(`GraphQL server running at: ${url}`);

Depth Limiting and Complexity Analysis

GraphQL allows clients to make arbitrarily deep or complex queries, which can be used for DoS attacks. It is important to implement protections:

// Protezione con graphql-depth-limit e graphql-query-complexity
import depthLimit from 'graphql-depth-limit';
import { createComplexityLimitRule } from 'graphql-validation-complexity';

const server = new ApolloServer({
  typeDefs,
  resolvers,
  validationRules: [
    // Massima profondita della query: previene query tipo user.orders.items.product.vendor.orders.items...
    depthLimit(7),

    // Massima complessita calcolata
    createComplexityLimitRule(1000, {
      onCost: (cost) => console.log('Query complexity:', cost),
      formatErrorMessage: (cost) =>
        `Query too complex (${cost}). Maximum complexity: 1000`
    })
  ]
});

GraphQL Best Practices

Always use DataLoader for relations: never make direct database queries in resolvers of type (User.orders, Order.items, etc.)
Create DataLoader for requests, not globals: DataLoader caching must expire at the end of each request to avoid Authorization issues between different users
Implement depth limiting and complexity analysis: Without these checks, GraphQL is vulnerable to DoS attacks via complex queries
Use persisted queries in production: saves client-side queries in advance and only sends the hash, preventing queries arbitrary in production
Disable introspection in production: introspection exposes the entire scheme to potential attackers

Conclusions and Next Steps

GraphQL is a powerful tool for APIs that need to serve clients with heterogeneous needs, but the N+1 problem is real and requires DataLoader to solve correctly. An API GraphQL in production without DataLoader and without depth limiting and technically insecure and inefficient. With the correct configuration, GraphQL with Apollo Server offers a excellent developer experience and competitive performance with REST.

The next article explores GraphQL Federation: like Apollo Router (written in Rust) composes multiple independent subgraphs into a unified supergraph, enabling autonomous teams to develop parts of the scheme in isolation.

Series: API Design — REST, GraphQL, gRPC, and tRPC Compared

Article 1: The API Landscape in 2026 — Decision Matrix
Article 2: REST in 2026 — Best Practice, Versioning, and the Richardson Maturity Model
Article 3 (this): GraphQL — Query Language, Resolver and the N+1 Problem
Article 4: GraphQL Federation — Supergraph, Subgraph and Apollo Router
Article 5: gRPC — Protobuf, Performance and Service-to-Service Communication
Article 6: tRPC — Type Safety End-to-End without Code Generation
Article 7: Webhooks — Patterns, Security and Retry Logic
Article 8: API Versioning — URI, Header and Deprecation Policy
Article 9: Rate Limiting and Throttling — Algorithms and Implementations
Article 10: Hybrid API Architecture — REST + tRPC + gRPC in 2026