Neverending Pun Machine

    graphql-disable-introspection-with-exceptions

    1.0.1 • Public • Published

    graphql-disable-introspection-with-exceptions

    Disable Introspection in GraphQL-JS with a simple validation rule, but add exceptions for certain safe types

    Extends the graphql-disable-introspection package that is used by default in the production mode of Apollo Server.

    Queries that contain __schema or __type will fail validation with this rule, unless the certain type is passed in to this factory as an exception.

    Usage

    The package can be installed from npm

    npm install -save graphql-disable-introspection

    It exports a factory function that returns a single validation rule which you can pass to your node GraphQL server with the validationRules argument.

    Apollo Server Example

    const { ApolloServer, gql } = require('apollo-server');
    const disableIntrospectionExcept = require('graphql-disable-introspection-with-exceptions')
     
    ...
     
    const server = new ApolloServer({
        typeDefs,
        resolvers,
        // allow introspection by default in production
        introspection: true,
        validationRules: [
            // disable queries that contain __schema or __type, whilst allowing __type queries for the UserStatus enum
            disableIntrospectionExcept(['UserStatus']) 
        ]
    });

    This will now allow me to expose the UserStatus Enum values for use in the frontend

    query getUserStatusEnumValues {
      __type(name: "UserStatus") {
        name
        enumValues {
          name
        }
      }
    }

    Install

    npm i graphql-disable-introspection-with-exceptions

    DownloadsWeekly Downloads

    20

    Version

    1.0.1

    License

    MIT

    Unpacked Size

    3.57 kB

    Total Files

    4

    Last publish

    Collaborators

    • brockreece