0.1.1 โ€ข Published 2 years ago

@cobbl/graphql-codegen-operations-safelist v0.1.1

Weekly downloads
-
License
-
Repository
github
Last release
2 years ago

graphql-codegen-operations-safelist ยท Version Tests codecov Gitmoji lerna

Install

npm i -D @cobbl/graphql-codegen-operations-safelist

Example

codegen.yml

schema: './schema.graphql'
documents: './documents.graphql'

generated/client-safelist.json:
  plugins:
    - '@cobbl/graphql-codegen-operations-safelist'
  config:
    output: client
    # version: v1.2.3

generated/server-safelist.json:
  plugins:
    - '@cobbl/graphql-codegen-operations-safelist'
  config:
    output: server
    # version: v1.2.3

schema.graphql

type Author {
  firstname: String
  lastname: String
  fullname: String
}

type Book {
  title: String
  author: Author
}

type Query {
  books: [Book]
}

documents.graphql

query getBooks($var1: String!) {
  books(var1: $var1) {
    title
    author {
      firstname
      lastname
      fullname
    }
  }
}

Somewhere in your client before sending graphql operation to server (example with apollo-client)

import safelist from 'generated/client-safelist.json'

const safelistLink = new ApolloLink((operation, forward) => {
  if (!forward) {
    throw new Error('safelistLink cannot be the last link in the chain.')
  }

  if (!safelist[operation.operationName]) {
    throw new Error('operation not found in given safelist.')
  }

  if (!safelist.version) {
    throw new Error('version not found in given safelist.')
  }

  operation.setContext({
    http: {
      includeQuery: false, // <- Important
      includeExtensions: true, // <- Important
    },
  })

  operation.extensions.safelist = {
    version: safelist.version,
    hash: safelist[operation.operationName],
  }

  return forward(operation)
})

const httpLink = new HttpLink({
  uri: `http://localhost:3000/graphql`,
  credentials: 'include',
})

export const client = new ApolloClient({
  // [...]
  link: ApolloLink.from([safelistLink, httpLink]),
})

Somewhere in a middleware BEFORE graphql (example with koa and no version management)

import safelist from 'generated/server-safelist.json'

const simpleGraphqlSafelistMiddleware: Middleware = (ctx, next) => {
  const hash = ctx.request.body?.extensions?.safelist?.hash

  if (!hash) {
    ctx.throw(403, 'FORBIDDEN')
  }

  const query = safelist[hash]

  if (!query) {
    ctx.throw(403, 'FORBIDDEN')
  }

  ctx.request.body.query = query
}

License

MIT

@cobbl/graphql-codegen-core@graphql-codegen/plugin-helpers
@infinitebrahmanuniverse/nolb-_cob@everything-registry/sub-chunk-182
0.1.1

2 years ago

0.1.0

2 years ago

0.0.1

2 years ago

0.0.1-alpha.0

2 years ago

0.0.0

2 years ago

0.0.10

2 years ago

0.0.2

2 years ago