1.0.0 • Published 1 year ago

@homeskillet/hasura-allow-list-manager v1.0.0

Weekly downloads
-
License
MPL-2.0
Repository
-
Last release
1 year ago

Manager for hasura allow-list

Automatically Populate the Hasura allow-list from found GraphQL operations in a path, including queries, mutations, and subscriptions. Supports update and versioning.

More on Hasura allow-list

Why

From hasura:

In production instances: Enabling the allow-list is highly recommended when running the GraphQL engine in production.

Allow list is a important security feature that restrict the GraphQL engine so that it executes only those operations that are present in the list. But managing allow-list manually can be tendious and prone to error.

How it works

The local queries, mutations, and subscriptions defined in .graphql or .gql files will be compared with the remote Hasura server. The new definitions will be sent to Hasura and the existing ones will be compared and the difference between them will be shown. The replacement will be done by removing the remote query and re-adding the local changed query.

Versioning behavior

  • -v --version <version> allows to version queries instead of updating them. This is especially useful for mobile app where client can take several weeks to update.
  • The current behavior is to never remove past queries. When a query with the same name and different query is detected, it will create a new query to the allow list collection with the current timestamp and version.
  • The version query name format is the following: $NAME___($TIMESTAMP-$VERSION)
  • If you start versioning, you must continue versioning.

Installation

npm install --save-dev @homeskillet/hasura-allow-list-manager

or yarn

yarn add --dev @homeskillet/hasura-allow-list-manager

Usage

hasura-allow-list-manager [options]

Options

  • -h | --host <uri> Hasura host URI
  • -s | --admin-secret <key> Hasura admin secret
  • -p | --path <path> Source path with gql or graphql files
  • -f | --force-replace Replace change queries, not prompt and asking for continue
  • -i | --allow-instrospection Send the Introspection query with your queries
  • -r | --reset Delete all allow lists before running insert
  • -v | --version <version> Version queries instead of replacing them. Incompatible with -f.

Examples

With update:

hasura-allow-list-manager -h http://localhost:8080 -s my-admin-secret -p './**/*.graphql' -f

With versionning:

GIT_VERSION=$(git log --pretty=format:"%h" -1)
hasura-allow-list-manager -h http://localhost:8080 -s my-admin-secret -p './**/*.graphql' -v ${GIT_VERSION}

Development

In order to run it locally you'll need to fetch some dependencies and run the cli.

  1. Install dependencies:
npm install

or

yarn install
  1. To run the cli:
npm run dev -- -h http://localhost:8080 -s my-admin-secret -p '**/*.graphql'

or

yarn dev -h http://localhost:8080 -s my-admin-secret -p '**/*.graphql'

Contributing

  1. Fork it!
  2. Create your feature branch: git checkout -b my-new-feature
  3. Commit your changes: git commit -m 'feat: Add some feature'
  4. Push to the branch: git push origin my-new-feature
  5. Submit a pull request

Credits

Fork from:

HasuraGraphQL
@graphql-tools/graphql-file-loader@graphql-tools/load@graphql-tools/load-files@graphql-tools/utilsaxioschalkcommanderdiffgraphql
1.0.0

1 year ago

0.2.3

1 year ago

0.2.2

2 years ago

0.2.1

2 years ago

0.2.0

3 years ago