Graphql-disable-introspection-with-exceptions NPM

graphql-disable-introspection-with-exceptions

Disable Introspection in GraphQL-JS with a simple validation rule, but add exceptions for certain safe types

Extends the graphql-disable-introspection package that is used by default in the production mode of Apollo Server.

Queries that contain schema or type will fail validation with this rule, unless the certain type is passed in to this factory as an exception.

Usage

The package can be installed from npm

npm install -save graphql-disable-introspection

It exports a factory function that returns a single validation rule which you can pass to your node GraphQL server with the validationRules argument.

Apollo Server Example

const { ApolloServer, gql } = require('apollo-server');
const disableIntrospectionExcept = require('graphql-disable-introspection-with-exceptions')

...

const server = new ApolloServer({
    typeDefs,
    resolvers,
    // allow introspection by default in production
    introspection: true,
    validationRules: [
        // disable queries that contain __schema or __type, whilst allowing __type queries for the UserStatus enum
        disableIntrospectionExcept(['UserStatus']) 
    ]
});

This will now allow me to expose the UserStatus Enum values for use in the frontend

query getUserStatusEnumValues {
  __type(name: "UserStatus") {
    name
    enumValues {
      name
    }
  }
}

graphql disable introspection exceptions certain safe types

graphql lodash.get

@infinitebrahmanuniverse/nolb-graphql-d @everything-registry/sub-chunk-1784

1.0.1

6 years ago

1.0.0

6 years ago