forked from artsy/metaphysics
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Backport NoSchemaIntrospectionCustomRule from graphql@15.2.0
This rule is adapted from graphql/graphql-js#2600 and should be replaced once using graphql >=15.2.0. Co-authored by: dzucconi <mail@damonzucconi.com>
- Loading branch information
1 parent
c88a896
commit 1688b5e
Showing
5 changed files
with
60 additions
and
4 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
import { | ||
ASTVisitor, | ||
GraphQLError, | ||
FieldNode, | ||
ValidationContext, | ||
getNamedType, | ||
isIntrospectionType, | ||
} from "graphql" | ||
|
||
// Adapted from https://github.com/graphql/graphql-js/pull/2600. | ||
// TODO: replace once using graphql >=15.2.0 | ||
|
||
/** | ||
* Prohibit introspection queries | ||
* | ||
* A GraphQL document is only valid if all fields selected are not fields that | ||
* return an introspection type. | ||
* | ||
* Note: This rule is optional and is not part of the Validation section of the | ||
* GraphQL Specification. This rule effectively disables introspection, which | ||
* does not reflect best practices and should only be done if absolutely necessary. | ||
*/ | ||
export const NoSchemaIntrospectionCustomRule = ( | ||
context: ValidationContext | ||
): ASTVisitor => { | ||
return { | ||
Field(node: FieldNode) { | ||
const contextType = context.getType() | ||
if (!contextType) return | ||
const type = getNamedType(contextType) | ||
if (type && isIntrospectionType(type)) { | ||
context.reportError( | ||
new GraphQLError( | ||
`GraphQL introspection has been disabled, but the requested query contained the field "${node.name.value}".`, | ||
node | ||
) | ||
) | ||
} | ||
}, | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters