Update

1 files changed, 38 insertions, 0 deletions

diff --git a/alarm/node_modules/graphql/validation/rules/custom/NoSchemaIntrospectionCustomRule.js.flow b/alarm/node_modules/graphql/validation/rules/custom/NoSchemaIntrospectionCustomRule.js.flow
new file mode 100644
index 0000000..333ba41
--- /dev/null
+++ b/alarm/node_modules/graphql/validation/rules/custom/NoSchemaIntrospectionCustomRule.js.flow
@@ -0,0 +1,38 @@
+// @flow strict
+import { GraphQLError } from '../../../error/GraphQLError';
+
+import type { FieldNode } from '../../../language/ast';
+import type { ASTVisitor } from '../../../language/visitor';
+
+import { getNamedType } from '../../../type/definition';
+import { isIntrospectionType } from '../../../type/introspection';
+
+import type { ValidationContext } from '../../ValidationContext';
+
+/**
+ * Prohibit introspection queries
+ *
+ * A GraphQL document is only valid if all fields selected are not fields that
+ * return an introspection type.
+ *
+ * Note: This rule is optional and is not part of the Validation section of the
+ * GraphQL Specification. This rule effectively disables introspection, which
+ * does not reflect best practices and should only be done if absolutely necessary.
+ */
+export function NoSchemaIntrospectionCustomRule(
+  context: ValidationContext,
+): ASTVisitor {
+  return {
+    Field(node: FieldNode) {
+      const type = getNamedType(context.getType());
+      if (type && isIntrospectionType(type)) {
+        context.reportError(
+          new GraphQLError(
+            `GraphQL introspection has been disabled, but the requested query contained the field "${node.name.value}".`,
+            node,
+          ),
+        );
+      }
+    },
+  };
+}