diff options
Diffstat (limited to 'alarm/node_modules/graphql/validation/rules/custom/NoSchemaIntrospectionCustomRule.js.flow')
-rw-r--r-- | alarm/node_modules/graphql/validation/rules/custom/NoSchemaIntrospectionCustomRule.js.flow | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/alarm/node_modules/graphql/validation/rules/custom/NoSchemaIntrospectionCustomRule.js.flow b/alarm/node_modules/graphql/validation/rules/custom/NoSchemaIntrospectionCustomRule.js.flow new file mode 100644 index 0000000..333ba41 --- /dev/null +++ b/alarm/node_modules/graphql/validation/rules/custom/NoSchemaIntrospectionCustomRule.js.flow @@ -0,0 +1,38 @@ +// @flow strict +import { GraphQLError } from '../../../error/GraphQLError'; + +import type { FieldNode } from '../../../language/ast'; +import type { ASTVisitor } from '../../../language/visitor'; + +import { getNamedType } from '../../../type/definition'; +import { isIntrospectionType } from '../../../type/introspection'; + +import type { ValidationContext } from '../../ValidationContext'; + +/** + * Prohibit introspection queries + * + * A GraphQL document is only valid if all fields selected are not fields that + * return an introspection type. + * + * Note: This rule is optional and is not part of the Validation section of the + * GraphQL Specification. This rule effectively disables introspection, which + * does not reflect best practices and should only be done if absolutely necessary. + */ +export function NoSchemaIntrospectionCustomRule( + context: ValidationContext, +): ASTVisitor { + return { + Field(node: FieldNode) { + const type = getNamedType(context.getType()); + if (type && isIntrospectionType(type)) { + context.reportError( + new GraphQLError( + `GraphQL introspection has been disabled, but the requested query contained the field "${node.name.value}".`, + node, + ), + ); + } + }, + }; +} |