diff options
Diffstat (limited to 'alarm/node_modules/graphql/validation/rules/custom/NoSchemaIntrospectionCustomRule.mjs')
-rw-r--r-- | alarm/node_modules/graphql/validation/rules/custom/NoSchemaIntrospectionCustomRule.mjs | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/alarm/node_modules/graphql/validation/rules/custom/NoSchemaIntrospectionCustomRule.mjs b/alarm/node_modules/graphql/validation/rules/custom/NoSchemaIntrospectionCustomRule.mjs new file mode 100644 index 0000000..26f7d74 --- /dev/null +++ b/alarm/node_modules/graphql/validation/rules/custom/NoSchemaIntrospectionCustomRule.mjs @@ -0,0 +1,25 @@ +import { GraphQLError } from "../../../error/GraphQLError.mjs"; +import { getNamedType } from "../../../type/definition.mjs"; +import { isIntrospectionType } from "../../../type/introspection.mjs"; + +/** + * Prohibit introspection queries + * + * A GraphQL document is only valid if all fields selected are not fields that + * return an introspection type. + * + * Note: This rule is optional and is not part of the Validation section of the + * GraphQL Specification. This rule effectively disables introspection, which + * does not reflect best practices and should only be done if absolutely necessary. + */ +export function NoSchemaIntrospectionCustomRule(context) { + return { + Field: function Field(node) { + var type = getNamedType(context.getType()); + + if (type && isIntrospectionType(type)) { + context.reportError(new GraphQLError("GraphQL introspection has been disabled, but the requested query contained the field \"".concat(node.name.value, "\"."), node)); + } + } + }; +} |