graphql

TypesSource
Search for an npm package
'use strict';
Object.defineProperty(exports, '__esModule', {
value: true,
});
exports.NoSchemaIntrospectionCustomRule = NoSchemaIntrospectionCustomRule;
var _GraphQLError = require('../../../error/GraphQLError.js');
var _definition = require('../../../type/definition.js');
var _introspection = require('../../../type/introspection.js');
/** @category Custom Rules */
/**
* Prohibit introspection queries
*
* A GraphQL document is only valid if all fields selected are not fields that
* return an introspection type.
*
* Note: This rule is optional and is not part of the Validation section of the
* GraphQL Specification. This rule effectively disables introspection, which
* does not reflect best practices and should only be done if absolutely necessary.
* @param context - The validation context used while checking the document.
* @returns A visitor that reports validation errors for this rule.
* @example
* ```ts
* import { buildSchema, parse, validate } from 'graphql';
* import { NoSchemaIntrospectionCustomRule } from 'graphql/validation';
*
* const schema = buildSchema(`
* type Query {
* name: String
* }
* `);
*
* const invalidDocument = parse(`
* { __schema { queryType { name } } }
* `);
* const invalidErrors = validate(schema, invalidDocument, [NoSchemaIntrospectionCustomRule]);
*
* invalidErrors.length; // => 1
*
* const validDocument = parse(`
* { name }
* `);
* const validErrors = validate(schema, validDocument, [NoSchemaIntrospectionCustomRule]);
*
* validErrors; // => []
* ```
*/
function NoSchemaIntrospectionCustomRule(context) {
return {
Field(node) {
const type = (0, _definition.getNamedType)(context.getType());
if (type && (0, _introspection.isIntrospectionType)(type)) {
context.reportError(
new _GraphQLError.GraphQLError(
`GraphQL introspection has been disabled, but the requested query contained the field "${node.name.value}".`,
{
nodes: node,
},
),
);
}
},
};
}