Matt
Reputation: 450
Replicate graphQL introspection query with a regular GraphQL query to avoid security risk (whilst using graphql-compose-mongoose)
Trying to get back a list of IdTypes from a graphQL query. Currently using introspection to get the list, however after a security audit we have been advised to disable introspection.
This is what I've currently got and obviously it doesn't work :(
import mongoose from 'mongoose'
import { GQC } from 'graphql-compose';
import { composeWithMongoose } from 'graphql-compose-mongoose';
export const IdTypeSchema = new mongoose.Schema({
idType: {
type: String,
enum: ['ID', 'Passport', 'None']
}
})
const IdType = mongoose.model('IdType', IdTypeSchema)
export const IdTypeTC = composeWithMongoose(IdType, {})
GQC.rootQuery().addFields({
idTypesMany: IdTypeTC.getResolver('findMany')
})
The enums are unlikely to change often.
Upvotes: 0
Views: 191
Answers (1)
Matt
Reputation: 450
I didn't solve this - but here's what worked :D Didn't need to involve mongoose at all...
import { GQC, Resolver } from 'graphql-compose'
import { validateSession } from '../authentication'
import { ID_TYPES } from './constants'
export function _idTypeResolveHandler () {
return ID_TYPES
}
const idTypeResolver = new Resolver({
name: 'getIdTypes',
type: ['String'],
resolve: _idTypeResolveHandler
})
GQC.rootQuery().addFields({
idTypes: idTypeResolver
.wrapResolve(next => resolveParams => {
const { user } = resolveParams.context.state
return next(resolveParams)
})
})
Upvotes: 0
Related Questions
- querying graphql with node
- Is there any way to read GraphQL Directives on a Type with Query Introspection?
- Why I can't list all queries via GraphiQl introspection query?
- How to remove authentication for introspection query in Graphql
- Mongoose and GraphQL queries
- How to limit query introspection
- How to allow GraphQL introspection on magento graphql
- graphql-compose-mongoose doesn't execute like queries
- Leveraging both GraphQL and Mongoose
- GraphQL with mongoose