Add method for disabling introspection entrypoints #2327
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
We accomplished something similar, but we used the existing |
|
@eapache ...or it's possible to define resolving method raising an error for each entry point. I'm not sure if this use case is common enough (but your comment makes me think I'm not alone), but if it is - I guess it would be great to have an easy way to get this behavior |
|
Our approach was simple enough (4 lines of code) that I'm not sure it's worth actually packaging into the gem. Does seem worth to document a recommended way though. |
|
Let's wait for Robert to take a look - I'll be happy to transform this PR to the documentation amendment |
|
Hi, thanks for the contribution! I agree that this is a common enough request that it would be a good addition to the gem. I just have one request about the API of the new method. Could we please change it to: def disable_introspection_entry_points(if: true)
# ... I think that will yield more obvious code in the schema class, for example: if Rails.env.production?
disable_introspection_entry_points
end
# or
disable_introspection_entry_points(if: Rails.env.production?)Thanks for including tests also. If you don't mind that small change, looks good to me! |
DmitryTsepelev
force-pushed
the
disable-introspection
branch
2 times, most recently
from
172bd6d to
904f460
Compare
|
Sure, I've changed the API, but may be it worth change keyword kwarg if Rails.env.production?
disable_introspection_entry_points
end and allow to pass the optional argument? |
🤦♂ Yes, you're totally right about that, sorry I forgot! Better to have the optional argument like you said. |
DmitryTsepelev
force-pushed
the
disable-introspection
branch
from
904f460 to
9453030
Compare
|
Done! Could you please review once again? |
|
Is there any value to the optional By that I mean to say, what's better about doing: disable_introspection_entry_points(if: Rails.env.production?)Instead of: disable_introspection_entry_points if Rails.env.production? |
|
I'd be happy to drop the |
DmitryTsepelev
force-pushed
the
disable-introspection
branch
from
9453030 to
ccebeb0
Compare
|
@celsworth that's a fair point 🙂 I've updated my commit @rmosolgo |
|
Awesome, thanks again for this! I pushed a commit to make it play a bit nicer with the |
|
Thank you! ✨ |
TomasBarry
added a commit
to TomasBarry/graphql-ruby
that referenced
this pull request
Jan 4, 2020
A question was asked in issue rmosolgoGH-2546 asking whether it was possible to disable a single introspection entry point considering that rmosolgo#2327 had implemented then functionality to disable introspection as a whole using `disable_introspection_entry_points`. In the issue, an option was laid out to implement the functionality for individual `disable_schema_introspection_entry_point` and `disable_type_introspection_entry_point` options. This commit implements these methods. These new methods are used in an identical manner to `disable_introspection_entry_points`: # Disabling __type introspection ```ruby class MySchema < GraphQL::Schema disable_type_introspection_entry_point end ``` With the above, attempting to execute a query with `__type` introspection will return the following error message: ``` Field '__schema' doesn't exist on type 'Query' ``` # Disabling __schema introspection ```ruby class MySchema < GraphQL::Schema disable_schema_introspection_entry_point end ``` With the above, attempting to execute a query with `__schema` introspection will return the following error message: ``` Field '__type' doesn't exist on type 'Query' ``` Note, having both `disable_type_introspection_entry_point` and `disable_schema_introspection_entry_point` is identical to having just `disable_introspection_entry_points`. Having `disable_introspection_entry_points` and `disable_type_introspection_entry_point` or `disable_schema_introspection_entry_point` is no different to just having `disable_introspection_entry_points`.
TomasBarry
added a commit
to TomasBarry/graphql-ruby
that referenced
this pull request
Jan 4, 2020
A question was asked in issue rmosolgoGH-2546 asking whether it was possible to disable a single introspection entry point considering that rmosolgo#2327 had implemented then functionality to disable introspection as a whole using `disable_introspection_entry_points`. In the issue, an option was laid out to implement the functionality for individual `disable_schema_introspection_entry_point` and `disable_type_introspection_entry_point` options. This commit implements these methods. These new methods are used in an identical manner to `disable_introspection_entry_points`: # Disabling `__type` introspection ```ruby class MySchema < GraphQL::Schema disable_type_introspection_entry_point end ``` With the above, attempting to execute a query with `__type` introspection will return the following error message: ``` Field '__type' doesn't exist on type 'Query' ``` # Disabling `__schema` introspection ```ruby class MySchema < GraphQL::Schema disable_schema_introspection_entry_point end ``` With the above, attempting to execute a query with `__schema` introspection will return the following error message: ``` Field '__schema' doesn't exist on type 'Query' ``` Note, having both `disable_type_introspection_entry_point` and `disable_schema_introspection_entry_point` is identical to having just `disable_introspection_entry_points`. Having `disable_introspection_entry_points` and `disable_type_introspection_entry_point` or `disable_schema_introspection_entry_point` is no different to just having `disable_introspection_entry_points`.
TomasBarry
added a commit
to TomasBarry/graphql-ruby
that referenced
this pull request
Jan 4, 2020
A question was asked in issue rmosolgoGH-2546 asking whether it was possible to disable a single introspection entry point considering that rmosolgo#2327 had implemented then functionality to disable introspection as a whole using `disable_introspection_entry_points`. In the issue, an option was laid out to implement the functionality for individual `disable_schema_introspection_entry_point` and `disable_type_introspection_entry_point` options. This commit implements these methods. These new methods are used in an identical manner to `disable_introspection_entry_points`: # Disabling `__type` introspection ```ruby class MySchema < GraphQL::Schema disable_type_introspection_entry_point end ``` With the above, attempting to execute a query with `__type` introspection will return the following error message: ``` Field '__type' doesn't exist on type 'Query' ``` # Disabling `__schema` introspection ```ruby class MySchema < GraphQL::Schema disable_schema_introspection_entry_point end ``` With the above, attempting to execute a query with `__schema` introspection will return the following error message: ``` Field '__schema' doesn't exist on type 'Query' ``` Note, having both `disable_type_introspection_entry_point` and `disable_schema_introspection_entry_point` is identical to having just `disable_introspection_entry_points`. Having `disable_introspection_entry_points` and `disable_type_introspection_entry_point` or `disable_schema_introspection_entry_point` is no different to just having `disable_introspection_entry_points`.
TomasBarry
added a commit
to TomasBarry/graphql-ruby
that referenced
this pull request
Jan 4, 2020
A question was asked in issue rmosolgoGH-2546 asking whether it was possible to disable a single introspection entry point considering that rmosolgo#2327 had implemented then functionality to disable introspection as a whole using `disable_introspection_entry_points`. In the issue, an option was laid out to implement the functionality for individual `disable_schema_introspection_entry_point` and `disable_type_introspection_entry_point` options. This commit implements these methods. These new methods are used in an identical manner to `disable_introspection_entry_points`: # Disabling `__type` introspection ```ruby class MySchema < GraphQL::Schema disable_type_introspection_entry_point end ``` With the above, attempting to execute a query with `__type` introspection will return the following error message: ``` Field '__type' doesn't exist on type 'Query' ``` # Disabling `__schema` introspection ```ruby class MySchema < GraphQL::Schema disable_schema_introspection_entry_point end ``` With the above, attempting to execute a query with `__schema` introspection will return the following error message: ``` Field '__schema' doesn't exist on type 'Query' ``` Note, having both `disable_type_introspection_entry_point` and `disable_schema_introspection_entry_point` is identical to having just `disable_introspection_entry_points`. Having `disable_introspection_entry_points` and `disable_type_introspection_entry_point` or `disable_schema_introspection_entry_point` is no different to just having `disable_introspection_entry_points`.
TomasBarry
added a commit
to TomasBarry/graphql-ruby
that referenced
this pull request
Jan 4, 2020
A question was asked in issue rmosolgoGH-2546 asking whether it was possible to disable a single introspection entry point considering that rmosolgo#2327 had implemented then functionality to disable introspection as a whole using `disable_introspection_entry_points`. In the issue, an option was laid out to implement the functionality for individual `disable_schema_introspection_entry_point` and `disable_type_introspection_entry_point` options. This commit implements these methods. These new methods are used in an identical manner to `disable_introspection_entry_points`: # Disabling `__type` introspection ```ruby class MySchema < GraphQL::Schema disable_type_introspection_entry_point end ``` With the above, attempting to execute a query with `__type` introspection will return the following error message: ``` Field '__type' doesn't exist on type 'Query' ``` # Disabling `__schema` introspection ```ruby class MySchema < GraphQL::Schema disable_schema_introspection_entry_point end ``` With the above, attempting to execute a query with `__schema` introspection will return the following error message: ``` Field '__schema' doesn't exist on type 'Query' ``` Note, having both `disable_type_introspection_entry_point` and `disable_schema_introspection_entry_point` is identical to having just `disable_introspection_entry_points`. Having `disable_introspection_entry_points` and `disable_type_introspection_entry_point` or `disable_schema_introspection_entry_point` is no different to just having `disable_introspection_entry_points`.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
That might be helpful to turn off introspection entry points, especially in the production environments. The shortest way to do it I found (given the fact that we don't have any custom entry points):
It looks a little bit verbose and does not hide entry points from the schema, just restricts the access. I've added a shorthand method
#disable_introspection_entry_pointswhich allows to skip generating entry points: