mirror of
https://github.com/retailcrm/graphql-php.git
synced 2024-11-25 22:36:02 +03:00
Implements DisableIntrospection validation rule
This commit is contained in:
parent
6d6d1ac01b
commit
1c62f554ae
50
src/Validator/Rules/DisableIntrospection.php
Normal file
50
src/Validator/Rules/DisableIntrospection.php
Normal file
@ -0,0 +1,50 @@
|
||||
<?php
|
||||
namespace GraphQL\Validator\Rules;
|
||||
|
||||
use GraphQL\Error\Error;
|
||||
use GraphQL\Language\AST\FieldNode;
|
||||
use GraphQL\Language\AST\NodeKind;
|
||||
use GraphQL\Validator\ValidationContext;
|
||||
|
||||
class DisableIntrospection extends AbstractQuerySecurity
|
||||
{
|
||||
const ENABLED = 1;
|
||||
private $isEnabled;
|
||||
|
||||
public function __construct($enabled)
|
||||
{
|
||||
$this->setEnabled($enabled);
|
||||
}
|
||||
|
||||
public function setEnabled($enabled)
|
||||
{
|
||||
$this->isEnabled = $enabled;
|
||||
}
|
||||
|
||||
static function introspectionDisabledMessage()
|
||||
{
|
||||
return 'GraphQL introspection is not allowed, but the query contained __schema or __type';
|
||||
}
|
||||
|
||||
protected function isEnabled()
|
||||
{
|
||||
return $this->isEnabled !== static::DISABLED;
|
||||
}
|
||||
|
||||
public function __invoke(ValidationContext $context)
|
||||
{
|
||||
return $this->invokeIfNeeded(
|
||||
$context,
|
||||
[
|
||||
NodeKind::FIELD => function (FieldNode $node) use ($context) {
|
||||
if ($node->name->value === '__type' || $node->name->value === '__schema') {
|
||||
$context->reportError(new Error(
|
||||
static::introspectionDisabledMessage(),
|
||||
[$node]
|
||||
));
|
||||
}
|
||||
}
|
||||
]
|
||||
);
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue
Block a user