search

makerdao / awesome-makerdao

A collection of tools, documents, articles, blog posts, interviews, and videos related to MakerDAO and the Dai stablecoin.
https://awesome.makerdao.com/
GNU Affero General Public License v3.0
713 stars 170 forks source link

mocki information exposure graphql.js #98

Closed philipjonsen closed 2 years ago

philipjonsen commented 2 years ago

Disable X-Powered-By header for your [Express app]() (consider using Helmet middleware), because it exposes information about the used framework to potential attackers.

const express = require('express'); const bodyParser = require('body-parser'); const { ApolloServer } = require('apollo-server-express'); const supertest = require('supertest'); const { buildClientSchema } = require('graphql');

const generateMocks = obj => { const result = {}; for (const property in obj) { result[property] = () => typeof obj[property] === 'object' && !Array.isArray(obj[property]) ? generateMocks(obj[property]) : obj[property]; } return result; };

const graphql = async (endpoint, req) => { const schema = buildClientSchema(endpoint.graphql.schema);

const server = new ApolloServer({ schema, path: '/', mocks: endpoint.graphql.mocks ? generateMocks(endpoint.graphql.mocks) : true });

const app = express(); app.use(bodyParser.json()); server.applyMiddleware({ app, path: '/' });

const result = await supertest(app).post('/').send(req.body);

return result.body; };

module.exports = graphql;