GraphQL query whitelisting

romshark / dgraph_graphql_go

A GraphQL + Dgraph + Go + HTTP based backend service demo.

MIT License

50 stars 15 forks source link

Closed romshark closed 5 years ago

romshark commented 5 years ago

Make the server verify incoming GraphQL queries against a white-list of allowed queries to protect the server from malicious queries and DoS attacks.

[x] Normalized and indexed query verification.
[x] Basic argument verification.
[x] Role-based whitelisting.
[x] Dynamic whitelist that can be changed on the fly while the server is running.
[x] JSON-file persistency.
[ ] Whitelist exclusion by role.
[ ] Secured whitelist API
[ ] Admin front-end

romshark commented 5 years ago

Whoops, closed the wrong issue.

romshark commented 5 years ago

This feature is being worked on in the gql-whitelist branch

romshark commented 5 years ago

Persistency is now supported through the gqlshield.PersistencyManager interface. A default JSON-file-based implementation is included.