@aikidosec/firewall
Version:
Zen by Aikido is an embedded Application Firewall that autonomously protects Node.js apps against common and critical attacks, provides rate limiting, detects malicious traffic (including bots), and more.
35 lines (34 loc) • 1.33 kB
JavaScript
;
Object.defineProperty(exports, "__esModule", { value: true });
exports.isGraphQLOverHTTP = isGraphQLOverHTTP;
const isJsonContentType_1 = require("../../helpers/isJsonContentType");
const isPlainObject_1 = require("../../helpers/isPlainObject");
function isGraphQLOverHTTP(context) {
if (context.method === "POST") {
return (isGraphQLRoute(context) &&
typeof context.headers["content-type"] === "string" &&
(0, isJsonContentType_1.isJsonContentType)(context.headers["content-type"]) &&
(0, isPlainObject_1.isPlainObject)(context.body) &&
typeof context.body.query === "string" &&
looksLikeGraphQLQuery(context.body.query));
}
if (context.method === "GET") {
return (isGraphQLRoute(context) &&
typeof context.query.query === "string" &&
looksLikeGraphQLQuery(context.query.query));
}
return false;
}
// Every GraphQL query should have at least curly braces
// e.g. { query { ... } }
// or without query keyword { ... }
// or with a mutation keyword { mutation { ... } }
function looksLikeGraphQLQuery(query) {
return query.includes("{") && query.includes("}");
}
function isGraphQLRoute(context) {
if (!context.url) {
return false;
}
return context.url.endsWith("/graphql");
}