@aikidosec/firewall/sources/graphql/isGraphQLOverHTTP.js

Zen by Aikido is an embedded Web Application Firewall that autonomously protects Node.js apps against common and critical attacks

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.isGraphQLOverHTTP = isGraphQLOverHTTP;
const isJsonContentType_1 = require("../../helpers/isJsonContentType");
const isPlainObject_1 = require("../../helpers/isPlainObject");
function isGraphQLOverHTTP(context) {
    if (context.method === "POST") {
        return (isGraphQLRoute(context) &&
            typeof context.headers["content-type"] === "string" &&
            (0, isJsonContentType_1.isJsonContentType)(context.headers["content-type"]) &&
            (0, isPlainObject_1.isPlainObject)(context.body) &&
            typeof context.body.query === "string" &&
            looksLikeGraphQLQuery(context.body.query));
    }
    if (context.method === "GET") {
        return (isGraphQLRoute(context) &&
            typeof context.query.query === "string" &&
            looksLikeGraphQLQuery(context.query.query));
    }
    return false;
}
// Every GraphQL query should have at least curly braces
// e.g. { query { ... } }
// or without query keyword { ... }
// or with a mutation keyword { mutation { ... } }
function looksLikeGraphQLQuery(query) {
    return query.includes("{") && query.includes("}");
}
function isGraphQLRoute(context) {
    if (!context.url) {
        return false;
    }
    return context.url.endsWith("/graphql");
}