graphql/validation/rules/custom/NoSchemaIntrospectionCustomRule.mjs.map

A Query Language and Runtime which can target any service.

{"version":3,"file":"NoSchemaIntrospectionCustomRule.js","sourceRoot":"","sources":["../../../../src/validation/rules/custom/NoSchemaIntrospectionCustomRule.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,YAAY,EAAE,wCAAuC;AAK9D,OAAO,EAAE,YAAY,EAAE,qCAAoC;AAC3D,OAAO,EAAE,mBAAmB,EAAE,wCAAuC;AA6CrE,MAAM,UAAU,+BAA+B,CAC7C,OAA0B;IAE1B,OAAO;QACL,KAAK,CAAC,IAAe;YACnB,MAAM,IAAI,GAAG,YAAY,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC;YAC7C,IAAI,IAAI,IAAI,mBAAmB,CAAC,IAAI,CAAC,EAAE,CAAC;gBACtC,OAAO,CAAC,WAAW,CACjB,IAAI,YAAY,CACd,yFAAyF,IAAI,CAAC,IAAI,CAAC,KAAK,IAAI,EAC5G,EAAE,KAAK,EAAE,IAAI,EAAE,CAChB,CACF,CAAC;YACJ,CAAC;QACH,CAAC;KACF,CAAC;AACJ,CAAC","sourcesContent":["/** @category Custom Rules */\n\nimport { GraphQLError } from '../../../error/GraphQLError.ts';\n\nimport type { FieldNode } from '../../../language/ast.ts';\nimport type { ASTVisitor } from '../../../language/visitor.ts';\n\nimport { getNamedType } from '../../../type/definition.ts';\nimport { isIntrospectionType } from '../../../type/introspection.ts';\n\nimport type { ValidationContext } from '../../ValidationContext.ts';\n\n/**\n * Prohibit introspection queries\n *\n * A GraphQL document is only valid if all fields selected are not fields that\n * return an introspection type.\n *\n * Note: This rule is optional and is not part of the Validation section of the\n * GraphQL Specification. This rule effectively disables introspection, which\n * does not reflect best practices and should only be done if absolutely necessary.\n * @param context - The validation context used while checking the document.\n * @returns A visitor that reports validation errors for this rule.\n * @example\n * ```ts\n * import { buildSchema, parse, validate } from 'graphql';\n * import { NoSchemaIntrospectionCustomRule } from 'graphql/validation';\n *\n * const schema = buildSchema(`\n *   type Query {\n *     name: String\n *   }\n * `);\n *\n * const invalidDocument = parse(`\n *   { __schema { queryType { name } } }\n * `);\n * const invalidErrors = validate(schema, invalidDocument, [\n *   NoSchemaIntrospectionCustomRule,\n * ]);\n *\n * invalidErrors.length; // => 1\n *\n * const validDocument = parse(`\n *   { name }\n * `);\n * const validErrors = validate(schema, validDocument, [\n *   NoSchemaIntrospectionCustomRule,\n * ]);\n *\n * validErrors; // => []\n * ```\n */\nexport function NoSchemaIntrospectionCustomRule(\n  context: ValidationContext,\n): ASTVisitor {\n  return {\n    Field(node: FieldNode) {\n      const type = getNamedType(context.getType());\n      if (type && isIntrospectionType(type)) {\n        context.reportError(\n          new GraphQLError(\n            `GraphQL introspection has been disabled, but the requested query contained the field \"${node.name.value}\".`,\n            { nodes: node },\n          ),\n        );\n      }\n    },\n  };\n}\n"]}