GraphQL Protect is dead-simple yet highly customizable security proxy compatible with any HTTP GraphQL Server or Gateway.
This is repository inspired by the great work of the Javascript GraphQL Armor middleware.
- Trusted Documents (Persisted Operations)
- Block Field Suggestions
- Obfuscate upstream errors
- Max Aliases
- Max Tokens
- Max (Field & List) Depth
- Max Batch
- Enforce POST
- Access Logging
- Max Directives (coming soon)
- Cost Limit (coming soon)
Curious why you need these features? Check out this Excellent talk on GraphQL security on YouTube.
Currently, handling response encoding from the upstream is not supported, we're open for contributions : )
docker pull ghcr.io/ldebruijn/graphql-protect:latest
docker run -p 8080:8080 -v $(pwd)/protect.yml:/app/protect.yml -v $(pwd)/schema.graphql:/app/schema.graphql ghcr.io/ldebruijn/graphql-protect:latestMake sure to portforward the right ports for your supplied configuration
Check out our run documentation for more concrete examples.
git clone [email protected]:ldebruijn/graphql-protect.gitBuild & Test
make build
make testRun Container
make run_containerCheck out our extensive documentation, including configuration examples, detailed descriptions of each protection feature as well as deployment configuration examples.
We recommend configuring the binary using a yaml file, place a file called protect.yml in the same directory as you're running the binary.
For all the configuration options check out the Configuration Documentation
Alternatively graphql-protect can be configured using environment variables or command line arguments.
Ensure you have read the Contributing Guide before contributing.
To set up your project, make sure you run the make dev.setup script.
git clone [email protected]:ldebruijn/graphql-protect.git
cd graphql-protect
make dev.setup