graphene-disable-introspection


Namegraphene-disable-introspection JSON
Version 0.2 PyPI version JSON
download
home_pagehttps://github.com/Paprikaschote/graphene-disable-introspection
SummaryMiddleware for Python Graphene to disable introspection
upload_time2024-09-19 12:06:36
maintainerNone
docs_urlNone
authorCarlo Völker
requires_python>=3.8
licenseGPL-3.0
keywords django graphene graphql introspection middleware __schema disable security
VCS
bugtrack_url
requirements No requirements were recorded.
Travis-CI No Travis.
coveralls test coverage No coveralls. 
            # Graphene Middleware to Disable Introspection
[![PyPI version](https://badge.fury.io/py/graphene-disable-introspection.svg)](https://badge.fury.io/py/graphene-disable-introspection)
![Static Badge](https://img.shields.io/badge/python-3.8%20%7C%203.9%20%7C%203.10%20%7C%203.11%20%7C%203.12-blue)


This middleware for Python's Graphene library disables introspection queries, enhancing the security of your GraphQL API by preventing clients from discovering the schema. Disabled fields will return `[disabled]` as their value.

## Installation

To install the middleware, you can use pip:

```bash
pip install graphene-disable-introspection
```

## Usage
To use the middleware in your Graphene project, you need to add it to your GraphQL schema. The middleware can be used in Django or Python projects.

### Django Usage
Add the middleware to your Django settings. I recommend to add it to the top of the middleware list.
```python
GRAPHENE = {
    ...
    "MIDDLEWARE": [
        "graphene_disable_introspection.middleware.DisableIntrospectionMiddleware",
        ...
    ],
}
```

Alternatively, you can deactivate Graphene introspection for the production system only.
```python
if os.environ.get("APP_SETTINGS") == "production":
    GRAPHENE["MIDDLEWARE"].insert(0, "graphene_disable_introspection.middleware.DisableIntrospectionMiddleware")
```

### Python Usage
Import the middleware and add it to your schema.
```python
from graphene_disable_introspection.middleware import DisableIntrospectionMiddleware

GraphqlView.as_view(middleware=[DisableIntrospectionMiddleware()])
```

## Configuration
### DISABLED_INTROSPECTION_TYPES
(default : `["__schema", "__type", "__typename"]`)

The middleware will disable introspection queries for the types listed in the `DISABLED_INTROSPECTION_TYPES` list. You can customize this list by overriding this variable in your settings. The values in the list have to start with `__` and are case-sensitive.

e.g.
```python
DISABLED_INTROSPECTION_TYPES = ["__schema", "__directive"]
```


## Example
Here is an example of how an introspection query will be handled:

```graphql
{
  __schema {
    queryType {
      name
    }
  }
}
```
If __schema is in the DISABLED_INTROSPECTION_TYPES list, the response will be:

```json
{
  "data": {
    "__schema": "[disabled]"
  }
}
```

## License
This project is licensed under the GPL-3.0 License.

Raw data

            {
    "_id": null,
    "home_page": "https://github.com/Paprikaschote/graphene-disable-introspection",
    "name": "graphene-disable-introspection",
    "maintainer": null,
    "docs_url": null,
    "requires_python": ">=3.8",
    "maintainer_email": null,
    "keywords": "django, graphene, graphql, introspection, middleware, __schema, disable, security",
    "author": "Carlo V\u00f6lker",
    "author_email": "carlovoelker@gmx.net",
    "download_url": "https://files.pythonhosted.org/packages/86/da/f71a8578e4bc6635cc75bc1ce0ccd8b7acf6848d97b4bfa9ae101268d99b/graphene_disable_introspection-0.2.tar.gz",
    "platform": null,
    "description": "# Graphene Middleware to Disable Introspection\n[![PyPI version](https://badge.fury.io/py/graphene-disable-introspection.svg)](https://badge.fury.io/py/graphene-disable-introspection)\n![Static Badge](https://img.shields.io/badge/python-3.8%20%7C%203.9%20%7C%203.10%20%7C%203.11%20%7C%203.12-blue)\n\n\nThis middleware for Python's Graphene library disables introspection queries, enhancing the security of your GraphQL API by preventing clients from discovering the schema. Disabled fields will return `[disabled]` as their value.\n\n## Installation\n\nTo install the middleware, you can use pip:\n\n```bash\npip install graphene-disable-introspection\n```\n\n## Usage\nTo use the middleware in your Graphene project, you need to add it to your GraphQL schema. The middleware can be used in Django or Python projects.\n\n### Django Usage\nAdd the middleware to your Django settings. I recommend to add it to the top of the middleware list.\n```python\nGRAPHENE = {\n    ...\n    \"MIDDLEWARE\": [\n        \"graphene_disable_introspection.middleware.DisableIntrospectionMiddleware\",\n        ...\n    ],\n}\n```\n\nAlternatively, you can deactivate Graphene introspection for the production system only.\n```python\nif os.environ.get(\"APP_SETTINGS\") == \"production\":\n    GRAPHENE[\"MIDDLEWARE\"].insert(0, \"graphene_disable_introspection.middleware.DisableIntrospectionMiddleware\")\n```\n\n### Python Usage\nImport the middleware and add it to your schema.\n```python\nfrom graphene_disable_introspection.middleware import DisableIntrospectionMiddleware\n\nGraphqlView.as_view(middleware=[DisableIntrospectionMiddleware()])\n```\n\n## Configuration\n### DISABLED_INTROSPECTION_TYPES\n(default : `[\"__schema\", \"__type\", \"__typename\"]`)\n\nThe middleware will disable introspection queries for the types listed in the `DISABLED_INTROSPECTION_TYPES` list. You can customize this list by overriding this variable in your settings. The values in the list have to start with `__` and are case-sensitive.\n\ne.g.\n```python\nDISABLED_INTROSPECTION_TYPES = [\"__schema\", \"__directive\"]\n```\n\n\n## Example\nHere is an example of how an introspection query will be handled:\n\n```graphql\n{\n  __schema {\n    queryType {\n      name\n    }\n  }\n}\n```\nIf __schema is in the DISABLED_INTROSPECTION_TYPES list, the response will be:\n\n```json\n{\n  \"data\": {\n    \"__schema\": \"[disabled]\"\n  }\n}\n```\n\n## License\nThis project is licensed under the GPL-3.0 License.\n\n",
    "bugtrack_url": null,
    "license": "GPL-3.0",
    "summary": "Middleware for Python Graphene to disable introspection",
    "version": "0.2",
    "project_urls": {
        "Download": "https://github.com/Paprikaschote/graphene-disable-introspection/archive/refs/tags/v0.2.tar.gz",
        "Homepage": "https://github.com/Paprikaschote/graphene-disable-introspection"
    },
    "split_keywords": [
        "django",
        " graphene",
        " graphql",
        " introspection",
        " middleware",
        " __schema",
        " disable",
        " security"
    ],
    "urls": [
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "86daf71a8578e4bc6635cc75bc1ce0ccd8b7acf6848d97b4bfa9ae101268d99b",
                "md5": "9ee3f3ff78a60d14809d29b2f80c06a5",
                "sha256": "c8fa57674b04e757f47d0e3048f208f0acab6e9dc8866f7e19b180df94f6ff4e"
            },
            "downloads": -1,
            "filename": "graphene_disable_introspection-0.2.tar.gz",
            "has_sig": false,
            "md5_digest": "9ee3f3ff78a60d14809d29b2f80c06a5",
            "packagetype": "sdist",
            "python_version": "source",
            "requires_python": ">=3.8",
            "size": 16133,
            "upload_time": "2024-09-19T12:06:36",
            "upload_time_iso_8601": "2024-09-19T12:06:36.739807Z",
            "url": "https://files.pythonhosted.org/packages/86/da/f71a8578e4bc6635cc75bc1ce0ccd8b7acf6848d97b4bfa9ae101268d99b/graphene_disable_introspection-0.2.tar.gz",
            "yanked": false,
            "yanked_reason": null
        }
    ],
    "upload_time": "2024-09-19 12:06:36",
    "github": true,
    "gitlab": false,
    "bitbucket": false,
    "codeberg": false,
    "github_user": "Paprikaschote",
    "github_project": "graphene-disable-introspection",
    "travis_ci": false,
    "coveralls": false,
    "github_actions": false,
    "lcname": "graphene-disable-introspection"
}
Carlo Völker
Elapsed time: 0.38963s