fix(graphql): disable introspection endpoint on production

projectcaluma · Dec 22, 2023 · 6bd1d5a · 6bd1d5a
1 parent 94271b9
commit 6bd1d5a
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 0 deletions.
diff --git a/caluma/schema.py b/caluma/schema.py
@@ -1,8 +1,12 @@
+from functools import partial
+
 import graphene
 from django.conf import settings
 from graphene.relay import Node
+from graphene.validation import DisableIntrospection
 from graphene_django.converter import convert_django_field, convert_field_to_string
 from graphene_django.debug import DjangoDebug
+from graphql import validate
 from localized_fields.fields import LocalizedField
 
 from .caluma_analytics import schema as analytics_schema
@@ -93,3 +97,10 @@ class Query(*query_inherit_from):
     # TODO: define what app exposes what types
     types=types,
 )
+
+if settings.DISABLE_INTROSPECTION:
+    validate = partial(validate, rules=(DisableIntrospection,))
+
+validation_errors = validate(
+    schema=schema.graphql_schema,
+)
diff --git a/caluma/settings/caluma.py b/caluma/settings/caluma.py
@@ -51,6 +51,7 @@ def default(default_dev=env.NOTSET, default_prod=env.NOTSET):
     "MIDDLEWARE": [],
     "RELAY_CONNECTION_MAX_LIMIT": None,
 }
+DISABLE_INTROSPECTION = env.bool("DISABLE_INTROSPECTION", default=default(False, True))
 
 # OpenID connect