1

我已经将我的 Spring Boot 应用程序与graphql-spqr-spring-boot-starter https://github.com/leangen/graphql-spqr-spring-boot-starter集成在一起,我需要找到一种方法来禁用 graphql 模式自省因为它是生产的安全问题。

4

3 回答 3

0

schemaBuilder.fieldVisibility is Deprecated.

Graphql-spqr 0.10

    @Bean
    public GraphQLSchema graphQLSchema(GraphQLSchemaGenerator schemaGenerator) {
        schemaGenerator.withSchemaProcessors((schemaBuilder, buildContext) -> {
            schemaBuilder.codeRegistry(
                    buildContext
                            .codeRegistry
                            .fieldVisibility(NoIntrospectionGraphqlFieldVisibility.NO_INTROSPECTION_FIELD_VISIBILITY)
                            .build()
            );
            return schemaBuilder;
        });
        return schemaGenerator.generate();
    }
于 2020-12-15T05:09:02.080 回答
0

我正在使用 graphql-spqr 0.9.9 和 graphql-spqr-spring-boot-starter 0.0.4,但为 graphql-spqr 0.10 更改了代码库。我将尝试涵盖这两种情况,但请记住,您可能需要稍微调整代码片段。

在 Graphql-spqr-spring-boot starter 中,GraphQLSchemaGenerator是一个用于生成GraphQSchema. 它在io.leangen.graphql.spqr.spring.autoconfigure.BaseAutoConfiguration(v0.10) 或 io.leangen.graphql.spqr.spring.autoconfigure.SpqrAutoConfiguration(v0.9) 中定义。

您需要提供自己的 GraphQLSchemaGenerator bean,它将为自省查询设置 GraphqlFieldVisibility。根据这个问题(由谷歌缓存:https ://webcache.googleusercontent.com/search?q=cache:8VV29F3ovZsJ:https://github.com/leangen/graphql-spqr/issues/305 ),有两种不同的设置字段可见性的方法:

Graphql-spqr 0.9

@Bean
public GraphQLSchemaGenerator graphQLSchemaGenerator(SpqrProperties spqrProperties) {
  GraphQLSchemaGenerator schemaGenerator = new GraphQLSchemaGenerator();

  schemaGenerator.withSchemaProcessors((schemaBuilder, buildContext) -> 
  {
      schemaBuilder.fieldVisibility(new NoIntrospectionGraphqlFieldVisibility());
      return schemaBuilder;
  });

  //Other GraphQLSchemaGenerator configuration
}

Graphql-spqr 0.10

@Bean
public GraphQLSchemaGenerator graphQLSchemaGenerator(SpqrProperties spqrProperties) {
  GraphQLSchemaGenerator schemaGenerator = new GraphQLSchemaGenerator();

  schemaGenerator.withSchemaProcessors((schemaBuilder, buildContext) -> 
  {
    buildContext.codeRegistry.fieldVisibility(NoIntrospectionGraphqlFieldVisibility.NO_INTROSPECTION_FIELD_VISIBILITY);
    return schemaBuilder;
  });

  //Other GraphQLSchemaGenerator configuration
}

您可以从默认实现中获得灵感来正确设置 GraphQLGenerator。

于 2020-10-27T05:42:55.300 回答
0

这似乎有效,SpqrAutoConfiguration 类中有一个 bean 可以从生成器对象生成Graphql 模式

@Bean
public GraphQLSchema graphQLSchema(GraphQLSchemaGenerator schemaGenerator) {
schemaGenerator.withSchemaProcessors((schemaBuilder, buildContext) ->
{
 schemaBuilder.fieldVisibility(new NoIntrospectionGraphqlFieldVisibility());
 return schemaBuilder;
});
   return schemaGenerator.generate();
}
于 2020-11-08T12:04:25.817 回答