Package Exports
- @escape.tech/graphql-armor
- @escape.tech/graphql-armor/dist/src/index.js
This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (@escape.tech/graphql-armor) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.
Readme
GraphQL Armor 🛡️
This project is young so there might be bugs but we are very reactive so feel free to open issues.
GraphQL Armor is a Dead-simple, yet highly customizable security middleware for Apollo GraphQL servers.
Contents
Supported remediations
Installation
# npm
npm install @escape.tech/graphql-armor
# yarn
yarn add @escape.tech/graphql-armorGetting Started
import { ApolloArmor } from '@escape.tech/graphql-armor';
const armor = new ApolloArmor({
// Config opts
});
const server = new ApolloServer({
typeDefs,
resolvers,
plugins: [...armor.getPlugins(), ...yourPlugins],
validationRules: [...armor.getValidationRules(), ...yourValidationRules],
});Getting Started with Configuration
GraphQL-Armor is fully configurable, scoped per plugin.
View the Per plugin remediation section for more information.
import { ApolloArmor } from '@escape.tech/graphql-armor';
const armor = new ApolloArmor({
CostAnalysis: {
enabled: true,
options: {
maxCost: 1000,
},
}
});
const server = new ApolloServer({
typeDefs,
resolvers,
plugins: [...armor.getPlugins(), ...yourPlugins],
validationRules: [...armor.getValidationRules(), ...yourValidationRules],
});Per plugin remediation
This section describes how to configure each plugin individually.
Character Limit
Character Limit plugin will enforce a character limit on your GraphQL queries.
(Note: The limit is not applied to whole HTTP body -, multipart form data / file upload will still works)
import { ApolloArmor } from '@escape.tech/graphql-armor';
const armor = new ApolloArmor({
characterLimit: {
enabled: true,
options: {
maxLength: 15000, // Default: 15000
},
}
});Cost Analysis
Cost Analysis plugin analyze incoming GraphQL queries and apply cost analysis algorithm to prevent resource overload.
import { ApolloArmor } from '@escape.tech/graphql-armor';
const armor = new ApolloArmor({
costAnalysis: {
enabled: true,
options: {
maxCost: 5000, // Default: 5000
defaultComplexity: 1, // Default: 1 | Complexity of GQL token
maxDepth: 6, // Default: 6
maxAlias: 15, // Default: 15
maxDirectives: 50, // Default: 50
},
}
});Field Suggestion
Field Suggestion plugin will prevent suggesting fields of unprecise GraphQL queries.
import { ApolloArmor } from '@escape.tech/graphql-armor';
const armor = new ApolloArmor({
fieldSuggestion: {
enabled: true,
}
});Contributing
Ensure you have read the Contributing Guide before contributing.
To setup your project, make sure you run install-dev.sh script.
git clone git@github.com:Escape-Technologies/graphql-armor.git
cd graphql-armor
chmod +x ./install-dev.sh
./install-dev.shWe are using yarn as our package manager.
You will be able to run command from the root using yarn workspace @escape.tech/pkg cmd.