@cleartax/apollo-server-plugin-introspection-auth
v1.1.0
Published
An Apollo Server plugin to allow introspection only via authenticated requests
Downloads
1,317
Maintainers
Readme
@cleartax/apollo-server-plugin-introspection-auth
An apollo plugin to secure introspection queries with token based authentication.
Installation
Install the plugin as dependency.
npm install -S @cleartax/apollo-server-plugin-introspection-auth
apollo-server
is a peer-dependency for this package.
If you haven't already, install it via:-
npx install-peerdeps @cleartax/apollo-server-plugin-introspection-auth
Usage
When instantiating ApolloServer
, pass the following options:-
const apolloServer = new ApolloServer({
//...
introspection: true,
plugins: [
ApolloServerIntrospectionAuth({
type: 'header-token',
name: 'x-app-introspect-auth', // custom header name
value: ['<valid-auth-token>'], // valid header values
}),
];
});
Note: Ideally, you would want to add this configuration for non-development environments only. In which case, you can add the options conditionally. The following example illustrates adding it for higher environments in apollo-server-express
:-
// this example uses `apollo-server-express`
import { ApolloServerExpressConfig, ApolloServer } from 'apollo-server-express';
import ApolloServerIntrospectionAuth from '@cleartax/apollo-server-plugin-introspection-auth';
let options: ApolloServerExpressConfig = {
// ...
// your default apollo server express config
};
// add this configuration for NON-development environments
if (process.env.NODE_ENV === 'production') {
options = {
...options,
playground: false, // turn off playground in production
introspection: true, // configure apollo to allow introspection
plugins: plugins.concat([
// add the plugin to check for authentication on introspection queries
ApolloServerIntrospectionAuth({
type: 'header-token',
name: 'x-app-introspect-auth', // header name
value: ['<valid-auth-token>'], // valid header values
}),
]);
}
}
const apolloServer = new ApolloServer(options);
References
Inspired from this implementation in apollographql/apollo-server#1933.