npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

graphql-query-purifier

v1.3.0

Published

A small library to match .gql queries vs user input. Removes fields from user requests that are not expected by your frontend code.

Downloads

22

Readme

GraphQL Query Purifier

Coverage

typegraphql-prisma-purifier

Demo

This package provides a middleware for Express.js applications to manage and filter GraphQL queries based on .gql files. It is designed to enhance security and efficiency by allowing only specified queries to be processed by your GraphQL server.

Usage with typegraphql-prisma

TypeGraphQL-Prisma is a powerful integration that significantly simplifies backend development by automatically generating a fully-featured Node.js GraphQL API based on your Prisma schema. It turns your database schema into a fully-typed GraphQL API, making it an excellent tool for developers looking to bootstrap and quickly maintain robust Node.js GraphQL servers.

Problem

With all benefits of typegraphql-prisma and its resolvers, the main concern is security. Auto-generated resolvers allow to query any relation of any level deep and no way to prevent overquerying. This little library is an attempt to set boundaries for what can be requested by clients.

Features

  • Query Filtering: Filters incoming GraphQL queries based on a list of allowed queries defined in .gql files.
  • Easy Integration: Seamlessly integrates with existing Express.js and Apollo Server setups.
  • Customizable: Easily adaptable to different GraphQL schema setups.

Example

Input Query

An incoming query sent to your server might look like this:

query findOneUser {
  findOneUser {
    id
    name
    email
    password
    posts {
      title
      content
    }
  }
}

Allowed Query

query findOneUser {
  findOneUser {
    id
    posts {
      title
    }
  }
}

Output Query

The GraphQLQueryPurifier processes the input query and filters out the non-allowed fields. The output query, which will be processed by your GraphQL server, becomes:

query findOneUser {
  findOneUser {
    id
    posts {
      title
    }
  }
}

The email and posts.content fields are removed from the query since they are not included in the allowed query.

Installation

Install the package using npm:

npm install graphql-query-purifier

## Or using yarn:
yarn add graphql-query-purifier

Usage

import express from 'express';
import path from 'path';
import { json } from 'body-parser';
import { GraphQLQueryPurifier } from 'graphql-query-purifier';

const app = express();
const gqlPath = path.resolve(__dirname, '../prisma/gql');
const queryPurifier = new GraphQLQueryPurifier({
  gqlPath,

  // optional:
  allowStudio: true,
  allow: false,
  debug: false,
});

// make sure body parser is placed before
app.use(json());
app.use(queryPurifier.filter);

// your graphql middleware

API Reference

  • GraphQLQueryPurifier(gqlPath: string)

gqlPath: Path to the directory containing your .gql files or folders with it.

  • filter(req, res, next)

An Express middleware function to filter incoming GraphQL queries.

P.S.

It doesn't copy .gql files, only watches for it. If your frontend is in another repo - you may need to handle copying of files before commit.

Contributing

Contributions are welcome!

License

This project is licensed under the MIT License.

Credits: