feat(traefik): add a local plugin

traefik/Makefile

@@ -0,0 +1,2 @@
+traefik:
+	traefik --configfile=traefik.yaml

traefik/dynamic_conf.yaml

@@ -0,0 +1,19 @@
+http:
+  routers:
+    graphql-server-entrypoint:
+      service: graphql-server-service
+      entrypoints:
+        - graphql-server-entrypoint
+      rule: Host(`localhost`)
+      middlewares:
+        - my-traefik-plugin-disable-graphql-introspection
+  services:
+    graphql-server-service:
+      loadBalancer:
+        servers:
+          - url: http://localhost:16020/
+  middlewares:
+    my-traefik-plugin-disable-graphql-introspection:
+      plugin:
+        traefik-plugin-disable-graphql-introspection:
+          GraphQLPath: /v1/graphql

traefik/plugins-local/src/github.com/Hongbo-Miao/traefik-plugin-disable-graphql-introspection/.traefik.yml

@@ -0,0 +1,6 @@
+displayName: Disable GraphQL Introspection Plugin
+type: middleware
+import: github.com/Hongbo-Miao/traefik-plugin-disable-graphql-introspection
+summary: 'Disable GraphQL Introspection'
+testData:
+  GraphQLPath: /graphql

traefik/plugins-local/src/github.com/Hongbo-Miao/traefik-plugin-disable-graphql-introspection/go.mod

@@ -0,0 +1,3 @@
+module github.com/Hongbo-Miao/traefik-plugin-disable-graphql-introspection
+
+go 1.17

traefik/plugins-local/src/github.com/Hongbo-Miao/traefik-plugin-disable-graphql-introspection/main.go

@@ -0,0 +1,65 @@
+package traefik_plugin_disable_graphql_introspection
+
+import (
+	"bytes"
+	"context"
+	"io/ioutil"
+	"log"
+	"net/http"
+	"strings"
+)
+
+type Config struct {
+	GraphQLPath string
+}
+
+func CreateConfig() *Config {
+	return &Config{
+		GraphQLPath: "/graphql",
+	}
+}
+
+type DisableGraphQLIntrospection struct {
+	next        http.Handler
+	name        string
+	graphQLPath string
+}
+
+func New(ctx context.Context, next http.Handler, config *Config, name string) (http.Handler, error) {
+	return &DisableGraphQLIntrospection{
+		next:        next,
+		name:        name,
+		graphQLPath: config.GraphQLPath,
+	}, nil
+}
+
+func (d *DisableGraphQLIntrospection) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
+	body, err := ioutil.ReadAll(r.Body)
+	if err != nil {
+		log.Printf("Error reading body: %v", err)
+		rw.WriteHeader(http.StatusBadRequest)
+		rw.Header().Set("Content-Type", "application/json")
+		rw.Write([]byte(`{
+			"error": {
+				"code": 400,
+				"message": "Failed to read request body."
+			}
+		}`))
+		return
+	}
+	if r.Method == "POST" && r.URL.Path == d.graphQLPath {
+		if strings.Contains(string(body), "__schema") || strings.Contains(string(body), "__type") {
+			rw.Header().Set("Content-Type", "application/json")
+			rw.Write([]byte(`{
+				"errors": [
+					{
+						"message": "GraphQL introspection is not allowed."
+					}
+				]
+			}`))
+			return
+		}
+	}
+	r.Body = ioutil.NopCloser(bytes.NewBuffer(body))
+	d.next.ServeHTTP(rw, r)
+}

traefik/traefik.yaml

@@ -0,0 +1,15 @@
+entryPoints:
+  graphql-server-entrypoint:
+    address: :16022
+api:
+  insecure: true
+  dashboard: true
+providers:
+  file:
+    filename: dynamic_conf.yaml
+log:
+  level: DEBUG
+experimental:
+  localPlugins:
+    traefik-plugin-disable-graphql-introspection:
+      modulename: github.com/Hongbo-Miao/traefik-plugin-disable-graphql-introspection