GraphQL Protect is dead-simple yet highly customizable security sidecar compatible with any HTTP GraphQL Server or Gateway.
This is repository inspired by the great work of the Javascript GraphQL Armor middleware.
- Persisted Operations
- Block Field Suggestions
- Max Aliases
- Max Tokens
- Max Depth
- Max Batch
- Enforce POST
- Max Directives (coming soon)
- Cost Limit (coming soon)
Curious why you need these features? Check out this Excellent talk on GraphQL security on YouTube.
docker pull ghcr.io/ldebruijn/graphql-protect:latest
docker run -p 8080:8080 -v $(pwd)/protect.yml:/app/protect.yml -v $(pwd)/schema.graphql:/app/schema.graphql ghcr.io/ldebruijn/graphql-protect:latest
Make sure to portforward the right ports for your supplied configuration
Check out our run documentation for more concrete examples.
git clone git@github.com:ldebruijn/graphql-protect.git
Build & Test
make build
make test
Run Container
make run_container
Check out our extensive documentation, including configuration examples, detailed descriptions of each protection feature as well as deployment configuration examples.
We recommend configuring the binary using a yaml file, place a file called protect.yml
in the same directory as you're running the binary.
For all the configuration options check out the Configuration Documentation
Alternatively graphql-protect can be configured using environment variables or command line arguments.
Ensure you have read the Contributing Guide before contributing.
To set up your project, make sure you run the make dev.setup
script.
git clone git@github.com:ldebruijn/graphql-protect.git
cd graphql-protect
make dev.setup