GraphQL Protect is dead-simple yet highly customizable security proxy compatible with any HTTP GraphQL Server or Gateway.
This repository is inspired by the great work of the Javascript GraphQL Armor middleware.
- Trusted Documents (Persisted Operations)
- Block Field Suggestions
- Obfuscate upstream errors
- Max Aliases
- Max Tokens
- Max (Field & List) Depth
- Max Batch
- Enforce POST
- Access Logging
- Max Directives (coming soon)
- Cost Limit (coming soon)
Curious why you need these features? Check out this Excellent talk on GraphQL security on YouTube.
docker pull ghcr.io/ldebruijn/graphql-protect:latest
docker run -p 8080:8080 -v $(pwd)/protect.yml:/app/protect.yml -v $(pwd)/schema.graphql:/app/schema.graphql ghcr.io/ldebruijn/graphql-protect:latestMake sure to portforward the right ports for your supplied configuration
Check out our run documentation for more concrete examples.
git clone git@github.com:ldebruijn/graphql-protect.gitBuild & Test
make build
make testRun Container
make run_containerCheck out our extensive documentation, including configuration examples, detailed descriptions of each protection feature as well as deployment configuration examples.
We recommend configuring the binary using a yaml file, place a file called protect.yml in the same directory as you're running the binary.
For all the configuration options check out the Configuration Documentation
At time of writing, GraphQL Protect targets the October 2021 version of the GraphQL specification and select portions of the Draft.
Ensure you have read the Contributing Guide before contributing.
To set up your project, make sure you run the make dev.setup script.
git clone git@github.com:ldebruijn/graphql-protect.git
cd graphql-protect
make dev.setupCheck out known limitations for more details.