问题描述
我已经将Spring Boot应用程序与 graphql-spqr-spring-boot-starter https://github.com/leangen/graphql-spqr-spring-boot-starter集成在一起,我需要找到一种方法来禁用graphql模式自省,因为它具有安全性生产问题。
解决方法
我正在使用graphql-spqr 0.9.9和graphql-spqr-spring-boot-starter 0.0.4,但是代码库更改为graphql-spqr 0.10。我将尝试介绍这两种情况,但是请记住,您可能需要稍微调整一下代码片段。
在Graphql-spqr-spring-boot启动程序中,GraphQLSchemaGenerator
是用于生成GraphQSchema
的bean。在io.leangen.graphql.spqr.spring.autoconfigure.BaseAutoConfiguration
(v0.10)或io.leangen.graphql.spqr.spring.autoconfigure.SpqrAutoConfiguration
(v0.9)中定义。
您需要提供自己的GraphQLSchemaGenerator Bean,它将为自省查询设置GraphqlFieldVisibility。根据此问题(由Google缓存:https://webcache.googleusercontent.com/search?q=cache:8VV29F3ovZsJ:https://github.com/leangen/graphql-spqr/issues/305),设置字段可见性的方法有两种:
Graphql-spqr 0.9
@Bean
public GraphQLSchemaGenerator graphQLSchemaGenerator(SpqrProperties spqrProperties) {
GraphQLSchemaGenerator schemaGenerator = new GraphQLSchemaGenerator();
schemaGenerator.withSchemaProcessors((schemaBuilder,buildContext) ->
{
schemaBuilder.fieldVisibility(new NoIntrospectionGraphqlFieldVisibility());
return schemaBuilder;
});
//Other GraphQLSchemaGenerator configuration
}
Graphql-spqr 0.10
@Bean
public GraphQLSchemaGenerator graphQLSchemaGenerator(SpqrProperties spqrProperties) {
GraphQLSchemaGenerator schemaGenerator = new GraphQLSchemaGenerator();
schemaGenerator.withSchemaProcessors((schemaBuilder,buildContext) ->
{
buildContext.codeRegistry.fieldVisibility(NoIntrospectionGraphqlFieldVisibility.NO_INTROSPECTION_FIELD_VISIBILITY);
return schemaBuilder;
});
//Other GraphQLSchemaGenerator configuration
}
您可以从默认实现中获得启发,以正确设置GraphQLGenerator。
,这似乎可行,SpqrAutoConfiguration类中有一个bean,可以从生成器对象生成Graphql模式
create type articulo as object (
codigo_barras number,nombre varchar2(100),precio number,categoria varchar2(100),stock number
);
create table almacen of articulo(
codigo_barras primary key
);
create table estanteria(
identificador varchar2(10) primary key,pasillo number,seccion character,producto ref articulo scope is almacen
);
create type lista as VARRAY(5) of REF articulo;
create table escaparate(
tablon number primary key,lista_productos lista
);
insert into almacen values (1,'Destornillador',5,'Herramientas',20);
insert into almacen values (2,'Llave inglesa',12,30);
insert into almacen values (3,'Martillo',16,20);
insert into almacen values (4,'Soplete',24,'Maquinaria',5);
insert into almacen values (5,'Radial',35,10);
insert into estanteria
select 1,1,'A',ref(a)
from almacen a
where a.CODIGO_BARRAS=1;
insert into estanteria
select 2,3,'B',ref(a)
from almacen a
where a.CODIGO_BARRAS=4;
insert into escaparate
select 1,lista(REF(a1),REF(a2))
FROM almacen a1,almacen a2
where a1.CODIGO_BARRAS=1 and a2.CODIGO_BARRAS=2;
,
schemaBuilder.fieldVisibility已弃用。
Graphql-spqr 0.10
@Bean
public GraphQLSchema graphQLSchema(GraphQLSchemaGenerator schemaGenerator) {
schemaGenerator.withSchemaProcessors((schemaBuilder,buildContext) -> {
schemaBuilder.codeRegistry(
buildContext
.codeRegistry
.fieldVisibility(NoIntrospectionGraphqlFieldVisibility.NO_INTROSPECTION_FIELD_VISIBILITY)
.build()
);
return schemaBuilder;
});
return schemaGenerator.generate();
}