Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(jwt/introspection): ability to disable introspection based on JWT result #3677

Merged
merged 2 commits into from
Jan 20, 2025
Merged

fix(jwt/introspection): ability to disable introspection based on JWT result #3677

merged 2 commits into from
Jan 20, 2025

Conversation

ardatan
Copy link
Collaborator

@ardatan ardatan commented Jan 17, 2025
edited
Loading

Fixes #3614 so you can combine JWT plugin with introspection plugin in this case.

import { useDisableIntrospection } from '@graphql-yoga/plugin-disable-introspection'
import { useJWT } from '@graphql-yoga/plugin-jwt'

const yoga = createYoga({
  // ...
  plugins: [
    useJWT({
      reject: {
        missingToken: false,
        invalidToken: false
      }
    }),
    useDisableIntrospection({
      disableIf(_req, ctx) {
        // If there is no JWT token(unauthorized), disable introspection
        if (!ctx.jwt) {
          return true
        }
        return false
      }
    })
  ]
})

The following changes are needed;

JWT Plugin changes;
Ensure the JWT context has been added before any GraphQL Execution hooks when the plugin is used via Yoga

Introspection plugin changes;
Expose the server context as the second parameter, so introspection can be disabled based on the
context

import { createYoga } from 'graphql-yoga'
import { useDisableIntrospection } from '@graphql-yoga/plugin-disable-introspection'

// Provide your schema
const yoga = createYoga({
  graphiql: false,
  plugins: [
    useDisableIntrospection({
      isDisabled: (_req, ctx) => !ctx.jwt,
    })
  ]
})

const server = createServer(yoga)
server.listen(4000, () => {
  console.info('Server is running on http://localhost:4000/graphql')
})

@changeset-bot changeset-bot
Copy link

changeset-bot bot commented Jan 17, 2025
edited
Loading

🦋 Changeset detected

Latest commit: ff3243e

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 2 packages
Name Type
@graphql-yoga/plugin-jwt Patch
@graphql-yoga/plugin-disable-introspection Minor

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Jan 17, 2025
edited
Loading

Apollo Federation Subgraph Compatibility Results

Federation 1 Support Federation 2 Support
_service🟢
@key (single)🟢
@key (multi)🟢
@key (composite)🟢
repeatable @key🟢
@requires🟢
@provides🟢
federated tracing🟢
@link🟢
@shareable🟢
@tag🟢
@override🟢
@inaccessible🟢
@composeDirective🟢
@interfaceObject🟢

Learn more:

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Jan 17, 2025
edited
Loading

💻 Website Preview

The latest changes are available as preview in: https://e48d5158.graphql-yoga.pages.dev

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Jan 17, 2025
edited
Loading

✅ Benchmark Results

     ✓ no_errors{mode:graphql}
     ✓ expected_result{mode:graphql}
     ✓ no_errors{mode:graphql-jit}
     ✓ expected_result{mode:graphql-jit}
     ✓ no_errors{mode:graphql-response-cache}
     ✓ expected_result{mode:graphql-response-cache}
     ✓ no_errors{mode:graphql-no-parse-validate-cache}
     ✓ expected_result{mode:graphql-no-parse-validate-cache}
     ✓ no_errors{mode:uws}
     ✓ expected_result{mode:uws}

     checks.......................................: 100.00% ✓ 526948      ✗ 0     
     data_received................................: 2.1 GB  14 MB/s
     data_sent....................................: 106 MB  706 kB/s
     http_req_blocked.............................: avg=1.48µs   min=942ns    med=1.29µs   max=5.33ms   p(90)=1.9µs    p(95)=2.09µs  
     http_req_connecting..........................: avg=2ns      min=0s       med=0s       max=133.25µs p(90)=0s       p(95)=0s      
     http_req_duration............................: avg=354.27µs min=209.44µs med=321.53µs max=18.77ms  p(90)=464.37µs p(95)=485.36µs
       { expected_response:true }.................: avg=354.27µs min=209.44µs med=321.53µs max=18.77ms  p(90)=464.37µs p(95)=485.36µs
     ✓ { mode:graphql-jit }.......................: avg=284.76µs min=209.44µs med=267.69µs max=18.77ms  p(90)=299.69µs p(95)=315.31µs
     ✓ { mode:graphql-no-parse-validate-cache }...: avg=488.19µs min=408.1µs  med=466.16µs max=6.39ms   p(90)=506.16µs p(95)=539.85µs
     ✓ { mode:graphql-response-cache }............: avg=338.1µs  min=262.14µs med=321.88µs max=6.61ms   p(90)=351.85µs p(95)=362.83µs
     ✓ { mode:graphql }...........................: avg=359.44µs min=272.3µs  med=329.96µs max=13.87ms  p(90)=392.79µs p(95)=439.97µs
     ✓ { mode:uws }...............................: avg=337.71µs min=264.9µs  med=320.19µs max=5.69ms   p(90)=353.78µs p(95)=373.77µs
     http_req_failed..............................: 0.00%   ✓ 0           ✗ 263474
     http_req_receiving...........................: avg=32.74µs  min=15.91µs  med=32.29µs  max=2.71ms   p(90)=38.99µs  p(95)=41.46µs 
     http_req_sending.............................: avg=8.43µs   min=5.83µs   med=7.37µs   max=5.43ms   p(90)=10.84µs  p(95)=11.66µs 
     http_req_tls_handshaking.....................: avg=0s       min=0s       med=0s       max=0s       p(90)=0s       p(95)=0s      
     http_req_waiting.............................: avg=313.09µs min=179.98µs med=281.48µs max=18.64ms  p(90)=422.86µs p(95)=441.99µs
     http_reqs....................................: 263474  1756.476391/s
     iteration_duration...........................: avg=564.45µs min=388.59µs med=527.88µs max=19.35ms  p(90)=677.49µs p(95)=703.41µs
     iterations...................................: 263474  1756.476391/s
     vus..........................................: 1       min=1         max=1   
     vus_max......................................: 2       min=2         max=2

@ardatan ardatan requested review from dotansimha, n1ru4l, EmrysMyrddin and enisdenjo and removed request for dotansimha January 17, 2025 14:50
enisdenjo
enisdenjo previously requested changes Jan 17, 2025
View reviewed changes
packages/plugins/disable-introspection/src/index.ts Outdated Show resolved Hide resolved
website/src/pages/docs/features/introspection.mdx Outdated Show resolved Hide resolved
@ardatan ardatan requested a review from enisdenjo January 18, 2025 00:49
@ardatan ardatan force-pushed the introsection-disable-via-jwt branch from d4dca2b to ff3243e Compare January 18, 2025 01:16
@dotansimha dotansimha dismissed enisdenjo’s stale review January 20, 2025 10:07

Approved already

@ardatan ardatan merged commit 7419797 into main Jan 20, 2025
25 checks passed
@ardatan ardatan deleted the introsection-disable-via-jwt branch January 20, 2025 10:19
@theguild-bot theguild-bot mentioned this pull request Jan 20, 2025
Merged
@ardatan ardatan mentioned this pull request Jan 20, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@enisdenjo enisdenjo enisdenjo approved these changes

@dotansimha dotansimha dotansimha approved these changes

@n1ru4l n1ru4l Awaiting requested review from n1ru4l

@EmrysMyrddin EmrysMyrddin Awaiting requested review from EmrysMyrddin

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ardatan @dotansimha @enisdenjo