@zuplo/graphql 6.52.4 → 6.52.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/out/types/index.d.ts +114 -10
  2. package/package.json +2 -2
package/out/types/index.d.ts CHANGED
@@ -1,20 +1,79 @@
1
1
  import { InboundPolicyHandler } from '@zuplo/runtime';
2
2
 
3
3
  /**
4
- * Limits the complexity of a GraphQL query
4
+ * Policy that limits the complexity and depth of GraphQL queries to prevent abuse.
5
+ * Protects your GraphQL API from expensive queries that could cause performance issues
6
+ * or denial of service attacks.
5
7
  *
6
8
  * @title GraphQL Complexity Limit
7
9
  * @public
8
- * @param request - The ZuploRequest
10
+ *
11
+ * @param request - The incoming ZuploRequest containing the GraphQL query
9
12
  * @param context - The ZuploContext
10
- * @param options - The policy options set in policies.json
11
- * @param policyName - The name of the policy as set in policies.json
12
- * @returns A Request or a Response
13
+ * @param options - Configuration for complexity and depth limits
14
+ * @param policyName - The name of the policy instance
15
+ * @returns The request if within limits, or a 400 response if limits exceeded
16
+ *
17
+ * @example
18
+ * ```json
19
+ * // policies.json - Limit query complexity
20
+ * {
21
+ * "name": "graphql-complexity",
22
+ * "policyType": "graphql-complexity-limit-inbound",
23
+ * "handler": {
24
+ * "export": "GraphQLComplexityLimitInboundPolicy",
25
+ * "module": "$import(@zuplo/graphql)",
26
+ * "options": {
27
+ * "useComplexityLimit": {
28
+ * "complexityLimit": 1000,
29
+ * "endpointUrl": "https://api.example.com/graphql"
30
+ * }
31
+ * }
32
+ * }
33
+ * }
34
+ * ```
35
+ *
36
+ * @example
37
+ * ```json
38
+ * // Limit query depth to prevent deeply nested queries
39
+ * {
40
+ * "handler": {
41
+ * "export": "GraphQLComplexityLimitInboundPolicy",
42
+ * "module": "$import(@zuplo/graphql)",
43
+ * "options": {
44
+ * "useDepthLimit": {
45
+ * "depthLimit": 10
46
+ * }
47
+ * }
48
+ * }
49
+ * }
50
+ * ```
51
+ *
52
+ * @example
53
+ * ```json
54
+ * // Use both complexity and depth limits
55
+ * {
56
+ * "handler": {
57
+ * "export": "GraphQLComplexityLimitInboundPolicy",
58
+ * "module": "$import(@zuplo/graphql)",
59
+ * "options": {
60
+ * "useComplexityLimit": {
61
+ * "complexityLimit": 500,
62
+ * "endpointUrl": "$env(GRAPHQL_ENDPOINT)"
63
+ * },
64
+ * "useDepthLimit": {
65
+ * "depthLimit": 7
66
+ * }
67
+ * }
68
+ * }
69
+ * }
70
+ * ```
13
71
  */
14
72
  export declare const GraphQLComplexityLimitInboundPolicy: InboundPolicyHandler<GraphQLComplexityLimitInboundPolicyOptions>;
15
73
 
16
74
  /**
17
75
  * The options for this policy.
76
+ * @public
18
77
  */
19
78
  export declare interface GraphQLComplexityLimitInboundPolicyOptions {
20
79
  useComplexityLimit: {
@@ -40,20 +99,65 @@ export declare interface GraphQLComplexityLimitInboundPolicyOptions {
40
99
  }
41
100
 
42
101
  /**
43
- * Disables introspection queries on your API.
102
+ * Policy that disables GraphQL introspection queries in production.
103
+ * Introspection allows clients to discover the schema, which can be a security
104
+ * risk as it exposes your entire API structure.
44
105
  *
45
106
  * @title GraphQL Disable Introspection
46
107
  * @public
47
- * @param request - The ZuploRequest
108
+ *
109
+ * @param request - The incoming ZuploRequest containing the GraphQL query
48
110
  * @param context - The ZuploContext
49
- * @param options - The policy options set in policies.json
50
- * @param policyName - The name of the policy as set in policies.json
51
- * @returns A Request or a Response
111
+ * @param options - Policy configuration options
112
+ * @param policyName - The name of the policy instance
113
+ * @returns The request if not an introspection query, or a 403 response if introspection is attempted
114
+ *
115
+ * @example
116
+ * ```json
117
+ * // policies.json - Disable introspection in production
118
+ * {
119
+ * "name": "disable-introspection",
120
+ * "policyType": "graphql-disable-introspection-inbound",
121
+ * "handler": {
122
+ * "export": "GraphQLDisableIntrospectionInboundPolicy",
123
+ * "module": "$import(@zuplo/graphql)"
124
+ * }
125
+ * }
126
+ * ```
127
+ *
128
+ * @example
129
+ * ```json
130
+ * // Apply to specific routes
131
+ * {
132
+ * "paths": {
133
+ * "/graphql": {
134
+ * "post": {
135
+ * "x-zuplo-route": {
136
+ * "policies": {
137
+ * "inbound": ["disable-introspection", "rate-limit"]
138
+ * },
139
+ * "handler": {
140
+ * "export": "graphqlHandler",
141
+ * "module": "$import(./handlers/graphql)"
142
+ * }
143
+ * }
144
+ * }
145
+ * }
146
+ * }
147
+ * }
148
+ * ```
149
+ *
150
+ * @remarks
151
+ * This policy blocks queries containing __schema or __type fields,
152
+ * which are used by GraphQL introspection. It's recommended to disable
153
+ * introspection in production environments while keeping it enabled
154
+ * in development for tooling support.
52
155
  */
53
156
  export declare const GraphQLDisableIntrospectionInboundPolicy: InboundPolicyHandler<GraphqlDisableIntrospectionInboundPolicyOptions>;
54
157
 
55
158
  /**
56
159
  * The options for this policy.
160
+ * @public
57
161
  */
58
162
  export declare interface GraphqlDisableIntrospectionInboundPolicyOptions {
59
163
  }
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "@zuplo/graphql",
3
3
  "type": "module",
4
- "version": "6.52.4",
4
+ "version": "6.52.6",
5
5
  "repository": "https://github.com/zuplo/zuplo",
6
6
  "author": "Zuplo, Inc.",
7
7
  "exports": {
@@ -31,6 +31,6 @@
31
31
  "graphql": "^16.8.1"
32
32
  },
33
33
  "peerDependencies": {
34
- "@zuplo/runtime": "6.52.4"
34
+ "@zuplo/runtime": "6.52.6"
35
35
  }
36
36
  }