Reinstate possibility to disable introspection fix #402

oliemansm · oliemansm · commit fa370ccc454e · 2020-12-20T12:27:24.000+01:00
diff --git a/example-graphql-tools/src/main/resources/application.yml b/example-graphql-tools/src/main/resources/application.yml
@@ -6,18 +6,5 @@ server:
 graphql:
   servlet:
     exception-handlers-enabled: true
-    tracing-enabled: metrics-only
-graphiql:
-  headers:
-    Authorization: "Bearer 05bd9a5f3fe0408f89520946b0fe1b06"
-  props:
-    variables:
-      headerEditorEnabled: true
-logging:
-  level:
-    com:
-      oembedler:
-        moon:
-          graphql:
-            boot:
-              error: debug
+  tools:
+    introspection-enabled: false
diff --git a/graphql-kickstart-spring-boot-autoconfigure-tools/src/main/java/graphql/kickstart/tools/boot/GraphQLJavaToolsAutoConfiguration.java b/graphql-kickstart-spring-boot-autoconfigure-tools/src/main/java/graphql/kickstart/tools/boot/GraphQLJavaToolsAutoConfiguration.java
@@ -19,6 +19,7 @@
 import graphql.schema.GraphQLSchema;
 import graphql.schema.idl.SchemaDirectiveWiring;
 import graphql.schema.visibility.GraphqlFieldVisibility;
+import graphql.schema.visibility.NoIntrospectionGraphqlFieldVisibility;
 import java.io.IOException;
 import java.util.List;
 import java.util.Optional;
@@ -167,4 +168,12 @@ public PerFieldObjectMapperProvider perFieldObjectMapperProvider(ObjectMapper ob
   public GraphQLSchema graphQLSchema(SchemaParser schemaParser) {
     return schemaParser.makeExecutableSchema();
   }
+
+  @Bean
+  @ConditionalOnProperty(value = "graphql.tools.introspection-enabled", havingValue = "false")
+  GraphqlFieldVisibility disableIntrospection() {
+    log.warn("GraphQL introspection query disabled! This puts your server in contravention of the "
+        + "GraphQL specification and expectations of most clients, so use this option with caution");
+    return new NoIntrospectionGraphqlFieldVisibility();
+  }
 }
diff --git a/graphql-kickstart-spring-boot-autoconfigure-tools/src/main/java/graphql/kickstart/tools/boot/GraphQLToolsProperties.java b/graphql-kickstart-spring-boot-autoconfigure-tools/src/main/java/graphql/kickstart/tools/boot/GraphQLToolsProperties.java
@@ -2,16 +2,17 @@
 
 import lombok.Data;
 import org.springframework.boot.context.properties.ConfigurationProperties;
-import org.springframework.context.annotation.Configuration;
 
 @Data
 @ConfigurationProperties(prefix = "graphql.tools")
 class GraphQLToolsProperties {
 
-    private String schemaLocationPattern = "**/*.graphqls";
-    /** @deprecated Set graphql.tools.schema-parser-options.introspection-enabled instead */
-    @Deprecated
-    private boolean introspectionEnabled = true;
-    private boolean useDefaultObjectmapper = true;
+  private String schemaLocationPattern = "**/*.graphqls";
+  /**
+   * Enable or disable the introspection query. Disabling it puts your server in contravention of
+   * the GraphQL specification and expectations of most clients, so use this option with caution
+   */
+  private boolean introspectionEnabled = true;
+  private boolean useDefaultObjectmapper = true;
 
 }
