From 0975691550f23be6b68c29b57840e2af4698eac4 Mon Sep 17 00:00:00 2001 From: Adam Scarr Date: Sun, 8 Nov 2020 15:49:07 +1100 Subject: [PATCH] Update introspection docs --- docs/content/reference/introspection.md | 39 ++++++++++++------------- 1 file changed, 18 insertions(+), 21 deletions(-) diff --git a/docs/content/reference/introspection.md b/docs/content/reference/introspection.md index d16e8bbc13f..daa26c6cb01 100644 --- a/docs/content/reference/introspection.md +++ b/docs/content/reference/introspection.md @@ -5,36 +5,33 @@ linkTitle: Introspection menu: { main: { parent: 'reference', weight: 10 } } --- -One of the best features of GraphQL is it's powerful discoverability, but sometimes you don't want to allow others to explore your endpoint. +One of the best features of GraphQL is it's powerful discoverability and its is automatically included when using `NewDefaultServer`. ## Disable introspection for the whole server -To turn introspection on and off at runtime, pass the `IntrospectionEnabled` handler option when starting the server: - +To opt out of introspection globally you should build your own server with only the features you use. For example a simple server that only does POST, and only has introspection in dev could look like: ```go +srv := handler.New(es) + +srv.AddTransport(transport.Options{}) +srv.AddTransport(transport.POST{}) - srv := handler.NewDefaultServer(NewExecutableSchema(Config{Resolvers: resolvers})) - srv.AroundOperations(func(ctx context.Context, next graphql.OperationHandler) graphql.ResponseHandler { - graphql.GetOperationContext(ctx).DisableIntrospection = true - return next(ctx) - }) +if os.GetEnv("ENVIRONMENT") == "development" { + srv.Use(extension.Introspection{}) +} ``` ## Disabling introspection based on authentication -Introspection can also be enabled on a per-request context basis. For example, you could modify it in a middleware based on user authentication: +Introspection can also be enabled on a per-request context basis. For example, you could modify it in a middleware based on user authentication: ```go -srv := httptest.NewServer( - handler.GraphQL( - NewExecutableSchema(Config{Resolvers: resolvers}), - handler.RequestMiddleware(func(ctx context.Context, next func(ctx context.Context) []byte) []byte { - if !userForContext(ctx).IsAdmin { - graphql.GetOperationContext(ctx).DisableIntrospection = true - } - - return next(ctx) - }), - ), -) +srv := handler.NewDefaultServer(es) +srv.AroundOperations(func(ctx context.Context, next graphql.OperationHandler) graphql.ResponseHandler { + if !userForContext(ctx).IsAdmin { + graphql.GetOperationContext(ctx).DisableIntrospection = true + } + + return next(ctx) +}) ```