From b882e997e18c0d63aa7a4507df9b71c81c1970d1 Mon Sep 17 00:00:00 2001 From: John Estabrook Date: Sun, 15 May 2022 13:29:29 -0500 Subject: graphql: T3993: disable introspection unless set in CLI --- interface-definitions/https.xml.in | 13 ++++++++++--- python/vyos/defaults.py | 1 + src/conf_mode/http-api.py | 2 ++ src/services/vyos-http-api-server | 7 +++++-- 4 files changed, 18 insertions(+), 5 deletions(-) diff --git a/interface-definitions/https.xml.in b/interface-definitions/https.xml.in index 775fae122..d096c4ff1 100644 --- a/interface-definitions/https.xml.in +++ b/interface-definitions/https.xml.in @@ -107,12 +107,19 @@ - + GraphQL support - - + + + + Schema introspection + + + + + Set CORS options diff --git a/python/vyos/defaults.py b/python/vyos/defaults.py index fcb6a7fbc..2ac3b7ea3 100644 --- a/python/vyos/defaults.py +++ b/python/vyos/defaults.py @@ -49,6 +49,7 @@ api_data = { 'socket' : False, 'strict' : False, 'gql' : False, + 'introspection' : False, 'debug' : False, 'api_keys' : [ {"id": "testapp", "key": "qwerty"} ] } diff --git a/src/conf_mode/http-api.py b/src/conf_mode/http-api.py index 1ea7b86cd..04113fc09 100755 --- a/src/conf_mode/http-api.py +++ b/src/conf_mode/http-api.py @@ -68,6 +68,8 @@ def get_config(config=None): if conf.exists('gql'): http_api['gql'] = True + if conf.exists('gql introspection'): + http_api['introspection'] = True if conf.exists('socket'): http_api['socket'] = True diff --git a/src/services/vyos-http-api-server b/src/services/vyos-http-api-server index e9b904ba8..af8837e1e 100755 --- a/src/services/vyos-http-api-server +++ b/src/services/vyos-http-api-server @@ -654,11 +654,13 @@ def graphql_init(fast_api_app): schema = generate_schema() + in_spec = app.state.vyos_introspection + if app.state.vyos_origins: origins = app.state.vyos_origins - app.add_route('/graphql', CORSMiddleware(GraphQL(schema, debug=True), allow_origins=origins, allow_methods=("GET", "POST", "OPTIONS"))) + app.add_route('/graphql', CORSMiddleware(GraphQL(schema, debug=True, introspection=in_spec), allow_origins=origins, allow_methods=("GET", "POST", "OPTIONS"))) else: - app.add_route('/graphql', GraphQL(schema, debug=True)) + app.add_route('/graphql', GraphQL(schema, debug=True, introspection=in_spec)) ### @@ -684,6 +686,7 @@ if __name__ == '__main__': app.state.vyos_debug = server_config['debug'] app.state.vyos_gql = server_config['gql'] + app.state.vyos_introspection = server_config['introspection'] app.state.vyos_strict = server_config['strict'] app.state.vyos_origins = server_config.get('cors', {}).get('origins', []) -- cgit v1.2.3