grpc_graphql_gateway 1.2.4

A Rust implementation of gRPC-GraphQL gateway - generates GraphQL execution code from gRPC services
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113

# Introspection Control

Disable GraphQL introspection in production to prevent schema discovery attacks.

## Disabling Introspection

```rust
let gateway = Gateway::builder()
    .with_descriptor_set_bytes(DESCRIPTORS)
    .disable_introspection()
    .build()?;
```

## What It Blocks

When introspection is disabled, these queries return errors:

```graphql
# Blocked
{
  __schema {
    types {
      name
    }
  }
}

# Blocked
{
  __type(name: "User") {
    fields {
      name
    }
  }
}
```

## Error Response

```json
{
  "errors": [
    {
      "message": "Introspection is disabled",
      "extensions": {
        "code": "INTROSPECTION_DISABLED"
      }
    }
  ]
}
```

## Environment-Based Toggle

Enable introspection only in development:

```rust
let is_production = std::env::var("ENV")
    .map(|e| e == "production")
    .unwrap_or(false);

let mut builder = Gateway::builder()
    .with_descriptor_set_bytes(DESCRIPTORS);

if is_production {
    builder = builder.disable_introspection();
}

let gateway = builder.build()?;
```

## Security Benefits

Disabling introspection:
- Prevents attackers from discovering your schema structure
- Reduces attack surface for GraphQL-specific exploits
- Hides internal type names and field descriptions

## When to Disable

| Environment | Introspection |
|-------------|---------------|
| Development | ✅ Enabled |
| Staging | ⚠️ Consider disabling |
| Production | ❌ Disabled |

## Alternative: Authorization

Instead of fully disabling, you can selectively allow introspection:

```rust
struct IntrospectionMiddleware {
    allowed_keys: HashSet<String>,
}

impl Middleware for IntrospectionMiddleware {
    async fn call(&self, ctx: &mut Context, next: ...) -> Result<()> {
        // Check if request is introspection
        if is_introspection_query(ctx) {
            let api_key = ctx.headers().get("x-api-key");
            if !self.allowed_keys.contains(api_key) {
                return Err(Error::new("Introspection not allowed"));
            }
        }
        next(ctx).await
    }
}
```

## See Also

- **[Query Whitelisting](../production/query-whitelisting.md)** - For maximum security, combine introspection control with query whitelisting to restrict both schema discovery and query execution
- [DoS Protection](dos-protection.md) - Query depth and complexity limits