github.com/maeglindeveloper/gqlgen@v0.13.1-0.20210413081235-57808b12a0a0/docs/content/reference/introspection.md

github.com/maeglindeveloper/gqlgen@v0.13.1-0.20210413081235-57808b12a0a0/docs/content/reference/introspection.md (about)

     1  ---
     2  title: 'Disabling introspection'
     3  description: Prevent users from introspecting schemas in production.
     4  linkTitle: Introspection
     5  menu: { main: { parent: 'reference', weight: 10 } }
     6  ---
     7  
     8  One of the best features of GraphQL is it's powerful discoverability and its is automatically included when using `NewDefaultServer`.
     9  
    10  ## Disable introspection for the whole server
    11  
    12  To opt out of introspection globally you should build your own server with only the features you use. For example a simple server that only does POST, and only has introspection in dev could look like:
    13  ```go
    14  srv := handler.New(es)
    15  
    16  srv.AddTransport(transport.Options{})
    17  srv.AddTransport(transport.POST{})
    18  
    19  if os.GetEnv("ENVIRONMENT") == "development" {
    20      srv.Use(extension.Introspection{})
    21  }
    22  ```
    23  
    24  ## Disabling introspection based on authentication
    25  
    26  Introspection can also be enabled on a per-request context basis. For example, you could modify it in a middleware based on user authentication:
    27  
    28  ```go
    29  srv := handler.NewDefaultServer(es)
    30  srv.AroundOperations(func(ctx context.Context, next graphql.OperationHandler) graphql.ResponseHandler {
    31      if !userForContext(ctx).IsAdmin {
    32          graphql.GetOperationContext(ctx).DisableIntrospection = true
    33      }
    34  
    35      return next(ctx)
    36  })
    37  ```