github.com/vektah/gqlgen@v0.7.2/docs/content/reference/introspection.md

github.com/vektah/gqlgen@v0.7.2/docs/content/reference/introspection.md (about)

     1  ---
     2  title: 'Disabling introspection'
     3  description: Prevent users from introspecting schemas in production.
     4  linkTitle: Introspection
     5  menu: { main: { parent: 'reference' } }
     6  ---
     7  
     8  One of the best features of GraphQL is it's powerful discoverability, but sometimes you don't want to allow others to explore your endpoint.
     9  
    10  ## Disable introspection for the whole server
    11  
    12  To turn introspection on and off at runtime, pass the `IntrospectionEnabled` handler option when starting the server:
    13  
    14  ```go
    15  srv := httptest.NewServer(
    16  	handler.GraphQL(
    17  		NewExecutableSchema(Config{Resolvers: resolvers}),
    18  		handler.IntrospectionEnabled(false),
    19  	),
    20  )
    21  ```
    22  
    23  ## Disabling introspection based on authentication
    24  
    25  Introspection can also be enabled on a per-request context basis.  For example, you could modify it in a middleware based on user authentication:
    26  
    27  ```go
    28  srv := httptest.NewServer(
    29  	handler.GraphQL(
    30  		NewExecutableSchema(Config{Resolvers: resolvers}),
    31  		handler.RequestMiddleware(func(ctx context.Context, next func(ctx context.Context) []byte) []byte {
    32  			if userForContext(ctx).IsAdmin {
    33  				graphql.GetRequestContext(ctx).DisableIntrospection = true
    34  			}
    35  
    36  			return next(ctx)
    37  		}),
    38  	),
    39  )
    40  ```