npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@herojourneyclub/hasura-allow-list-manager

v1.1.2

Published

Populate the Hasura allow-list from found GraphQL operations in your project

Downloads

318

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

tcatictcaticfrenchychieffrenchychief

Keywords

HasuraGraphQL

Readme

Manager for hasura allow-list

Automatically Populate the Hasura allow-list from found GraphQL operations in a path, including queries, mutations, and subscriptions. Supports update and versioning.

More on Hasura allow-list

Why

From hasura:

In production instances: Enabling the allow-list is highly recommended when running the GraphQL engine in production.

Allow list is a important security feature that restrict the GraphQL engine so that it executes only those operations that are present in the list. But managing allow-list manually can be tendious and prone to error.

How it works

The local queries, mutations, and subscriptions defined in .graphql or .gql files will be compared with the remote Hasura server. The allow list manager will fetch all allowed queries from the remote Hasura instance, add new queries, update existing ones and store the final query_collection files locally. Make sure to apply the new metadata to hasura after the allow list manager ran.

Versioning behavior

  • -v --version <version> allows to version queries instead of updating them. This is especially useful for mobile app where client can take several weeks to update.
  • The current behavior is to never remove past queries. When a query with the same name and different query is detected, it will create a new query to the allow list collection with the current timestamp and version.
  • The version query name format is the following: $NAME___($TIMESTAMP-$VERSION)
  • If you start versioning, you must continue versioning.

Installation

npm install --save-dev @herojourneyclub/hasura-allow-list-manager

or yarn

yarn add --dev @herojourneyclub/hasura-allow-list-manager

Usage

hasura-allow-list-manager [options]
hasura apply-metadata

Options

  • -h | --host <uri> Hasura host URI
  • -s | --admin-secret <key> Hasura admin secret
  • -p | --path <path> Source path with gql or graphql files
  • -f | --force-replace Replace change queries, not prompt and asking for continue
  • -i | --allow-instrospection Send the Introspection query with your queries
  • -r | --reset Delete all allow lists before running insert
  • -v | --version <version> Version queries instead of replacing them. Incompatible with -f
  • --version-max-version Maximum number of versions to keep per query. Will always keep at least 1
  • --version-max-day Maximum age (in days) of query versions to keep. Will always keep at least 1
  • --query-collection-path Path were the final query_collection will be stored

Examples

With update:

hasura-allow-list-manager -h http://localhost:8080 -s my-admin-secret -p './**/*.graphql' -f

With versionning:

GIT_VERSION=$(git log --pretty=format:"%h" -1)
hasura-allow-list-manager -h http://localhost:8080 -s my-admin-secret -p './**/*.graphql' -v ${GIT_VERSION}

--version-max-version and --version-max-age examples:

All queries are stored in the format of <query_name>__(<timestamp>-<version>). In the example the timestamp is a simple integer value.

{
    "GetProfile__(1_version-1)": "query GetProfile { Users { id } }",
    "GetProfile__(2_version-2)": "query GetProfile { Users { id, firstName } }",
    "GetProfile__(3_version-3)": "query GetProfile { Users { id, lastName } }"
}

Running the allow list manager with --version-max-version 2 would result in keeping the 2 most recent versions, so:

{
    "GetProfile__(2_version-2)": "query GetProfile { Users { id, firstName } }",
    "GetProfile__(3_version-3)": "query GetProfile { Users { id, lastName } }"
}

Running the allow list manager with --version-max-age 1 would keep all queries in the list that are 1 day old. If they are all older it would keep the most recent one. If we assume that todays timestamp is 4 then we would keep this:

{
    "GetProfile__(3_version-3)": "query GetProfile { Users { id, lastName } }"
}

Development

In order to run it locally you'll need to fetch some dependencies and run the cli.

  1. Install dependencies:
npm install

or

yarn install
  1. To run the cli:
npm run dev -- -h http://localhost:8080 -s my-admin-secret -p '**/*.graphql'

or

yarn dev -h http://localhost:8080 -s my-admin-secret -p '**/*.graphql'

Contributing

Contribution are welcome. Send us your PR or open a issue ticket. Let's build together.

Credits

Fork from: