Merge pull request #11159 from appwrite/feat-graphql-introspection

2026-05-23 00:49:02 +00:00 · 2026-01-19 21:58:56 +13:00 · 2026-01-19 21:58:56 +13:00 · a7898b3d5b
commit a7898b3d5b
parent 72ce068714 5d24b51421
5 changed files with 17 additions and 2 deletions
--- a/.env
+++ b/.env
@ -106,6 +106,7 @@ _APP_INTERVAL_CLEANUP_STALE_EXECUTIONS=300
 _APP_USAGE_STATS=enabled
 _APP_LOGGING_CONFIG=
 _APP_LOGGING_CONFIG_REALTIME=
+_APP_GRAPHQL_INTROSPECTION=enabled
 _APP_GRAPHQL_MAX_BATCH_SIZE=10
 _APP_GRAPHQL_MAX_COMPLEXITY=250
 _APP_GRAPHQL_MAX_DEPTH=4
@ -127,4 +128,4 @@ _APP_WEBHOOK_MAX_FAILED_ATTEMPTS=10
 _APP_PROJECT_REGIONS=default
 _APP_FUNCTIONS_CREATION_ABUSE_LIMIT=5000
 _APP_STATS_USAGE_DUAL_WRITING_DBS=database_db_main
-_APP_TRUSTED_HEADERS=x-forwarded-for
+_APP_TRUSTED_HEADERS=x-forwarded-for
--- a/app/config/variables.php
+++ b/app/config/variables.php
@ -1285,6 +1285,15 @@ return [
        'category' => 'GraphQL',
        'description' => '',
        'variables' => [
+            [
+                'name' => '_APP_GRAPHQL_INTROSPECTION',
+                'description' => 'Enable or disable GraphQL introspection. Set to \'enabled\' to allow schema introspection, or \'disabled\' to block it. The default value is \'enabled\'.',
+                'introduction' => '',
+                'default' => 'enabled',
+                'required' => false,
+                'question' => '',
+                'filter' => ''
+            ],
            [
                'name' => '_APP_GRAPHQL_MAX_BATCH_SIZE',
                'description' => 'Maximum number of batched queries per request. The default value is 10.',
--- a/app/controllers/api/graphql.php
+++ b/app/controllers/api/graphql.php
@ -224,8 +224,11 @@ function execute(
    $flags = DebugFlag::INCLUDE_DEBUG_MESSAGE | DebugFlag::INCLUDE_TRACE;
    $validations = GraphQL::getStandardValidationRules();

-    if (System::getEnv('_APP_OPTIONS_ABUSE', 'enabled') !== 'disabled') {
+    if (System::getEnv('_APP_GRAPHQL_INTROSPECTION', 'enabled') === 'disabled') {
        $validations[] = new DisableIntrospection();
+    }
+
+    if (System::getEnv('_APP_OPTIONS_ABUSE', 'enabled') !== 'disabled') {
        $validations[] = new QueryComplexity($maxComplexity);
        $validations[] = new QueryDepth($maxDepth);
    }
--- a/app/views/install/compose.phtml
+++ b/app/views/install/compose.phtml
@ -165,6 +165,7 @@ $enableAssistant = $this->getParam('enableAssistant', false);
      - _APP_MAINTENANCE_RETENTION_SCHEDULES
      - _APP_SMS_PROVIDER
      - _APP_SMS_FROM
+      - _APP_GRAPHQL_INTROSPECTION
      - _APP_GRAPHQL_MAX_BATCH_SIZE
      - _APP_GRAPHQL_MAX_COMPLEXITY
      - _APP_GRAPHQL_MAX_DEPTH
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -200,6 +200,7 @@ services:
      - _APP_MAINTENANCE_RETENTION_SCHEDULES
      - _APP_SMS_PROVIDER
      - _APP_SMS_FROM
+      - _APP_GRAPHQL_INTROSPECTION
      - _APP_GRAPHQL_MAX_BATCH_SIZE
      - _APP_GRAPHQL_MAX_COMPLEXITY
      - _APP_GRAPHQL_MAX_DEPTH