feat: add @envelop/disable-introspection package (#130)

* feat: add @envelop/disable-introspection package

* updated readme

Co-authored-by: Dotan Simha <dotansimha@gmail.com>

.changeset/eleven-hotels-pull.md

@@ -0,0 +1,5 @@
+---
+'@envelop/disable-introspection': patch
+---
+
+Initial implementation of the plugin.

README.md

@@ -108,27 +108,28 @@ Here's a list of integrations and examples:
 
 We provide a few built-in plugins within the `@envelop/core`, and many more plugins as standalone packages.
 
-| Name                 | Package                                                                | Description                                                                    |
-| -------------------- | ---------------------------------------------------------------------- | ------------------------------------------------------------------------------ |
-| useSchema            | [`@envelop/core`](./packages/core#useschema)                           | Simplest plugin to provide your GraphQL schema.                                |
-| useErrorHandler      | [`@envelop/core`](./packages/core#useerrorhandler)                     | Get notified when any execution error occurs.                                  |
-| useExtendContext     | [`@envelop/core`](./packages/core#useextendcontext)                    | Extend execution context based on your needs.                                  |
-| useLogger            | [`@envelop/core`](./packages/core#uselogger)                           | Simple, yet powerful logging for GraphQL execution.                            |
-| usePayloadFormatter  | [`@envelop/core`](./packages/core#usepayloadformatter)                 | Format, clean and customize execution result.                                  |
-| useTiming            | [`@envelop/core`](./packages/core#usetiming)                           | Simple timing/tracing mechanism for your execution.                            |
-| useGraphQLJit        | [`@envelop/graphql-jit`](./packages/plugins/graphql-jit)               | Custom executor based on GraphQL-JIT.                                          |
-| useParserCache       | [`@envelop/parser-cache`](./packages/plugins/parser-cache)             | Simple LRU for caching `parse` results.                                        |
-| useValidationCache   | [`@envelop/validation-cache`](./packages/plugins/validation-cache)     | Simple LRU for caching `validate` results.                                     |
-| useDepthLimit        | [`@envelop/depth-limit`](./packages/plugins/depth-limit)               | Limits the depth of your GraphQL selection sets.                               |
-| useDataLoader        | [`@envelop/dataloader`](./packages/plugins/dataloader)                 | Simply injects a DataLoader instance into your context.                        |
-| useApolloTracing     | [`@envelop/apollo-tracing`](./packages/plugins/apollo-tracing)         | Integrates timing with Apollo-Tracing format (for GraphQL Playground)          |
-| useSentry            | [`@envelop/sentry`](./packages/plugins/sentry)                         | Tracks performance, timing and errors and reports it to Sentry.                |
-| useOpenTelemetry     | [`@envelop/opentelemetry`](./packages/plugins/opentelemetry)           | Tracks performance, timing and errors and reports in OpenTelemetry structure.  |
-| useGenericAuth       | [`@envelop/generic-auth`](./packages/plugins/generic-auth)             | Super flexible authentication, also supports `@auth` directive .               |
-| useAuth0             | [`@envelop/auth0`](./packages/plugins/auth0)                           | Validates Auth0 JWT tokens and injects the authenticated user to your context. |
-| useGraphQLModules    | [`@envelop/graphql-modules`](./packages/plugins/graphql-modules)       | Integrates the execution lifecycle of GraphQL-Modules.                         |
-| useGraphQLMiddleware | [`@envelop/graphql-middleware`](./packages/plugins/graphql-middleware) | Integrates middlewares written for `graphql-middleware`                        |
-| useRateLimiter       | [`@envelop/rate-limiter`](./packages/plugins/rate-limiter)             | Limit request rate via `@rateLimit` directive                                  |
+| Name                    | Package                                                                      | Description                                                                    |
+| ----------------------- | ---------------------------------------------------------------------------- | ------------------------------------------------------------------------------ |
+| useSchema               | [`@envelop/core`](./packages/core#useschema)                                 | Simplest plugin to provide your GraphQL schema.                                |
+| useErrorHandler         | [`@envelop/core`](./packages/core#useerrorhandler)                           | Get notified when any execution error occurs.                                  |
+| useExtendContext        | [`@envelop/core`](./packages/core#useextendcontext)                          | Extend execution context based on your needs.                                  |
+| useLogger               | [`@envelop/core`](./packages/core#uselogger)                                 | Simple, yet powerful logging for GraphQL execution.                            |
+| usePayloadFormatter     | [`@envelop/core`](./packages/core#usepayloadformatter)                       | Format, clean and customize execution result.                                  |
+| useTiming               | [`@envelop/core`](./packages/core#usetiming)                                 | Simple timing/tracing mechanism for your execution.                            |
+| useGraphQLJit           | [`@envelop/graphql-jit`](./packages/plugins/graphql-jit)                     | Custom executor based on GraphQL-JIT.                                          |
+| useParserCache          | [`@envelop/parser-cache`](./packages/plugins/parser-cache)                   | Simple LRU for caching `parse` results.                                        |
+| useValidationCache      | [`@envelop/validation-cache`](./packages/plugins/validation-cache)           | Simple LRU for caching `validate` results.                                     |
+| useDepthLimit           | [`@envelop/depth-limit`](./packages/plugins/depth-limit)                     | Limits the depth of your GraphQL selection sets.                               |
+| useDataLoader           | [`@envelop/dataloader`](./packages/plugins/dataloader)                       | Simply injects a DataLoader instance into your context.                        |
+| useApolloTracing        | [`@envelop/apollo-tracing`](./packages/plugins/apollo-tracing)               | Integrates timing with Apollo-Tracing format (for GraphQL Playground)          |
+| useSentry               | [`@envelop/sentry`](./packages/plugins/sentry)                               | Tracks performance, timing and errors and reports it to Sentry.                |
+| useOpenTelemetry        | [`@envelop/opentelemetry`](./packages/plugins/opentelemetry)                 | Tracks performance, timing and errors and reports in OpenTelemetry structure.  |
+| useGenericAuth          | [`@envelop/generic-auth`](./packages/plugins/generic-auth)                   | Super flexible authentication, also supports `@auth` directive .               |
+| useAuth0                | [`@envelop/auth0`](./packages/plugins/auth0)                                 | Validates Auth0 JWT tokens and injects the authenticated user to your context. |
+| useGraphQLModules       | [`@envelop/graphql-modules`](./packages/plugins/graphql-modules)             | Integrates the execution lifecycle of GraphQL-Modules.                         |
+| useGraphQLMiddleware    | [`@envelop/graphql-middleware`](./packages/plugins/graphql-middleware)       | Integrates middlewares written for `graphql-middleware`                        |
+| useRateLimiter          | [`@envelop/rate-limiter`](./packages/plugins/rate-limiter)                   | Limit request rate via `@rateLimit` directive                                  |
+| useDisableIntrospection | [`@envelop/disable-introspection`](./packages/plugins/disable-introspection) | Disables introspection by adding a validation rule                             |
 
 ## Sharing `envelop`s
 

packages/plugins/disable-introspection/README.md

@@ -0,0 +1,20 @@
+## `@envelop/disable-introspection`
+
+This plugin injects the `NoSchemaIntrospectionCustomRule` validation rule exported from the `graphql` module to the validation phase for disabling introspection.
+
+## Getting Started
+
+```
+yarn add @envelop/disable-introspection
+```
+
+## Usage Example
+
+```ts
+import { envelop } from '@envelop/core';
+import { useDisableIntrospection } from '@envelop/disable-introspection';
+
+const getEnveloped = envelop({
+  plugins: [useDisableIntrospection()],
+});
+```

packages/plugins/disable-introspection/package.json

@@ -0,0 +1,38 @@
+{
+  "name": "@envelop/disable-introspection",
+  "version": "0.0.0",
+  "author": "Dotan Simha <dotansimha@gmail.com>",
+  "license": "MIT",
+  "sideEffects": false,
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/dotansimha/envelop.git",
+    "directory": "packages/plugins/disable-introspection"
+  },
+  "main": "dist/index.cjs.js",
+  "module": "dist/index.esm.js",
+  "typings": "dist/index.d.ts",
+  "typescript": {
+    "definition": "dist/index.d.ts"
+  },
+  "scripts": {
+    "test": "jest",
+    "prepack": "bob prepack"
+  },
+  "dependencies": {},
+  "devDependencies": {
+    "bob-the-bundler": "1.2.0",
+    "graphql": "15.5.0",
+    "typescript": "4.2.4"
+  },
+  "peerDependencies": {
+    "graphql": "^14.0.0 || ^15.0.0"
+  },
+  "buildOptions": {
+    "input": "./src/index.ts"
+  },
+  "publishConfig": {
+    "directory": "dist",
+    "access": "public"
+  }
+}

packages/plugins/disable-introspection/src/index.ts

@@ -0,0 +1,10 @@
+import { NoSchemaIntrospectionCustomRule } from 'graphql';
+import { Plugin } from '@envelop/types';
+
+export const useDisableIntrospection = (): Plugin => {
+  return {
+    onValidate: ({ addValidationRule }) => {
+      addValidationRule(NoSchemaIntrospectionCustomRule);
+    },
+  };
+};