11 مستودعات
Protective measures for GraphQL APIs including complexity and depth analysis.
Distinguishing note: Focuses on preventing resource exhaustion in GraphQL specifically.
Explore 11 awesome GitHub repositories matching security & cryptography · GraphQL Security. Refine with filters or upvote what's useful.
Payload is a headless content management system and application framework that uses a code-first approach to define data schemas and administrative interfaces. By utilizing a centralized, type-safe configuration object, it automatically generates database schemas, API endpoints, and a fully customizable admin panel. The system is built on a database-agnostic architecture, allowing it to interface with various storage engines while providing a unified, type-safe API for server-side operations, REST, and GraphQL. What distinguishes Payload is its deep extensibility and developer-centric design.
Protects GraphQL APIs by rejecting queries that exceed defined complexity thresholds.
The OWASP Cheat Sheet Series is a comprehensive, community-driven repository of concise security best practices and defensive coding patterns. It serves as a centralized knowledge base for developers and security professionals, providing actionable guidance to secure applications across the entire software development lifecycle. The project covers a vast array of security domains, ranging from fundamental web application hardening and authentication protocols to specialized controls for modern infrastructure and artificial intelligence systems. What distinguishes this project is its decentral
Limits query depth and enforces field-level authorization to prevent resource exhaustion.
This project is a comprehensive API security audit checklist and vulnerability audit framework. It provides a structured guide of security countermeasures for designing, testing, and deploying secure APIs across various protocols. The framework includes specialized guides for securing OAuth 2.0 authorization flows, implementing zero trust networking for service-to-service communication, and protecting GraphQL endpoints from resource exhaustion and information leakage. It also provides standards for integrating static analysis, dynamic scanning, and secret detection into CI/CD delivery pipelin
Provides specialized protections for GraphQL endpoints to prevent resource exhaustion and introspection leaks.
Casbin is an authorization library that provides a model-based engine for enforcing access control across diverse application environments. It decouples authorization logic from application code by using a configuration-driven approach, allowing developers to define access rules and evaluation logic independently. The system supports a wide range of access control models, including role-based, attribute-based, and relationship-based patterns, which are evaluated at runtime to determine if a subject is permitted to perform an action on a resource. The project distinguishes itself through a hig
Intercepts GraphQL requests before they reach resolvers to validate permissions against defined authorization policies.
Awesome GraphQL is a curated directory and resource collection for the GraphQL ecosystem. It serves as a central index for developers to discover libraries, tools, and specifications required for building, testing, and managing data layer implementations across various programming languages. The repository provides access to a comprehensive range of utilities that support the entire GraphQL lifecycle. This includes resources for server-side API development, client-side integration, and schema management. It also highlights tools for security enforcement, such as rate limiting and input valida
Highlights security measures for GraphQL APIs including rate limiting and permission enforcement.
This project is a comprehensive educational resource and fullstack tutorial for GraphQL development. It provides instructional content and guides focused on designing schemas, implementing servers, and managing the end-to-end workflow of building production-ready applications. The material covers the conceptual differences between graph-based data structures and traditional API architectures. It includes a dedicated security course and guides for client integration, teaching users how to fetch data, manage application state, and apply protection measures to secure API endpoints. The scope of
Includes a dedicated course on applying authentication and protection measures to secure API endpoints.
Yoga is a GraphQL server framework and runtime-agnostic HTTP handler used to build and deploy GraphQL APIs. It functions as a toolkit for managing schemas and resolvers, providing a spec-compliant environment for hosting APIs across diverse JavaScript runtimes, including Node.js, Deno, Bun, and serverless cloud environments. The project distinguishes itself through its ability to act as an Apollo Federation gateway, composing multiple subgraphs into a single unified supergraph. It also serves as a dedicated subscription server, delivering real-time data streaming via both WebSockets and Serve
Protects APIs using complexity and depth analysis, internal error masking, and persisted operation enforcement.
Type-graphql is a framework for building GraphQL servers that uses TypeScript classes as the single source of truth for schema definitions and types. It provides a schema generator and a resolver framework that allows developers to define queries and mutations using class-based controllers and decorators. The project focuses on a schema-first approach where TypeScript classes and metadata reflection are used to automatically derive GraphQL schemas. It incorporates a dependency injection container to manage the instantiation and lifecycle of resolver classes. The system includes a middleware
Ships a system of authorization interceptors to restrict access to resolvers via guards.
Vendure is a Node.js e-commerce engine and headless commerce framework built with NestJS and TypeScript. It serves as a multi-channel commerce platform that manages product catalogs, orders, and customers via a strongly typed GraphQL API. The platform is distinguished by its highly extensible architecture, featuring a customizable administrative dashboard where developers can inject custom React components and entity views. It supports multi-channel commerce, allowing the isolation of products, currencies, and regional catalogs from a single unified backend. The engine covers a broad range o
Protects GraphQL APIs by disabling schema introspection and enforcing query complexity limits.
GraphQL-Ruby هو مكتبة Ruby لبناء واجهات برمجة تطبيقات GraphQL بمخطط مكتوب بقوة ومحرك تنفيذ استعلام مخصص. يوفر إطار عمل شاملاً لربط كائنات التطبيق بنظام أنواع رسمي، مما يتيح جلب البيانات المهيكلة من خلال أدوات حل (Resolvers) محددة. يتميز المشروع بآليات متقدمة للأداء والتسليم، بما في ذلك محمل بيانات (Data Loader) للتجميع والتخزين المؤقت لمنع أنماط استعلام N+1. يدعم تسليم البيانات عالي الأداء من خلال بث الاستجابة التزايدي، واستجابات الاستعلام المؤجلة، وجلب البيانات المتوازي باستخدام الألياف (Fibers). بالإضافة إلى ذلك، يوفر دعماً أصلياً لاتفاقيات Relay، بما في ذلك مساعدين متخصصين للاتصالات وتحديد الكائنات. تغطي المكتبة مساحة واسعة من إدارة واجهة برمجة التطبيقات، وتتميز بالتحكم الدقيق في الوصول، وإصدار المخطط للحفاظ على التوافق مع الإصدارات السابقة، والتحديثات في الوقت الفعلي عبر الاشتراكات. كما تتضمن أدوات إدارة حركة المرور لحماية موارد الخادم، مثل تحديد تعقيد الاستعلام وتحديد معدل الطلب. يتم دعم التطوير وقابلية المراقبة من خلال أدوات تحليل AST، وتتبع التنفيذ، وأدوات اختبار متخصصة للتحقق من التحميل المجمع.
Provides protective measures including complexity analysis, depth limiting, and object-level authorization to secure the API.
graphql-go is a schema-first GraphQL library and server implementation for Go. It provides a query execution engine and schema parser that converts schema definition strings into executable structures and validates resolver signatures. The library also includes a streaming implementation for real-time GraphQL subscriptions using channels within resolvers. The project distinguishes itself through parallel resolver execution to reduce request latency and the use of buffer-pool memory management to lower garbage collection overhead. It enables the creation of cloneable schema instances from a sh
Protects GraphQL APIs from resource exhaustion by limiting query depth and complexity.