11 Repos
Protective measures for GraphQL APIs including complexity and depth analysis.
Distinguishing note: Focuses on preventing resource exhaustion in GraphQL specifically.
Explore 11 awesome GitHub repositories matching security & cryptography · GraphQL Security. Refine with filters or upvote what's useful.
Payload is a headless content management system and application framework that uses a code-first approach to define data schemas and administrative interfaces. By utilizing a centralized, type-safe configuration object, it automatically generates database schemas, API endpoints, and a fully customizable admin panel. The system is built on a database-agnostic architecture, allowing it to interface with various storage engines while providing a unified, type-safe API for server-side operations, REST, and GraphQL. What distinguishes Payload is its deep extensibility and developer-centric design.
Protects GraphQL APIs by rejecting queries that exceed defined complexity thresholds.
The OWASP Cheat Sheet Series is a comprehensive, community-driven repository of concise security best practices and defensive coding patterns. It serves as a centralized knowledge base for developers and security professionals, providing actionable guidance to secure applications across the entire software development lifecycle. The project covers a vast array of security domains, ranging from fundamental web application hardening and authentication protocols to specialized controls for modern infrastructure and artificial intelligence systems. What distinguishes this project is its decentral
Limits query depth and enforces field-level authorization to prevent resource exhaustion.
This project is a comprehensive API security audit checklist and vulnerability audit framework. It provides a structured guide of security countermeasures for designing, testing, and deploying secure APIs across various protocols. The framework includes specialized guides for securing OAuth 2.0 authorization flows, implementing zero trust networking for service-to-service communication, and protecting GraphQL endpoints from resource exhaustion and information leakage. It also provides standards for integrating static analysis, dynamic scanning, and secret detection into CI/CD delivery pipelin
Provides specialized protections for GraphQL endpoints to prevent resource exhaustion and introspection leaks.
Casbin is an authorization library that provides a model-based engine for enforcing access control across diverse application environments. It decouples authorization logic from application code by using a configuration-driven approach, allowing developers to define access rules and evaluation logic independently. The system supports a wide range of access control models, including role-based, attribute-based, and relationship-based patterns, which are evaluated at runtime to determine if a subject is permitted to perform an action on a resource. The project distinguishes itself through a hig
Intercepts GraphQL requests before they reach resolvers to validate permissions against defined authorization policies.
Awesome GraphQL is a curated directory and resource collection for the GraphQL ecosystem. It serves as a central index for developers to discover libraries, tools, and specifications required for building, testing, and managing data layer implementations across various programming languages. The repository provides access to a comprehensive range of utilities that support the entire GraphQL lifecycle. This includes resources for server-side API development, client-side integration, and schema management. It also highlights tools for security enforcement, such as rate limiting and input valida
Highlights security measures for GraphQL APIs including rate limiting and permission enforcement.
This project is a comprehensive educational resource and fullstack tutorial for GraphQL development. It provides instructional content and guides focused on designing schemas, implementing servers, and managing the end-to-end workflow of building production-ready applications. The material covers the conceptual differences between graph-based data structures and traditional API architectures. It includes a dedicated security course and guides for client integration, teaching users how to fetch data, manage application state, and apply protection measures to secure API endpoints. The scope of
Includes a dedicated course on applying authentication and protection measures to secure API endpoints.
Yoga is a GraphQL server framework and runtime-agnostic HTTP handler used to build and deploy GraphQL APIs. It functions as a toolkit for managing schemas and resolvers, providing a spec-compliant environment for hosting APIs across diverse JavaScript runtimes, including Node.js, Deno, Bun, and serverless cloud environments. The project distinguishes itself through its ability to act as an Apollo Federation gateway, composing multiple subgraphs into a single unified supergraph. It also serves as a dedicated subscription server, delivering real-time data streaming via both WebSockets and Serve
Protects APIs using complexity and depth analysis, internal error masking, and persisted operation enforcement.
Type-graphql is a framework for building GraphQL servers that uses TypeScript classes as the single source of truth for schema definitions and types. It provides a schema generator and a resolver framework that allows developers to define queries and mutations using class-based controllers and decorators. The project focuses on a schema-first approach where TypeScript classes and metadata reflection are used to automatically derive GraphQL schemas. It incorporates a dependency injection container to manage the instantiation and lifecycle of resolver classes. The system includes a middleware
Ships a system of authorization interceptors to restrict access to resolvers via guards.
Vendure is a Node.js e-commerce engine and headless commerce framework built with NestJS and TypeScript. It serves as a multi-channel commerce platform that manages product catalogs, orders, and customers via a strongly typed GraphQL API. The platform is distinguished by its highly extensible architecture, featuring a customizable administrative dashboard where developers can inject custom React components and entity views. It supports multi-channel commerce, allowing the isolation of products, currencies, and regional catalogs from a single unified backend. The engine covers a broad range o
Protects GraphQL APIs by disabling schema introspection and enforcing query complexity limits.
GraphQL-Ruby ist eine Ruby-Bibliothek zum Erstellen von GraphQL-APIs mit einem stark typisierten Schema und einer dedizierten Query-Execution-Engine. Sie bietet ein umfassendes Framework zum Mappen von Anwendungsobjekten auf ein formales Typsystem, was strukturiertes Datenabrufen durch definierte Resolver ermöglicht. Das Projekt zeichnet sich durch fortschrittliche Performance- und Bereitstellungsmechanismen aus, darunter einen Data Loader für Batching und Caching zur Vermeidung von N+1-Abfragemustern. Es unterstützt leistungsstarke Datenbereitstellung durch inkrementelles Response-Streaming, verzögerte Abfrageantworten und paralleles Datenabrufen mittels Fibers. Zudem bietet es native Unterstützung für Relay-Konventionen, einschließlich spezialisierter Helfer für Connections und Objektidentifikation. Die Bibliothek deckt ein breites Spektrum an API-Management ab, einschließlich fein abgestufter Zugriffskontrolle, Schema-Versionierung zur Wahrung der Abwärtskompatibilität und Echtzeit-Updates via Subscriptions. Sie enthält zudem Traffic-Management-Tools zum Schutz von Serverressourcen, wie z. B. die Begrenzung der Abfragekomplexität und Request-Rate-Limiting. Entwicklung und Observability werden durch AST-Analysewerkzeuge, Execution-Tracing und spezialisierte Test-Utilities zur Verifizierung von Batch-Loading unterstützt.
Provides protective measures including complexity analysis, depth limiting, and object-level authorization to secure the API.
graphql-go ist eine schema-first GraphQL-Bibliothek und Server-Implementierung für Go. Sie bietet eine Query-Ausführungs-Engine und einen Schema-Parser, der Schema-Definitions-Strings in ausführbare Strukturen konvertiert und Resolver-Signaturen validiert. Die Bibliothek enthält zudem eine Streaming-Implementierung für Echtzeit-GraphQL-Subscriptions unter Verwendung von Channels innerhalb von Resolvern. Das Projekt zeichnet sich durch parallele Resolver-Ausführung zur Reduzierung der Anfragelatenz und die Verwendung von Buffer-Pool-Speichermanagement zur Senkung des Garbage-Collection-Overheads aus. Es ermöglicht die Erstellung klonbarer Schema-Instanzen aus einem geteilten Syntaxbaum, um eindeutige Resolver-Konfigurationen oder Overrides anzuwenden. Die Bibliothek deckt breite Funktionsbereiche ab, einschließlich Schema-Management mit benutzerdefinierten Skalar-Definitionen und Metadaten-Export sowie Sicherheit durch Query-Tiefen- und Komplexitätsbegrenzungen. Sie bietet zudem Tools für effizienten Datenabruf durch Selection-Set-Inspektion, um N+1-Abfragen zu verhindern, sowie Observability durch Execution-Tracing und Resolver-Panic-Handling.
Protects GraphQL APIs from resource exhaustion by limiting query depth and complexity.