How to create a whitelist for queries and mutations?

[RedFour]

Hi can some one show me how I can setup a whitelist for specific queries and mutations? I've been having a hard time location the query names in the request. I'm not finding the query at request.body.query and request.query.query that's sugguested in Apollo blog post for query whitelisting https://www.apollographql.com/blog/graphql/security/securing-your-graphql-api-from-malicious-queries/.

[n1ru4l]

In v3 document allow-listing can be achieved with a dedicated plugin: https://www.the-guild.dev/graphql/yoga-server/v3/features/persisted-operations

---

In v2 you can access the incoming GraphQL parameters on the context object: https://www.the-guild.dev/graphql/yoga-server/docs/features/context#default-context

[RedFour]

Thank you!

[enri90]

hi I can't install the repository via npm following this guide

Yoga server
persisted-operations

thx

npm resolution error report

While resolving: [email protected]
Found: @graphql-tools/[email protected]
node_modules/@graphql-tools/utils
@graphql-tools/utils@"8.12.0" from @graphql-tools/[email protected]
node_modules/@graphql-tools/merge
@graphql-tools/merge@"8.3.6" from @graphql-tools/[email protected]
node_modules/@graphql-tools/schema
@graphql-tools/schema@"^9.0.0" from @graphql-codegen/[email protected]
node_modules/@graphql-codegen/core
@graphql-codegen/core@"^3.1.0" from @graphql-codegen/[email protected]
node_modules/@graphql-codegen/cli
dev @graphql-codegen/cli@"^3.2.0" from the root project
@graphql-tools/schema@"9.0.4" from @graphql-tools/[email protected]
node_modules/@graphql-tools/mock
@graphql-tools/mock@"^8.1.2" from [email protected]
node_modules/apollo-server-core
optional apollo-server-core@"^3.10.0" from @escape.tech/[email protected]
node_modules/@escape.tech/graphql-armor
@escape.tech/graphql-armor@"^1.7.1" from the root project
@graphql-tools/schema@"^9.0.0" from [email protected]
node_modules/graphql-yoga
graphql-yoga@"^3.7.0" from the root project
@graphql-tools/merge@"^8.2.6" from [email protected]
node_modules/graphql-config
graphql-config@"^4.4.0" from @graphql-codegen/[email protected]
node_modules/@graphql-codegen/cli
dev @graphql-codegen/cli@"^3.2.0" from the root project
@graphql-tools/utils@"8.12.0" from @graphql-tools/[email protected]
node_modules/@graphql-tools/mock
@graphql-tools/mock@"^8.1.2" from [email protected]
node_modules/apollo-server-core
optional apollo-server-core@"^3.10.0" from @escape.tech/[email protected]
node_modules/@escape.tech/graphql-armor
@escape.tech/graphql-armor@"^1.7.1" from the root project
@graphql-tools/utils@"8.12.0" from @graphql-tools/[email protected]
node_modules/@graphql-tools/schema
@graphql-tools/schema@"^9.0.0" from @graphql-codegen/[email protected]
node_modules/@graphql-codegen/core
@graphql-codegen/core@"^3.1.0" from @graphql-codegen/[email protected]
node_modules/@graphql-codegen/cli
dev @graphql-codegen/cli@"^3.2.0" from the root project
@graphql-tools/schema@"9.0.4" from @graphql-tools/[email protected]
node_modules/@graphql-tools/mock
@graphql-tools/mock@"^8.1.2" from [email protected]
node_modules/apollo-server-core
optional apollo-server-core@"^3.10.0" from @escape.tech/[email protected]
node_modules/@escape.tech/graphql-armor
@escape.tech/graphql-armor@"^1.7.1" from the root project
@graphql-tools/schema@"^9.0.0" from [email protected]
node_modules/graphql-yoga
graphql-yoga@"^3.7.0" from the root project

Could not resolve dependency:
@graphql-yoga/plugin-persisted-operations@"*" from the root project

Conflicting peer dependency: @graphql-tools/[email protected]
node_modules/@graphql-tools/utils
peer @graphql-tools/utils@"^9.0.1" from @graphql-yoga/[email protected]
node_modules/@graphql-yoga/plugin-persisted-operations
@graphql-yoga/plugin-persisted-operations@"*" from the root project

"dependencies": {
"@escape.tech/graphql-armor": "^1.7.1",
"@pothos/core": "^3.26.0",
"@pothos/plugin-errors": "^3.11.0",
"@pothos/plugin-prisma": "^3.41.0",
"@pothos/plugin-relay": "^3.35.0",
"@pothos/plugin-scope-auth": "^3.18.0",
"@pothos/plugin-simple-objects": "^3.6.7",
"@pothos/plugin-tracing": "^0.5.7",
"@pothos/tracing-sentry": "^0.7.8",
"@prisma/client": "^4.10.1",
"@sentry/node": "^7.38.0",
"@sentry/tracing": "^7.38.0",
"axios": "^1.3.4",
"bcryptjs": "^2.4.3",
"express": "^4.18.2",
"graphql": "^16.6.0",
"graphql-scalars": "^1.20.1",
"graphql-yoga": "^3.7.0",
"jsonwebtoken": "^9.0.0",
"ms": "^2.1.3",
"passport": "^0.6.0",
"passport-facebook": "^3.0.0",
"passport-facebook-token": "^4.0.0",
"query-string": "^8.1.0",
"uuid": "^9.0.0"
},
"devDependencies": {
"@babel/cli": "^7.21.0",
"@babel/core": "^7.21.0",
"@babel/preset-env": "^7.20.2",
"@babel/preset-typescript": "^7.21.0",
"@cloudflare/workers-types": "^4.20230221.0",
"@faker-js/faker": "^7.6.0",
"@graphql-codegen/cli": "^3.2.0",
"@graphql-codegen/client-preset": "^2.1.0",
"@mermaid-js/mermaid-cli": "^9.3.0",
"@types/bcryptjs": "^2.4.2",
"@types/express": "^4.17.17",
"@types/jest": "^29.4.0",
"@types/jsonwebtoken": "^9.0.1",
"@types/node": "^18.14.1",
"@types/uuid": "^9.0.1",
"babel-jest": "^29.4.3",
"codice-fiscale-js": "^2.3.20",
"esbuild": "^0.17.10",
"jest": "^29.4.3",
"prettier-plugin-prisma": "^4.10.0",
"prisma": "^4.10.1",
"ts-jest": "^29.0.5",
"ts-node": "^10.9.1",
"ts-node-dev": "^2.0.0",
"typescript": "^4.9.5",
"wrangler": "^2.11.0"
},