This package is using the packages `bcrypt` and `jsonwebtoken` in order to provide some reusable functions for GraphQL authentication.
A Query Language and Runtime which can target any service.
Coherent, zero-dependency, lazy, simple, GraphQL over WebSocket Protocol compliant server and client
No description provided.
OpenTelemetry instrumentation for `graphql` gql query language and runtime for GraphQL
A JavaScript template literal tag that parses GraphQL queries
No description provided.
Fork of GraphQL.js' execute function
Minimal GraphQL client supporting Node and browsers for scripts or simple apps.
This is the core package for Envelop. You can find a complete documentation here: https://github.com/graphql-hive/envelop
The easiest way to configure your development environment with your GraphQL schema (supported by most tools, editors & IDEs)
GitHub GraphQL API client for browsers and Node
Utilities for GraphQL documents.
A spec-compliant client-side GraphQL implementation
Pluck graphql-tag template literals
A collection of scalar types not included in base GraphQL.
The official, runtime independent Language Service for GraphQL
No description provided.
A data loading utility to reduce requests to a backend via batching and caching.
GraphQL subscriptions for node.js
This is an internal package. Please don't use this package directly. The package will do unexpected breaking changes.
A set of utils for faster development of GraphQL tools
Simple, pluggable, zero-dependency, GraphQL over HTTP spec compliant server, client and audit suite.
Core engine for Apollo GraphQL server
Expose user permissions in your GraphQL schema
An OmniAuth strategy for authenticating with Wave accounting (by H&R Block) using OAuth 2.0. Fetches user and business info via Wave's GraphQL API.
The middleware makes sure any request to specified paths would have been preflighted if it was sent by a browser. We don't want random websites to be able to execute actual GraphQL operations from a user's browser unless our CORS policy supports it. It's not good enough just to ensure that the browser can't read the response from the operation; we also want to prevent CSRF, where the attacker can cause side effects with an operation or can measure the timing of a read operation. Our goal is to ensure that we don't run the context function or execute the GraphQL operation until the browser has evaluated the CORS policy, which means we want all operations to be pre-flighted. We can do that by only processing operations that have at least one header set that appears to be manually set by the JS code rather than by the browser automatically. POST requests generally have a content-type `application/json`, which is sufficient to trigger preflighting. So we take extra care with requests that specify no content-type or that specify one of the three non-preflighted content types. For those operations, we require one of a set of specific headers to be set. By ensuring that every operation either has a custom content-type or sets one of these headers, we know we won't execute operations at the request of origins who our CORS policy will block.