From 8d2f79cf246a0a84bfc061ac5b86ce77d0e8b70b Mon Sep 17 00:00:00 2001 From: jeremystretch Date: Tue, 29 Jun 2021 13:30:38 -0400 Subject: [PATCH] Add configuration parameter to toggle GraphQL API --- docs/configuration/optional-settings.md | 8 ++++++++ netbox/netbox/configuration.example.py | 3 +++ netbox/netbox/graphql/views.py | 6 +++++- netbox/netbox/settings.py | 1 + netbox/netbox/tests/test_graphql.py | 9 +++++++++ 5 files changed, 26 insertions(+), 1 deletion(-) diff --git a/docs/configuration/optional-settings.md b/docs/configuration/optional-settings.md index 9653968fe..31f7837de 100644 --- a/docs/configuration/optional-settings.md +++ b/docs/configuration/optional-settings.md @@ -201,6 +201,14 @@ EXEMPT_VIEW_PERMISSIONS = ['*'] --- +## GRAPHQL_ENABLED + +Default: True + +Setting this to False will disable the GraphQL API. + +--- + ## HTTP_PROXIES Default: None diff --git a/netbox/netbox/configuration.example.py b/netbox/netbox/configuration.example.py index 8f3612a36..c6865a6ba 100644 --- a/netbox/netbox/configuration.example.py +++ b/netbox/netbox/configuration.example.py @@ -149,6 +149,9 @@ EXEMPT_VIEW_PERMISSIONS = [ # 'ipam.prefix', ] +# Enable the GraphQL API +GRAPHQL_ENABLED = True + # HTTP proxies NetBox should use when sending outbound HTTP requests (e.g. for webhooks). # HTTP_PROXIES = { # 'http': 'http://10.10.1.10:3128', diff --git a/netbox/netbox/graphql/views.py b/netbox/netbox/graphql/views.py index 047f7bab3..18ed3843d 100644 --- a/netbox/netbox/graphql/views.py +++ b/netbox/netbox/graphql/views.py @@ -1,6 +1,6 @@ from django.conf import settings from django.contrib.auth.views import redirect_to_login -from django.http import HttpResponseForbidden +from django.http import HttpResponseNotFound, HttpResponseForbidden from django.urls import reverse from graphene_django.views import GraphQLView as GraphQLView_ from rest_framework.exceptions import AuthenticationFailed @@ -14,6 +14,10 @@ class GraphQLView(GraphQLView_): """ def dispatch(self, request, *args, **kwargs): + # Enforce GRAPHQL_ENABLED + if not settings.GRAPHQL_ENABLED: + return HttpResponseNotFound("The GraphQL API is not enabled.") + # Attempt to authenticate the user using a DRF token, if provided if not request.user.is_authenticated: authenticator = TokenAuthentication() diff --git a/netbox/netbox/settings.py b/netbox/netbox/settings.py index b64618ea5..9014ac656 100644 --- a/netbox/netbox/settings.py +++ b/netbox/netbox/settings.py @@ -83,6 +83,7 @@ DOCS_ROOT = getattr(configuration, 'DOCS_ROOT', os.path.join(os.path.dirname(BAS EMAIL = getattr(configuration, 'EMAIL', {}) ENFORCE_GLOBAL_UNIQUE = getattr(configuration, 'ENFORCE_GLOBAL_UNIQUE', False) EXEMPT_VIEW_PERMISSIONS = getattr(configuration, 'EXEMPT_VIEW_PERMISSIONS', []) +GRAPHQL_ENABLED = getattr(configuration, 'GRAPHQL_ENABLED', True) HTTP_PROXIES = getattr(configuration, 'HTTP_PROXIES', None) INTERNAL_IPS = getattr(configuration, 'INTERNAL_IPS', ('127.0.0.1', '::1')) LOGGING = getattr(configuration, 'LOGGING', {}) diff --git a/netbox/netbox/tests/test_graphql.py b/netbox/netbox/tests/test_graphql.py index 483c125a2..2cf9ee87b 100644 --- a/netbox/netbox/tests/test_graphql.py +++ b/netbox/netbox/tests/test_graphql.py @@ -6,6 +6,15 @@ from utilities.testing import disable_warnings, TestCase class GraphQLTestCase(TestCase): + @override_settings(GRAPHQL_ENABLED=False) + def test_graphql_enabled(self): + """ + The /graphql URL should return a 404 when GRAPHQL_ENABLED=False + """ + url = reverse('graphql') + response = self.client.get(url) + self.assertHttpStatus(response, 404) + @override_settings(LOGIN_REQUIRED=True) def test_graphiql_interface(self): """