Disable Alpha endpoints via commandline flags

gotjoshua · September 30, 2020, 6:53pm

Experience Report for Feature Request

The problem is that we go through all the effort to set up poor man’s auth and use GraphQL endpoints instead of the native Dgraph endpoints, but the native endpoints are still available and unprotected.

What you wanted to do

Easily Disable the DQL endpoints via flags such as:

--disable-dql-all
--disable-dql-alter
--disable-dql-mutate
--disable-dql-query
etc...

What you actually did

Set up a reverse proxy to block the DQL endpoints

Why that wasn’t great, with examples

I think its clear and there are many posts and comments spread all over… in short, the endpoints should be shut down, not blocked by an external strategy.

Side note: Actually, I would much prefer that @auth directives would be respected by DQL, and that the core team revisits the ACL as enterprise only feature decision. But until then, those of us who choose self-hosted with poor man’s auth will be happy for an easy way to disable DQL and go for GQL only.

Any external references to support your case

MichelDiz · September 30, 2020, 7:36pm

@LGalatin I think this is useful. Especially for those who will use GraphQL only. I’ll accept(to the backlog) it.

This option already exists. See https://dgraph.io/docs/deploy/admin/

Topic		Replies	Views
Poor man's auth in GraphQL Dev rfc	0	855	July 13, 2020
Authorization for DQL Dgraph kind:question	2	1157	September 20, 2020
DQL queries need to respect GraphQL @auth rules Dgraph auth , dgraph , area:security	7	1651	October 1, 2020
Authentication for admin endpoints Dev graphql , eng , auth , admin	10	2545	October 11, 2021
Add Poor-man’s auth to Ratel UI Ratel status:accepted , kind:feature , ratel	1	908	February 26, 2021