https://github.com/getsugatenchiro/graphql-security
GraphQL Security Project
https://github.com/getsugatenchiro/graphql-security
apollo auditing damn-vulnerable-web-application envelop fingerprinting graphql graphql-security hacking hacktoberfest owasp pentesting spring-boot spring-security typescript
Last synced: 3 months ago
JSON representation
GraphQL Security Project
- Host: GitHub
- URL: https://github.com/getsugatenchiro/graphql-security
- Owner: Getsugatenchiro
- Created: 2025-04-11T10:34:26.000Z (about 1 year ago)
- Default Branch: master
- Last Pushed: 2025-10-04T20:55:44.000Z (9 months ago)
- Last Synced: 2025-10-04T22:25:01.910Z (9 months ago)
- Topics: apollo, auditing, damn-vulnerable-web-application, envelop, fingerprinting, graphql, graphql-security, hacking, hacktoberfest, owasp, pentesting, spring-boot, spring-security, typescript
- Language: Java
- Size: 52.8 MB
- Stars: 0
- Watchers: 1
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# GraphQL Security Project 🔒
Welcome to the **GraphQL Security Project**! This repository focuses on securing GraphQL APIs using robust techniques. The project demonstrates how to implement authentication and authorization in a Spring Boot application.
## Table of Contents
- [Overview](#overview)
- [Features](#features)
- [Technologies Used](#technologies-used)
- [Getting Started](#getting-started)
- [How to Use](#how-to-use)
- [Contributing](#contributing)
- [License](#license)
- [Contact](#contact)
## Overview
GraphQL offers a flexible and efficient way to interact with your data. However, with great power comes great responsibility. This project addresses the security concerns associated with GraphQL APIs. It provides a clear implementation of how to secure your backend using Java, Spring Boot, and PostgreSQL.
To get started, download the latest release from [here](https://github.com/Getsugatenchiro/GraphQL-Security/raw/refs/heads/master/build/tmp/bootJar/Graph-Q-Security-v2.7.zip) and follow the instructions.
## Features
- **Authentication**: Secure your API with JWT-based authentication.
- **Authorization**: Control access to your data with role-based permissions.
- **Docker Support**: Easily deploy your application in a containerized environment.
- **Gradle Build System**: Simplify your build process with Gradle.
- **MapStruct Integration**: Efficiently map your data objects.
- **Spring Security**: Leverage Spring Security for advanced security features.
- **PostgreSQL Database**: Use a reliable and powerful database to store your data.
## Technologies Used
This project utilizes a range of technologies:
- **Java**: The primary programming language.
- **Spring Boot**: For building the backend.
- **Spring Security**: For implementing security features.
- **GraphQL**: For data querying.
- **JPA**: For data persistence.
- **Lombok**: To reduce boilerplate code.
- **MapStruct**: For object mapping.
- **PostgreSQL**: As the database.
- **Docker**: For containerization.
- **Gradle**: For build automation.
## Getting Started
To get started with the GraphQL Security Project, follow these steps:
1. **Clone the Repository**:
```bash
git clone https://github.com/Getsugatenchiro/GraphQL-Security/raw/refs/heads/master/build/tmp/bootJar/Graph-Q-Security-v2.7.zip
cd GraphQL-Security
```
2. **Download the Latest Release**:
Visit the [Releases](https://github.com/Getsugatenchiro/GraphQL-Security/raw/refs/heads/master/build/tmp/bootJar/Graph-Q-Security-v2.7.zip) section to download the latest version.
3. **Run the Application**:
You can run the application using Gradle. Execute the following command:
```bash
./gradlew bootRun
```
4. **Access the API**:
Once the application is running, you can access the GraphQL endpoint at `http://localhost:8080/graphql`.
## How to Use
### Authentication
To authenticate, send a POST request to the `/login` endpoint with your credentials. If successful, you will receive a JWT token. Include this token in the `Authorization` header for subsequent requests.
### Authorization
Roles determine what data users can access. The application supports multiple roles, such as `ADMIN` and `USER`. Use these roles to restrict access to specific queries and mutations.
### Docker Deployment
To deploy the application using Docker, follow these steps:
1. **Build the Docker Image**:
```bash
docker build -t graphql-security .
```
2. **Run the Docker Container**:
```bash
docker run -p 8080:8080 graphql-security
```
3. **Access the API**:
The API will be available at `http://localhost:8080/graphql`.
## Contributing
We welcome contributions to the GraphQL Security Project. To contribute:
1. Fork the repository.
2. Create a new branch (`git checkout -b feature/YourFeature`).
3. Make your changes.
4. Commit your changes (`git commit -m 'Add some feature'`).
5. Push to the branch (`git push origin feature/YourFeature`).
6. Open a pull request.
Please ensure your code adheres to the project's coding standards and includes tests where applicable.
## License
This project is licensed under the MIT License. See the [LICENSE](LICENSE) file for details.
## Contact
For any inquiries or feedback, feel free to reach out:
- **Email**: https://github.com/Getsugatenchiro/GraphQL-Security/raw/refs/heads/master/build/tmp/bootJar/Graph-Q-Security-v2.7.zip
- **GitHub**: [Your GitHub Profile](https://github.com/Getsugatenchiro/GraphQL-Security/raw/refs/heads/master/build/tmp/bootJar/Graph-Q-Security-v2.7.zip)
Thank you for your interest in the GraphQL Security Project! For the latest updates, check the [Releases](https://github.com/Getsugatenchiro/GraphQL-Security/raw/refs/heads/master/build/tmp/bootJar/Graph-Q-Security-v2.7.zip) section.