Disallow OAuth 2.0 use of the GraphQL API by default

2025-07-31 09:24:31 +03:00 · 2024-08-07 17:36:54 +02:00
parent eb4072f3c3
commit 1bdad262cd
6 changed files with 70 additions and 14 deletions
--- a/crates/config/src/sections/http.rs
+++ b/crates/config/src/sections/http.rs
@ -291,8 +291,12 @@ pub enum Resource {
    /// GraphQL endpoint
    GraphQL {
        /// Enabled the GraphQL playground
-        #[serde(default)]
+        #[serde(default, skip_serializing_if = "std::ops::Not::not")]
        playground: bool,
+
+        /// Allow access for OAuth 2.0 clients (undocumented)
+        #[serde(default, skip_serializing_if = "std::ops::Not::not")]
+        undocumented_oauth2_access: bool,
    },

    /// OAuth-related APIs
@ -379,7 +383,10 @@ impl Default for HttpConfig {
                        Resource::Human,
                        Resource::OAuth,
                        Resource::Compat,
-                        Resource::GraphQL { playground: true },
+                        Resource::GraphQL {
+                            playground: false,
+                            undocumented_oauth2_access: false,
+                        },
                        Resource::Assets {
                            path: http_listener_assets_path_default(),
                        },