fix: vars not sanitized in roles_query
This commit is contained in:
parent
4cf7956ff5
commit
e6934cda02
|
@ -15,10 +15,7 @@ Designed to 100x your developer productivity. Super Graph will instantly and wit
|
||||||
## Using it as a service
|
## Using it as a service
|
||||||
|
|
||||||
```console
|
```console
|
||||||
git clone https://github.com/dosco/super-graph
|
get get https://github.com/dosco/super-graph
|
||||||
cd ./super-graph
|
|
||||||
make install
|
|
||||||
|
|
||||||
super-graph new <app_name>
|
super-graph new <app_name>
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
|
@ -116,18 +116,18 @@ database:
|
||||||
# database ping timeout is used for db health checking
|
# database ping timeout is used for db health checking
|
||||||
ping_timeout: 1m
|
ping_timeout: 1m
|
||||||
|
|
||||||
# Define additional variables here to be used with filters
|
# Define additional variables here to be used with filters
|
||||||
variables:
|
variables:
|
||||||
admin_account_id: "5"
|
admin_account_id: "5"
|
||||||
|
|
||||||
# Field and table names that you wish to block
|
# Field and table names that you wish to block
|
||||||
blocklist:
|
blocklist:
|
||||||
- ar_internal_metadata
|
- ar_internal_metadata
|
||||||
- schema_migrations
|
- schema_migrations
|
||||||
- secret
|
- secret
|
||||||
- password
|
- password
|
||||||
- encrypted
|
- encrypted
|
||||||
- token
|
- token
|
||||||
|
|
||||||
tables:
|
tables:
|
||||||
- name: customers
|
- name: customers
|
||||||
|
|
|
@ -71,7 +71,7 @@ func (sg *SuperGraph) initConfig() error {
|
||||||
}
|
}
|
||||||
|
|
||||||
// Roles: validate and sanitize
|
// Roles: validate and sanitize
|
||||||
c.RolesQuery = sanitize(c.RolesQuery)
|
c.RolesQuery = sanitizeVars(c.RolesQuery)
|
||||||
|
|
||||||
if len(c.RolesQuery) == 0 {
|
if len(c.RolesQuery) == 0 {
|
||||||
sg.log.Printf("WRN roles_query not defined: attribute based access control disabled")
|
sg.log.Printf("WRN roles_query not defined: attribute based access control disabled")
|
||||||
|
|
|
@ -3,6 +3,11 @@ services:
|
||||||
db:
|
db:
|
||||||
image: postgres
|
image: postgres
|
||||||
tmpfs: /var/lib/postgresql/data
|
tmpfs: /var/lib/postgresql/data
|
||||||
|
environment:
|
||||||
|
POSTGRES_USER: postgres
|
||||||
|
POSTGRES_PASSWORD: postgres
|
||||||
|
ports:
|
||||||
|
- "5432:5432"
|
||||||
|
|
||||||
rails_app:
|
rails_app:
|
||||||
image: dosco/super-graph-demo:latest
|
image: dosco/super-graph-demo:latest
|
||||||
|
|
Loading…
Reference in New Issue