GraphQL Compose: Debug
Security covered
Graphql ecosystem
This module provides debug queries for GraphQL Compose, allowing developers to inspect field metadata for any entity type and bundle and generate GraphQL query patterns. It adds a `debugEntityFields` query to the GraphQL API to retrieve this information.
Provides debug queries for GraphQL Compose entity type fields. This module allows developers to inspect field metadata and generate GraphQL query patterns for any entity bundle.
Requirements
- Drupal 10.1+
- PHP 8.1+
- GraphQL Compose
Usage
This module adds a debugEntityFields query to the GraphQL API that returns field metadata for any entity type and bundle.
Query Example
query GetNodeFields {
debugEntityFields(entity_type: "node", entity_bundle: "article") {
success
errors {
message
}
fields
graphql_query_single
graphql_query_multiple
}
}
Response
{
"data": {
"debugEntityFields": {
"success": true,
"errors": null,
"fields": {
"body": {
"type": "text_with_summary",
"required": false,
"cardinality": 1,
"label": "Body",
"graphql_field": "body"
},
"field_tags": {
"type": "entity_reference",
"required": false,
"cardinality": -1,
"label": "Tags",
"graphql_field": "tags"
}
},
"graphql_query_single": "nodeArticle",
"graphql_query_multiple": "nodeArticles"
}
}
}
Return Values
-
success(Boolean): Whether the query was successful -
errors(Violation): Any validation or permission errors -
fields(Json): Field metadata including:-
type: The Drupal field type -
required: Whether the field is required -
cardinality: The field cardinality (1 for single, -1 for unlimited) -
label: The field label -
graphql_field: The GraphQL field name as generated by GraphQL Compose
-
-
graphql_query_single: The GraphQL query name for a single entity -
graphql_query_multiple: The GraphQL query name for multiple entities
Permissions
The module uses Drupal's permission system. Users must have either:
- The "administer {entity_type} fields" permission for the specific entity type, or
- The "administrator" role
Security
This module is intended for development and debugging purposes. It exposes field metadata that could be sensitive. Consider:
- Disabling this module on production environments
- Restricting GraphQL access appropriately
- Using role-based access controls