When running with config options Production: true and DisableAllowList: false one would expect that the allow list with queries from config/queries gets enforced, but they are not.

Only after setting GO_ENV="production", the setting is applied.

What version of GraphJin are you using? graphjin version

v0.20.31

Have you tried reproducing the issue with the latest release?

What is the hardware spec (RAM, OS)?

Linux

Steps to reproduce the issue (config used to run GraphJin).

Run the following file with GO_ENV unset, go run main.go

package main

import (
	"log"
	"github.com/dosco/graphjin/serv"
	"github.com/dosco/graphjin/core"
	_ "github.com/jackc/pgx/v4/stdlib"
)

func main() {
	conf := serv.Config{ 
		Serv: serv.Serv{
			AppName: "Test App",
			HostPort: "localhost:8080",
			WebUI: false,
			DB: serv.Database{
				Host: "127.0.0.1",
				Port: 5555,
				DBName: "postgres",
				User: "postgres",
				Schema: "public",
			},
		},
		Core: core.Config{
			Production: true,
			DisableAllowList: false,
			EnableCamelcase: true,
			RolesQuery: "SELECT * FROM users WHERE users.id = $user_id:bigint",
		},
	}

	gjs, err := serv.NewGraphJinService(&conf)
	if err != nil {
		log.Fatal(err)
	}

	if err := gjs.Start(); err != nil {
		log.Fatal(err)
	}
}

Any query will be allowed, named ones will be saved to allow list, and non-named ones give warnings:
WRN allow list save: no query name defined. only named queries are saved to the allow list

Expected behaviour and actual result.

The one from GO_ENV="production" go run main.go

Then the endpoint filters queries as expected:

{
	"errors": [
		{
			"message": "not found in prepared statements"
		}
	]
}

Noticed that serv.Config.Serv also has a Production variable (not only serv.Config.Core) when looking for the cause, which gives the desired behavior.