Giters

garethr / todo-api-server

A very vulnerable implementation of a GraphQL API.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

GraphQL - Demo Vulnerable API

A simple GraphQL API demonstrating several common vulnerabilities.

Authored by Aidan Noll, Carve Systems, LLC.

Requirements

Node, NPM, and Python

Setup

# Install all dependencies.
npm install
# Build the TypeScript source.
npm run tsc
# Create the database and seed it with random users and comments.
npm run sequelize db:migrate
npm run sequelize db:seed:all

Running

To run the main API:

./run.sh

Usage

The GraphQL API is available on port 3000. Visiting the homepage will take you to a GraphIQL IDE for exploration.

The API provides a simple social media/blog system. Users are able to make and view posts from other users, and they can be marked private so that they can't be seen by other users.

About

A very vulnerable implementation of a GraphQL API.

License:MIT License

Languages

Language:TypeScript 69.8%Language:JavaScript 27.4%Language:Dockerfile 2.3%Language:Shell 0.5%