Is rate limiting handled at the GraphQL layer?

The skill covers both Express-level middleware for global protection and granular directive-based rate limiting for specific high-cost operations like login or email mutations.

How does this skill prevent nested query attacks?

It implements query depth and complexity limits using tools like graphql-depth-limit and validation rules to reject overly nested or expensive requests before they reach your resolvers.

Can I implement role-based access control (RBAC)?

Yes, it provides patterns for using graphql-shield to enforce permissions at the field, query, and mutation levels based on user roles and ownership.

Does it support production-ready authentication?

Yes, it includes detailed implementation guides for JWT authentication, refresh tokens, and secure context setup to verify users on every request.

GraphQL Security Specialist

Name: GraphQL Security Specialist
Author: pluginagentmarketplace

bypluginagentmarketplace

•

Seguridad y Pruebas

Secures GraphQL APIs through robust authentication, granular authorization, and advanced protection against malicious queries.

Acerca de

This skill equips Claude with specialized knowledge for hardening GraphQL servers against common vulnerabilities and resource exhaustion attacks. It provides implementation patterns for industry-standard security measures, including JWT authentication with refresh tokens, field-level authorization using graphql-shield, and defensive constraints like query depth and complexity limiting. By integrating these patterns, developers can protect sensitive data with role-based access control, prevent Denial of Service (DoS) attacks, and ensure production-grade security for their GraphQL endpoints.

Características Principales

1 GitHub stars
Granular field-level authorization via graphql-shield middleware
Query depth and complexity limits to prevent resource exhaustion
Strict input validation and XSS sanitization for mutations
Multi-layer rate limiting at both the application and schema level
JWT Authentication with refresh token rotation strategies

Casos de Uso

Preventing malicious nested query attacks in public-facing APIs
Hardening Apollo Server instances for production environments
Implementing Role-Based Access Control (RBAC) for sensitive user data

Acerca de

Características Principales

1 GitHub stars
Granular field-level authorization via graphql-shield middleware
Query depth and complexity limits to prevent resource exhaustion
Strict input validation and XSS sanitization for mutations
Multi-layer rate limiting at both the application and schema level
JWT Authentication with refresh token rotation strategies

Casos de Uso

Preventing malicious nested query attacks in public-facing APIs
Hardening Apollo Server instances for production environments
Implementing Role-Based Access Control (RBAC) for sensitive user data