From c1c6b13a9153d78ad3b0b671d84998e1f5372837 Mon Sep 17 00:00:00 2001
From: Ventorvar <ventorvar@gmail.com>
Date: Sat, 6 Jun 2020 21:36:07 -0400
Subject: [PATCH] Ignore GraphQL inspection queries by default

---
 README.rst                           |  6 ++++++
 graphiql_debug_toolbar/middleware.py |  6 ++++++
 tests/test_middleware.py             | 26 ++++++++++++++++++++++++++
 3 files changed, 38 insertions(+)

diff --git a/README.rst b/README.rst
index 9ddb1cf..650d754 100644
--- a/README.rst
+++ b/README.rst
@@ -70,6 +70,12 @@ Dockerize ``INTERNAL_IPS``
     hostname, _, ips = socket.gethostbyname_ex(socket.gethostname())
     INTERNAL_IPS += [ip[:-1] + '1' for ip in ips]
 
+Configuration
+-------------
+
+By default, introspection queries will be ignored and no debug information will be added. If you'd like to include them as well, set 
+``GRAPHIQL_DEBUG_TOOLBAR_INTROSPECTIONS=True`` in settings.
+
 
 Limitations
 -----------
diff --git a/graphiql_debug_toolbar/middleware.py b/graphiql_debug_toolbar/middleware.py
index f4784b8..4a2c2d3 100644
--- a/graphiql_debug_toolbar/middleware.py
+++ b/graphiql_debug_toolbar/middleware.py
@@ -1,6 +1,7 @@
 import json
 from collections import OrderedDict
 
+from django.conf import settings
 from django.template.loader import render_to_string
 from django.utils.encoding import force_text
 
@@ -23,6 +24,11 @@ def set_content_length(response):
 def get_payload(request, response, toolbar):
     content = force_text(response.content, encoding=response.charset)
     payload = json.loads(content, object_pairs_hook=OrderedDict)
+
+    if not getattr(settings, 'GRAPHIQL_DEBUG_TOOLBAR_INTROSPECTIONS', False):
+        if payload.get('data', None) is not None and all(_.startswith('__') for _ in payload.get('data', {}).keys()):
+            return payload
+
     payload['debugToolbar'] = OrderedDict([('panels', OrderedDict())])
 
     for panel in reversed(toolbar.enabled_panels):
diff --git a/tests/test_middleware.py b/tests/test_middleware.py
index 209fdae..9a4595d 100644
--- a/tests/test_middleware.py
+++ b/tests/test_middleware.py
@@ -30,6 +30,32 @@ def test_graphiql(self, show_toolbar_mock):
         self.assertGreater(int(response['Content-Length']), 0)
         self.assertIn(b'djGraphiQLDebug', response.content)
 
+    @patch('debug_toolbar.panels.Panel.enabled', new_callable=PropertyMock)
+    def test_graphiql_introspection_query(self, panel_enabled_mock):
+        panel_enabled_mock.return_value = True
+
+        def _test_request():
+            request = self.request_factory.post('/')
+            get_response_mock = Mock(return_value=JsonResponse({'data': { '__schema': ''}}))
+
+            middleware = DebugToolbarMiddleware(get_response_mock)
+            middleware.process_view(request, self.view_func, (), {})
+
+            response = middleware(request)
+            payload = json.loads(response.content.decode('utf-8'))
+
+            panel_enabled_mock.assert_called_with()
+            self.assertIn('data', payload)
+            return payload
+
+        with self.settings(GRAPHIQL_DEBUG_TOOLBAR_INTROSPECTIONS=False):
+            payload = _test_request()
+            self.assertNotIn('debugToolbar', payload)
+
+        with self.settings(GRAPHIQL_DEBUG_TOOLBAR_INTROSPECTIONS=True):
+            payload = _test_request()
+            self.assertIn('debugToolbar', payload)
+
     @patch('debug_toolbar.panels.Panel.enabled', new_callable=PropertyMock)
     def test_query(self, panel_enabled_mock):
         panel_enabled_mock.return_value = True