Disable most of the built in page fields and add option to enable them manually.

Author: dadish

ProcessGraphQLConfig.php

@@ -1,5 +1,9 @@
 <?php namespace ProcessWire;
 
+use \ProcessWire\GraphQL\Type\InterfaceType\PageInterfaceType;
+
+require_once $this->config->paths->site . 'modules/ProcessGraphQL/vendor/autoload.php';
+
 class ProcessGraphQLConfig extends Moduleconfig {
 
   public function getDefaults()
@@ -9,6 +13,14 @@ public function getDefaults()
       'debug' => false,
       'legalTemplates' => [],
       'legalFields' => [],
+      'legalPageFields' => [
+        'created',
+        'modified',
+        'url',
+        'id',
+        'name',
+        'httpUrl',
+        ],
       'fullWidthGraphiql' => false,
     );
   }
@@ -17,6 +29,7 @@ public function getInputFields()
   {
     $inputfields = parent::getInputFields();
 
+    // maxLimit
     $f = $this->modules->get('InputfieldInteger');
     $f->attr('name', 'maxLimit');
     $f->label = 'Max Limit';
@@ -25,43 +38,51 @@ public function getInputFields()
     $f->columnWidth = 35;
     $inputfields->add($f);
 
-    $f = $this->modules->get('InputfieldCheckbox');
-    $f->attr('name', 'debug');
-    $f->label = 'Debug';
-    $f->description = 'When you turn on debug mode some extra fields will be available. Like `dbQueryCount` etc.';
-    $f->columnWidth = 35;
-    $inputfields->add($f);
-
+    // GraphiQL full width
     $f = $this->modules->get('InputfieldCheckbox');
     $f->attr('name', 'fullWidthGraphiQL');
     $f->label = 'Full width GraphiQL';
     $f->description = 'Check this if you want GraphiQL on the backend to stretch to full width.';
     $f->columnWidth = 30;
     $inputfields->add($f);
 
+    // legalTemplates
     $f = $this->modules->get('InputfieldCheckboxes');
-    foreach (\ProcessWire\wire('templates') as $template) {
-      $f->addOption($template->name, $template->flags & Template::flagSystem ? "{$template->name} (system)" : $template->name);
-    }
     $f->optionColumns = 4;
     $f->attr('name', 'legalTemplates');
     $f->label = 'Legal Templates';
     $f->description = 'The pages with the templates that you select below will be available via your GraphQL api.';
-    $f->notes = 'Please be careful with what you are exposing to the public. Choosing templates marked as system can lead to security issues.';
+    $f->notes = 'Please be careful with what you are exposing to the public. Choosing templates marked as `system` can lead to security vulnerabilities.';
+        foreach (\ProcessWire\wire('templates') as $template) {
+      $f->addOption($template->name, $template->flags & Template::flagSystem ? "{$template->name} `(system)`" : $template->name);
+    }
     $inputfields->add($f);
 
+    // legalFields
     $f = $this->modules->get('InputfieldCheckboxes');
-    foreach (\ProcessWire\wire('fields')->find("name!=pass") as $field) {
+    $f->optionColumns = 4;
+    $f->attr('name', 'legalFields');
+    $f->label = 'Legal Fields';
+    $f->description = 'The fields that you select below will be available via your GraphQL api.';
+    $f->notes = 'Please be careful with what you are exposing to the public. Choosing fields marked as `system` can to lead security vulnerabilities.';
+        foreach (\ProcessWire\wire('fields')->find("name!=pass") as $field) {
       if ($field->type instanceof FieldtypeFieldsetOpen) continue;
       if ($field->type instanceof FieldtypeFieldsetClose) continue;
       if ($field->type instanceof FieldtypeFieldsetTabOpen) continue;
-      $f->addOption($field->name, $field->flags & Field::flagSystem ? "{$field->name} (system)" : $field->name);
+      $f->addOption($field->name, $field->flags & Field::flagSystem ? "{$field->name} `(system)`" : $field->name);
     }
+    $inputfields->add($f);
+
+    // legalPageFields
+    $f = $this->modules->get('InputfieldCheckboxes');
     $f->optionColumns = 4;
-    $f->attr('name', 'legalFields');
-    $f->label = 'Legal Fields';
-    $f->description = 'The fields that you select below will be available via your GraphQL api.';
-    $f->notes = 'Please be careful with what you are exposing to the public. Choosing fields marked as system can to lead security issues.';
+    $f->attr('name', 'legalPageFields');
+    $f->label = 'Legal Page Fields';
+    $f->description = 'Choose which built in page fields you wish to be available via GraphQL api.';
+    $f->notes = 'Be careful with fields like `parents` & `children` that will allow user to construct deeply nested queries that might be very expensive for your server to fulfill.';
+    foreach (PageInterfaceType::getPageFields() as $fieldName => $fieldClassName) {
+      $f->addOption($fieldName);
+    }
     $inputfields->add($f);
 
     return $inputfields;

src/Settings.php

@@ -39,4 +39,9 @@ public static function getLegalFields()
     return $fields;
   }
 
+  public static function getLegalPageFields()
+  {
+    return self::module()->legalPageFields;
+  }
+
 }

src/Type/InterfaceType/PageInterfaceType.php

@@ -21,30 +21,12 @@ public function getDescription()
 
   public function build($config)
   {
-    $pageTypeFieldClassNames = [
-      'PageChildField',
-      'PageChildrenField',
-      'PageCreatedField',
-      'PageCreatedUserField',
-      'PageFindField',
-      'PageHttpUrlField',
-      'PageIdField',
-      'PageModifiedField',
-      'PageModifiedUserField',
-      'PageNameField',
-      'PageNextField',
-      'PageNumChildrenField',
-      'PageParentField',
-      'PageParentIdField',
-      'PageParentsField',
-      'PagePathField',
-      'PagePrevField',
-      'PageRootParentField',
-      'PageSiblingsField',
-      'PageUrlField',
-    ];
-    foreach ($pageTypeFieldClassNames as $pageTypeFieldClassName) {
-      $className = "ProcessWire\\GraphQL\\Field\\Page\\$pageTypeFieldClassName";
+    $fields = self::getPageFields();
+    $legalPageFields = Settings::getLegalPageFields();
+    
+    foreach ($fields as $fieldName => $fieldClassName) {
+      if (!in_array($fieldName, $legalPageFields)) continue;
+      $className = "ProcessWire\\GraphQL\\Field\\Page\\$fieldClassName";
       $config->addField(new $className());
     }
 
@@ -64,4 +46,30 @@ public function resolveType($page)
     return new TemplatedPageType($page->template);
   }
 
+  public static function getPageFields()
+  {
+    return [
+      'child' => 'PageChildField',
+      'children' => 'PageChildrenField',
+      'created' => 'PageCreatedField',
+      'createdUser' => 'PageCreatedUserField',
+      'find' => 'PageFindField',
+      'httpUrl' => 'PageHttpUrlField',
+      'id' => 'PageIdField',
+      'modified' => 'PageModifiedField',
+      'modifiedUser' => 'PageModifiedUserField',
+      'name' => 'PageNameField',
+      'next' => 'PageNextField',
+      'numChildren' => 'PageNumChildrenField',
+      'parent' => 'PageParentField',
+      'parentId' => 'PageParentIdField',
+      'parents' => 'PageParentsField',
+      'path' => 'PagePathField',
+      'prev' => 'PagePrevField',
+      'rootParent' => 'PageRootParentField',
+      'siblings' => 'PageSiblingsField',
+      'url' => 'PageUrlField',
+    ];
+  }
+
 }