Best practice? Making a route available only in dev/staging environments

router
environment

#1

I’m working on building a GraphQL API using Phoenix. For now, we have the Graphiql browser IDE set up on its own dedicated route so other developers and front-end guys can inspect the API. However, on prod, I don’t think we want this route visible. We could come up with a firewall or something, but I’m wondering if there is any way to avoid declaring that route when the env is prod. I feel like any if-statements around environment are smelly and make testing more difficult. However, I don’t want to expose this either.

Anyone have any thoughts on this? Thanks!


#2

Not the answer you may be looking for but at work we just restrict the /graphiql route to users that are logged in as company admins which you can accomplish with a simple plug. Plus graphiql doesn’t really expose anything that isn’t already exposed via the GraphQL api itself.


#3

:wave:

You can add this instead to your router

if Mix.env == :dev do
  forward "/graphiql",
    to: Absinthe.Plug.GraphiQL,
    init_opts: [schema: MyAppWeb.Schema]
end

That is, if you are using Mix with development environment under staging. Once you compile with prod this section will not be included on your routing.

Hope that helps