fix(graphql-server-core): validation for get queries #2

apollographql · Jun 13, 2017 · 6d26594 · 6d26594
1 parent 3ba62cb
commit 6d26594
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 28 deletions.
diff --git a/packages/graphql-server-core/src/runHttpQuery.ts b/packages/graphql-server-core/src/runHttpQuery.ts
@@ -74,7 +74,12 @@ export async function runHttpQuery(handlerArguments: Array<any>, request: HttpQu
     try {
       let query = requestParams.query;
       if ( isGetRequest ) {
-        if ( ! isQueryOperation(parse(query), requestParams.operationName) ) {
+        if (typeof query === 'string') {
+          // preparse the query incase of GET so we can assert the operation.
+          query = parse(query);
+        }
+
+        if ( ! isQueryOperation(query, requestParams.operationName) ) {
           throw new HttpQueryError(405, `GET supports only query operation`, false, {
             'Allow':  'POST',
           });

diff --git a/packages/graphql-server-core/src/runQuery.test.ts b/packages/graphql-server-core/src/runQuery.test.ts
@@ -151,20 +151,6 @@ describe('runQuery', () => {
       });
   });
 
-  it('does not run validation if the query is a document', () => {
-      // this would not pass validation, because $base ought to be Int!, not String
-      // what effecively happens is string concatentation, but it's returned as Int
-      const query = parse(`query TestVar($base: String){ testArgumentValue(base: $base) }`);
-      const expected = { testArgumentValue: 15 };
-      return runQuery({
-          schema,
-          query: query,
-          variables: { base: 1 },
-      }).then((res) => {
-          return expect(res.data).to.deep.equal(expected);
-      });
-  });
-
   it('correctly passes in the rootValue', () => {
       const query = `{ testRootValue }`;
       const expected = { testRootValue: 'it also works' };

diff --git a/packages/graphql-server-core/src/runQuery.ts b/packages/graphql-server-core/src/runQuery.ts
@@ -105,23 +105,22 @@ function doRunQuery(options: QueryOptions): Promise<ExecutionResult> {
             logFunction({action: LogAction.parse, step: LogStep.end});
             return Promise.resolve({ errors: format([syntaxError]) });
         }
-
-        // TODO: time this with log function
-
-        let rules = specifiedRules;
-        if (options.validationRules) {
-          rules = rules.concat(options.validationRules);
-        }
-        logFunction({action: LogAction.validation, step: LogStep.start});
-        const validationErrors = validate(options.schema, documentAST, rules);
-        logFunction({action: LogAction.validation, step: LogStep.end});
-        if (validationErrors.length) {
-            return Promise.resolve({ errors: format(validationErrors) });
-        }
     } else {
         documentAST = options.query as DocumentNode;
     }
 
+    // TODO: time this with log function
+    let rules = specifiedRules;
+    if (options.validationRules) {
+      rules = rules.concat(options.validationRules);
+    }
+    logFunction({action: LogAction.validation, step: LogStep.start});
+    const validationErrors = validate(options.schema, documentAST, rules);
+    logFunction({action: LogAction.validation, step: LogStep.end});
+    if (validationErrors.length) {
+      return Promise.resolve({ errors: format(validationErrors) });
+    }
+
     try {
         logFunction({action: LogAction.execute, step: LogStep.start});
         return execute(