From 6d2659485824daa819b793e2f327aeba5baaaa89 Mon Sep 17 00:00:00 2001 From: Hagai Cohen Date: Mon, 12 Jun 2017 22:50:42 +0300 Subject: [PATCH] fix(graphql-server-core): validation for get queries #2 --- .../graphql-server-core/src/runHttpQuery.ts | 7 +++++- .../graphql-server-core/src/runQuery.test.ts | 14 ----------- packages/graphql-server-core/src/runQuery.ts | 25 +++++++++---------- 3 files changed, 18 insertions(+), 28 deletions(-) diff --git a/packages/graphql-server-core/src/runHttpQuery.ts b/packages/graphql-server-core/src/runHttpQuery.ts index e5815de41e8..da28a7e73fb 100644 --- a/packages/graphql-server-core/src/runHttpQuery.ts +++ b/packages/graphql-server-core/src/runHttpQuery.ts @@ -74,7 +74,12 @@ export async function runHttpQuery(handlerArguments: Array, request: HttpQu try { let query = requestParams.query; if ( isGetRequest ) { - if ( ! isQueryOperation(parse(query), requestParams.operationName) ) { + if (typeof query === 'string') { + // preparse the query incase of GET so we can assert the operation. + query = parse(query); + } + + if ( ! isQueryOperation(query, requestParams.operationName) ) { throw new HttpQueryError(405, `GET supports only query operation`, false, { 'Allow': 'POST', }); diff --git a/packages/graphql-server-core/src/runQuery.test.ts b/packages/graphql-server-core/src/runQuery.test.ts index 9b0981ce344..50970242de3 100644 --- a/packages/graphql-server-core/src/runQuery.test.ts +++ b/packages/graphql-server-core/src/runQuery.test.ts @@ -151,20 +151,6 @@ describe('runQuery', () => { }); }); - it('does not run validation if the query is a document', () => { - // this would not pass validation, because $base ought to be Int!, not String - // what effecively happens is string concatentation, but it's returned as Int - const query = parse(`query TestVar($base: String){ testArgumentValue(base: $base) }`); - const expected = { testArgumentValue: 15 }; - return runQuery({ - schema, - query: query, - variables: { base: 1 }, - }).then((res) => { - return expect(res.data).to.deep.equal(expected); - }); - }); - it('correctly passes in the rootValue', () => { const query = `{ testRootValue }`; const expected = { testRootValue: 'it also works' }; diff --git a/packages/graphql-server-core/src/runQuery.ts b/packages/graphql-server-core/src/runQuery.ts index 83b9f9ca8ad..42fbe8ce077 100644 --- a/packages/graphql-server-core/src/runQuery.ts +++ b/packages/graphql-server-core/src/runQuery.ts @@ -105,23 +105,22 @@ function doRunQuery(options: QueryOptions): Promise { logFunction({action: LogAction.parse, step: LogStep.end}); return Promise.resolve({ errors: format([syntaxError]) }); } - - // TODO: time this with log function - - let rules = specifiedRules; - if (options.validationRules) { - rules = rules.concat(options.validationRules); - } - logFunction({action: LogAction.validation, step: LogStep.start}); - const validationErrors = validate(options.schema, documentAST, rules); - logFunction({action: LogAction.validation, step: LogStep.end}); - if (validationErrors.length) { - return Promise.resolve({ errors: format(validationErrors) }); - } } else { documentAST = options.query as DocumentNode; } + // TODO: time this with log function + let rules = specifiedRules; + if (options.validationRules) { + rules = rules.concat(options.validationRules); + } + logFunction({action: LogAction.validation, step: LogStep.start}); + const validationErrors = validate(options.schema, documentAST, rules); + logFunction({action: LogAction.validation, step: LogStep.end}); + if (validationErrors.length) { + return Promise.resolve({ errors: format(validationErrors) }); + } + try { logFunction({action: LogAction.execute, step: LogStep.start}); return execute(