2018-04-17 21:19:44 -07:00
|
|
|
import { parse, getOperationAST, DocumentNode, ExecutionResult } from 'graphql';
|
2017-01-13 13:49:25 +02:00
|
|
|
import { runQuery } from './runQuery';
|
2018-01-09 00:08:01 +01:00
|
|
|
import {
|
|
|
|
default as GraphQLOptions,
|
|
|
|
resolveGraphqlOptions,
|
|
|
|
} from './graphqlOptions';
|
2018-05-02 16:40:03 -07:00
|
|
|
import { formatApolloErrors } from './errors';
|
2017-01-13 13:49:25 +02:00
|
|
|
|
|
|
|
export interface HttpQueryRequest {
|
|
|
|
method: string;
|
2018-04-18 06:00:44 -07:00
|
|
|
query: Record<string, any>;
|
2017-01-13 13:49:25 +02:00
|
|
|
options: GraphQLOptions | Function;
|
|
|
|
}
|
|
|
|
|
|
|
|
export class HttpQueryError extends Error {
|
|
|
|
public statusCode: number;
|
|
|
|
public isGraphQLError: boolean;
|
|
|
|
public headers: { [key: string]: string };
|
|
|
|
|
2018-01-09 00:08:01 +01:00
|
|
|
constructor(
|
|
|
|
statusCode: number,
|
|
|
|
message: string,
|
|
|
|
isGraphQLError: boolean = false,
|
|
|
|
headers?: { [key: string]: string },
|
|
|
|
) {
|
2017-01-13 13:49:25 +02:00
|
|
|
super(message);
|
2017-01-18 10:49:13 +02:00
|
|
|
this.name = 'HttpQueryError';
|
2017-01-13 13:49:25 +02:00
|
|
|
this.statusCode = statusCode;
|
|
|
|
this.isGraphQLError = isGraphQLError;
|
|
|
|
this.headers = headers;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2017-01-18 10:49:13 +02:00
|
|
|
function isQueryOperation(query: DocumentNode, operationName: string) {
|
|
|
|
const operationAST = getOperationAST(query, operationName);
|
|
|
|
return operationAST.operation === 'query';
|
2017-01-13 16:42:49 +02:00
|
|
|
}
|
|
|
|
|
2018-01-09 00:08:01 +01:00
|
|
|
export async function runHttpQuery(
|
|
|
|
handlerArguments: Array<any>,
|
|
|
|
request: HttpQueryRequest,
|
|
|
|
): Promise<string> {
|
2017-01-13 16:25:37 +02:00
|
|
|
let isGetRequest: boolean = false;
|
2017-01-13 13:49:25 +02:00
|
|
|
let optionsObject: GraphQLOptions;
|
|
|
|
|
2017-04-09 03:25:26 +03:00
|
|
|
try {
|
2018-01-09 00:08:01 +01:00
|
|
|
optionsObject = await resolveGraphqlOptions(
|
|
|
|
request.options,
|
|
|
|
...handlerArguments,
|
|
|
|
);
|
2017-04-09 03:25:26 +03:00
|
|
|
} catch (e) {
|
|
|
|
throw new HttpQueryError(500, e.message);
|
|
|
|
}
|
2018-04-23 16:24:08 -07:00
|
|
|
const formatErrorFn = optionsObject.formatError
|
|
|
|
? error => optionsObject.formatError(internalFormatError(error))
|
|
|
|
: internalFormatError;
|
2018-04-17 21:19:44 -07:00
|
|
|
const debugDefault =
|
|
|
|
process.env.NODE_ENV !== 'production' && process.env.NODE_ENV !== 'test';
|
|
|
|
const debug =
|
|
|
|
optionsObject.debug !== undefined ? optionsObject.debug : debugDefault;
|
2017-01-13 13:49:25 +02:00
|
|
|
let requestPayload;
|
|
|
|
|
2018-01-09 00:08:01 +01:00
|
|
|
switch (request.method) {
|
2017-01-13 13:49:25 +02:00
|
|
|
case 'POST':
|
2018-01-09 00:08:01 +01:00
|
|
|
if (!request.query || Object.keys(request.query).length === 0) {
|
|
|
|
throw new HttpQueryError(
|
|
|
|
500,
|
|
|
|
'POST body missing. Did you forget use body-parser middleware?',
|
|
|
|
);
|
2017-01-13 13:49:25 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
requestPayload = request.query;
|
|
|
|
break;
|
2018-01-09 00:08:01 +01:00
|
|
|
case 'GET':
|
|
|
|
if (!request.query || Object.keys(request.query).length === 0) {
|
|
|
|
throw new HttpQueryError(400, 'GET query missing.');
|
|
|
|
}
|
|
|
|
|
|
|
|
isGetRequest = true;
|
|
|
|
requestPayload = request.query;
|
|
|
|
break;
|
|
|
|
|
|
|
|
default:
|
|
|
|
throw new HttpQueryError(
|
|
|
|
405,
|
|
|
|
'Apollo Server supports only GET/POST requests.',
|
|
|
|
false,
|
|
|
|
{
|
|
|
|
Allow: 'GET, POST',
|
|
|
|
},
|
|
|
|
);
|
2017-01-13 13:49:25 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
let isBatch = true;
|
|
|
|
// TODO: do something different here if the body is an array.
|
|
|
|
// Throw an error if body isn't either array or object.
|
|
|
|
if (!Array.isArray(requestPayload)) {
|
|
|
|
isBatch = false;
|
|
|
|
requestPayload = [requestPayload];
|
|
|
|
}
|
|
|
|
|
2017-01-23 09:39:42 +02:00
|
|
|
const requests: Array<ExecutionResult> = requestPayload.map(requestParams => {
|
2017-01-13 13:49:25 +02:00
|
|
|
try {
|
2017-01-18 10:49:13 +02:00
|
|
|
let query = requestParams.query;
|
2018-04-24 03:29:07 -07:00
|
|
|
let extensions = requestParams.extensions;
|
|
|
|
|
|
|
|
if (isGetRequest && extensions) {
|
|
|
|
// For GET requests, we have to JSON-parse extensions. (For POST
|
|
|
|
// requests they get parsed as part of parsing the larger body they're
|
|
|
|
// inside.)
|
|
|
|
try {
|
|
|
|
extensions = JSON.parse(extensions);
|
|
|
|
} catch (error) {
|
|
|
|
throw new HttpQueryError(400, 'Extensions are invalid JSON.');
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (query === undefined && extensions && extensions.persistedQuery) {
|
|
|
|
// It looks like we've received an Apollo Persisted Query. Apollo Server
|
|
|
|
// does not support persisted queries out of the box, so we should fail
|
|
|
|
// fast with a clear error saying that we don't support APQs. (A future
|
|
|
|
// version of Apollo Server may support APQs directly.)
|
|
|
|
throw new HttpQueryError(
|
|
|
|
// Return 200 to simplify processing: we want this to be intepreted by
|
|
|
|
// the client as data worth interpreting, not an error.
|
|
|
|
200,
|
|
|
|
JSON.stringify({
|
|
|
|
errors: [
|
|
|
|
{
|
|
|
|
message: 'PersistedQueryNotSupported',
|
|
|
|
},
|
|
|
|
],
|
|
|
|
}),
|
|
|
|
true,
|
|
|
|
{
|
|
|
|
'Content-Type': 'application/json',
|
|
|
|
},
|
|
|
|
);
|
|
|
|
}
|
|
|
|
|
2018-01-09 00:08:01 +01:00
|
|
|
if (isGetRequest) {
|
2017-06-12 22:50:42 +03:00
|
|
|
if (typeof query === 'string') {
|
|
|
|
// preparse the query incase of GET so we can assert the operation.
|
2018-04-24 03:29:07 -07:00
|
|
|
// XXX This makes the type of 'query' in this function confused
|
|
|
|
// which has led to us accidentally supporting GraphQL AST over
|
|
|
|
// the wire as a valid query, which confuses users. Refactor to
|
|
|
|
// not do this. Also, for a GET request, query really shouldn't
|
|
|
|
// ever be anything other than a string or undefined, so this
|
|
|
|
// set of conditionals doesn't quite make sense.
|
2017-06-12 22:50:42 +03:00
|
|
|
query = parse(query);
|
2018-04-18 05:38:57 -07:00
|
|
|
} else if (!query) {
|
2018-04-24 03:29:07 -07:00
|
|
|
// Note that we've already thrown a different error if it looks like APQ.
|
2018-04-18 05:38:57 -07:00
|
|
|
throw new HttpQueryError(400, 'Must provide query string.');
|
2017-06-12 22:50:42 +03:00
|
|
|
}
|
|
|
|
|
2018-01-09 00:08:01 +01:00
|
|
|
if (!isQueryOperation(query, requestParams.operationName)) {
|
|
|
|
throw new HttpQueryError(
|
|
|
|
405,
|
|
|
|
`GET supports only query operation`,
|
|
|
|
false,
|
|
|
|
{
|
|
|
|
Allow: 'POST',
|
|
|
|
},
|
|
|
|
);
|
2017-01-18 10:49:13 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2017-01-13 13:49:25 +02:00
|
|
|
const operationName = requestParams.operationName;
|
|
|
|
|
2018-04-24 03:29:07 -07:00
|
|
|
let variables = requestParams.variables;
|
2017-01-13 13:49:25 +02:00
|
|
|
if (typeof variables === 'string') {
|
|
|
|
try {
|
2018-04-24 03:29:07 -07:00
|
|
|
// XXX Really we should only do this for GET requests, but for
|
|
|
|
// compatibility reasons we'll keep doing this at least for now for
|
|
|
|
// broken clients that ship variables in a string for no good reason.
|
2017-01-13 13:49:25 +02:00
|
|
|
variables = JSON.parse(variables);
|
|
|
|
} catch (error) {
|
|
|
|
throw new HttpQueryError(400, 'Variables are invalid JSON.');
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2017-12-12 18:09:01 +11:00
|
|
|
let context = optionsObject.context || {};
|
2018-03-12 20:25:12 +01:00
|
|
|
if (typeof context === 'function') {
|
2017-12-12 18:09:01 +11:00
|
|
|
context = context();
|
|
|
|
} else if (isBatch) {
|
2018-01-09 00:08:01 +01:00
|
|
|
context = Object.assign(
|
|
|
|
Object.create(Object.getPrototypeOf(context)),
|
|
|
|
context,
|
|
|
|
);
|
2017-01-13 13:49:25 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
let params = {
|
|
|
|
schema: optionsObject.schema,
|
|
|
|
query: query,
|
|
|
|
variables: variables,
|
2017-12-12 18:09:01 +11:00
|
|
|
context,
|
2017-01-13 13:49:25 +02:00
|
|
|
rootValue: optionsObject.rootValue,
|
|
|
|
operationName: operationName,
|
|
|
|
logFunction: optionsObject.logFunction,
|
|
|
|
validationRules: optionsObject.validationRules,
|
2018-05-02 16:40:03 -07:00
|
|
|
formatError: optionsObject.formatError,
|
2017-01-13 13:49:25 +02:00
|
|
|
formatResponse: optionsObject.formatResponse,
|
2017-08-02 13:20:10 +03:00
|
|
|
fieldResolver: optionsObject.fieldResolver,
|
2017-01-13 13:49:25 +02:00
|
|
|
debug: optionsObject.debug,
|
2017-08-09 16:57:17 +02:00
|
|
|
tracing: optionsObject.tracing,
|
2017-10-23 19:01:02 -07:00
|
|
|
cacheControl: optionsObject.cacheControl,
|
2017-01-13 13:49:25 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
if (optionsObject.formatParams) {
|
|
|
|
params = optionsObject.formatParams(params);
|
|
|
|
}
|
|
|
|
|
2017-01-23 09:39:42 +02:00
|
|
|
return runQuery(params);
|
2017-01-13 13:49:25 +02:00
|
|
|
} catch (e) {
|
2017-01-18 10:49:13 +02:00
|
|
|
// Populate any HttpQueryError to our handler which should
|
|
|
|
// convert it to Http Error.
|
2018-01-09 00:08:01 +01:00
|
|
|
if (e.name === 'HttpQueryError') {
|
2017-01-23 09:39:42 +02:00
|
|
|
return Promise.reject(e);
|
2017-01-18 10:49:13 +02:00
|
|
|
}
|
|
|
|
|
2018-05-02 16:40:03 -07:00
|
|
|
return Promise.resolve({
|
|
|
|
errors: formatApolloErrors([e], {
|
|
|
|
formatter: optionsObject.formatError,
|
|
|
|
debug,
|
|
|
|
logFunction: optionsObject.logFunction,
|
|
|
|
}),
|
|
|
|
});
|
2017-01-13 13:49:25 +02:00
|
|
|
}
|
2017-01-23 09:39:42 +02:00
|
|
|
});
|
|
|
|
const responses = await Promise.all(requests);
|
2017-01-13 13:49:25 +02:00
|
|
|
|
|
|
|
if (!isBatch) {
|
|
|
|
const gqlResponse = responses[0];
|
2018-04-17 21:19:44 -07:00
|
|
|
//This code is run on parse/validation errors and any other error that
|
|
|
|
//doesn't reach GraphQL execution
|
2017-01-13 13:49:25 +02:00
|
|
|
if (gqlResponse.errors && typeof gqlResponse.data === 'undefined') {
|
|
|
|
throw new HttpQueryError(400, JSON.stringify(gqlResponse), true, {
|
|
|
|
'Content-Type': 'application/json',
|
|
|
|
});
|
|
|
|
}
|
|
|
|
return JSON.stringify(gqlResponse);
|
|
|
|
}
|
|
|
|
|
|
|
|
return JSON.stringify(responses);
|
|
|
|
}
|