apollo-server/src/integrations/expressApollo.ts

import * as express from 'express';
import * as graphql from 'graphql';
import { runQuery } from '../core/runQuery';

import ApolloOptions from './apolloOptions';
import * as GraphiQL from '../modules/renderGraphiQL';

export interface ExpressApolloOptionsFunction {
  (req?: express.Request): ApolloOptions | Promise<ApolloOptions>;
}

// Design principles:
// - there is just one way allowed: POST request with JSON body. Nothing else.
// - simple, fast and secure
//

export interface ExpressHandler {
  (req: express.Request, res: express.Response, next): void;
}

export function apolloExpress(options: ApolloOptions | ExpressApolloOptionsFunction): ExpressHandler {
  if (!options) {
    throw new Error('Apollo Server requires options.');
  }

  if (arguments.length > 1) {
    // TODO: test this
    throw new Error(`Apollo Server expects exactly one argument, got ${arguments.length + 1}`);
  }

  return async (req: express.Request, res: express.Response, next) => {
    let optionsObject: ApolloOptions;
    if (isOptionsFunction(options)) {
      try {
        optionsObject = await options(req);
      } catch (e) {
        res.status(500);
        res.send(`Invalid options provided to ApolloServer: ${e.message}`);
      }
    } else {
      optionsObject = options;
    }

    const formatErrorFn = optionsObject.formatError || graphql.formatError;

    if (req.method !== 'POST') {
      res.setHeader('Allow', 'POST');
      res.status(405);
      res.send('Apollo Server supports only POST requests.');
      return;
    }

    if (!req.body) {
      res.status(500);
      res.send('POST body missing. Did you forget "app.use(bodyParser.json())"?');
      return;
    }

    let b = req.body;
    let isBatch = true;
    // TODO: do something different here if the body is an array.
    // Throw an error if body isn't either array or object.
    if (!Array.isArray(b)) {
      isBatch = false;
      b = [b];
    }

    let responses: Array<graphql.GraphQLResult> = [];
    for (let requestParams of b) {
      try {
        const query = requestParams.query;
        const operationName = requestParams.operationName;
        let variables = requestParams.variables;

        if (typeof variables === 'string') {
          // TODO: catch errors
          variables = JSON.parse(variables);
        }

        let params = {
          schema: optionsObject.schema,
          query: query,
          variables: variables,
          context: optionsObject.context,
          rootValue: optionsObject.rootValue,
          operationName: operationName,
          logFunction: optionsObject.logFunction,
          validationRules: optionsObject.validationRules,
          formatError: formatErrorFn,
          formatResponse: optionsObject.formatResponse,
        };

        if (optionsObject.formatParams) {
          params = optionsObject.formatParams(params);
        }

        responses.push(await runQuery(params));
      } catch (e) {
        responses.push({ errors: [formatErrorFn(e)] });
      }
    }

    res.set('Content-Type', 'application/json');
    if (isBatch) {
      res.send(JSON.stringify(responses));
    } else {
      const gqlResponse = responses[0];
      if (gqlResponse.errors && typeof gqlResponse.data === 'undefined') {
        res.status(400);
      }
      res.send(JSON.stringify(gqlResponse));
    }

  };
}

function isOptionsFunction(arg: ApolloOptions | ExpressApolloOptionsFunction): arg is ExpressApolloOptionsFunction {
  return typeof arg === 'function';
}

/* This middleware returns the html for the GraphiQL interactive query UI
 *
 * GraphiQLData arguments
 *
 * - endpointURL: the relative or absolute URL for the endpoint which GraphiQL will make queries to
 * - (optional) query: the GraphQL query to pre-fill in the GraphiQL UI
 * - (optional) variables: a JS object of variables to pre-fill in the GraphiQL UI
 * - (optional) operationName: the operationName to pre-fill in the GraphiQL UI
 * - (optional) result: the result of the query to pre-fill in the GraphiQL UI
 */

export function graphiqlExpress(options: GraphiQL.GraphiQLData) {
  return (req: express.Request, res: express.Response, next) => {

    const q = req.query || {};
    const query = q.query || '';
    const variables = q.variables || '{}';
    const operationName = q.operationName || '';


    const graphiQLString = GraphiQL.renderGraphiQL({
      endpointURL: options.endpointURL,
      query: query || options.query,
      variables: JSON.parse(variables) || options.variables,
      operationName: operationName || options.operationName,
    });
    res.set('Content-Type', 'text/html');
    res.send(graphiQLString);
  };
}
initial express bindings commit 2016-06-12 22:41:46 -07:00			`import * as express from 'express';`
			`import * as graphql from 'graphql';`
basic working express middleware and export it 2016-06-14 12:03:53 -07:00			`import { runQuery } from '../core/runQuery';`
initial express bindings commit 2016-06-12 22:41:46 -07:00
create common apolloOptions module 2016-07-04 22:03:59 -07:00			`import ApolloOptions from './apolloOptions';`
Core refactor hapi (#36) * Revert "get supertest working for TS" This reverts commit 300b32fa5a1a50b4a66058e9a8de5c0cc5d6f380. * initial hapi plugin * working hapi server * update exports for es6 support 2016-06-18 10:19:51 -07:00			`import * as GraphiQL from '../modules/renderGraphiQL';`
add renderGraphiQL to expressApollo 2016-06-15 20:35:48 -07:00
basic working version of express [WIP] 2016-06-24 16:57:52 -04:00			`export interface ExpressApolloOptionsFunction {`
create common apolloOptions module 2016-07-04 22:03:59 -07:00			`(req?: express.Request): ApolloOptions \| Promise<ApolloOptions>;`
basic working version of express [WIP] 2016-06-24 16:57:52 -04:00			`}`

			`// Design principles:`
			`// - there is just one way allowed: POST request with JSON body. Nothing else.`
			`// - simple, fast and secure`
			`//`
Merge branch 'core-refactor' of github.com:apollostack/apollo-server into core-refactor 2016-06-24 17:12:04 -04:00
Core refactor hapi (#36) * Revert "get supertest working for TS" This reverts commit 300b32fa5a1a50b4a66058e9a8de5c0cc5d6f380. * initial hapi plugin * working hapi server * update exports for es6 support 2016-06-18 10:19:51 -07:00			`export interface ExpressHandler {`
			`(req: express.Request, res: express.Response, next): void;`
			`}`

rename api (#44) * rename api * change express api name 2016-07-06 11:45:20 -07:00			`export function apolloExpress(options: ApolloOptions \| ExpressApolloOptionsFunction): ExpressHandler {`
initial express bindings commit 2016-06-12 22:41:46 -07:00			`if (!options) {`
basic working version of express [WIP] 2016-06-24 16:57:52 -04:00			`throw new Error('Apollo Server requires options.');`
initial express bindings commit 2016-06-12 22:41:46 -07:00			`}`
basic working express middleware and export it 2016-06-14 12:03:53 -07:00
initial express bindings commit 2016-06-12 22:41:46 -07:00			`if (arguments.length > 1) {`
basic working version of express [WIP] 2016-06-24 16:57:52 -04:00			`// TODO: test this`
			throw new Error(`Apollo Server expects exactly one argument, got ${arguments.length + 1}`);
initial express bindings commit 2016-06-12 22:41:46 -07:00			`}`
basic working express middleware and export it 2016-06-14 12:03:53 -07:00
allow function returning options promise for graphqlHTTP 2016-06-27 22:19:57 -04:00			`return async (req: express.Request, res: express.Response, next) => {`
create common apolloOptions module 2016-07-04 22:03:59 -07:00			`let optionsObject: ApolloOptions;`
basic working version of express [WIP] 2016-06-24 16:57:52 -04:00			`if (isOptionsFunction(options)) {`
add try/catch and test for rejected options 2016-07-05 14:19:14 -07:00			`try {`
			`optionsObject = await options(req);`
			`} catch (e) {`
			`res.status(500);`
			res.send(`Invalid options provided to ApolloServer: ${e.message}`);
			`}`
basic working version of express [WIP] 2016-06-24 16:57:52 -04:00			`} else {`
			`optionsObject = options;`
			`}`

test rejecting non-whitelisted queries 2016-06-28 21:11:57 -04:00			`const formatErrorFn = optionsObject.formatError \|\| graphql.formatError;`

basic working version of express [WIP] 2016-06-24 16:57:52 -04:00			`if (req.method !== 'POST') {`
			`res.setHeader('Allow', 'POST');`
allow function returning options promise for graphqlHTTP 2016-06-27 22:19:57 -04:00			`res.status(405);`
			`res.send('Apollo Server supports only POST requests.');`
			`return;`
clean up tests 2016-06-27 18:06:15 -04:00			`}`

			`if (!req.body) {`
allow function returning options promise for graphqlHTTP 2016-06-27 22:19:57 -04:00			`res.status(500);`
			`res.send('POST body missing. Did you forget "app.use(bodyParser.json())"?');`
			`return;`
basic working version of express [WIP] 2016-06-24 16:57:52 -04:00			`}`

batching 2016-06-28 00:15:11 -04:00			`let b = req.body;`
			`let isBatch = true;`
move formatError and formatResponse into runQuery 2016-06-27 21:58:22 -04:00			`// TODO: do something different here if the body is an array.`
			`// Throw an error if body isn't either array or object.`
batching 2016-06-28 00:15:11 -04:00			`if (!Array.isArray(b)) {`
			`isBatch = false;`
			`b = [b];`
allow variables to be passed as string 2016-06-26 21:06:37 -04:00			`}`
basic working version of express [WIP] 2016-06-24 16:57:52 -04:00
batching 2016-06-28 00:15:11 -04:00			`let responses: Array<graphql.GraphQLResult> = [];`
			`for (let requestParams of b) {`
test rejecting non-whitelisted queries 2016-06-28 21:11:57 -04:00			`try {`
			`const query = requestParams.query;`
			`const operationName = requestParams.operationName;`
			`let variables = requestParams.variables;`

			`if (typeof variables === 'string') {`
			`// TODO: catch errors`
			`variables = JSON.parse(variables);`
			`}`

			`let params = {`
			`schema: optionsObject.schema,`
			`query: query,`
			`variables: variables,`
add context test 2016-07-17 17:51:41 -07:00			`context: optionsObject.context,`
test rejecting non-whitelisted queries 2016-06-28 21:11:57 -04:00			`rootValue: optionsObject.rootValue,`
			`operationName: operationName,`
			`logFunction: optionsObject.logFunction,`
			`validationRules: optionsObject.validationRules,`
			`formatError: formatErrorFn,`
			`formatResponse: optionsObject.formatResponse,`
			`};`

add comments for parameters to expressApollo 2016-06-29 15:42:32 -04:00			`if (optionsObject.formatParams) {`
			`params = optionsObject.formatParams(params);`
test rejecting non-whitelisted queries 2016-06-28 21:11:57 -04:00			`}`

			`responses.push(await runQuery(params));`
			`} catch (e) {`
			`responses.push({ errors: [formatErrorFn(e)] });`
batching 2016-06-28 00:15:11 -04:00			`}`
clean up tests 2016-06-27 18:06:15 -04:00			`}`

batching 2016-06-28 00:15:11 -04:00			`res.set('Content-Type', 'application/json');`
			`if (isBatch) {`
			`res.send(JSON.stringify(responses));`
			`} else {`
			`const gqlResponse = responses[0];`
clean up tests 2016-06-27 18:06:15 -04:00			`if (gqlResponse.errors && typeof gqlResponse.data === 'undefined') {`
basic working version of express [WIP] 2016-06-24 16:57:52 -04:00			`res.status(400);`
			`}`
move formatError and formatResponse into runQuery 2016-06-27 21:58:22 -04:00			`res.send(JSON.stringify(gqlResponse));`
batching 2016-06-28 00:15:11 -04:00			`}`

add renderGraphiQL to expressApollo 2016-06-15 20:35:48 -07:00			`};`
			`}`

create common apolloOptions module 2016-07-04 22:03:59 -07:00			`function isOptionsFunction(arg: ApolloOptions \| ExpressApolloOptionsFunction): arg is ExpressApolloOptionsFunction {`
basic working version of express [WIP] 2016-06-24 16:57:52 -04:00			`return typeof arg === 'function';`
add test to serve basic request in express 2016-06-17 15:45:35 -07:00			`}`

duplicate GraphiQLData comment in apolloServer 2016-06-29 15:33:24 -04:00			`/* This middleware returns the html for the GraphiQL interactive query UI`
			`*`
			`* GraphiQLData arguments`
			`*`
			`* - endpointURL: the relative or absolute URL for the endpoint which GraphiQL will make queries to`
			`* - (optional) query: the GraphQL query to pre-fill in the GraphiQL UI`
			`* - (optional) variables: a JS object of variables to pre-fill in the GraphiQL UI`
			`* - (optional) operationName: the operationName to pre-fill in the GraphiQL UI`
			`* - (optional) result: the result of the query to pre-fill in the GraphiQL UI`
			`*/`
add comments for parameters to expressApollo 2016-06-29 15:42:32 -04:00
rename api (#44) * rename api * change express api name 2016-07-06 11:45:20 -07:00			`export function graphiqlExpress(options: GraphiQL.GraphiQLData) {`
add renderGraphiQL to expressApollo 2016-06-15 20:35:48 -07:00			`return (req: express.Request, res: express.Response, next) => {`
add location to graphiQL 2016-06-26 15:59:15 -04:00
clean up tests 2016-06-27 18:06:15 -04:00			`const q = req.query \|\| {};`
go back to using es6 compile target 2016-06-27 16:14:49 -04:00			`const query = q.query \|\| '';`
			`const variables = q.variables \|\| '{}';`
			`const operationName = q.operationName \|\| '';`
add location to graphiQL 2016-06-26 15:59:15 -04:00

Core refactor hapi (#36) * Revert "get supertest working for TS" This reverts commit 300b32fa5a1a50b4a66058e9a8de5c0cc5d6f380. * initial hapi plugin * working hapi server * update exports for es6 support 2016-06-18 10:19:51 -07:00			`const graphiQLString = GraphiQL.renderGraphiQL({`
graphiql: rename location to endpointURL 2016-06-29 13:57:21 -04:00			`endpointURL: options.endpointURL,`
add location to graphiQL 2016-06-26 15:59:15 -04:00			`query: query \|\| options.query,`
			`variables: JSON.parse(variables) \|\| options.variables,`
			`operationName: operationName \|\| options.operationName,`
basic working express middleware and export it 2016-06-14 12:03:53 -07:00			`});`
add renderGraphiQL to expressApollo 2016-06-15 20:35:48 -07:00			`res.set('Content-Type', 'text/html');`
			`res.send(graphiQLString);`
basic working express middleware and export it 2016-06-14 12:03:53 -07:00			`};`
initial express bindings commit 2016-06-12 22:41:46 -07:00			`}`