hiro/apollo-server
1
0
Fork 0
mirror of https://github.com/vale981/apollo-server synced 2025-03-06 02:01:40 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix(graphql-server-core): validation for get queries

Browse source
This commit is contained in:
Hagai Cohen 2017-06-12 22:07:28 +03:00 committed by Jonas Helfer
parent 62c6445c58
commit 56c346e296
5 changed files with 7 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
packages/graphql-server-core/src/runHttpQuery.ts
View file

@ -74,12 +74,7 @@ export async function runHttpQuery(handlerArguments: Array<any>, request: HttpQu
try {
let query = requestParams.query;
if ( isGetRequest ) {
if (typeof query === 'string') {
// preparse the query incase of GET so we can assert the operation.
query = parse(query);
}
if ( ! isQueryOperation(query, requestParams.operationName) ) {
if ( ! isQueryOperation(parse(query), requestParams.operationName) ) {
throw new HttpQueryError(405, `GET supports only query operation`, false, {
'Allow': 'POST',
});

1
packages/graphql-server-core/src/runQuery.ts
View file

@ -94,6 +94,7 @@ function doRunQuery(options: QueryOptions): Promise<ExecutionResult> {
logFunction({action: LogAction.request, step: LogStep.status, key: 'operationName', data: options.operationName});
// if query is already an AST, don't parse or validate
// XXX: This refers the operations-store flow.
if (typeof options.query === 'string') {
try {
// TODO: time this with log function

3
packages/graphql-server-express/src/apolloServerHttp.test.ts
View file

@ -351,7 +351,6 @@ describe(`GraphQL-HTTP (apolloServer) tests for ${version} express`, () => {
it('handles type validation (GET)', async () => {
const app = express();
app.use(urlString(), bodyParser.json());
app.use(urlString(), graphqlExpress({
schema: TestSchema
}));
@ -359,7 +358,7 @@ describe(`GraphQL-HTTP (apolloServer) tests for ${version} express`, () => {
const response = await request(app)
.get(urlString({ query: '{notExists}' }))
expect(response.status).to.equal(200);
expect(response.status).to.equal(400);
expect(JSON.parse(response.text)).to.deep.equal({
errors: [ {
message: 'Cannot query field \"notExists\" on type \"QueryRoot\".',

1
packages/graphql-server-restify/src/restifyApollo.test.ts
View file

@ -4,7 +4,6 @@ import { graphiqlRestify, graphqlRestify } from './restifyApollo';
import testSuite, { schema, CreateAppOptions } from 'graphql-server-integration-testsuite';
import { expect } from 'chai';
import { GraphQLOptions } from 'graphql-server-core';
import 'mocha';
function createApp(options: CreateAppOptions = {}) {
const server = restify.createServer({

5
test/tests.js
View file

@ -9,6 +9,9 @@ require('../packages/graphql-server-express/dist/connectApollo.test');
require('../packages/graphql-server-hapi/dist/hapiApollo.test');
(NODE_MAJOR_VERSION >= 6) && require('../packages/graphql-server-micro/dist/microApollo.test');
(NODE_MAJOR_VERSION >= 7) && require('../packages/graphql-server-koa/dist/koaApollo.test');
require('../packages/graphql-server-restify/dist/restifyApollo.test');
require('../packages/graphql-server-lambda/dist/lambdaApollo.test');
require('../packages/graphql-server-express/dist/apolloServerHttp.test');
// XXX: Running restify last as it breaks http.
// for more info: https://github.com/restify/node-restify/issues/700
require('../packages/graphql-server-restify/dist/restifyApollo.test');