fix(graphql-server-core): validation for get queries #2

2025-03-06 10:11:40 -05:00 · 2017-06-12 22:50:42 +03:00 · 2017-06-12 22:50:42 +03:00 · 6d26594858
commit 6d26594858
parent 3ba62cb383
3 changed files with 18 additions and 28 deletions
--- a/packages/graphql-server-core/src/runHttpQuery.ts
+++ b/packages/graphql-server-core/src/runHttpQuery.ts
@ -74,7 +74,12 @@ export async function runHttpQuery(handlerArguments: Array<any>, request: HttpQu
    try {
      let query = requestParams.query;
      if ( isGetRequest ) {
-        if ( ! isQueryOperation(parse(query), requestParams.operationName) ) {
+        if (typeof query === 'string') {
+          // preparse the query incase of GET so we can assert the operation.
+          query = parse(query);
+        }
+
+        if ( ! isQueryOperation(query, requestParams.operationName) ) {
          throw new HttpQueryError(405, `GET supports only query operation`, false, {
            'Allow':  'POST',
          });
--- a/packages/graphql-server-core/src/runQuery.test.ts
+++ b/packages/graphql-server-core/src/runQuery.test.ts
@ -151,20 +151,6 @@ describe('runQuery', () => {
      });
  });

-  it('does not run validation if the query is a document', () => {
-      // this would not pass validation, because $base ought to be Int!, not String
-      // what effecively happens is string concatentation, but it's returned as Int
-      const query = parse(`query TestVar($base: String){ testArgumentValue(base: $base) }`);
-      const expected = { testArgumentValue: 15 };
-      return runQuery({
-          schema,
-          query: query,
-          variables: { base: 1 },
-      }).then((res) => {
-          return expect(res.data).to.deep.equal(expected);
-      });
-  });
-
  it('correctly passes in the rootValue', () => {
      const query = `{ testRootValue }`;
      const expected = { testRootValue: 'it also works' };
--- a/packages/graphql-server-core/src/runQuery.ts
+++ b/packages/graphql-server-core/src/runQuery.ts
@ -105,23 +105,22 @@ function doRunQuery(options: QueryOptions): Promise<ExecutionResult> {
            logFunction({action: LogAction.parse, step: LogStep.end});
            return Promise.resolve({ errors: format([syntaxError]) });
        }
-
-        // TODO: time this with log function
-
-        let rules = specifiedRules;
-        if (options.validationRules) {
-          rules = rules.concat(options.validationRules);
-        }
-        logFunction({action: LogAction.validation, step: LogStep.start});
-        const validationErrors = validate(options.schema, documentAST, rules);
-        logFunction({action: LogAction.validation, step: LogStep.end});
-        if (validationErrors.length) {
-            return Promise.resolve({ errors: format(validationErrors) });
-        }
    } else {
        documentAST = options.query as DocumentNode;
    }

+    // TODO: time this with log function
+    let rules = specifiedRules;
+    if (options.validationRules) {
+      rules = rules.concat(options.validationRules);
+    }
+    logFunction({action: LogAction.validation, step: LogStep.start});
+    const validationErrors = validate(options.schema, documentAST, rules);
+    logFunction({action: LogAction.validation, step: LogStep.end});
+    if (validationErrors.length) {
+      return Promise.resolve({ errors: format(validationErrors) });
+    }
+
    try {
        logFunction({action: LogAction.execute, step: LogStep.start});
        return execute(