forked from vektah/gqlparser
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Validate that the operation's root type is valid
Somehow we were not validating this! So you could do
`mutation { bogus }` even if the schema has no mutation types, or worse,
any syntactically valid query if the schema is totally empty. Ideally
we'd prohibit schemas without a query type entirely (spec says they need
one) but that caused some problems in tests and it wouldn't surprise me
if it causes problems in real life too (since an extension schema,
validated on its own, may look the same). So we just prevent it at
query time.
Fixes vektah#221.- Loading branch information
1 parent
d3d9eb0
commit 832bb4a
Showing
3 changed files
with
55 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -487,3 +487,4 @@ | |
| } | ||
| scalar Any | ||
| - "" | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,35 @@ | ||
| package validator | ||
|
|
||
| import ( | ||
| "fmt" | ||
|
|
||
| "github.com/vektah/gqlparser/v2/ast" | ||
| . "github.com/vektah/gqlparser/v2/validator" | ||
| ) | ||
|
|
||
| func init() { | ||
| AddRule("KnownRootType", func(observers *Events, addError AddErrFunc) { | ||
| // A query's root must be a valid type. Surprisingly, this isn't | ||
| // checked anywhere else! | ||
| observers.OnOperation(func(walker *Walker, operation *ast.OperationDefinition) { | ||
| var def *ast.Definition | ||
| switch operation.Operation { | ||
| case ast.Query, "": | ||
| def = walker.Schema.Query | ||
| case ast.Mutation: | ||
| def = walker.Schema.Mutation | ||
| case ast.Subscription: | ||
| def = walker.Schema.Subscription | ||
| default: | ||
| // This shouldn't even parse; if it did we probably need to | ||
| // update this switch block to add the new operation type. | ||
| panic(fmt.Sprintf(`got unknown operation type "%s"`, operation.Operation)) | ||
| } | ||
| if def == nil { | ||
| addError( | ||
| Message(`Schema does not support operation type "%s"`, operation.Operation), | ||
| At(operation.Position)) | ||
| } | ||
| }) | ||
| }) | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,19 @@ | ||
| - name: Known root type | ||
| rule: KnownRootType | ||
| schema: 0 | ||
| query: | | ||
| query { dog { name } } | ||
| - name: Valid root type but not in schema | ||
| rule: KnownRootType | ||
| schema: 0 | ||
| query: | | ||
| mutation { dog { name } } | ||
| errors: | ||
| - message: Schema does not support operation type "mutation" | ||
| - name: Valid root type but schema is entirely empty | ||
| rule: KnownRootType | ||
| schema: 20 | ||
| query: | | ||
| { dog { name } } | ||
| errors: | ||
| - message: Schema does not support operation type "query" |