From d6a76254d197c14902762ff944b0af32126d7b6f Mon Sep 17 00:00:00 2001 From: Adam Scarr Date: Tue, 31 Jul 2018 23:47:23 +1000 Subject: [PATCH] Add missing variable validation --- Gopkg.lock | 5 +++-- example/todo/todo.go | 2 +- handler/graphql.go | 7 ++++++- handler/websocket.go | 7 ++++++- 4 files changed, 16 insertions(+), 5 deletions(-) diff --git a/Gopkg.lock b/Gopkg.lock index cb992303c34..85008b51271 100644 --- a/Gopkg.lock +++ b/Gopkg.lock @@ -176,7 +176,7 @@ [[projects]] branch = "master" - digest = "1:a59dc1530d6a590c18eca216936bace5fefc6fb4af18fb5a1cb44a9c5e0c6bc5" + digest = "1:80b5cf44d45e12f0e9b1665cf564b123a292850ce80128342e4c74b57a42c3b1" name = "github.com/vektah/gqlparser" packages = [ ".", @@ -188,7 +188,7 @@ "validator/rules", ] pruneopts = "UT" - revision = "8098ed8dcb1ed81bd39ac117a2fc33b08d5eaaf0" + revision = "9d2a87e05c6d27ae2bab1bc914aaa9c21cf35d9a" [[projects]] branch = "master" @@ -262,6 +262,7 @@ "github.com/vektah/gqlparser", "github.com/vektah/gqlparser/ast", "github.com/vektah/gqlparser/gqlerror", + "github.com/vektah/gqlparser/validator", "golang.org/x/tools/go/loader", "golang.org/x/tools/imports", "gopkg.in/yaml.v2", diff --git a/example/todo/todo.go b/example/todo/todo.go index d9aa4ea7f7f..087e58c2e16 100644 --- a/example/todo/todo.go +++ b/example/todo/todo.go @@ -1,4 +1,4 @@ -//go:generate gorunpkg github.com/vektah/gqlgen --out generated.go -v +//go:generate gorunpkg github.com/vektah/gqlgen --out generated.go package todo diff --git a/handler/graphql.go b/handler/graphql.go index 43e953d6c92..fb943b68aaa 100644 --- a/handler/graphql.go +++ b/handler/graphql.go @@ -12,6 +12,7 @@ import ( "github.com/vektah/gqlparser" "github.com/vektah/gqlparser/ast" "github.com/vektah/gqlparser/gqlerror" + "github.com/vektah/gqlparser/validator" ) type params struct { @@ -167,7 +168,11 @@ func GraphQL(exec graphql.ExecutableSchema, options ...Option) http.HandlerFunc return } - reqCtx := cfg.newRequestContext(doc, reqParams.Query, reqParams.Variables) + vars, err := validator.VariableValues(exec.Schema(), op, reqParams.Variables) + if err != nil { + sendError(w, http.StatusUnprocessableEntity, err) + } + reqCtx := cfg.newRequestContext(doc, reqParams.Query, vars) ctx := graphql.WithRequestContext(r.Context(), reqCtx) defer func() { diff --git a/handler/websocket.go b/handler/websocket.go index 40f9052bbbf..8af56ae7f6e 100644 --- a/handler/websocket.go +++ b/handler/websocket.go @@ -13,6 +13,7 @@ import ( "github.com/vektah/gqlparser" "github.com/vektah/gqlparser/ast" "github.com/vektah/gqlparser/gqlerror" + "github.com/vektah/gqlparser/validator" ) const ( @@ -148,7 +149,11 @@ func (c *wsConnection) subscribe(message *operationMessage) bool { return true } - reqCtx := c.cfg.newRequestContext(doc, reqParams.Query, reqParams.Variables) + vars, err := validator.VariableValues(c.exec.Schema(), op, reqParams.Variables) + if err != nil { + c.sendError(message.ID, err) + } + reqCtx := c.cfg.newRequestContext(doc, reqParams.Query, vars) ctx := graphql.WithRequestContext(c.ctx, reqCtx) if op.Operation != ast.Subscription {