Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Lets through Postman / Curl requests #419

Open
nazariyv opened this issue Apr 28, 2022 · 2 comments
Open

Lets through Postman / Curl requests #419

nazariyv opened this issue Apr 28, 2022 · 2 comments

Comments

@nazariyv
Copy link

Hi,

I have a tartiflette server with aiohttp_cors, here is my main file:

import asyncio
import logging
import os
import sys
from typing import Optional, Union
import aiohttp_cors

from aiohttp import web
from tartiflette_aiohttp import register_graphql_handlers

from api.resolvers import consts


async def on_startup(app):
    cors = aiohttp_cors.setup(
        app,
        defaults={
            "https://domain.com": aiohttp_cors.ResourceOptions(
                allow_credentials=True,
                expose_headers="*",
                allow_headers="*",
                allow_methods=["POST", "OPTIONS"]
            ),
            "https://domain2.com": aiohttp_cors.ResourceOptions(
                allow_credentials=True,
                expose_headers="*",
                allow_headers="*",
                allow_methods=["POST", "OPTIONS"]
            ),
            "https://www.domain2.com": aiohttp_cors.ResourceOptions(
                allow_credentials=True,
                expose_headers="*",
                allow_headers="*",
                allow_methods=["POST", "OPTIONS"]
            )
        }
    )

    for route in list(app.router.routes()):
        print(route)
        cors.add(route)

    # for resource in app.router.resources():
    #     cors.add(resource)


class Server:
    def __init__(
        self,
        graphiql_debug: Optional[bool] = False,
    ) -> None:

        self.graphiql_debug = graphiql_debug

    def __call__(self) -> None:

        loop = asyncio.get_event_loop()

        app = web.Application()

        register_graphql_handlers(
            app,
            engine_sdl=f"{os.path.dirname(os.path.abspath(__file__))}/sdl",
            engine_modules=[
                "api.resolvers.query",
                "api.resolvers.mutation",
                "api.sdl.scalars",
            ],
            executor_http_endpoint="/graphql",
            executor_http_methods=["POST"],
            graphiql_enabled=self.graphiql_debug,
        )

        # https://gist.github.com/briggleman/0b422351aa7bcb797c71af887fa75c5f
        # cors
        app.on_startup.append(on_startup)

        web.run_app(app, port=5000)

        return 0


def main():
    """Graphql Server Entrypoint"""

    log_file = "test.log"
    logging.basicConfig(
        filename=log_file,
        level=logging.DEBUG,
        format="%(relativeCreated)6d %(process)d %(message)s",
    )

    graphiql_debug = False if consts.IS_PROD else True
    server = Server(graphiql_debug=graphiql_debug)

    server()

However, this is still letting through Postman / Curl requests. What am I missing here?
@Too-Far
Copy link

Too-Far commented Apr 28, 2022

Same ^

@CastilloLuis
Copy link

we've been struggling with the same issue here. We had to disable it but it is not the "best" option for releasing prod

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@nazariyv @CastilloLuis @Too-Far