Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

v1: Integration support #94

Merged
merged 6 commits into from
Nov 9, 2022
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions Documentation/features/graphql-over-http.md
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ GraphQL spec define how a GraphQL operation is supposed to be performed through

Pioneer have a feature to specify how operations can be handled through HTTP. There are situations where a GraphQL API should not perform something like mutations through HTTP **GET**, or the user of the library preffered just using HTTP **POST** for all operations (excluding subscriptions).

[HTTPStrategy](https://swiftpackageindex.com/d-exclaimation/pioneer/0.10.1/documentation/pioneer/pioneer/httpstrategy-swift.enum) is a enum that can be passed in as one of the arguments when initializing Pioneer to specify which approach you prefer.
[HTTPStrategy](https://swiftpackageindex.com/d-exclaimation/pioneer/documentation/pioneer/pioneer/httpstrategy-swift.enum) is a enum that can be passed in as one of the arguments when initializing Pioneer to specify which approach you prefer.

```swift #3
Pioneer(
Expand Down Expand Up @@ -62,7 +62,7 @@ Pioneer uses the same mechanic to prevent these types of attacks as [Apollo Serv
If you set the http strategy to `.queryOnlyGet` or `.onlyPost` and as long as you ensure that only mutations can have side effects, you are somewhat protected from the "side effects" aspect of CSRFs even without enabling CSRF protection.
!!!

To enable it, just change the [HTTPStrategy](#http-strategy) to [.csrfPrevention](https://swiftpackageindex.com/d-exclaimation/pioneer/0.10.1/documentation/pioneer/pioneer/httpstrategy-swift.enum/csrfprevention), which will add additional restrictions to any GraphQL request going through HTTP.
To enable it, just change the [HTTPStrategy](#http-strategy) to [.csrfPrevention](https://swiftpackageindex.com/d-exclaimation/pioneer/documentation/pioneer/pioneer/httpstrategy-swift.enum/csrfprevention), which will add additional restrictions to any GraphQL request going through HTTP.

```swift
let server = Pioneer(
Expand Down
2 changes: 1 addition & 1 deletion Documentation/getting-started.md
Original file line number Diff line number Diff line change
Expand Up @@ -314,7 +314,7 @@ try app.run()

### Pioneer as Vapor middleware

Finally, apply Pioneer to Vapor as a [middleware](https://swiftpackageindex.com/d-exclaimation/pioneer/0.10.1/documentation/pioneer/pioneer/vapormiddleware).
Finally, apply Pioneer to Vapor as a [middleware](https://swiftpackageindex.com/d-exclaimation/pioneer/documentation/pioneer/pioneer/vapormiddleware).

```swift #18-25 main.swift
import Pioneer
Expand Down
20 changes: 11 additions & 9 deletions Documentation/v1/migrating.md
Original file line number Diff line number Diff line change
Expand Up @@ -128,30 +128,32 @@ In [**v1**](/), Pioneer will use the same path for all of those, and will instea
### New defaults

Pioneer will now defaults to
- [.csrfPrevention](https://swiftpackageindex.com/d-exclaimation/pioneer/0.10.1/documentation/pioneer/pioneer/httpstrategy-swift.enum/csrfprevention) for its [HTTPStrategy](/features/graphql-over-http/#http-strategy)
- [.sandbox](https://swiftpackageindex.com/d-exclaimation/pioneer/0.10.1/documentation/pioneer/pioneer/ide/sandbox) for its [WebSocket Protocol](/features/graphql-over-websocket/#websocket-subprotocol)
- [.csrfPrevention](https://swiftpackageindex.com/d-exclaimation/pioneer/documentation/pioneer/pioneer/httpstrategy-swift.enum/csrfprevention) for its [HTTPStrategy](/features/graphql-over-http/#http-strategy)
- [.sandbox](https://swiftpackageindex.com/d-exclaimation/pioneer/documentation/pioneer/pioneer/ide/sandbox) for its [WebSocket Protocol](/features/graphql-over-websocket/#websocket-subprotocol)
- `30` seconds for the keep alive interval for GraphQL over WebSocket

### WebSocket callbacks

Some WebSocket callbacks are now exposed as functions in Pioneer. These can be used to add a custom WebSocket layer.

- [.receiveMessage](https://swiftpackageindex.com/d-exclaimation/pioneer/0.10.1/documentation/pioneer/pioneer)
- [.receiveMessage](https://swiftpackageindex.com/d-exclaimation/pioneer/documentation/pioneer/pioneer)
- Callback to be called for each WebSocket message
- [.initialiseClient](https://swiftpackageindex.com/d-exclaimation/pioneer/0.10.1/documentation/pioneer/pioneer)
- [.initialiseClient](https://swiftpackageindex.com/d-exclaimation/pioneer/documentation/pioneer/pioneer)
- Callback after getting a GraphQL over WebSocket initialisation message according to the given protocol
- [.executeLongOperation](https://swiftpackageindex.com/d-exclaimation/pioneer/0.10.1/documentation/pioneer/pioneer)
- [.executeLongOperation](https://swiftpackageindex.com/d-exclaimation/pioneer/documentation/pioneer/pioneer)
- Callback to run long running operation using Pioneer
- [.executeShortOperation](https://swiftpackageindex.com/d-exclaimation/pioneer/0.10.1/documentation/pioneer/pioneer)
- [.executeShortOperation](https://swiftpackageindex.com/d-exclaimation/pioneer/documentation/pioneer/pioneer)
- Callback to run short lived operation using Pioneer

### Pioneer capabilities

Some other capabilities of Pioneer is now exposed:

- [.allowed](https://swiftpackageindex.com/d-exclaimation/pioneer/0.10.1/documentation/pioneer/pioneer/allowed(from:allowing:)), Check if a GraphQL request is allowed given the allowed list of operations
- [.allowed](https://swiftpackageindex.com/d-exclaimation/pioneer/documentation/pioneer/pioneer/allowed(from:allowing:)), Check if a GraphQL request is allowed given the allowed list of operations

- [.csrfVulnerable](https://swiftpackageindex.com/d-exclaimation/pioneer/0.10.1/documentation/pioneer/pioneer/csrfvulnerable(given:)), Check if the headers given show signs of CSRF and XS-Search vulnerability
- [.csrfVulnerable](https://swiftpackageindex.com/d-exclaimation/pioneer/documentation/pioneer/pioneer/csrfvulnerable(given:)), Check if the headers given show signs of CSRF and XS-Search vulnerability

- [.executeHTTPGraphQLRequest](https://swiftpackageindex.com/d-exclaimation/pioneer/documentation/pioneer/pioneer/csrfvulnerable(given:)), Execute an operation for a given [HTTPGraphQLRequest](https://swiftpackageindex.com/d-exclaimation/pioneer/documentation/pioneer/pioneer/httpgraphqlrequest) and returns [HTTPGraphQLResponse](https://swiftpackageindex.com/d-exclaimation/pioneer/documentation/pioneer/pioneer/httpgraphqlresponse)

### ConnectionParams to Payload

Expand All @@ -172,7 +174,7 @@ These are simplified list of things that changed
- Manually perform CSRF vulnerability checks and HTTP Strategy check
- Uses 1 path for all types of operations
- Open opportunity for other web framework integrations
- Changed defaults to [.csrfPrevention](https://swiftpackageindex.com/d-exclaimation/pioneer/0.10.1/documentation/pioneer/pioneer/httpstrategy-swift.enum/csrfprevention) for HTTP strategy, [.graphqlWs](https://swiftpackageindex.com/d-exclaimation/pioneer/0.10.1/documentation/pioneer/pioneer/websocketprotocol-swift.enum/graphqlws) for WebSocket protocol, and [.sandbox](https://swiftpackageindex.com/d-exclaimation/pioneer/0.10.1/documentation/pioneer/pioneer/ide/sandbox) for GraphQL IDE.
- Changed defaults to [.csrfPrevention](https://swiftpackageindex.com/d-exclaimation/pioneer/documentation/pioneer/pioneer/httpstrategy-swift.enum/csrfprevention) for HTTP strategy, [.graphqlWs](https://swiftpackageindex.com/d-exclaimation/pioneer/documentation/pioneer/pioneer/websocketprotocol-swift.enum/graphqlws) for WebSocket protocol, and [.sandbox](https://swiftpackageindex.com/d-exclaimation/pioneer/documentation/pioneer/pioneer/ide/sandbox) for GraphQL IDE.

[!badge variant="danger" text="Removed"](#tradeoff)

Expand Down
Loading