Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

When sourceStream errors, yield a { errors: [...] } response #1127

Open
wants to merge 6 commits into
base: main
Choose a base branch
from

Conversation

benjie
Copy link
Member

@benjie benjie commented Nov 21, 2024

See https://github.com/graphql/graphql-spec/pull/1099/files#r1799509253

Currently if sourceStream generates an error, then responseStream repeats the error. This is the behavior implemented in graphql-js and is problematic.

GraphQL captures execution errors and wraps them in an { errors: [...] } payload for query and mutation operations; it should do the same for stream errors in a subscription operation.

This PR makes this change. It is technically a breaking change, I think, so will require careful thought.

leebyron and others added 5 commits June 11, 2024 10:36
This makes a few changes to the Subscriptions section where we're
talking about event streams in an attempt to make it more clear about
what's going on.

- Revised variable names from "fieldStream" to "sourceStream" to make it
  easier to trace variables through algorithms.

- Rewrote the "Event Streams" definition to be more clear about "emit"
  keyword and have clear paragraphs on completion and cancellation.

- Rewrote the `MapSourceToResponseEvent` algorithm to be a correctly
  formatted algorithm with a return statement at the end. Introduced a
  new "When" keyword to describe event subscriptions. Added explicit
  sections on passing back cancellation (discussed in WG) as well as
  completion with error (not discussed, but I realized was also left
  ambiguous)
@benjie
Copy link
Member Author

benjie commented Nov 21, 2024

Closing in favour of an inline edit

@benjie benjie closed this Nov 21, 2024
@benjie benjie reopened this Nov 21, 2024
@benjie
Copy link
Member Author

benjie commented Nov 21, 2024

Re-opened since #1099 is editorial whereas this is a behavioural change.

@yaacovCR
Copy link
Contributor

tried a quick implementation at graphql/graphql-js#4302

@benjie benjie changed the title When sourceStream errors, raise an error payload instead When sourceStream errors, yield a { errors: [...] } response Nov 28, 2024
Comment on lines -314 to +317
- Complete {responseStream} with {error}.
- Let {errors} be a list containing {error}.
- Let {response} be an unordered map containing {errors}.
- Emit {response} on {responseStream}.
- Complete {responseStream} normally.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Follow up discussion about whether we need an error event in subscriptions. @benjie @yaacovCR @enisdenjo

From #1099 (comment) :

what about our own code and it's unexpected exceptions?

Our own code is perfect, no exception, never 👌🙂

Jokes aside, I guess there's always the possibility of exceptions such as out of memory, etc...

But there's no language in the spec for this for regular queries (or is there?). Why would there be for subscriptions?

From graphql/graphql-js#4001 (comment)

for example the Nginx proxy reboots, terminating all connections cleanly with an error; or the wifi drops, terminating all connections uncleanly - and we should differentiate these as best we can.

Isn't this out of the realm of the GraphQL spec? If TCP/PHY transport fails well, that's too bad but it's another layer. GraphQL is only concerned about its own applicative layer?

The fact that graphql-sse has been working without an error event seems to be indication that we don't really need this?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Isn't this out of the realm of the GraphQL spec?

Yes, 100%. We cannot mandate that intermediaries generate GraphQL-shaped responses. In fact, we would expect them NOT to do that. That's why making sure that our own errors are formatted like GraphQL errors is so important: so that you know it hasn't originated from an intermediary.

This is why we introduced application/graphql-response+json in the HTTP spec, so that we don't need to HTTP 200 on error. Without that, intermediaries could produce errors in JSON format without them being GraphQL errors, and clients may get confused/crash. The GraphQL response type meant that clients could be sure they originated from GraphQL.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

But there's no language in the spec for this for regular queries (or is there?). Why would there be for subscriptions?

Redirecting to @leebyron comment from #1099 (comment)

where he addresses this:

However it's a lot less obvious what should happen for a stream which encounters an exceptional error after that particular creation algorithm has completed - what is the right behavior? This tries to be explicit to avoid that ambiguity - we should make sure the resulting stream also ends with an error.

Why is it less obvious? Well, one could have made an argument that in the spirit of GraphQL partial data, GraphQL should send a well formatted errors object for that event, and continue processing the response stream. But no! We do the more conservative thing and just end the stream with an error…

Copy link
Contributor

@martinbonnin martinbonnin Nov 28, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

one could have made an argument that in the spirit of GraphQL partial data, GraphQL should send a well formatted errors object for that event, and continue processing the response stream.
We do the more conservative thing and just end the stream with an error…

I'm going to advocate for the 3rd solution: send a well formatted errors object for that event, and complete the response stream normally (which is what this PR does).

This avoids the cognitive load associated with "completes with error" and keeps transport simple (no need for error event, just like graphql-sse).

Users that want to convey additional error information (error code, quota, retry delay, etc...) can do so in error.extension but this is outside the GraphQL spec.

Copy link
Member

@enisdenjo enisdenjo Nov 29, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

My assumption was that an internal error is a spec bug or a bug/unexpected condition within the implementation of the spec (based on @leebyron's comment).

It sounds like @martinbonnin you are suggesting changing:

  - Let {response} be the result of running
    {ExecuteSubscriptionEvent(subscription, schema, variableValues,
    sourceValue)}.
  - If internal {error} was raised:
    - Cancel {sourceStream}.
    - Complete {responseStream} with {error}.

to

  - Let {response} be the result of running
    {ExecuteSubscriptionEvent(subscription, schema, variableValues,
    sourceValue)}.
  - If internal {error} was raised:
    - Cancel {sourceStream}.
    - Let {errors} be a list containing {error}.
    - Let {response} be an unordered map containing {errors}.
    - Emit {response} on {responseStream}.
    - Complete {responseStream} normally.

But what if an internal {error} is raised within these spec lines themselves:

    - Cancel {sourceStream}.
    - Let {errors} be a list containing {error}.
    - Let {response} be an unordered map containing {errors}.
    - Emit {response} on {responseStream}.
    - Complete {responseStream} normally.

In that case, presumably our response stream will complete with that {error}, at least in languages that allow for that construct. For example, in Javascript, the call to next() on the iterator for the response stream will throw . I believe what @leebyron is suggesting is just that this also applies to an internal error raised by {ExecuteSubscriptionEvent()}. I don't see a particular advantage in producing a well-formed {errors} GraphQL response for an internal error raised by {ExecuteSubscriptionEvent()} when we don't do the same for an internal error within other algorithms (e.g. among several, ExecuteQuery()}, although I would say this is not particularly harmful, as @leebyron points out in that comment, internal errors raised within deeper logic could end up being wrapped as field errors.

Basically, because internal errors could happen anywhere, we may have to allow for the fact that our response stream might complete with an {error}. But that's not the expected case, and I am not actually sure for example if that maps to the transport level. So I am not actually sure whether this language needs to be in the spec, or maybe an accompanying note.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @yaacovCR for the detailed comment 🙏

Wrapping the internal/unexpected errors from ExecuteSubscriptions() in a valid GraphQL response is indeed what I had in mind. I agree the asymmetry with ExecuteQuery() isn't great and feels off and might need revisiting.

All in all, I think I'd be happy not mentioning "internal errors" at all. If something unexpected comes up then behaviour is unspecified.

A query might:

  • send HTTP 500
  • send an {errors} GraphQL response
  • terminate the TCP connection
  • leave the TCP connection hanging (not great)
  • ...

A subscription might:

  • send a specific error event
  • send a WebSocket close frame (single connection)
  • send an {errors} GraphQL response
  • terminate the TCP connection
  • leave the TCP connection hanging (not great)
  • ...

It's not great but it's the cold reality of software. If things do not go according to plan well... we can't plan for them.

As of today, we have only one instance of "internal error" in the spec. It's very specific about errors in user resolvers and I wouldn't personally give the term more importance (see also Glossary PR).

Mentioning "internal errors" for the GraphQL code could erode the trust in the algorithms (why would there be an internal error there in the first place?) but also, what if there is an internal error while processing the internal error? And how should that error be represented?

Those are interesting questions but maybe better left out for the GraphQL over HTTP/WebSocket specs?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If you leave that out, then does it mean that if the iterator ever throws an error that implementation is not spec compliant?

Copy link
Contributor

@martinbonnin martinbonnin Dec 2, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@benjie depends what iterators we're talking about?

My current view is that errors in user code must always be wrapped. Those are errors in resolvers for queries/mutations/subscriptions as well as errors raised by the source stream for subscriptions.

Other errors are unhandled. Unhandled errors are spec compliant but the spec doesn't say anything about how they are represented. Similar to HTTP where unhandled errors can be HTTP 500 or something else.

GraphQL has errors/raising/handling. JS has exception/throwing/catching. Other languages may have other terminology.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

send a WebSocket close frame (single connection)

Note that the close message in the frame is limited in size.

Base automatically changed from streams-editorial to main December 5, 2024 19:23
- Let {response} be the result of running
{ExecuteSubscriptionEvent(subscription, schema, variableValues,
sourceValue)}.
- If internal {error} was raised:
Copy link
Contributor

@fotoetienne fotoetienne Dec 5, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should implementations be allowed to recover (in cases where this is possible), returning the error within the response stream and continuing?

Copy link

netlify bot commented Dec 5, 2024

Deploy Preview for graphql-spec-draft ready!

Name Link
🔨 Latest commit 1951969
🔍 Latest deploy log https://app.netlify.com/sites/graphql-spec-draft/deploys/6751fefb6553df0008fe2ec6
😎 Deploy Preview https://deploy-preview-1127--graphql-spec-draft.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

@benjie
Copy link
Member Author

benjie commented Dec 12, 2024

Timestamped link to this being discussed at the GraphQL WG last week:

https://youtu.be/6bW3Xcks5I4?t=3268

I'm going to leave this open to gather more feedback. I think we should bump it to RFC1 though; so I'm going to add it to the Jan WG. Forgot to ask at the last one whilst rushing through the schedule!

@benjie benjie added 💡 Proposal (RFC 1) RFC Stage 1 (See CONTRIBUTING.md) and removed 💭 Strawman (RFC 0) RFC Stage 0 (See CONTRIBUTING.md) labels Jan 9, 2025
@enisdenjo
Copy link
Member

enisdenjo commented Jan 14, 2025

As a part of graphql-ws next major release, on internal errors I've done the: "Complete {responseStream} with {error}" approach. Which is the not breaking change of the spec (but is breaking for graphql-ws).

Example:

  1. Subscribe
  2. Iterable throws
  3. ErrorMessage with the caught error emitted as GraphQLFormattedError ("Complete {responseStream} with {error}")

Alternative approach would be to "Emit {response (with errors)} on {responseStream}" and then "Complete {responseStream} normally" - however, I have decided against this in graphql-ws for two reasons:

  1. It's not aligned with GraphQL-JS and the current spec
  2. If transmit source event stream errors as an error payload graphql-js#4302 lands, graphql-ws will inherit this behaviour

Example:

  1. Subscribe
  2. Iterable throws
  3. NextMessage with the caught error emitted as GraphQLFormattedError (transmit source event stream errors as an error payload graphql-js#4302)
  4. CompleteMessage emitted ("Complete {responseStream} normally")

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
💡 Proposal (RFC 1) RFC Stage 1 (See CONTRIBUTING.md)
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants