feat: ast input support added #935
Conversation
|
@Ceres6 can you please check if there's a better, more secure (possibly faster) way to handle the JSON parsing? E.g. I came across this https://github.com/fastify/secure-json-parse, but I would check how this is done elsewhere in the codebase, including fastify |
Fastify uses secure-json-parse, which adds some validation and options to the built-in Other options would be using other json-schema validation libraries as joi, ajv, fluent-json-schema, which are used in the Fastify ecosystem. This would require more code to be as precise as possible with the values accepted by the schema, and if we're too strict it could become harder to maintain. WDYT? @simoneb |
Of course. I'll see what error throws in that case to see if we need better error handling to guide the client debug it. |
|
I thought GraphQL does its own validation. Is this direct AST input bypassing that? Scott |
No, it is still be done some lines below in the validation phase. It's just the query -> ast conversion that we're skipping |
|
Test for the invalid AST added. Let me know if you want me to add an example to the examples folder or something to the documentation. |
|
How is it possible that there is a fail in windows 16.x if the only change between this commit and the previous is that I added a test? Besides it is passing in ubuntu 16.x and windows 18.x |
|
Flaky CI maybe? |
|
@mcollina wdyt about json parsing in this PR? is it ok to do it or shall we use a json parsing library such as https://github.com/fastify/secure-json-parse? |
Would |
closes #804
JSON ast can be now used as input.
The change can be tested with the code of the test added at test/app-decorator.js
Comments are welcomed for both performance and security on the use of
JSON.parsefunctionIt should be decided whether this feature is desired.