fix(GraphQL): expose request cookies in "cookies" argument (#1853)

mswjs · Nov 12, 2023 · 463b74f · 463b74f
1 parent e628278
commit 463b74f
Show file tree

Hide file tree

Showing 2 changed files with 118 additions and 5 deletions.
diff --git a/src/core/handlers/GraphQLHandler.ts b/src/core/handlers/GraphQLHandler.ts
@@ -19,6 +19,7 @@ import {
 } from '../utils/internal/parseGraphQLRequest'
 import { getPublicUrlFromRequest } from '../utils/request/getPublicUrlFromRequest'
 import { devUtils } from '../utils/internal/devUtils'
+import { getAllRequestCookies } from '../utils/request/getRequestCookies'
 
 export type ExpectedOperationTypeNode = OperationTypeNode | 'all'
 export type GraphQLHandlerNameSelector = DocumentNode | RegExp | string
@@ -34,6 +35,7 @@ export type GraphQLResolverExtras<Variables extends GraphQLVariables> = {
   query: string
   operationName: string
   variables: Variables
+  cookies: Record<string, string | Array<string>>
 }
 
 export type GraphQLRequestBody<VariablesType extends GraphQLVariables> =
@@ -114,14 +116,32 @@ export class GraphQLHandler extends RequestHandler<
     this.endpoint = endpoint
   }
 
-  async parse(args: { request: Request }) {
-    return parseGraphQLRequest(args.request).catch((error) => {
-      console.error(error)
+  async parse(args: {
+    request: Request
+  }): Promise<ParsedGraphQLRequest<GraphQLVariables>> {
+    const parsedResult = await parseGraphQLRequest(args.request).catch(
+      (error) => {
+        console.error(error)
+        return undefined
+      },
+    )
+
+    if (typeof parsedResult === 'undefined') {
       return undefined
-    })
+    }
+
+    return {
+      query: parsedResult.query,
+      operationType: parsedResult.operationType,
+      operationName: parsedResult.operationName,
+      variables: parsedResult.variables,
+    }
   }
 
-  predicate(args: { request: Request; parsedResult: ParsedGraphQLRequest }) {
+  predicate(args: {
+    request: Request
+    parsedResult: ParsedGraphQLRequest<GraphQLVariables>
+  }) {
     if (!args.parsedResult) {
       return false
     }
@@ -160,10 +180,13 @@ Consider naming this operation or using "graphql.operation()" request handler to
     request: Request
     parsedResult: ParsedGraphQLRequest<GraphQLVariables>
   }) {
+    const cookies = getAllRequestCookies(args.request)
+
     return {
       query: args.parsedResult?.query || '',
       operationName: args.parsedResult?.operationName || '',
       variables: args.parsedResult?.variables || {},
+      cookies,
     }
   }
 

diff --git a/test/node/graphql-api/cookies.test.ts b/test/node/graphql-api/cookies.test.ts
@@ -0,0 +1,90 @@
+/**
+ * @vitest-environment node
+ */
+import { graphql, HttpResponse } from 'msw'
+import { setupServer } from 'msw/node'
+
+const server = setupServer(
+  graphql.query('GetUser', ({ cookies }) => {
+    const { session } = cookies
+
+    if (!session) {
+      return HttpResponse.json({
+        errors: [
+          {
+            name: 'Unauthorized',
+            message: 'Must be authorized to query "GetUser"',
+          },
+        ],
+      })
+    }
+
+    return HttpResponse.json({
+      data: {
+        user: {
+          name: 'John',
+        },
+      },
+    })
+  }),
+)
+
+beforeAll(() => {
+  server.listen()
+})
+
+afterAll(() => {
+  server.close()
+})
+
+it('responds to a GraphQL query when the request has the cookies', async () => {
+  const response = await fetch('http://localhost/graphql', {
+    method: 'POST',
+    headers: {
+      Cookie: 'session=superSecret',
+      'Content-Type': 'application/json',
+    },
+    body: JSON.stringify({
+      query: `
+        query GetUser {
+          user {
+            name
+          }
+        }
+      `,
+    }),
+  })
+  const result = await response.json()
+
+  expect(result.data).toEqual({
+    user: { name: 'John' },
+  })
+  expect(result.errors).toBeUndefined()
+})
+
+it('errors on a GraphQL query when the request is missig the cookies', async () => {
+  const response = await fetch('http://localhost/graphql', {
+    method: 'POST',
+    headers: {
+      'Content-Type': 'application/json',
+    },
+    body: JSON.stringify({
+      query: `
+        query GetUser {
+          user {
+            name
+          }
+        }
+      `,
+    }),
+  })
+  const result = await response.json()
+
+  expect(result.errors).toEqual([
+    {
+      name: 'Unauthorized',
+      message: 'Must be authorized to query "GetUser"',
+    },
+  ])
+  expect(result.data).toBeUndefined()
+})