fix(graphql-server-core): validation for get queries

apollographql · Jun 12, 2017 · 0ae313c · 0ae313c
1 parent a84df1e
commit 0ae313c
Show file tree

Hide file tree

Showing 5 changed files with 7 additions and 10 deletions.
diff --git a/packages/graphql-server-core/src/runHttpQuery.ts b/packages/graphql-server-core/src/runHttpQuery.ts
@@ -74,12 +74,7 @@ export async function runHttpQuery(handlerArguments: Array<any>, request: HttpQu
     try {
       let query = requestParams.query;
       if ( isGetRequest ) {
-        if (typeof query === 'string') {
-          // preparse the query incase of GET so we can assert the operation.
-          query = parse(query);
-        }
-
-        if ( ! isQueryOperation(query, requestParams.operationName) ) {
+        if ( ! isQueryOperation(parse(query), requestParams.operationName) ) {
           throw new HttpQueryError(405, `GET supports only query operation`, false, {
             'Allow':  'POST',
           });

diff --git a/packages/graphql-server-core/src/runQuery.ts b/packages/graphql-server-core/src/runQuery.ts
@@ -94,6 +94,7 @@ function doRunQuery(options: QueryOptions): Promise<ExecutionResult> {
     logFunction({action: LogAction.request, step: LogStep.status, key: 'operationName', data: options.operationName});
 
     // if query is already an AST, don't parse or validate
+    // XXX: This refers the operations-store flow.
     if (typeof options.query === 'string') {
         try {
             // TODO: time this with log function

diff --git a/packages/graphql-server-express/src/apolloServerHttp.test.ts b/packages/graphql-server-express/src/apolloServerHttp.test.ts
@@ -351,15 +351,14 @@ describe(`GraphQL-HTTP (apolloServer) tests for ${version} express`, () => {
     it('handles type validation (GET)', async () => {
       const app = express();
 
-      app.use(urlString(), bodyParser.json());
       app.use(urlString(), graphqlExpress({
         schema: TestSchema
       }));
 
       const response = await request(app)
         .get(urlString({ query: '{notExists}' }))
 
-      expect(response.status).to.equal(200);
+      expect(response.status).to.equal(400);
       expect(JSON.parse(response.text)).to.deep.equal({
         errors: [ {
           message: 'Cannot query field \"notExists\" on type \"QueryRoot\".',

diff --git a/packages/graphql-server-restify/src/restifyApollo.test.ts b/packages/graphql-server-restify/src/restifyApollo.test.ts
@@ -4,7 +4,6 @@ import { graphiqlRestify, graphqlRestify } from './restifyApollo';
 import testSuite, { schema, CreateAppOptions } from 'graphql-server-integration-testsuite';
 import { expect } from 'chai';
 import { GraphQLOptions } from 'graphql-server-core';
-import 'mocha';
 
 function createApp(options: CreateAppOptions = {}) {
   const server = restify.createServer({

diff --git a/test/tests.js b/test/tests.js
@@ -9,6 +9,9 @@ require('../packages/graphql-server-express/dist/connectApollo.test');
 require('../packages/graphql-server-hapi/dist/hapiApollo.test');
 (NODE_MAJOR_VERSION >= 6) && require('../packages/graphql-server-micro/dist/microApollo.test');
 (NODE_MAJOR_VERSION >= 7) && require('../packages/graphql-server-koa/dist/koaApollo.test');
-require('../packages/graphql-server-restify/dist/restifyApollo.test');
 require('../packages/graphql-server-lambda/dist/lambdaApollo.test');
 require('../packages/graphql-server-express/dist/apolloServerHttp.test');
+
+// XXX: Running restify last as it breaks http.
+// for more info: https://github.com/restify/node-restify/issues/700
+require('../packages/graphql-server-restify/dist/restifyApollo.test');