graphql-go / handler Goto Github PK

I'm working with Apollo Node application that merges schemas from multiple remote GraphQL API. One of the remotes uses graphql-go and graphql-go/handler. There is an issue with schema introspection when using Link API of Apollo resulting to graphql-go to not accept the request.

The response to introspection query is

{"0":{"message":"Must provide an operation.","locations":[]}}

The graphql-go/handler documentation says that the operation name is mandatory when the query contains multiple operations. AFAIK, the introspection only has one operation.

When using Apollo Fetcher API, the introspection seems works. Cannot 100% verify at the moment, since I need to run some more tests.

Based on what I've read from the Apollo documentation and viewed their source code, the introspection should be very similar with both. Even in the source code the Apollo Link is converted to Apollo Fetch.

Of course I cannot be certain that the bug is on Go side of the GraphQL, but I'm assuming so, since the other remote service that publish GraphQL APIs work with both Link/Fetcher. The other services use Apollo server.

Go Handler version used is 0.2.1

The documentation for the above mentioned Apollo APIs

Hi,

Just wondering what the best way to abort multiple mutations in a single graphql call, currently I have moved the following code :
if h.resultCallbackFn != nil {
h.resultCallbackFn(ctx, &params, result, buff)
}

To just after the line : result := graphql.Do(params)

This way I can verify if all the mutations supplied to the graphql endpoint have been saved to the database and passes any extra validation as required for our business logic, if this fails, I am able to here fail the entire set of mutations.

Would prefer to use the library "as is" without modifying it, as I assume you guys are the ones in the know what is right and wrong with using this library, do you recommend a better solution, or have a done an acceptable solution ?

Thanks in advance
Cheers
Jason

Hi, I have problem that i do not know how to pass context to each resolver and i cannot find it on google. Could anybody help me ?

Every time I start my GraphQL server, the order of all properties, enums and parameters as shown in GraphiQL or as parsed with GraphQL CLI changes. These tools just take the order as it comes from the server and display it. I think handler should order all these properties alphabetically to have a consistent output of the callable schema at the endpoint where the graphql-go handler operates.

how to solve this problem

How do I attach a custom header to a request?
Thanks

I create server graphql api. Can i get ip address client from handler for use in Resolve

Related: graphql-go/graphql#52

Hey¡

I can't install it

./handler.go:147:47: formattedError.OriginalError undefined (type gqlerrors.FormattedError has no field or method OriginalError)

There is a vulnerability in Go url parsing. More on that here: https://www.oxeye.io/blog/golang-parameter-smuggling-attack

In a nutshell, the method Query() ignores the error produced by another function when finding a semicolon when parsing the query.
The solution is to replace usage of query = r.URL.Query() with query, err = url.ParseQuery(r.URL.RawQuery) to avoid ignoring the error produced by finding a semicolon when parsing the query.

0: {message: "Unknown type "__Type".", locations: [{line: 20, column: 24}]}
1: {message: "Unknown type "__InputValue".", locations: [{line: 53, column: 26}]}
2: {message: "Unknown type "__Type".", locations: [{line: 60, column: 23}]}

full source code https://github.com/kokizzu/gotro/blob/master/W2/example/main_restApi_graphql.GEN.go

The graphql library has been tagged with v0.7.7 with the formatting error changes: https://github.com/graphql-go/graphql/tree/v0.7.7

Will this repo be getting a tagged version soon that correlates to that tag on the graphql repo?

The repository has not been recently released. As a result, The Playground config field is only available on master branch. When using dep or go mod, we need to manually switch to master branch.

Now there isn't any code set the response Content-Type header, and it's text/plain; charset=utf-8 by default.

The current GraphiQL interface served by the handler sends GraphQL subscriptions over HTTP, which is not expected to work. This article describes how GraphiQL can be set up with a custom fetcher that does subscriptions over a GraphQL WebSocket.

It would be great if the handler would support this to work with GraphQL servers that implement WS subscriptions.

Somehow field is showing deprecated
screenshot
code :

package main

import (
	"fmt"
	"net/http"

	"github.com/graphql-go/graphql"
	"github.com/graphql-go/handler"
)

var schema, _ = graphql.NewSchema(
	graphql.SchemaConfig{
		Query: graphql.NewObject(
			graphql.ObjectConfig{
				Name: "Query",
				Fields: graphql.Fields{
					"healthz": &graphql.Field{
						Type: graphql.String,
						Resolve: func(p graphql.ResolveParams) (interface{}, error) {
							return "ok", nil
						},
					},
				},
			},
		),
		Mutation: graphql.NewObject(
			graphql.ObjectConfig{
				Name: "Mutation",
				Fields: graphql.Fields{
					"healthz": &graphql.Field{
						Type: graphql.String,
						Resolve: func(p graphql.ResolveParams) (interface{}, error) {
							return "ok", nil
						},
					},
				},
			},
		),
	},
)

var port = ":8080"

func main() {

	http.Handle("/", handler.New(&handler.Config{
		Schema:     &schema,
		GraphiQL:   false,
		Playground: true,
	}))
	fmt.Println("Now server is running on port " + port)
	http.ListenAndServe(port, nil)
}

how to remove deprecated directive ?

First, thank you for the hard work to make such a great library :kudos

So I see from the example and found that mutation can be requested using GET method:

https://github.com/graphql-go/graphql/blob/f02a1c961028d3ba7ac6bb22eaa09b31a2cb53dd/examples/crud/main.go#L136-L139

and look like that is by design. See line 68 below tries to get the query from query string. And I can't find a way to disable the GET method.

Because I am concerned that this is open for CSRF attack when you use Cookie authentication. Or am I missing something?

FYI: Apollo itself doesn't allow mutation request via GET method.

In https://github.com/graphql-go/handler/blob/master/handler.go#L148
how about modifying it to

h.ContextHandler(r.Context(), w, r)

The idea is in that the middleware can add something in the request's context and pass it further to the handler that passes it further to the GraphQL query. The example is a cookie value.

I cannot use subscriptions with the graphical interface.
I tried to solve the issue with #69 but I still get

client.js:1603 WebSocket connection to 'ws://localhost:7000/subscriptions' failed: Error during WebSocket handshake: Sent non-empty 'Sec-WebSocket-Protocol' header but no response was received

the same code works with the playground. any pointers??

I am reading simple answers not answered, ignored pulled requests.

I'm looking to be able to log a stack trace when one of my field resolvers panics.

Currently, I get something like this:

        { "query": "query AllAttributes() {attributes(key: $value) {names}}", "variables": {}  } 
        
         [
        	{
        		"message": "runtime error: invalid memory address or nil pointer dereference",
        		"locations": []
        	}
        ]

I've tried to FormatErrorFn which works well for regular errors that get bubbled up, but by the time it gets triggered, the panic's stack trace is missing. I believe the defer-recover function in executor.go completeValueCatchingError would need to capture the stack in debug.Stack() and stash it on the gqlerrors.Error.

I'm happy to attempt to implement it and open a PR, but I'd like to make sure I wasn't missing something first.

Browser console error is:

GET https://cdn.jsdelivr.net/npm/graphql-playground-react/build/static/css/index.css net::ERR_CERT_AUTHORITY_INVALID
GET https://cdn.jsdelivr.net/npm/graphql-playground-react/build/static/js/middleware.js net::ERR_CERT_AUTHORITY_INVALID
GET https://cdn.jsdelivr.net/npm/graphql-playground-react/build/logo.png net::ERR_CERT_AUTHORITY_INVALID
Uncaught ReferenceError: GraphQLPlayground is not defined
    at http://localhost:8080/v1/library?query={book(id:%221001%22){id,title,body}}:50:7
GET https://cdn.jsdelivr.net/npm/graphql-playground-react/build/favicon.png net::ERR_CERT_AUTHORITY_INVALID

For authorization I need to send tokens inside an optional header configuration exposed on the graphql server. Unless I'm blind, or it's meant for the graphql-go package and not this one, I can't see it anywhere.

How to differentiate the GraphiQL route from the GraphQL URL itself? I think currently it will always have the same URL? My use-case is I want to secure my GraphQL URL but have different behavior for GraphiQL.

Playground could work in latest tagged version.

Add options for rootValue and graphiql just as in express-graphql
I'll try to do this if I get the time.

Is there any way that I can set up the header of response for some doctypes?

Hi, it is really frustrating to create a complete Output object/New object when you have a ready type.
also, it sucks to changes both in times of need.

Is there a way to covert golang type to Object?

e.g:
type User struct{
id string
name string
}

to

graphql.ObjectConfig{
Name: "User",
Fields: graphql.Fields{
"id": &graphql.Field{Type: graphql.ID},
"name": &graphql.Field{Type: graphql.String},
},
Description: "Users ",
}

Thank you!