Merge pull request #105 from alexsteinerde/custom-validation-rules

NeedleInAJayStack · web-flow · commit 767a2f6ff0c8 · 2023-03-07T18:45:37.000-07:00
Schema validation rules
diff --git a/Sources/Graphiti/API/API.swift b/Sources/Graphiti/API/API.swift
@@ -14,15 +14,17 @@ public extension API {
         context: ContextType,
         on eventLoopGroup: EventLoopGroup,
         variables: [String: Map] = [:],
-        operationName: String? = nil
+        operationName: String? = nil,
+        validationRules: [(ValidationContext) -> Visitor] = []
     ) -> EventLoopFuture<GraphQLResult> {
         return schema.execute(
             request: request,
             resolver: resolver,
             context: context,
             eventLoopGroup: eventLoopGroup,
             variables: variables,
-            operationName: operationName
+            operationName: operationName,
+            validationRules: validationRules
         )
     }
 
@@ -31,15 +33,17 @@ public extension API {
         context: ContextType,
         on eventLoopGroup: EventLoopGroup,
         variables: [String: Map] = [:],
-        operationName: String? = nil
+        operationName: String? = nil,
+        validationRules: [(ValidationContext) -> Visitor] = []
     ) -> EventLoopFuture<SubscriptionResult> {
         return schema.subscribe(
             request: request,
             resolver: resolver,
             context: context,
             eventLoopGroup: eventLoopGroup,
             variables: variables,
-            operationName: operationName
+            operationName: operationName,
+            validationRules: validationRules
         )
     }
 }
@@ -53,15 +57,17 @@ public extension API {
             context: ContextType,
             on eventLoopGroup: EventLoopGroup,
             variables: [String: Map] = [:],
-            operationName: String? = nil
+            operationName: String? = nil,
+            validationRules: [(ValidationContext) -> Visitor] = []
         ) async throws -> GraphQLResult {
             return try await schema.execute(
                 request: request,
                 resolver: resolver,
                 context: context,
                 eventLoopGroup: eventLoopGroup,
                 variables: variables,
-                operationName: operationName
+                operationName: operationName,
+                validationRules: validationRules
             ).get()
         }
 
@@ -71,15 +77,17 @@ public extension API {
             context: ContextType,
             on eventLoopGroup: EventLoopGroup,
             variables: [String: Map] = [:],
-            operationName: String? = nil
+            operationName: String? = nil,
+            validationRules: [(ValidationContext) -> Visitor] = []
         ) async throws -> SubscriptionResult {
             return try await schema.subscribe(
                 request: request,
                 resolver: resolver,
                 context: context,
                 eventLoopGroup: eventLoopGroup,
                 variables: variables,
-                operationName: operationName
+                operationName: operationName,
+                validationRules: validationRules
             ).get()
         }
     }
diff --git a/Sources/Graphiti/Schema/Schema.swift b/Sources/Graphiti/Schema/Schema.swift
@@ -69,10 +69,12 @@ public extension Schema {
         context: Context,
         eventLoopGroup: EventLoopGroup,
         variables: [String: Map] = [:],
-        operationName: String? = nil
+        operationName: String? = nil,
+        validationRules: [(ValidationContext) -> Visitor] = []
     ) -> EventLoopFuture<GraphQLResult> {
         do {
             return try graphql(
+                validationRules: GraphQL.specifiedRules + validationRules,
                 schema: schema,
                 request: request,
                 rootValue: resolver,
@@ -92,10 +94,12 @@ public extension Schema {
         context: Context,
         eventLoopGroup: EventLoopGroup,
         variables: [String: Map] = [:],
-        operationName: String? = nil
+        operationName: String? = nil,
+        validationRules: [(ValidationContext) -> Visitor] = []
     ) -> EventLoopFuture<SubscriptionResult> {
         do {
             return try graphqlSubscribe(
+                validationRules: GraphQL.specifiedRules + validationRules,
                 schema: schema,
                 request: request,
                 rootValue: resolver,
diff --git a/Sources/Graphiti/Validation/NoIntrospectionRule.swift b/Sources/Graphiti/Validation/NoIntrospectionRule.swift
@@ -0,0 +1,10 @@
+import GraphQL
+
+public func NoIntrospectionRule(context: ValidationContext) -> Visitor {
+    return Visitor(enter: { node, _, _, _, _ in
+        if let field = node as? GraphQL.Field, ["__schema", "__type"].contains(field.name.value) {
+            context.report(error: .init(message: "GraphQL introspection is not allowed, but the query contained __schema or __type", nodes: [node]))
+        }
+        return .continue
+    })
+}
diff --git a/Tests/GraphitiTests/ValidationRulesTests.swift b/Tests/GraphitiTests/ValidationRulesTests.swift
@@ -0,0 +1,56 @@
+import Foundation
+@testable import Graphiti
+import GraphQL
+import NIO
+import XCTest
+
+class ValidationRulesTests: XCTestCase {
+    // Test registering custom validation rules
+    func testRegisteringCustomValidationRule() throws {
+        struct TestResolver {
+            var helloWorld: String { "Hellow World" }
+        }
+        
+        let testSchema = try Schema<TestResolver, NoContext> {
+            Query {
+                Field("helloWorld", at: \.helloWorld)
+            }
+        }
+        let api = TestAPI<TestResolver, NoContext>(
+            resolver: TestResolver(),
+            schema: testSchema
+        )
+
+        let group = MultiThreadedEventLoopGroup(numberOfThreads: System.coreCount)
+        defer { try? group.syncShutdownGracefully() }
+
+        XCTAssertEqual(
+            try api.execute(
+                request: """
+                query {
+                  __type(name: "Query") {
+                      name
+                      description
+                    }
+                }
+                """,
+                context: NoContext(),
+                on: group,
+                validationRules: [NoIntrospectionRule]
+            ).wait(),
+            GraphQLResult(errors: [
+                .init(message: "GraphQL introspection is not allowed, but the query contained __schema or __type", locations: [.init(line: 2, column: 3)])
+            ])
+        )
+    }
+}
+
+private class TestAPI<Resolver, ContextType>: API {
+    public let resolver: Resolver
+    public let schema: Schema<Resolver, ContextType>
+
+    init(resolver: Resolver, schema: Schema<Resolver, ContextType>) {
+        self.resolver = resolver
+        self.schema = schema
+    }
+}
