Merge pull request #66 from elgentos/graphql

toonvd · web-flow · commit 6ae9d243f264 · 2025-05-27T09:47:18.000+02:00
#17 makes graphql conform to default Magento and creates tests
diff --git a/.github/workflows/vcl_tests.yml b/.github/workflows/vcl_tests.yml
@@ -20,8 +20,24 @@ jobs:
           FILES=$(ls tests/varnish/*.vtc | jq -R -s -c 'split("\n")[:-1]')
           echo "matrix=${FILES}" >> $GITHUB_OUTPUT
 
+  prepare-cache:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check Docker image cache
+        id: cache-check
+        uses: actions/cache@v3
+        with:
+          path: /tmp/varnish.tar
+          key: docker-varnish
+
+      - name: Pull and cache Docker image
+        if: steps.cache-check.outputs.cache-hit != 'true'
+        run: |
+          docker pull varnish:fresh
+          docker save varnish:fresh > /tmp/varnish.tar
+
   test:
-    needs: get-test-files
+    needs: [get-test-files, prepare-cache]
     runs-on: ubuntu-latest
     strategy:
       fail-fast: false
@@ -31,8 +47,17 @@ jobs:
     steps:
       - uses: actions/checkout@v4
 
+      - name: Load cached Docker image
+        uses: actions/cache@v3
+        with:
+          path: /tmp/varnish.tar
+          key: docker-varnish
+
+      - name: Load Docker image
+        run: docker load < /tmp/varnish.tar
+
       - name: Run Varnish test
         working-directory: tests/varnish
         run: |
           test_file=$(basename ${{ matrix.test_file }})
-          make test_single TEST=${test_file}
+          make test_single TEST=${test_file}
diff --git a/etc/varnish6.vcl b/etc/varnish6.vcl
@@ -184,8 +184,8 @@ sub vcl_recv {
 {{/if}}
     }
 
-    # Don't cache the authenticated GraphQL requests
-    if (req.url ~ "/graphql" && req.http.Authorization ~ "^Bearer") {
+    # Bypass authenticated GraphQL requests without a X-Magento-Cache-Id
+    if (req.url ~ "/graphql" && !req.http.X-Magento-Cache-Id && req.http.Authorization ~ "^Bearer") {
         return (pass);
     }
 
diff --git a/tests/varnish/graphql.vtc b/tests/varnish/graphql.vtc
@@ -0,0 +1,163 @@
+varnishtest "GraphQL X-Magento-Cache-Id validation & cache bypassing"
+
+server s1 {
+    # first request will be the probe, handle it and be on our way
+    rxreq
+    expect req.url == "/health_check.php"
+    txresp
+
+    # the probe expects the connection to close
+    close
+    accept
+
+    # 1. First MISS
+    rxreq
+    expect req.url == "/graphql"
+    expect req.method == "GET"
+    expect req.http.X-Magento-Cache-Id == <undef>
+    txresp
+
+    # 3. UNCACHEABLE (Cache-Id mismatch)
+    rxreq
+    expect req.url == "/graphql"
+    expect req.method == "GET"
+    expect req.http.X-Magento-Cache-Id == "1234"
+    txresp -hdr "X-Magento-Cache-Id: notmatching"
+
+    # 4. MISS with Cache-Id
+    rxreq
+    expect req.url == "/graphql"
+    expect req.method == "GET"
+    expect req.http.X-Magento-Cache-Id == "12345"
+    txresp -hdr "X-Magento-Cache-Id: 12345"
+
+    # 6. MISS with different Cache-Id
+    rxreq
+    expect req.url == "/graphql"
+    expect req.method == "GET"
+    expect req.http.X-Magento-Cache-Id == "12346"
+    txresp -hdr "X-Magento-Cache-Id: 12346"
+
+    # 7. MISS with Store header
+    rxreq
+    expect req.url == "/graphql"
+    expect req.method == "GET"
+    expect req.http.X-Magento-Cache-Id == "12345"
+    expect req.http.Store == "1"
+    txresp -hdr "X-Magento-Cache-Id: 12345" -hdr "Store: 1"
+
+    # 8. MISS with Store and Currency
+    rxreq
+    expect req.url == "/graphql"
+    expect req.method == "GET"
+    expect req.http.X-Magento-Cache-Id == "12345"
+    expect req.http.Store == "1"
+    expect req.http.Content-Currency == "1"
+    txresp -hdr "X-Magento-Cache-Id: 12345" -hdr "Store: 1" -hdr "Content-Currency: 1"
+
+    # 9. UNCACHEABLE with Authorization
+    rxreq
+    expect req.url == "/graphql"
+    expect req.method == "GET"
+    expect req.http.X-Magento-Cache-Id == <undef>
+    expect req.http.Authorization == "Bearer 12345"
+    txresp
+
+    # 10. MISS with Authorization and Cache-Id
+    rxreq
+    expect req.url == "/graphql"
+    expect req.method == "GET"
+    expect req.http.X-Magento-Cache-Id == "12345"
+    expect req.http.Authorization == "Bearer 12345"
+    txresp -hdr "X-Magento-Cache-Id: 12345"
+} -start
+
+# Generate the VCL file based on included variables and write it to output.vcl
+shell {
+    export s1_addr="${s1_addr}"
+    export s1_port="${s1_port}"
+    ${testdir}/helpers/parse_vcl.pl "${testdir}/../../etc/varnish6.vcl" "${tmpdir}/output.vcl"
+}
+
+varnish v1 -arg "-f" -arg "${tmpdir}/output.vcl" -arg "-p" -arg "vsl_mask=+Hash" -start
+
+# make sure the probe request fired
+delay 1
+
+client c1 {
+    txreq -method "GET" -url "/graphql"
+    rxresp
+    expect resp.http.X-Magento-Cache-Debug == "MISS"
+
+    txreq -method "GET" -url "/graphql"
+    rxresp
+    expect resp.http.X-Magento-Cache-Debug == "HIT"
+
+    txreq -method "GET" -url "/graphql" \
+        -hdr "X-Magento-Cache-Id: 1234"
+    rxresp
+    expect resp.http.X-Magento-Cache-Debug == "UNCACHEABLE"
+
+    txreq -method "GET" -url "/graphql" \
+        -hdr "X-Magento-Cache-Id: 12345"
+    rxresp
+    expect resp.http.X-Magento-Cache-Debug == "MISS"
+
+    txreq -method "GET" -url "/graphql" \
+        -hdr "X-Magento-Cache-Id: 12345"
+    rxresp
+    expect resp.http.X-Magento-Cache-Debug == "HIT"
+
+    txreq -method "GET" -url "/graphql" \
+        -hdr "X-Magento-Cache-Id: 12346"
+    rxresp
+    expect resp.http.X-Magento-Cache-Debug == "MISS"
+
+    txreq -method "GET" -url "/graphql" \
+        -hdr "X-Magento-Cache-Id: 12346"
+    rxresp
+    expect resp.http.X-Magento-Cache-Debug == "HIT"
+
+    txreq -method "GET" -url "/graphql" \
+        -hdr "X-Magento-Cache-Id: 12345" \
+        -hdr "Store: 1"
+    rxresp
+    expect resp.http.X-Magento-Cache-Debug == "MISS"
+
+    txreq -method "GET" -url "/graphql" \
+        -hdr "X-Magento-Cache-Id: 12345" \
+        -hdr "Store: 1"
+    rxresp
+    expect resp.http.X-Magento-Cache-Debug == "HIT"
+
+    txreq -method "GET" -url "/graphql" \
+        -hdr "X-Magento-Cache-Id: 12345" \
+        -hdr "Store: 1" \
+        -hdr "Content-Currency: 1"
+    rxresp
+    expect resp.http.X-Magento-Cache-Debug == "MISS"
+
+    txreq -method "GET" -url "/graphql" \
+        -hdr "X-Magento-Cache-Id: 12345" \
+        -hdr "Store: 1" \
+        -hdr "Content-Currency: 1"
+    rxresp
+    expect resp.http.X-Magento-Cache-Debug == "HIT"
+
+    txreq -method "GET" -url "/graphql" \
+        -hdr "Authorization: Bearer 12345"
+    rxresp
+    expect resp.http.X-Magento-Cache-Debug == "UNCACHEABLE"
+
+    txreq -method "GET" -url "/graphql" \
+        -hdr "Authorization: Bearer 12345" \
+        -hdr "X-Magento-Cache-Id: 12345"
+    rxresp
+    expect resp.http.X-Magento-Cache-Debug == "MISS"
+
+    txreq -method "GET" -url "/graphql" \
+        -hdr "Authorization: Bearer 12345" \
+        -hdr "X-Magento-Cache-Id: 12345"
+    rxresp
+    expect resp.http.X-Magento-Cache-Debug == "HIT"
+} -run

Original file line number	Diff line number	Diff line change
`@@ -184,8 +184,8 @@ sub vcl_recv {`
`184`	`184`	`{{/if}}`
`185`	`185`	`}`
`186`	`186`
`187`		`- # Don't cache the authenticated GraphQL requests`
`188`		`- if (req.url ~ "/graphql" && req.http.Authorization ~ "^Bearer") {`
	`187`	`+ # Bypass authenticated GraphQL requests without a X-Magento-Cache-Id`
	`188`	`+ if (req.url ~ "/graphql" && !req.http.X-Magento-Cache-Id && req.http.Authorization ~ "^Bearer") {`
`189`	`189`	`return (pass);`
`190`	`190`	`}`
`191`	`191`