feat: MGS-5446 adjust varnish config with graphql

roles/cs.varnish/templates/vcl/default.vcl.j2

@@ -26,6 +26,14 @@
 
 {% endblock %}
 
+{% block process_graphql_headers %}
+
+    {% filter indent(width=4) -%}
+    {% include "vcl/subroutines/process_graphql_headers.vcl.j2" %}
+    {% endfilter %}
+
+{% endblock %}
+
 {% block vcl_backend_fetch %}
 
     {% filter indent(width=4) -%}

roles/cs.varnish/templates/vcl/subroutines/hash.vcl.j2

@@ -1,4 +1,4 @@
-if (req.http.cookie ~ "X-Magento-Vary=") {
+if ((req.url !~ "/graphql" || !req.http.X-Magento-Cache-Id) && req.http.cookie ~ "X-Magento-Vary=") {
     hash_data(regsub(req.http.cookie, "^.*?X-Magento-Vary=([^;]+);*.*$", "\1"));
 }
 
@@ -12,4 +12,8 @@ if (req.http.host) {
 # To make sure http users don't see ssl warning
 if (req.http.X-Forwarded-Proto) {
     hash_data(req.http.X-Forwarded-Proto);
+}
+
+if (req.url ~ "/graphql") {
+    call process_graphql_headers;
 }

roles/cs.varnish/templates/vcl/subroutines/process_graphql_headers.vcl.j2

@@ -0,0 +1,16 @@
+if (req.http.X-Magento-Cache-Id) {
+    hash_data(req.http.X-Magento-Cache-Id);
+
+    # When the frontend stops sending the auth token, make sure users stop getting results cached for logged-in users
+    if (req.http.Authorization ~ "^Bearer") {
+        hash_data("Authorized");
+    }
+}
+
+if (req.http.Store) {
+    hash_data(req.http.Store);
+}
+
+if (req.http.Content-Currency) {
+    hash_data(req.http.Content-Currency);
+}

roles/cs.varnish/templates/vcl/subroutines/recv.vcl.j2

@@ -277,4 +277,9 @@ if (req.http.cookie ~ "X-Magento-Vary=") {
  # therefore this function mainly as workaround to this limitation. #}
 {% endif %}
 
+# Bypass authenticated GraphQL requests without a X-Magento-Cache-Id
+if (req.url ~ "/graphql" && !req.http.X-Magento-Cache-Id && req.http.Authorization ~ "^Bearer") {
+    return (pass);
+}
+
 return (hash);