Validate variables at the gateway level #3213
Conversation
Currently, the gateway depends on downstream services to report any errors with graphql execution. In the case of invalid variables, it's not necessary to make any fetches or even build a query plan since we can perform that validation when the request is first received. This also guarantees that we surface invalid queries to users, independent of how the downstream services are implemented and what kind of validation _they_ perform on incoming requests.
| @@ -132,6 +134,11 @@ export type UpdateServiceDefinitions = ( | |||
|
|
|||
| type Await<T> = T extends Promise<infer U> ? U : T; | |||
|
|
|||
| type RequestContext<TContext> = WithRequired< | |||
| GraphQLRequestContext<TContext>, | |||
| 'document' | 'queryHash' | |||
There was a problem hiding this comment.
Removed operation from the WithRequired pick list as it's unused.
| return { errors: validationErrors }; | ||
| } | ||
|
|
||
| let queryPlan: QueryPlan | undefined; |
There was a problem hiding this comment.
Added types to this since it was previously inferred as any
|
|
||
| if (!variableDefinitions) return []; | ||
|
|
||
| const { errors } = getVariableValues( |
There was a problem hiding this comment.
iirc, we get the variable values elsewhere in the query planner? I wonder if we can reuse this lookup and prevent having to do it twice?
There was a problem hiding this comment.
I think you're referring to this section where we determine the variables needed for a particular Fetch node: https://github.com/apollographql/apollo-server/blob/master/packages/apollo-gateway/src/executeQueryPlan.ts#L214-L225
I don't see any other references to getVariableValues() within QP (or much interaction with our variables object at all, aside from ^ and our second graphql execution pass).
…3213) Previously, the gateway depended on downstream services to report any errors with graphql execution. In the case of invalid variables, it's not necessary to make any fetches or even build a query plan since we can perform that validation when the request is first received. Validating at the gateway also guarantees that we surface invalid queries to users, independent of how the downstream services are implemented and what kind of validation _they_ perform on incoming requests. Apollo-Orig-Commit-AS: apollographql/apollo-server@e151191
Currently, the gateway depends on downstream services to report any
errors with graphql execution. In the case of invalid variables, it's
not necessary to make any fetches or even build a query plan since
we can perform that validation when the request is first received.
This also guarantees that we surface invalid queries to users,
independent of how the downstream services are implemented and what
kind of validation they perform on incoming requests as seen in this relevant issue: #3153
Fixes #3153