super-graph/serv/http.go

package serv

import (
	"context"
	"encoding/json"
	"errors"
	"fmt"
	"io"
	"io/ioutil"
	"net/http"
	"strings"
	"time"

	"github.com/dosco/super-graph/qcode"
	"github.com/go-pg/pg"
	"github.com/gorilla/websocket"
	"github.com/valyala/fasttemplate"
)

const (
	introspectionQuery = "IntrospectionQuery"
	openVar            = "{{"
	closeVar           = "}}"
)

var (
	upgrader    = websocket.Upgrader{}
	errNoUserID = errors.New("no user_id available")
)

type gqlReq struct {
	OpName    string            `json:"operationName"`
	Query     string            `json:"query"`
	Variables map[string]string `json:"variables"`
}

type gqlResp struct {
	Error      string          `json:"error,omitempty"`
	Data       json.RawMessage `json:"data,omitempty"`
	Extensions *extensions     `json:"extensions,omitempty"`
}

type extensions struct {
	Tracing *trace `json:"tracing,omitempty"`
}

type trace struct {
	Version   int           `json:"version"`
	StartTime time.Time     `json:"startTime"`
	EndTime   time.Time     `json:"endTime"`
	Duration  time.Duration `json:"duration"`
	Execution execution     `json:"execution"`
}

type execution struct {
	Resolvers []resolver `json:"resolvers"`
}

type resolver struct {
	Path        []string      `json:"path"`
	ParentType  string        `json:"parentType"`
	FieldName   string        `json:"fieldName"`
	ReturnType  string        `json:"returnType"`
	StartOffset int           `json:"startOffset"`
	Duration    time.Duration `json:"duration"`
}

func apiv1Http(w http.ResponseWriter, r *http.Request) {
	ctx := r.Context()

	if authFailBlock == authFailBlockAlways && authCheck(ctx) == false {
		http.Error(w, "Not authorized", 401)
		return
	}

	b, err := ioutil.ReadAll(r.Body)
	defer r.Body.Close()
	if err != nil {
		errorResp(w, err)
		return
	}

	req := &gqlReq{}
	if err := json.Unmarshal(b, req); err != nil {
		errorResp(w, err)
		return
	}

	if strings.EqualFold(req.OpName, introspectionQuery) {
		dat, err := ioutil.ReadFile("test.schema")
		if err != nil {
			http.Error(w, err.Error(), http.StatusInternalServerError)
			return
		}
		w.Write(dat)
		return
	}

	qc, err := qcompile.CompileQuery(req.Query)
	if err != nil {
		errorResp(w, err)
		return
	}

	var sqlStmt strings.Builder

	if err := pcompile.Compile(&sqlStmt, qc); err != nil {
		errorResp(w, err)
		return
	}

	t := fasttemplate.New(sqlStmt.String(), openVar, closeVar)
	sqlStmt.Reset()

	_, err = t.Execute(&sqlStmt, varValues(ctx))
	if err == errNoUserID &&
		authFailBlock == authFailBlockPerQuery &&
		authCheck(ctx) == false {
		http.Error(w, "Not authorized", 401)
		return
	}
	if err != nil {
		errorResp(w, err)
		return
	}

	finalSQL := sqlStmt.String()
	if conf.DebugLevel > 0 {
		fmt.Println(finalSQL)
	}
	st := time.Now()

	var root json.RawMessage
	_, err = db.Query(pg.Scan(&root), finalSQL)

	if err != nil {
		errorResp(w, err)
		return
	}

	et := time.Now()
	resp := gqlResp{}

	if conf.EnableTracing {
		resp.Extensions = &extensions{newTrace(st, et, qc)}
	}

	resp.Data = json.RawMessage(root)
	json.NewEncoder(w).Encode(resp)
}

/*
func apiv1Ws(w http.ResponseWriter, r *http.Request) {
	c, err := upgrader.Upgrade(w, r, nil)
	if err != nil {
		fmt.Println(err)
		return
	}
	defer c.Close()
	for {
		mt, message, err := c.ReadMessage()
		if err != nil {
			fmt.Println("read:", err)
			break
		}
		fmt.Printf("recv: %s", message)
		err = c.WriteMessage(mt, message)
		if err != nil {
			fmt.Println("write:", err)
			break
		}
	}
}

func serve(w http.ResponseWriter, r *http.Request) {
	// if websocket.IsWebSocketUpgrade(r) {
	// 	apiv1Ws(w, r)
	// 	return
	// }
	apiv1Http(w, r)
}
*/

func errorResp(w http.ResponseWriter, err error) {
	b, _ := json.Marshal(gqlResp{Error: err.Error()})
	http.Error(w, string(b), http.StatusBadRequest)
}

func authCheck(ctx context.Context) bool {
	return (ctx.Value(userIDKey) != nil)
}

func varValues(ctx context.Context) map[string]interface{} {
	uidFn := fasttemplate.TagFunc(func(w io.Writer, _ string) (int, error) {
		if v := ctx.Value(userIDKey); v != nil {
			return w.Write([]byte(v.(string)))
		}
		return 0, errNoUserID
	})

	uidpFn := fasttemplate.TagFunc(func(w io.Writer, _ string) (int, error) {
		if v := ctx.Value(userIDProviderKey); v != nil {
			return w.Write([]byte(v.(string)))
		}
		return 0, errNoUserID
	})

	return map[string]interface{}{
		"USER_ID":          uidFn,
		"user_id":          uidFn,
		"USER_ID_PROVIDER": uidpFn,
		"user_id_provider": uidpFn,
	}
}

func newTrace(st, et time.Time, qc *qcode.QCode) *trace {
	du := et.Sub(et)

	t := &trace{
		Version:   1,
		StartTime: st,
		EndTime:   et,
		Duration:  du,
		Execution: execution{
			[]resolver{
				resolver{
					Path:        []string{qc.Query.Select.Table},
					ParentType:  "Query",
					FieldName:   qc.Query.Select.Table,
					ReturnType:  "object",
					StartOffset: 1,
					Duration:    du,
				},
			},
		},
	}

	return t
}
First commit 2019-03-24 14:57:29 +01:00			`package serv`

			`import (`
			`"context"`
			`"encoding/json"`
			`"errors"`
			`"fmt"`
			`"io"`
			`"io/ioutil"`
			`"net/http"`
			`"strings"`
Add SQL execution timing and tracing 2019-04-01 14:55:46 +02:00			`"time"`
First commit 2019-03-24 14:57:29 +01:00
Add SQL execution timing and tracing 2019-04-01 14:55:46 +02:00			`"github.com/dosco/super-graph/qcode"`
First commit 2019-03-24 14:57:29 +01:00			`"github.com/go-pg/pg"`
			`"github.com/gorilla/websocket"`
			`"github.com/valyala/fasttemplate"`
			`)`

			`const (`
			`introspectionQuery = "IntrospectionQuery"`
			`openVar = "{{"`
			`closeVar = "}}"`
			`)`

			`var (`
			`upgrader = websocket.Upgrader{}`
			`errNoUserID = errors.New("no user_id available")`
			`)`

			`type gqlReq struct {`
			OpName string `json:"operationName"`
			Query string `json:"query"`
			Variables map[string]string `json:"variables"`
			`}`

			`type gqlResp struct {`
Add SQL execution timing and tracing 2019-04-01 14:55:46 +02:00			Error string `json:"error,omitempty"`
			Data json.RawMessage `json:"data,omitempty"`
Add fetch by ID feature 2019-04-04 06:53:24 +02:00			Extensions *extensions `json:"extensions,omitempty"`
Add SQL execution timing and tracing 2019-04-01 14:55:46 +02:00			`}`

			`type extensions struct {`
Add fetch by ID feature 2019-04-04 06:53:24 +02:00			Tracing *trace `json:"tracing,omitempty"`
Add SQL execution timing and tracing 2019-04-01 14:55:46 +02:00			`}`

			`type trace struct {`
			Version int `json:"version"`
			StartTime time.Time `json:"startTime"`
			EndTime time.Time `json:"endTime"`
			Duration time.Duration `json:"duration"`
			Execution execution `json:"execution"`
			`}`

			`type execution struct {`
			Resolvers []resolver `json:"resolvers"`
			`}`

			`type resolver struct {`
			Path []string `json:"path"`
			ParentType string `json:"parentType"`
			FieldName string `json:"fieldName"`
			ReturnType string `json:"returnType"`
			StartOffset int `json:"startOffset"`
			Duration time.Duration `json:"duration"`
First commit 2019-03-24 14:57:29 +01:00			`}`

			`func apiv1Http(w http.ResponseWriter, r *http.Request) {`
			`ctx := r.Context()`

			`if authFailBlock == authFailBlockAlways && authCheck(ctx) == false {`
			`http.Error(w, "Not authorized", 401)`
			`return`
			`}`

			`b, err := ioutil.ReadAll(r.Body)`
			`defer r.Body.Close()`
			`if err != nil {`
			`errorResp(w, err)`
			`return`
			`}`

			`req := &gqlReq{}`
			`if err := json.Unmarshal(b, req); err != nil {`
			`errorResp(w, err)`
			`return`
			`}`

			`if strings.EqualFold(req.OpName, introspectionQuery) {`
			`dat, err := ioutil.ReadFile("test.schema")`
			`if err != nil {`
			`http.Error(w, err.Error(), http.StatusInternalServerError)`
			`return`
			`}`
			`w.Write(dat)`
			`return`
			`}`

			`qc, err := qcompile.CompileQuery(req.Query)`
			`if err != nil {`
			`errorResp(w, err)`
			`return`
			`}`

			`var sqlStmt strings.Builder`

			`if err := pcompile.Compile(&sqlStmt, qc); err != nil {`
			`errorResp(w, err)`
			`return`
			`}`

			`t := fasttemplate.New(sqlStmt.String(), openVar, closeVar)`
			`sqlStmt.Reset()`

			`_, err = t.Execute(&sqlStmt, varValues(ctx))`
			`if err == errNoUserID &&`
			`authFailBlock == authFailBlockPerQuery &&`
			`authCheck(ctx) == false {`
			`http.Error(w, "Not authorized", 401)`
			`return`
			`}`
			`if err != nil {`
			`errorResp(w, err)`
			`return`
			`}`
Cleanup and redesign config files 2019-04-08 08:47:59 +02:00
First commit 2019-03-24 14:57:29 +01:00			`finalSQL := sqlStmt.String()`
Cleanup and redesign config files 2019-04-08 08:47:59 +02:00			`if conf.DebugLevel > 0 {`
First commit 2019-03-24 14:57:29 +01:00			`fmt.Println(finalSQL)`
			`}`
Add SQL execution timing and tracing 2019-04-01 14:55:46 +02:00			`st := time.Now()`
First commit 2019-03-24 14:57:29 +01:00
			`var root json.RawMessage`
			`_, err = db.Query(pg.Scan(&root), finalSQL)`

			`if err != nil {`
			`errorResp(w, err)`
			`return`
			`}`

Add SQL execution timing and tracing 2019-04-01 14:55:46 +02:00			`et := time.Now()`
			`resp := gqlResp{}`

Cleanup and redesign config files 2019-04-08 08:47:59 +02:00			`if conf.EnableTracing {`
Add fetch by ID feature 2019-04-04 06:53:24 +02:00			`resp.Extensions = &extensions{newTrace(st, et, qc)}`
Add SQL execution timing and tracing 2019-04-01 14:55:46 +02:00			`}`

			`resp.Data = json.RawMessage(root)`
			`json.NewEncoder(w).Encode(resp)`
First commit 2019-03-24 14:57:29 +01:00			`}`

			`/*`
			`func apiv1Ws(w http.ResponseWriter, r *http.Request) {`
			`c, err := upgrader.Upgrade(w, r, nil)`
			`if err != nil {`
			`fmt.Println(err)`
			`return`
			`}`
			`defer c.Close()`
			`for {`
			`mt, message, err := c.ReadMessage()`
			`if err != nil {`
			`fmt.Println("read:", err)`
			`break`
			`}`
			`fmt.Printf("recv: %s", message)`
			`err = c.WriteMessage(mt, message)`
			`if err != nil {`
			`fmt.Println("write:", err)`
			`break`
			`}`
			`}`
			`}`

			`func serve(w http.ResponseWriter, r *http.Request) {`
			`// if websocket.IsWebSocketUpgrade(r) {`
			`// apiv1Ws(w, r)`
			`// return`
			`// }`
			`apiv1Http(w, r)`
			`}`
			`*/`

			`func errorResp(w http.ResponseWriter, err error) {`
			`b, _ := json.Marshal(gqlResp{Error: err.Error()})`
			`http.Error(w, string(b), http.StatusBadRequest)`
			`}`

			`func authCheck(ctx context.Context) bool {`
			`return (ctx.Value(userIDKey) != nil)`
			`}`

			`func varValues(ctx context.Context) map[string]interface{} {`
Add Auth0 JWT support 2019-03-29 03:34:42 +01:00			`uidFn := fasttemplate.TagFunc(func(w io.Writer, _ string) (int, error) {`
First commit 2019-03-24 14:57:29 +01:00			`if v := ctx.Value(userIDKey); v != nil {`
			`return w.Write([]byte(v.(string)))`
			`}`
			`return 0, errNoUserID`
			`})`

Add Auth0 JWT support 2019-03-29 03:34:42 +01:00			`uidpFn := fasttemplate.TagFunc(func(w io.Writer, _ string) (int, error) {`
			`if v := ctx.Value(userIDProviderKey); v != nil {`
			`return w.Write([]byte(v.(string)))`
			`}`
			`return 0, errNoUserID`
			`})`

First commit 2019-03-24 14:57:29 +01:00			`return map[string]interface{}{`
Add Auth0 JWT support 2019-03-29 03:34:42 +01:00			`"USER_ID": uidFn,`
			`"user_id": uidFn,`
			`"USER_ID_PROVIDER": uidpFn,`
			`"user_id_provider": uidpFn,`
First commit 2019-03-24 14:57:29 +01:00			`}`
			`}`
Add SQL execution timing and tracing 2019-04-01 14:55:46 +02:00
			`func newTrace(st, et time.Time, qc qcode.QCode) trace {`
			`du := et.Sub(et)`

			`t := &trace{`
			`Version: 1,`
			`StartTime: st,`
			`EndTime: et,`
			`Duration: du,`
			`Execution: execution{`
			`[]resolver{`
			`resolver{`
			`Path: []string{qc.Query.Select.Table},`
			`ParentType: "Query",`
			`FieldName: qc.Query.Select.Table,`
			`ReturnType: "object",`
			`StartOffset: 1,`
			`Duration: du,`
			`},`
			`},`
			`},`
			`}`

			`return t`
			`}`