super-graph/serv/http.go

package serv

import (
	"encoding/json"
	"errors"
	"io"
	"io/ioutil"
	"net/http"
	"strings"
	"time"

	"github.com/rs/cors"
)

const (
	maxReadBytes       = 100000 // 100Kb
	introspectionQuery = "IntrospectionQuery"
	openVar            = "{{"
	closeVar           = "}}"
)

var (
	errUnauthorized = errors.New("not authorized")
)

type gqlReq struct {
	OpName string          `json:"operationName"`
	Query  string          `json:"query"`
	Vars   json.RawMessage `json:"variables"`
	ref    string
	role   string
	hdr    http.Header
}

type gqlResp struct {
	Error      string          `json:"message,omitempty"`
	Data       json.RawMessage `json:"data,omitempty"`
	Extensions *extensions     `json:"extensions,omitempty"`
}

type extensions struct {
	Tracing *trace `json:"tracing,omitempty"`
}

type trace struct {
	Version   int           `json:"version"`
	StartTime time.Time     `json:"startTime"`
	EndTime   time.Time     `json:"endTime"`
	Duration  time.Duration `json:"duration"`
	Execution execution     `json:"execution"`
}

type execution struct {
	Resolvers []resolver `json:"resolvers"`
}

type resolver struct {
	Path        []string      `json:"path"`
	ParentType  string        `json:"parentType"`
	FieldName   string        `json:"fieldName"`
	ReturnType  string        `json:"returnType"`
	StartOffset int           `json:"startOffset"`
	Duration    time.Duration `json:"duration"`
}

func apiV1Handler() http.Handler {
	h := withAuth(http.HandlerFunc(apiV1), conf.Auth)

	if len(conf.AllowedOrigins) != 0 {
		c := cors.New(cors.Options{
			AllowedOrigins:   conf.AllowedOrigins,
			AllowCredentials: true,
			Debug:            conf.DebugCORS,
		})
		h = c.Handler(h)
	}

	return h
}
func apiV1(w http.ResponseWriter, r *http.Request) {
	ctx := &coreContext{Context: r.Context()}

	//nolint: errcheck
	if conf.AuthFailBlock && !authCheck(ctx) {
		w.WriteHeader(http.StatusUnauthorized)
		json.NewEncoder(w).Encode(gqlResp{Error: errUnauthorized.Error()})
		return
	}

	b, err := ioutil.ReadAll(io.LimitReader(r.Body, maxReadBytes))
	if err != nil {
		errlog.Error().Err(err).Msg("failed to read request body")
		errorResp(w, err)
		return
	}
	defer r.Body.Close()

	err = json.Unmarshal(b, &ctx.req)
	if err != nil {
		errlog.Error().Err(err).Msg("failed to decode json request body")
		errorResp(w, err)
		return
	}

	if strings.EqualFold(ctx.req.OpName, introspectionQuery) {
		introspect(w)
		return
	}

	err = ctx.handleReq(w, r)

	//nolint: errcheck
	if err == errUnauthorized {
		w.WriteHeader(http.StatusUnauthorized)
		json.NewEncoder(w).Encode(gqlResp{Error: err.Error()})
		return
	}

	if err != nil {
		errlog.Error().Err(err).Msg(ctx.req.Query)
		errorResp(w, err)
		return
	}
}

//nolint: errcheck
func errorResp(w http.ResponseWriter, err error) {
	json.NewEncoder(w).Encode(gqlResp{Error: err.Error()})
}
First commit 2019-03-24 14:57:29 +01:00			`package serv`

			`import (`
			`"encoding/json"`
			`"errors"`
			`"io"`
			`"io/ioutil"`
			`"net/http"`
			`"strings"`
Add SQL execution timing and tracing 2019-04-01 14:55:46 +02:00			`"time"`
Add ability to set CORS headers 2020-03-06 05:17:51 +01:00
			`"github.com/rs/cors"`
First commit 2019-03-24 14:57:29 +01:00			`)`

			`const (`
Add support for GraphQL variables 2019-04-19 07:55:03 +02:00			`maxReadBytes = 100000 // 100Kb`
First commit 2019-03-24 14:57:29 +01:00			`introspectionQuery = "IntrospectionQuery"`
			`openVar = "{{"`
			`closeVar = "}}"`
			`)`

			`var (`
Add support for GraphQL variables 2019-04-19 07:55:03 +02:00			`errUnauthorized = errors.New("not authorized")`
First commit 2019-03-24 14:57:29 +01:00			`)`

			`type gqlReq struct {`
Add insert mutation with bulk insert 2019-09-05 06:09:56 +02:00			OpName string `json:"operationName"`
			Query string `json:"query"`
			Vars json.RawMessage `json:"variables"`
Add support for prepared statements 2019-07-29 07:13:33 +02:00			`ref string`
Get RBAC working for queries and mutations 2019-10-24 08:07:42 +02:00			`role string`
Add database seeding capability 2019-09-20 06:19:11 +02:00			`hdr http.Header`
First commit 2019-03-24 14:57:29 +01:00			`}`

			`type gqlResp struct {`
Optimize prepared statement flow for RBAC 2019-10-25 06:01:22 +02:00			Error string `json:"message,omitempty"`
			Data json.RawMessage `json:"data,omitempty"`
Add fetch by ID feature 2019-04-04 06:53:24 +02:00			Extensions *extensions `json:"extensions,omitempty"`
Add SQL execution timing and tracing 2019-04-01 14:55:46 +02:00			`}`

			`type extensions struct {`
Add fetch by ID feature 2019-04-04 06:53:24 +02:00			Tracing *trace `json:"tracing,omitempty"`
Add SQL execution timing and tracing 2019-04-01 14:55:46 +02:00			`}`

			`type trace struct {`
			Version int `json:"version"`
			StartTime time.Time `json:"startTime"`
			EndTime time.Time `json:"endTime"`
			Duration time.Duration `json:"duration"`
			Execution execution `json:"execution"`
			`}`

			`type execution struct {`
			Resolvers []resolver `json:"resolvers"`
			`}`

			`type resolver struct {`
			Path []string `json:"path"`
			ParentType string `json:"parentType"`
			FieldName string `json:"fieldName"`
			ReturnType string `json:"returnType"`
			StartOffset int `json:"startOffset"`
			Duration time.Duration `json:"duration"`
First commit 2019-03-24 14:57:29 +01:00			`}`

Add ability to set CORS headers 2020-03-06 05:17:51 +01:00			`func apiV1Handler() http.Handler {`
			`h := withAuth(http.HandlerFunc(apiV1), conf.Auth)`

			`if len(conf.AllowedOrigins) != 0 {`
			`c := cors.New(cors.Options{`
			`AllowedOrigins: conf.AllowedOrigins,`
			`AllowCredentials: true,`
			`Debug: conf.DebugCORS,`
			`})`
			`h = c.Handler(h)`
			`}`

			`return h`
			`}`
Add HTTP GZip compression 2019-12-31 07:30:20 +01:00			`func apiV1(w http.ResponseWriter, r *http.Request) {`
Add REST API stitching 2019-05-13 01:27:26 +02:00			`ctx := &coreContext{Context: r.Context()}`
First commit 2019-03-24 14:57:29 +01:00
Move license from MIT to Apache 2.0. Add Makefile 2019-11-28 07:25:46 +01:00			`//nolint: errcheck`
			`if conf.AuthFailBlock && !authCheck(ctx) {`
Block unauthorized requests when 'anon' role is not defined 2019-11-02 22:13:17 +01:00			`w.WriteHeader(http.StatusUnauthorized)`
			`json.NewEncoder(w).Encode(gqlResp{Error: errUnauthorized.Error()})`
First commit 2019-03-24 14:57:29 +01:00			`return`
			`}`

Add support for GraphQL variables 2019-04-19 07:55:03 +02:00			`b, err := ioutil.ReadAll(io.LimitReader(r.Body, maxReadBytes))`
First commit 2019-03-24 14:57:29 +01:00			`if err != nil {`
Fix bug with compiling anon queries 2019-11-25 08:22:33 +01:00			`errlog.Error().Err(err).Msg("failed to read request body")`
First commit 2019-03-24 14:57:29 +01:00			`errorResp(w, err)`
			`return`
			`}`
Fix issues with JWT auth 2019-11-15 07:35:19 +01:00			`defer r.Body.Close()`
First commit 2019-03-24 14:57:29 +01:00
Add end-to-end benchmaking 2019-06-17 07:58:00 +02:00			`err = json.Unmarshal(b, &ctx.req)`
			`if err != nil {`
Fix bug with compiling anon queries 2019-11-25 08:22:33 +01:00			`errlog.Error().Err(err).Msg("failed to decode json request body")`
First commit 2019-03-24 14:57:29 +01:00			`errorResp(w, err)`
			`return`
			`}`

Add REST API stitching 2019-05-13 01:27:26 +02:00			`if strings.EqualFold(ctx.req.OpName, introspectionQuery) {`
Add built in 'anon' and 'user' roles 2019-10-15 08:30:19 +02:00			`introspect(w)`
First commit 2019-03-24 14:57:29 +01:00			`return`
			`}`

Add REST API stitching 2019-05-13 01:27:26 +02:00			`err = ctx.handleReq(w, r)`
First commit 2019-03-24 14:57:29 +01:00
Move license from MIT to Apache 2.0. Add Makefile 2019-11-28 07:25:46 +01:00			`//nolint: errcheck`
Add support for GraphQL variables 2019-04-19 07:55:03 +02:00			`if err == errUnauthorized {`
Optimize prepared statement flow for RBAC 2019-10-25 06:01:22 +02:00			`w.WriteHeader(http.StatusUnauthorized)`
			`json.NewEncoder(w).Encode(gqlResp{Error: err.Error()})`
			`return`
First commit 2019-03-24 14:57:29 +01:00			`}`

			`if err != nil {`
Fix issues blocking Apollo client 2020-03-14 06:35:42 +01:00			`errlog.Error().Err(err).Msg(ctx.req.Query)`
First commit 2019-03-24 14:57:29 +01:00			`errorResp(w, err)`
Fix issues with JWT auth 2019-11-15 07:35:19 +01:00			`return`
First commit 2019-03-24 14:57:29 +01:00			`}`
Add SQL execution timing and tracing 2019-04-01 14:55:46 +02:00			`}`
Add REST API stitching 2019-05-13 01:27:26 +02:00
Move license from MIT to Apache 2.0. Add Makefile 2019-11-28 07:25:46 +01:00			`//nolint: errcheck`
Add REST API stitching 2019-05-13 01:27:26 +02:00			`func errorResp(w http.ResponseWriter, err error) {`
			`json.NewEncoder(w).Encode(gqlResp{Error: err.Error()})`
			`}`