package serv import ( "encoding/json" "errors" "io" "io/ioutil" "net/http" "github.com/dosco/super-graph/core" "github.com/dosco/super-graph/internal/serv/internal/auth" "github.com/rs/cors" "go.opencensus.io/plugin/ochttp" "go.opencensus.io/trace" "go.uber.org/zap" ) const ( maxReadBytes = 100000 // 100Kb introspectionQuery = "IntrospectionQuery" ) var ( errUnauthorized = errors.New("not authorized") ) type gqlReq struct { OpName string `json:"operationName"` Query string `json:"query"` Vars json.RawMessage `json:"variables"` } type errorResp struct { Error string `json:"error"` } func apiV1Handler() http.Handler { h, err := auth.WithAuth(http.HandlerFunc(apiV1), &conf.Auth) if err != nil { log.Fatalf("ERR %s", err) } if len(conf.AllowedOrigins) != 0 { c := cors.New(cors.Options{ AllowedOrigins: conf.AllowedOrigins, AllowCredentials: true, Debug: conf.DebugCORS, }) return c.Handler(h) } return h } func apiV1(w http.ResponseWriter, r *http.Request) { ct := r.Context() w.Header().Set("Content-Type", "application/json") //nolint: errcheck if conf.AuthFailBlock && !auth.IsAuth(ct) { renderErr(w, errUnauthorized) return } b, err := ioutil.ReadAll(io.LimitReader(r.Body, maxReadBytes)) if err != nil { renderErr(w, err) return } defer r.Body.Close() req := gqlReq{} err = json.Unmarshal(b, &req) if err != nil { renderErr(w, err) return } doLog := true res, err := sg.GraphQL(ct, req.Query, req.Vars) if conf.telemetryEnabled() { span := trace.FromContext(ct) span.AddAttributes( trace.StringAttribute("operation", res.OperationName()), trace.StringAttribute("query_name", res.QueryName()), trace.StringAttribute("role", res.Role()), ) if err != nil { span.AddAttributes(trace.StringAttribute("error", err.Error())) } ochttp.SetRoute(ct, apiRoute) } if !conf.Production && res.QueryName() == introspectionQuery { doLog = false } if doLog && logLevel >= LogLevelDebug { log.Printf("DBG query %s: %s", res.QueryName(), res.SQL()) } if err == nil { if conf.CacheControl != "" && res.Operation() == core.OpQuery { w.Header().Set("Cache-Control", conf.CacheControl) } //nolint: errcheck json.NewEncoder(w).Encode(res) if doLog && logLevel >= LogLevelInfo { zlog.Info("success", zap.String("op", res.OperationName()), zap.String("name", res.QueryName()), zap.String("role", res.Role()), ) } } else { renderErr(w, err) if doLog && logLevel >= LogLevelInfo { zlog.Error("error", zap.String("op", res.OperationName()), zap.String("name", res.QueryName()), zap.String("role", res.Role()), zap.Error(err), ) } } } //nolint: errcheck func renderErr(w http.ResponseWriter, err error) { if err == errUnauthorized { w.WriteHeader(http.StatusUnauthorized) } json.NewEncoder(w).Encode(errorResp{err.Error()}) }