125 lines
2.3 KiB
Go
125 lines
2.3 KiB
Go
package serv
|
|
|
|
import (
|
|
"encoding/json"
|
|
"errors"
|
|
"io"
|
|
"io/ioutil"
|
|
"net/http"
|
|
"strings"
|
|
|
|
"github.com/dosco/super-graph/core"
|
|
"github.com/dosco/super-graph/internal/serv/internal/auth"
|
|
"github.com/rs/cors"
|
|
"go.uber.org/zap"
|
|
)
|
|
|
|
const (
|
|
maxReadBytes = 100000 // 100Kb
|
|
introspectionQuery = "IntrospectionQuery"
|
|
)
|
|
|
|
var (
|
|
errUnauthorized = errors.New("not authorized")
|
|
)
|
|
|
|
type gqlReq struct {
|
|
OpName string `json:"operationName"`
|
|
Query string `json:"query"`
|
|
Vars json.RawMessage `json:"variables"`
|
|
}
|
|
|
|
type errorResp struct {
|
|
Error error `json:"error"`
|
|
}
|
|
|
|
func apiV1Handler() http.Handler {
|
|
h, err := auth.WithAuth(http.HandlerFunc(apiV1), &conf.Auth)
|
|
if err != nil {
|
|
log.Fatalf("ERR %s", err)
|
|
}
|
|
|
|
if len(conf.AllowedOrigins) != 0 {
|
|
c := cors.New(cors.Options{
|
|
AllowedOrigins: conf.AllowedOrigins,
|
|
AllowCredentials: true,
|
|
Debug: conf.DebugCORS,
|
|
})
|
|
h = c.Handler(h)
|
|
}
|
|
|
|
return h
|
|
}
|
|
|
|
func apiV1(w http.ResponseWriter, r *http.Request) {
|
|
ct := r.Context()
|
|
|
|
//nolint: errcheck
|
|
if conf.AuthFailBlock && !auth.IsAuth(ct) {
|
|
renderErr(w, errUnauthorized, nil)
|
|
return
|
|
}
|
|
|
|
b, err := ioutil.ReadAll(io.LimitReader(r.Body, maxReadBytes))
|
|
if err != nil {
|
|
renderErr(w, err, nil)
|
|
return
|
|
}
|
|
defer r.Body.Close()
|
|
|
|
req := gqlReq{}
|
|
|
|
err = json.Unmarshal(b, &req)
|
|
if err != nil {
|
|
renderErr(w, err, nil)
|
|
return
|
|
}
|
|
|
|
if strings.EqualFold(req.OpName, introspectionQuery) {
|
|
introspect(w)
|
|
return
|
|
}
|
|
|
|
res, err := sg.GraphQL(ct, req.Query, req.Vars)
|
|
|
|
if logLevel >= LogLevelDebug {
|
|
log.Printf("DBG query %s: %s", res.QueryName(), res.SQL())
|
|
}
|
|
|
|
if err != nil {
|
|
renderErr(w, err, res)
|
|
return
|
|
}
|
|
|
|
json.NewEncoder(w).Encode(res)
|
|
|
|
if logLevel >= LogLevelInfo {
|
|
zlog.Info("success",
|
|
zap.String("op", res.Operation()),
|
|
zap.String("name", res.QueryName()),
|
|
zap.String("role", res.Role()),
|
|
)
|
|
}
|
|
}
|
|
|
|
//nolint: errcheck
|
|
func renderErr(w http.ResponseWriter, err error, res *core.Result) {
|
|
if err == errUnauthorized {
|
|
w.WriteHeader(http.StatusUnauthorized)
|
|
}
|
|
|
|
json.NewEncoder(w).Encode(&errorResp{err})
|
|
|
|
if logLevel >= LogLevelError {
|
|
if res != nil {
|
|
zlog.Error(err.Error(),
|
|
zap.String("op", res.Operation()),
|
|
zap.String("name", res.QueryName()),
|
|
zap.String("role", res.Role()),
|
|
)
|
|
} else {
|
|
zlog.Error(err.Error())
|
|
}
|
|
}
|
|
}
|