elasticgraph-query_registry 0.18.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: f8e00afd5a4658acd8711b2a9ac9056e7edd348d17285c12e26be6b75d2123b1
+  data.tar.gz: ed78fad975a7b3c924623a481525c63ecae576c254319174e20c2e8d32344e84
+SHA512:
+  metadata.gz: d140a563082e3fe1f7612a8f9a859a48a7d35027b8a06c4fdd2d4b5358cf3b1e27def9e4a518389a88ee68a9e844deda7c6fd9279f8ae0ea007233f2394fb358
+  data.tar.gz: 597d37c7f2e9eff342393a5d7888e57eb5f450a8206ab55f563f1cd72fdedbd5026ef13392f206481e35bbc39f77157a35dce7638e74a4a50daba7db7a343e07

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2024 Block, Inc.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,139 @@
+# ElasticGraph::QueryRegistry
+
+`ElasticGraph::QueryRegistry` provides a simple source-controlled query
+registry for ElasticGraph applications. This is designed for cases where
+the clients of your application are other internal teams in your organization,
+who are willing to register their queries before using them.
+
+Query registration provides a few key benefits:
+
+* It gives you as the application owner the chance to vet queries and
+  give feedback to your clients. Queries may not initially be written
+  in the most optimal way (e.g. leveraging your sharding strategy), so
+  the review process gives you a chance to provide feedback.
+* It allows you to provide stronger guarantees around schema changes.
+  Tooling is included that will validate each and every registered query
+  against your schema as part of your CI build, allowing you to quickly
+  iterate on your schema without needing to check if you'll break clients.
+* It allows you to control the data clients have access to. When
+  a client attempts to register a query accessing fields they aren't
+  allowed to, you can choose not to approve the query. Once setup and
+  configured, this library will block clients from submitting queries
+  that have not been registered.
+* Your GraphQL endpoint will be a bit more efficient. Parsing large
+  GraphQL queries can be a bit slow (in our testing, a 10 KB query
+  string takes about ~10ms to parse), and the registry will cache and
+  reuse the parsed form of registered queries.
+
+Importantly, once installed, registered clients who send unregistered
+queries will get errors. Unregistered clients can similarly be blocked
+if desired based on a configuration setting.
+
+## Query Verification Guarantees
+
+The query verification provided by this library is limited in scope. It
+only checks to see if the queries and schema are compatible (in the sense
+that the ElasticGraph endpoint will be able to successfully respond to
+the queries). It does _not_ give any guarantee that a schema change is
+100% safe for clients. For example, if you change a non-null field to be
+nullable, it has no impact on ElasticGraph's ability to respond to a query
+(and the verification performed by this library will allow it), but it may
+break the client (e.g. if the client's usage of the response assumes
+non-null field values).
+
+When changing the GraphQL schema of an ElasticGraph application, you
+will still need to consider how it may impact clients, but you won't
+need to worry about ElasticGraph beginning to return errors to any
+existing queries.
+
+## Directory Structure
+
+This library uses a directory as the registry. Conventionally, this
+would go in `config/queries` but it can really go anywhere. The directory
+structure will look like this:
+
+```
+config
+└── queries
+    ├── client1
+    │   ├── query1.graphql
+    │   └── query2.graphql
+    ├── client2
+    └── client3
+        └── query1.graphql
+```
+
+Within the registry directory, there is a subdirectory for each
+registered client. Each client directory contains that client's
+registered queries as a set of `*.graphql` files (the extension is
+required). Note that a client can be registered with no
+associated queries (such as `client2`, above). This can be important
+when you have configured `allow_unregistered_clients: true`. With
+this setup, `client2` will not be able to submit any queries, but
+a completely unregistered client (say, `client4`) will be able to
+execute any query.
+
+## Setup
+
+First, add `elasticgraph-query_registry` to your `Gemfile`:
+
+``` ruby
+gem "elasticgraph-query_registry"
+```
+
+Next, configure this library in your ElasticGraph config YAML files:
+
+``` yaml
+graphql:
+  extension_modules:
+  - require_path: elastic_graph/query_registry/graphql_extension
+    extension_name: ElasticGraph::QueryRegistry::GraphQLExtension
+query_registry:
+  allow_unregistered_clients: false
+  allow_any_query_for_clients:
+  - adhoc_client
+  path_to_registry: config/queries
+```
+
+Next, load the `ElasticGraph::QueryRegistry` rake tasks in your `Rakefile`:
+
+``` ruby
+require "elastic_graph/query_registry/rake_tasks"
+
+ElasticGraph::QueryRegistry::RakeTasks.from_yaml_file(
+  "path/to/settings.yaml",
+  "config/queries",
+  require_eg_latency_slo_directive: true
+)
+```
+
+You'll want to add `rake query_registry:validate_queries` to your CI build so
+that every registered query is validated as part of every build.
+
+Finally, your application needs to include a `client:` when submitting
+each GraphQL query for execution. The client `name` should match the
+name of one of the registry client subdirectories. If you are using
+`elasticgraph-lambda`, note that it does this automatically, but you may
+need to configure `aws_arn_client_name_extraction_regex` so that it is
+able to extract the `client_name` from the IAM ARN correctly.
+
+Important note: if your application fails to identify clients properly,
+and `allow_unregistered_clients` is set to `true`, then _all_ clients
+will be allowed to execute _all_ queries! We recommend you set
+`allow_unregistered_clients` to `false` unless you specifically need
+to allow unregistered clients. For specific clients that need to be
+allowed to run any query, you can list them in `allow_any_query_for_clients`.
+
+## Workflow
+
+This library also uses some generated artifacts (`*.variables.yaml` files)
+so it can detect when a change to the structure or type of a variable is
+backward-incompatible. For this to work, it requires that the generated
+variables files are kept up-to-date. Any time a change impacts the structure
+of any variables used by any queries, you'll need to run a task like
+`query_registry:dump_variables[client_name, query_name]` (or
+`query_registry:dump_variables:all`) to update the artifacts.
+
+Don't worry about if you forget this, though--the
+`query_registry:validate_queries` task will also fail and give you
+instructions anytime a variables file is not up-to-date.

data/elasticgraph-query_registry.gemspec

@@ -0,0 +1,22 @@
+# Copyright 2024 Block, Inc.
+#
+# Use of this source code is governed by an MIT-style
+# license that can be found in the LICENSE file or at
+# https://opensource.org/licenses/MIT.
+#
+# frozen_string_literal: true
+
+require_relative "../gemspec_helper"
+
+ElasticGraphGemspecHelper.define_elasticgraph_gem(gemspec_file: __FILE__, category: :extension) do |spec, eg_version|
+  spec.summary = "An ElasticGraph extension that supports safer schema evolution by limiting GraphQL queries based on " \
+    "a registry and validating registered queries against the schema."
+
+  spec.add_dependency "elasticgraph-graphql", eg_version
+  spec.add_dependency "elasticgraph-support", eg_version
+  spec.add_dependency "graphql", ">= 2.3.7", "< 2.4"
+  spec.add_dependency "rake", "~> 13.2"
+
+  spec.add_development_dependency "elasticgraph-elasticsearch", eg_version
+  spec.add_development_dependency "elasticgraph-opensearch", eg_version
+end

data/lib/elastic_graph/query_registry/client_data.rb

@@ -0,0 +1,103 @@
+# Copyright 2024 Block, Inc.
+#
+# Use of this source code is governed by an MIT-style
+# license that can be found in the LICENSE file or at
+# https://opensource.org/licenses/MIT.
+#
+# frozen_string_literal: true
+
+module ElasticGraph
+  module QueryRegistry
+    ClientData = ::Data.define(:queries_by_original_string, :queries_by_last_string, :canonical_query_strings, :operation_names, :schema_element_names) do
+      # @implements ClientData
+      def self.from(schema, registered_query_strings)
+        queries_by_original_string = registered_query_strings.to_h do |query_string|
+          [query_string, ::GraphQL::Query.new(schema.graphql_schema, query_string, validate: false)]
+        end
+
+        canonical_query_strings = queries_by_original_string.values.map do |q|
+          canonical_query_string_from(q, schema_element_names: schema.element_names)
+        end.to_set
+
+        operation_names = queries_by_original_string.values.flat_map { |q| q.operations.keys }.to_set
+
+        new(
+          queries_by_original_string: queries_by_original_string,
+          queries_by_last_string: {},
+          canonical_query_strings: canonical_query_strings,
+          operation_names: operation_names,
+          schema_element_names: schema.element_names
+        )
+      end
+
+      def cached_query_for(query_string)
+        queries_by_original_string[query_string] || queries_by_last_string[query_string]
+      end
+
+      def with_updated_last_query(query_string, query)
+        canonical_string = canonical_query_string_from(query)
+
+        # We normally expect to only see one alternate query form from a client. However, a misbehaving
+        # client could send us a slightly different query string on each request (imagine if the query
+        # had a dynamically generated comment with a timestamp). Here we guard against that case by
+        # pruning out the previous hash entry that resolves to the same registered query, ensuring
+        # we only cache the most recently seen query string. Note that this operation is unfortunately
+        # O(N) instead of O(1) but we expect this operation to happen rarely (and we don't expect many
+        # entries in the `queries_by_last_string` hash). We could maintain a 2nd parallel data structure
+        # allowing an `O(1)` lookup here but I'd rather not introduce that added complexity for marginal
+        # benefit.
+        updated_queries_by_last_string = queries_by_last_string.reject do |_, cached_query|
+          canonical_query_string_from(cached_query) == canonical_string
+        end.merge(query_string => query)
+
+        with(queries_by_last_string: updated_queries_by_last_string)
+      end
+
+      def unregistered_query_error_for(query, client)
+        if operation_names.include?(query.operation_name.to_s)
+          "Query #{fingerprint_for(query)} differs from the registered form of `#{query.operation_name}` " \
+          "for client #{client.description}."
+        else
+          "Query #{fingerprint_for(query)} is unregistered; client #{client.description} has no " \
+          "registered query with a `#{query.operation_name}` operation."
+        end
+      end
+
+      private
+
+      def fingerprint_for(query)
+        # `query.fingerprint` raises an error if the query string is nil:
+        # https://github.com/rmosolgo/graphql-ruby/issues/4942
+        query.query_string ? query.fingerprint : "(no query string)"
+      end
+
+      def canonical_query_string_from(query)
+        ClientData.canonical_query_string_from(query, schema_element_names: schema_element_names)
+      end
+
+      def self.canonical_query_string_from(query, schema_element_names:)
+        return "" unless (document = query.document)
+
+        canonicalized_definitions = document.definitions.map do |definition|
+          if definition.directives.empty?
+            definition
+          else
+            # Ignore the `@egLatencySlo` directive if it is present. We want to allow it to be included (or not)
+            # and potentially have different values from the registered query so that clients don't have to register
+            # a new version of their query just to change the latency SLO value.
+            #
+            # Note: we don't ignore _all_ directives here because other directives might cause significant behavioral
+            # changes that should be enforced by the registry query approval process.
+            directives = definition.directives.reject do |dir|
+              dir.name == schema_element_names.eg_latency_slo
+            end
+
+            definition.merge(directives: directives)
+          end
+        end
+
+        document.merge(definitions: canonicalized_definitions).to_query_string
+      end
+    end
+  end
+end

data/lib/elastic_graph/query_registry/graphql_extension.rb

@@ -0,0 +1,104 @@
+# Copyright 2024 Block, Inc.
+#
+# Use of this source code is governed by an MIT-style
+# license that can be found in the LICENSE file or at
+# https://opensource.org/licenses/MIT.
+#
+# frozen_string_literal: true
+
+require "elastic_graph/graphql/query_executor"
+require "elastic_graph/query_registry/registry"
+require "graphql/query/result"
+require "pathname"
+
+module ElasticGraph
+  module QueryRegistry
+    module GraphQLExtension
+      def graphql_query_executor
+        @graphql_query_executor ||= begin
+          registry_config = QueryRegistry::Config.from_parsed_yaml(config.extension_settings)
+
+          RegistryAwareQueryExecutor.new(
+            schema: schema,
+            monotonic_clock: monotonic_clock,
+            logger: logger,
+            slow_query_threshold_ms: config.slow_query_latency_warning_threshold_in_ms,
+            datastore_search_router: datastore_search_router,
+            registry_directory: registry_config.path_to_registry,
+            allow_unregistered_clients: registry_config.allow_unregistered_clients,
+            allow_any_query_for_clients: registry_config.allow_any_query_for_clients
+          )
+        end
+      end
+    end
+
+    class RegistryAwareQueryExecutor < GraphQL::QueryExecutor
+      def initialize(
+        registry_directory:,
+        allow_unregistered_clients:,
+        allow_any_query_for_clients:,
+        schema:,
+        monotonic_clock:,
+        logger:,
+        slow_query_threshold_ms:,
+        datastore_search_router:
+      )
+        super(
+          schema: schema,
+          monotonic_clock: monotonic_clock,
+          logger: logger,
+          slow_query_threshold_ms: slow_query_threshold_ms,
+          datastore_search_router: datastore_search_router
+        )
+
+        @registry = Registry.build_from_directory(
+          schema,
+          registry_directory,
+          allow_unregistered_clients: allow_unregistered_clients,
+          allow_any_query_for_clients: allow_any_query_for_clients
+        )
+      end
+
+      private
+
+      def build_and_execute_query(query_string:, variables:, operation_name:, context:, client:)
+        query, errors = @registry.build_and_validate_query(
+          query_string,
+          variables: variables,
+          operation_name: operation_name,
+          context: context,
+          client: client
+        )
+
+        if errors.empty?
+          [query, execute_query(query, client: client)]
+        else
+          result = ::GraphQL::Query::Result.new(
+            query: nil,
+            values: {"errors" => errors.map { |e| {"message" => e} }}
+          )
+
+          [query, result]
+        end
+      end
+    end
+
+    class Config < ::Data.define(:path_to_registry, :allow_unregistered_clients, :allow_any_query_for_clients)
+      def self.from_parsed_yaml(hash)
+        hash = hash.fetch("query_registry") { return DEFAULT }
+
+        new(
+          path_to_registry: hash.fetch("path_to_registry"),
+          allow_unregistered_clients: hash.fetch("allow_unregistered_clients"),
+          allow_any_query_for_clients: hash.fetch("allow_any_query_for_clients")
+        )
+      end
+
+      DEFAULT = new(
+        path_to_registry: (_ = __dir__),
+        allow_unregistered_clients: true,
+        allow_any_query_for_clients: []
+      )
+    end
+  end
+end

data/lib/elastic_graph/query_registry/query_validator.rb

@@ -0,0 +1,98 @@
+# Copyright 2024 Block, Inc.
+#
+# Use of this source code is governed by an MIT-style
+# license that can be found in the LICENSE file or at
+# https://opensource.org/licenses/MIT.
+#
+# frozen_string_literal: true
+
+require "elastic_graph/query_registry/variable_backward_incompatibility_detector"
+require "elastic_graph/query_registry/variable_dumper"
+require "graphql"
+
+module ElasticGraph
+  module QueryRegistry
+    class QueryValidator
+      def initialize(schema, require_eg_latency_slo_directive:)
+        @graphql_schema = schema.graphql_schema
+        @schema_element_names = schema.element_names
+        @var_dumper = VariableDumper.new(@graphql_schema)
+        @var_incompat_detector = VariableBackwardIncompatibilityDetector.new
+        @require_eg_latency_slo_directive = require_eg_latency_slo_directive
+      end
+
+      def validate(query_string, previously_dumped_variables:, client_name:, query_name:)
+        # We pass `validate: false` since we do query validation on the operation level down below.
+        query = ::GraphQL::Query.new(@graphql_schema, query_string, validate: false)
+
+        if query.document.nil?
+          {nil => query.static_errors.map(&:to_h)}
+        else
+          # @type var fragments: ::Array[::GraphQL::Language::Nodes::FragmentDefinition]
+          # @type var operations: ::Array[::GraphQL::Language::Nodes::OperationDefinition]
+          fragments, operations = _ = query.document.definitions.partition do |definition|
+            definition.is_a?(::GraphQL::Language::Nodes::FragmentDefinition)
+          end
+
+          newly_dumped_variables = @var_dumper.dump_variables_for_operations(operations)
+
+          operations.to_h do |operation|
+            errors = if operation.name.nil?
+              [{"message" => "The query has no named operations. We require all registered queries to be named for more useful logging."}]
+            else
+              variables_errors = variables_errors_for(_ = operation.name, previously_dumped_variables, newly_dumped_variables, client_name, query_name)
+              directive_errors = directive_errors_for(operation)
+
+              static_validation_errors_for(query, operation, fragments) + variables_errors + directive_errors
+            end
+
+            [operation.name, errors]
+          end
+        end
+      end
+
+      private
+
+      def variables_errors_for(operation_name, old_dumped_variables, new_dumped_variables, client_name, query_name)
+        rake_task = "rake \"query_registry:dump_variables[#{client_name}, #{query_name}]\""
+
+        if old_dumped_variables.nil? || old_dumped_variables[operation_name].nil?
+          return [{"message" => "No dumped variables for this operation exist. Correct by running: `#{rake_task}`"}]
+        end
+
+        old_op_vars = old_dumped_variables[operation_name]
+        new_op_vars = new_dumped_variables[operation_name]
+
+        if old_op_vars == new_op_vars
+          # The previously dumped variables are up-to-date. No errors in this case.
+          []
+        elsif (incompatibilities = @var_incompat_detector.detect(old_op_vars: old_op_vars, new_op_vars: new_op_vars)).any?
+          # The structure of variables has changed in a way that may break the client. Tell the user to verify with them.
+          descriptions = incompatibilities.map(&:description).join(", ")
+          [{
+            "message" => "The structure of the query variables have had backwards-incompatible changes that may break `#{client_name}`: #{descriptions}. " \
+            "To proceed, check with the client to see if this change is compatible with their logic, then run `#{rake_task}` to update the dumped info."
+          }]
+        else
+          # The change to the variables shouldn't break the client, but we still need to keep the file up-to-date.
+          [{"message" => "The variables file is out-of-date, but the changes to them should not impact `#{client_name}`. Run `#{rake_task}` to update the file."}]
+        end
+      end
+
+      def directive_errors_for(operation)
+        if @require_eg_latency_slo_directive && operation.directives.none? { |dir| dir.name == @schema_element_names.eg_latency_slo }
+          [{"message" => "Your `#{operation.name}` operation is missing the required `@#{@schema_element_names.eg_latency_slo}(#{@schema_element_names.ms}: Int!)` directive."}]
+        else
+          []
+        end
+      end
+
+      def static_validation_errors_for(query, operation, fragments)
+        # Build a document with just this operation so that we can validate it in isolation, apart from the other operations.
+        document = query.document.merge(definitions: [operation] + fragments)
+        query = ::GraphQL::Query.new(@graphql_schema, nil, document: document, validate: false)
+        @graphql_schema.static_validator.validate(query).fetch(:errors).map(&:to_h)
+      end
+    end
+  end
+end

data/lib/elastic_graph/query_registry/query_validators/for_registered_client.rb

@@ -0,0 +1,124 @@
+# Copyright 2024 Block, Inc.
+#
+# Use of this source code is governed by an MIT-style
+# license that can be found in the LICENSE file or at
+# https://opensource.org/licenses/MIT.
+#
+# frozen_string_literal: true
+
+require "elastic_graph/graphql/client"
+require "elastic_graph/query_registry/client_data"
+require "graphql"
+
+module ElasticGraph
+  module QueryRegistry
+    module QueryValidators
+      # Query validator implementation used for registered clients.
+      class ForRegisteredClient < ::Data.define(
+        :schema,
+        :graphql_schema,
+        :allow_any_query_for_clients,
+        :client_data_by_client_name,
+        :client_cache_mutex,
+        :provide_query_strings_for_client
+      )
+        def initialize(schema:, client_names:, allow_any_query_for_clients:, provide_query_strings_for_client:)
+          super(
+            schema: schema,
+            graphql_schema: schema.graphql_schema,
+            allow_any_query_for_clients: allow_any_query_for_clients,
+            client_cache_mutex: ::Mutex.new,
+            provide_query_strings_for_client: provide_query_strings_for_client,
+            client_data_by_client_name: client_names.to_h { |name| [name, nil] }.merge(
+              # Register a built-in GraphQL query that ElasticGraph itself sometimes has to make.
+              GraphQL::Client::ELASTICGRAPH_INTERNAL.name => ClientData.from(schema, [GraphQL::EAGER_LOAD_QUERY])
+            )
+          )
+        end
+
+        def applies_to?(client)
+          return false unless (client_name = client&.name)
+          client_data_by_client_name.key?(client_name)
+        end
+
+        def build_and_validate_query(query_string, client:, variables: {}, operation_name: nil, context: {})
+          client_data = client_data_for(client.name)
+
+          if (cached_query = client_data.cached_query_for(query_string.to_s))
+            prepared_query = prepare_query_for_execution(cached_query, variables: variables, operation_name: operation_name, context: context)
+            return [prepared_query, []]
+          end
+
+          query = yield
+
+          # This client allows any query, so we can just return the query with no errors here.
+          # Note: we could put this at the top of the method, but if the query is registered and matches
+          # the registered form, the `cached_query` above is more efficient as it avoids unnecessarily
+          # parsing the query.
+          return [query, []] if allow_any_query_for_clients.include?(client.name)
+
+          if !client_data.canonical_query_strings.include?(ClientData.canonical_query_string_from(query, schema_element_names: schema.element_names))
+            return [query, [client_data.unregistered_query_error_for(query, client)]]
+          end
+
+          # The query is slightly different from a registered query, but not in any material fashion
+          # (such as a whitespace or comment difference). Since query parsing can be kinda slow on
+          # large queries (in our benchmarking, ~10ms on a 10KB query), we want to cache the parsed
+          # query here. Normally, if a client sends a slightly different form of a query, it's going
+          # to be in that alternate form every single time, so caching it can be a nice win.
+          atomically_update_cached_client_data_for(client.name) do |cached_client_data|
+            # We don't want the cached form of the query to persist the current variables, context, etc being used for this request.
+            cachable_query = prepare_query_for_execution(query, variables: {}, operation_name: nil, context: {})
+
+            # We use `_` here because Steep believes `client_data` could be nil. In general, this is
+            # true; it can be nil, but not at this callsite, because we are in a branch that is only
+            # executed when `client_data` is _not_ nil.
+            (_ = cached_client_data).with_updated_last_query(query_string, cachable_query)
+          end
+
+          [query, []]
+        end
+
+        private
+
+        def client_data_for(client_name)
+          if (client_data = client_data_by_client_name[client_name])
+            client_data
+          else
+            atomically_update_cached_client_data_for(client_name) do |cached_data|
+              # We expect `cached_data` to be nil if we get here. However, it's technically possible for it
+              # not to be. If this `client_data_for` method was called with the same client from another thread
+              # in between the `client_data` fetch above and here, `cached_data` could not be populated.
+              # In that case, we don't want to pay the expense of re-building `ClientData` for no reason.
+              cached_data || ClientData.from(schema, provide_query_strings_for_client.call(client_name))
+            end
+          end
+        end
+
+        # Atomically updates the `ClientData` for the given `client_name`. All updates to our cache MUST go
+        # through this method to ensure there are no concurrency-related bugs. The caller should pass
+        # a block which will be yielded the current value in the cache (which can be `nil` initially); the
+        # block is then responsible for returning an updated copy of `ClientData` in the state that
+        # should be stored in the cache.
+        def atomically_update_cached_client_data_for(client_name)
+          client_cache_mutex.synchronize do
+            client_data_by_client_name[client_name] = yield client_data_by_client_name[client_name]
+          end
+        end
+
+        def prepare_query_for_execution(query, variables:, operation_name:, context:)
+          ::GraphQL::Query.new(
+            graphql_schema,
+            # Here we pass `document` instead of query string, so that we don't have to re-parse the query.
+            # However, when the document is nil, we still need to pass the query string.
+            query.document ? nil : query.query_string,
+            document: query.document,
+            variables: variables,
+            operation_name: operation_name,
+            context: context
+          )
+        end
+      end
+    end
+  end
+end

data/lib/elastic_graph/query_registry/query_validators/for_unregistered_client.rb

@@ -0,0 +1,31 @@
+# Copyright 2024 Block, Inc.
+#
+# Use of this source code is governed by an MIT-style
+# license that can be found in the LICENSE file or at
+# https://opensource.org/licenses/MIT.
+#
+# frozen_string_literal: true
+
+module ElasticGraph
+  module QueryRegistry
+    module QueryValidators
+      # Query validator implementation used for unregistered or anonymous clients.
+      ForUnregisteredClient = ::Data.define(:allow_unregistered_clients, :allow_any_query_for_clients) do
+        # @implements ForUnregisteredClient
+        def build_and_validate_query(query_string, client:, variables: {}, operation_name: nil, context: {})
+          query = yield
+
+          return [query, []] if allow_unregistered_clients
+
+          client_name = client&.name
+          return [query, []] if client_name && allow_any_query_for_clients.include?(client_name)
+
+          [query, [
+            "Client #{client&.description || "(unknown)"} is not a registered client, it is not in " \
+            "`allow_any_query_for_clients` and `allow_unregistered_clients` is false."
+          ]]
+        end
+      end
+    end
+  end
+end