graphql 0.11.0 → 0.11.1

data/lib/graphql/interface_type.rb

@@ -23,4 +23,14 @@ class GraphQL::InterfaceType < GraphQL::BaseType
   def possible_types
     @possible_types ||= []
   end
+
+  # @return [GraphQL::Field] The defined field for `field_name`
+  def get_field(field_name)
+    fields[field_name]
+  end
+
+  # @return [Array<GraphQL::Field>] All fields on this type
+  def all_fields
+    fields.values
+  end
 end

data/lib/graphql/introspection/fields_field.rb

@@ -4,10 +4,10 @@ GraphQL::Introspection::FieldsField = GraphQL::Field.define do
   argument :includeDeprecated, GraphQL::BOOLEAN_TYPE, default_value: false
   resolve -> (object, arguments, context) {
     return nil if !object.kind.fields?
-    fields = object.fields.values
+    fields = object.all_fields
     if !arguments["includeDeprecated"]
       fields = fields.select {|f| !f.deprecation_reason }
     end
-    fields
+    fields.sort_by { |f| f.name }
   }
 end

data/lib/graphql/list_type.rb

@@ -17,10 +17,20 @@ class GraphQL::ListType < GraphQL::BaseType
     "[#{of_type.to_s}]"
   end
 
-  def valid_non_null_input?(value)
-    ensure_array(value).all?{ |item| of_type.valid_input?(item) }
+  def validate_non_null_input(value)
+    result = GraphQL::Query::InputValidationResult.new
+
+    ensure_array(value).each_with_index do |item, index|
+      item_result = of_type.validate_input(item)
+      if !item_result.valid?
+        result.merge_result!(index, item_result)
+      end
+    end
+
+    result
   end
 
+
   def coerce_non_null_input(value)
     ensure_array(value).map{ |item| of_type.coerce_input(item) }
   end

data/lib/graphql/non_null_type.rb

@@ -14,7 +14,17 @@ class GraphQL::NonNullType < GraphQL::BaseType
   end
 
   def valid_input?(value)
-    !value.nil? && of_type.valid_input?(value)
+    validate_input(value).valid?
+  end
+
+  def validate_input(value)
+    if value.nil?
+      result = GraphQL::Query::InputValidationResult.new
+      result.add_problem("Expected value to not be null")
+      result
+    else
+      of_type.validate_input(value)
+    end
   end
 
   def coerce_input(value)

data/lib/graphql/object_type.rb

@@ -42,4 +42,23 @@ class GraphQL::ObjectType < GraphQL::BaseType
   def kind
     GraphQL::TypeKinds::OBJECT
   end
+
+  # @return [GraphQL::Field] The field definition for `field_name` (may be inherited from interfaces)
+  def get_field(field_name)
+    fields[field_name] || interface_fields[field_name]
+  end
+
+  # @return [Array<GraphQL::Field>] All fields, including ones inherited from interfaces
+  def all_fields
+    interface_fields.merge(self.fields).values
+  end
+
+  private
+
+  # Create a {name => defn} hash for fields inherited from interfaces
+  def interface_fields
+    interfaces.reduce({}) do |memo, iface|
+      memo.merge!(iface.fields)
+    end
+  end
 end

data/lib/graphql/query.rb

@@ -6,20 +6,6 @@ class GraphQL::Query
     end
   end
 
-  class VariableValidationError < GraphQL::ExecutionError
-    def initialize(variable_ast, type, reason)
-      msg = "Variable #{variable_ast.name} of type #{type} #{reason}"
-      super(msg)
-      self.ast_node = variable_ast
-    end
-  end
-
-  class VariableMissingError < VariableValidationError
-    def initialize(variable_ast, type)
-      super(variable_ast, type, "can't be null")
-    end
-  end
-
   # If a resolve function returns `GraphQL::Query::DEFAULT_RESOLVE`,
   # The executor will send the field's name to the target object
   # and use the result.
@@ -111,3 +97,5 @@ require 'graphql/query/literal_input'
 require 'graphql/query/serial_execution'
 require 'graphql/query/type_resolver'
 require 'graphql/query/variables'
+require 'graphql/query/input_validation_result'
+require 'graphql/query/variable_validation_error'

data/lib/graphql/query/input_validation_result.rb

@@ -0,0 +1,23 @@
+class GraphQL::Query
+  class InputValidationResult
+    attr_accessor :problems
+
+    def valid?
+      @problems.nil?
+    end
+
+    def add_problem(explanation, path = nil)
+      @problems ||= []
+      @problems.push({ 'path' => path || [], 'explanation' => explanation })
+    end
+
+    def merge_result!(path, inner_result)
+      return if inner_result.valid?
+
+      inner_result.problems.each do |p|
+        item_path = [path, *p['path']]
+        add_problem(p['explanation'], item_path)
+      end
+    end
+  end
+end

data/lib/graphql/query/literal_input.rb

@@ -55,7 +55,9 @@ module GraphQL
             type.input_fields.each do |arg_name, arg_defn|
               if hash[arg_name].nil?
                 value = LiteralInput.coerce(arg_defn.type, arg_defn.default_value, variables)
-                hash[arg_name] = value unless value.nil?
+                if !value.nil?
+                  hash[arg_name] = value
+                end
               end
             end
             Arguments.new(hash)

data/lib/graphql/query/serial_execution/field_resolution.rb

@@ -10,7 +10,9 @@ module GraphQL
           @target = target
           @execution_context = execution_context
           @field =  execution_context.get_field(parent_type, ast_node.name)
-          raise("No field found on #{parent_type.name} '#{parent_type}' for '#{ast_node.name}'") unless field
+          if @field.nil?
+            raise("No field found on #{parent_type.name} '#{parent_type}' for '#{ast_node.name}'")
+          end
           @arguments = GraphQL::Query::LiteralInput.from_arguments(
             ast_node.arguments,
             field.arguments,

data/lib/graphql/query/serial_execution/selection_resolution.rb

@@ -18,7 +18,7 @@ module GraphQL
               result.merge(resolve_field(ast_node))
             }
         rescue GraphQL::InvalidNullError => err
-          execution_context.add_error(err) unless err.parent_error?
+          err.parent_error? || execution_context.add_error(err)
           nil
         end
 
@@ -56,8 +56,11 @@ module GraphQL
         end
 
         def flatten_fragment(ast_fragment)
-          return {} unless fragment_type_can_apply?(ast_fragment)
-          flatten_and_merge_selections(ast_fragment.selections)
+          if fragment_type_can_apply?(ast_fragment)
+            flatten_and_merge_selections(ast_fragment.selections)
+          else
+            {}
+          end
         end
 
         def fragment_type_can_apply?(ast_fragment)
@@ -68,18 +71,21 @@ module GraphQL
 
         def merge_fields(field1, field2)
           field_type = execution_context.get_field(type, field2.name).type.unwrap
-          return field2 unless field_type.kind.fields?
-
-          # create a new ast field node merging selections from each field.
-          # Because of static validation, we can assume that name, alias,
-          # arguments, and directives are exactly the same for fields 1 and 2.
-          GraphQL::Language::Nodes::Field.new(
-            name: field2.name,
-            alias: field2.alias,
-            arguments: field2.arguments,
-            directives: field2.directives,
-            selections: field1.selections + field2.selections
-          )
+
+          if field_type.kind.fields?
+            # create a new ast field node merging selections from each field.
+            # Because of static validation, we can assume that name, alias,
+            # arguments, and directives are exactly the same for fields 1 and 2.
+            GraphQL::Language::Nodes::Field.new(
+              name: field2.name,
+              alias: field2.alias,
+              arguments: field2.arguments,
+              directives: field2.directives,
+              selections: field1.selections + field2.selections
+            )
+          else
+            field2
+          end
         end
 
         def resolve_field(ast_node)

data/lib/graphql/query/variable_validation_error.rb

@@ -0,0 +1,18 @@
+class GraphQL::Query
+  class VariableValidationError < GraphQL::ExecutionError
+    attr_accessor :value, :validation_result
+
+    def initialize(variable_ast, type, value, validation_result)
+      @value = value
+      @validation_result = validation_result
+
+      msg = "Variable #{variable_ast.name} of type #{type} was provided invalid value"
+      super(msg)
+      self.ast_node = variable_ast
+    end
+
+    def to_h
+      super.merge({ 'value' => value, 'problems' => validation_result.problems })
+    end
+  end
+end

data/lib/graphql/query/variables.rb

@@ -27,14 +27,10 @@ module GraphQL
         default_value = ast_variable.default_value
         provided_value = @provided_variables[variable_name]
 
-        unless variable_type.valid_input?(provided_value)
-          if provided_value.nil?
-            raise GraphQL::Query::VariableMissingError.new(ast_variable, variable_type)
-          else
-            raise GraphQL::Query::VariableValidationError.new(ast_variable, variable_type, "was provided invalid value #{JSON.dump(provided_value)}")
-          end
-        end
-        if provided_value.nil?
+        validation_result = variable_type.validate_input(provided_value)
+        if !validation_result.valid?
+          raise GraphQL::Query::VariableValidationError.new(ast_variable, variable_type, provided_value, validation_result)
+        elsif provided_value.nil?
           GraphQL::Query::LiteralInput.coerce(variable_type, default_value, {})
         else
           variable_type.coerce_input(provided_value)

data/lib/graphql/scalar_type.rb

@@ -19,8 +19,10 @@ module GraphQL
       self.coerce_result = proc
     end
 
-    def valid_non_null_input?(value)
-      !coerce_non_null_input(value).nil?
+    def validate_non_null_input(value)
+      result = Query::InputValidationResult.new
+      result.add_problem("Could not coerce value #{JSON.dump(value)} to #{name}") if coerce_non_null_input(value).nil?
+      result
     end
 
     def coerce_non_null_input(value)
@@ -28,7 +30,9 @@ module GraphQL
     end
 
     def coerce_input=(proc)
-      @coerce_input_proc = proc unless proc.nil?
+      if !proc.nil?
+        @coerce_input_proc = proc
+      end
     end
 
     def coerce_result(value)
@@ -36,7 +40,9 @@ module GraphQL
     end
 
     def coerce_result=(proc)
-      @coerce_result_proc = proc unless proc.nil?
+      if !proc.nil?
+        @coerce_result_proc = proc
+      end
     end
 
     def kind

data/lib/graphql/schema.rb

@@ -6,6 +6,7 @@ class GraphQL::Schema
   DYNAMIC_FIELDS = ["__type", "__typename", "__schema"]
 
   attr_reader :query, :mutation, :subscription, :directives, :static_validator
+  attr_accessor :max_depth
   # Override these if you don't want the default executor:
   attr_accessor :query_execution_strategy,
     :mutation_execution_strategy,
@@ -17,10 +18,11 @@ class GraphQL::Schema
   # @param query [GraphQL::ObjectType]  the query root for the schema
   # @param mutation [GraphQL::ObjectType] the mutation root for the schema
   # @param subscription [GraphQL::ObjectType] the subscription root for the schema
-  def initialize(query:, mutation: nil, subscription: nil)
+  def initialize(query:, mutation: nil, subscription: nil, max_depth: nil)
     @query    = query
     @mutation = mutation
     @subscription = subscription
+    @max_depth = max_depth
     @directives = DIRECTIVES.reduce({}) { |m, d| m[d.name] = d; m }
     @static_validator = GraphQL::StaticValidation::Validator.new(schema: self)
     @rescue_middleware = GraphQL::Schema::RescueMiddleware.new
@@ -49,7 +51,7 @@ class GraphQL::Schema
   # Resolve field named `field_name` for type `parent_type`.
   # Handles dynamic fields `__typename`, `__type` and `__schema`, too
   def get_field(parent_type, field_name)
-    defined_field = parent_type.fields[field_name]
+    defined_field = parent_type.get_field(field_name)
     if defined_field
       defined_field
     elsif field_name == "__typename"

data/lib/graphql/schema/printer.rb

@@ -48,7 +48,7 @@ module GraphQL
     module TypeKindPrinters
       module FieldPrinter
         def print_fields(type)
-          type.fields.values.map{ |field| "  #{field.name}#{print_args(field)}: #{field.type}" }.join("\n")
+          type.all_fields.map{ |field| "  #{field.name}#{print_args(field)}: #{field.type}" }.join("\n")
         end
 
         def print_args(field)
@@ -57,7 +57,12 @@ module GraphQL
         end
 
         def print_input_value(arg)
-          default_string = " = #{print_value(arg.default_value, arg.type)}" unless arg.default_value.nil?
+          if arg.default_value.nil?
+            default_string = nil
+          else
+            default_string = " = #{print_value(arg.default_value, arg.type)}"
+          end
+
           "#{arg.name}: #{arg.type.to_s}#{default_string}"
         end
 
@@ -98,7 +103,11 @@ module GraphQL
       class ObjectPrinter
         extend FieldPrinter
         def self.print(type)
-          implementations = " implements #{type.interfaces.map(&:to_s).join(", ")}" unless type.interfaces.empty?
+          if type.interfaces.any?
+            implementations = " implements #{type.interfaces.map(&:to_s).join(", ")}"
+          else
+            implementations = nil
+          end
           "type #{type.name}#{implementations} {\n#{print_fields(type)}\n}"
         end
       end

data/lib/graphql/schema/type_reducer.rb

@@ -30,7 +30,7 @@ class GraphQL::Schema::TypeReducer
   def find_types(type, type_hash)
     type_hash[type.name] = type
     if type.kind.fields?
-      type.fields.each do |name, field|
+      type.all_fields.each do |field|
         reduce_type(field.type, type_hash)
         field.arguments.each do |name, argument|
           reduce_type(argument.type, type_hash)
@@ -57,10 +57,11 @@ class GraphQL::Schema::TypeReducer
   end
 
   def reduce_type(type, type_hash)
-    unless type.is_a?(GraphQL::BaseType)
+    if type.is_a?(GraphQL::BaseType)
+      self.class.new(type.unwrap, type_hash).result
+    else
       raise GraphQL::Schema::InvalidTypeError.new(type, ["Must be a GraphQL::BaseType"])
     end
-    self.class.new(type.unwrap, type_hash).result
   end
 
   def validate_type(type)

data/lib/graphql/static_validation.rb

@@ -5,6 +5,7 @@ require 'graphql/static_validation/message'
 require 'graphql/static_validation/arguments_validator'
 require 'graphql/static_validation/type_stack'
 require 'graphql/static_validation/validator'
+require 'graphql/static_validation/validation_context'
 require 'graphql/static_validation/literal_validator'
 
 rules_glob = File.expand_path("../static_validation/rules/*.rb", __FILE__)

data/lib/graphql/static_validation/all_rules.rb

@@ -20,4 +20,5 @@ GraphQL::StaticValidation::ALL_RULES = [
   GraphQL::StaticValidation::VariableDefaultValuesAreCorrectlyTyped,
   GraphQL::StaticValidation::VariablesAreUsedAndDefined,
   GraphQL::StaticValidation::VariableUsagesAreAllowed,
+  GraphQL::StaticValidation::DocumentDoesNotExceedMaxDepth,
 ]

data/lib/graphql/static_validation/rules/document_does_not_exceed_max_depth.rb

@@ -0,0 +1,79 @@
+module GraphQL
+  module StaticValidation
+    class DocumentDoesNotExceedMaxDepth
+      include GraphQL::StaticValidation::Message::MessageHelper
+
+      def validate(context)
+        max_allowed_depth = context.schema.max_depth
+        return if max_allowed_depth.nil?
+
+        visitor = context.visitor
+
+        # operation or fragment name
+        current_field_scope = nil
+        current_depth = 0
+        skip_current_scope = false
+
+        # {name => depth} pairs for operations and fragments
+        depths = Hash.new { |h, k| h[k] = 0 }
+
+        # {name => [fragmentName...]} pairs
+        fragments = Hash.new { |h, k| h[k] = []}
+
+        visitor[GraphQL::Language::Nodes::Document].leave << -> (node, parent) {
+          context.errors.none? && assert_under_max_depth(context, max_allowed_depth, depths, fragments)
+        }
+
+        visitor[GraphQL::Language::Nodes::OperationDefinition] << -> (node, parent) {
+          current_field_scope = node.name
+        }
+
+        visitor[GraphQL::Language::Nodes::FragmentDefinition] << -> (node, parent) {
+          current_field_scope = node.name
+        }
+
+        visitor[GraphQL::Language::Nodes::Field] << -> (node, parent) {
+          # Don't validate queries on __schema, __type
+          skip_current_scope ||= context.skip_field?(node.name)
+
+          if node.selections.any? && !skip_current_scope
+            current_depth += 1
+            if current_depth > depths[current_field_scope]
+              depths[current_field_scope] = current_depth
+            end
+          end
+        }
+
+        visitor[GraphQL::Language::Nodes::Field].leave << -> (node, parent) {
+          if skip_current_scope && context.skip_field?(node.name)
+            skip_current_scope = false
+          elsif node.selections.any?
+            current_depth -= 1
+          end
+        }
+
+        visitor [GraphQL::Language::Nodes::FragmentSpread] << -> (node, parent) {
+          fragments[current_field_scope] << node.name
+        }
+      end
+
+      private
+
+      def assert_under_max_depth(context, max_allowed_depth, depths, fragments)
+        context.operations.each do |op_name, operation|
+          op_depth = get_total_depth(op_name, depths, fragments)
+          if op_depth > max_allowed_depth
+            op_name ||= "operation"
+            context.errors << message("#{op_name} has depth of #{op_depth}, which exceeds max depth of #{max_allowed_depth}", operation)
+          end
+        end
+      end
+
+      # Get the total depth of a given fragment or operation
+      def get_total_depth(scope_name, depths, fragments)
+        own_fragments = fragments[scope_name]
+        depths[scope_name] + own_fragments.reduce(0) { |memo, frag_name| memo + get_total_depth(frag_name, depths, fragments) }
+      end
+    end
+  end
+end