@apollo/federation-internals 2.11.2 → 2.11.4

package/src/buildSchema.ts

@@ -56,6 +56,9 @@ import {
 } from "./definitions";
 import { ERRORS, errorCauses, withModifiedErrorNodes } from "./error";
 import { introspectionTypeNames } from "./introspection";
+import { coreFeatureDefinitionIfKnown } from "./knownCoreFeatures";
+import { connectIdentity } from "./specs/connectSpec";
+
 
 function buildValue(value?: ValueNode): any {
   return value ? valueFromASTUntyped(value) : undefined;
@@ -143,6 +146,48 @@ export function buildSchemaFromAST(
     buildSchemaDefinitionInner(schemaExtension, schema.schemaDefinition, errors, schema.schemaDefinition.newExtension());
   }
 
+  // The following block of code is a one-off to support input objects in the
+  // connect spec. It will be non-maintainable/bug-prone to do this again, and
+  // has various limitations/unsupported edge cases already.
+  //
+  // There's work to be done to support input objects more generally; please see
+  // https://github.com/apollographql/federation/pull/3311 for more information.
+  const connectFeature = schema.coreFeatures?.getByIdentity(connectIdentity);
+  const handledConnectTypeNames = new Set<string>();
+  if (connectFeature) {
+    const connectFeatureDefinition =
+      coreFeatureDefinitionIfKnown(connectFeature.url);
+    if (connectFeatureDefinition) {
+      const connectTypeNamesInSchema = new Set(
+        connectFeatureDefinition.typeSpecs()
+          .map(({ name }) => connectFeature.typeNameInSchema(name))
+      );
+      for (const typeNode of typeDefinitions) {
+        if (connectTypeNamesInSchema.has(typeNode.name.value)
+          && typeNode.kind === 'InputObjectTypeDefinition'
+        ) {
+          handledConnectTypeNames.add(typeNode.name.value)
+        } else {
+          continue;
+        }
+        buildNamedTypeInner(typeNode, schema.type(typeNode.name.value)!, schema.blueprint, errors);
+      }
+      for (const typeExtensionNode of typeExtensions) {
+        if (connectTypeNamesInSchema.has(typeExtensionNode.name.value)
+          && typeExtensionNode.kind === 'InputObjectTypeExtension'
+        ) {
+          handledConnectTypeNames.add(typeExtensionNode.name.value)
+        } else {
+          continue;
+        }
+        const toExtend = schema.type(typeExtensionNode.name.value)!;
+        const extension = toExtend.newExtension();
+        extension.sourceAST = typeExtensionNode;
+        buildNamedTypeInner(typeExtensionNode, toExtend, schema.blueprint, errors, extension);
+      }
+    }
+  }
+
   // The following is a no-op for "standard" schema, but for federation subgraphs, this is where we handle the auto-addition
   // of imported federation directive definitions. That is why we have avoid looking at directive applications within
   // directive definition earlier: if one of those application was of an imported federation directive, the definition
@@ -155,9 +200,15 @@ export function buildSchemaFromAST(
   }
 
   for (const typeNode of typeDefinitions) {
+    if (handledConnectTypeNames.has(typeNode.name.value)) {
+      continue;
+    }
     buildNamedTypeInner(typeNode, schema.type(typeNode.name.value)!, schema.blueprint, errors);
   }
   for (const typeExtensionNode of typeExtensions) {
+    if (handledConnectTypeNames.has(typeExtensionNode.name.value)) {
+      continue;
+    }
     const toExtend = schema.type(typeExtensionNode.name.value)!;
     const extension = toExtend.newExtension();
     extension.sourceAST = typeExtensionNode;

package/src/directiveAndTypeSpecification.ts

@@ -66,7 +66,13 @@ export type FieldSpecification = {
   args?: ResolvedArgumentSpecification[],
 }
 
-type ResolvedArgumentSpecification = {
+export type ResolvedArgumentSpecification = {
+  name: string,
+  type: InputType,
+  defaultValue?: any,
+}
+
+export type InputFieldSpecification = {
   name: string,
   type: InputType,
   defaultValue?: any,
@@ -338,7 +344,7 @@ export function createEnumTypeSpecification({
   }
 }
 
-function ensureSameTypeKind(expected: NamedType['kind'], actual: NamedType): GraphQLError[] {
+export function ensureSameTypeKind(expected: NamedType['kind'], actual: NamedType): GraphQLError[] {
   return expected === actual.kind
     ? []
     : [

package/src/error.ts

@@ -633,6 +633,18 @@ const MAX_VALIDATION_SUBGRAPH_PATHS_EXCEEDED = makeCodeDefinition(
   { addedIn: '2.8.0' },
 );
 
+const AUTHENTICATION_APPLIED_ON_INTERFACE = makeCodeDefinition(
+    'AUTHENTICATION_APPLIED_ON_INTERFACE',
+    'The @authenticated, @requiresScopes and @policy directive cannot be applied on interface, interface object or their fields.',
+    { addedIn: '2.9.4' },
+);
+
+const MISSING_TRANSITIVE_AUTH_REQUIREMENTS = makeCodeDefinition(
+    'MISSING_TRANSITIVE_AUTH_REQUIREMENTS',
+    'Field missing transitive @authenticated, @requiresScopes and/or @policy auth requirements needed to access dependent data.',
+    { addedIn: '2.9.4' },
+)
+
 export const ERROR_CATEGORIES = {
   DIRECTIVE_FIELDS_MISSING_EXTERNAL,
   DIRECTIVE_UNSUPPORTED_ON_INTERFACE,
@@ -734,6 +746,8 @@ export const ERRORS = {
   LIST_SIZE_INVALID_SIZED_FIELD,
   LIST_SIZE_INVALID_SLICING_ARGUMENT,
   MAX_VALIDATION_SUBGRAPH_PATHS_EXCEEDED,
+  AUTHENTICATION_APPLIED_ON_INTERFACE,
+  MISSING_TRANSITIVE_AUTH_REQUIREMENTS,
 };
 
 const codeDefByCode = Object.values(ERRORS).reduce((obj: {[code: string]: ErrorCodeDefinition}, codeDef: ErrorCodeDefinition) => { obj[codeDef.code] = codeDef; return obj; }, {});

package/src/federation.ts

@@ -37,7 +37,7 @@ import {
   isWrapperType,
   possibleRuntimeTypes,
   isIntType,
-  Type,
+  Type, isFieldDefinition,
 } from "./definitions";
 import { assert, MultiMap, printHumanReadableList, OrderedMap, mapValues, assertUnreachable } from "./utils";
 import { SDLValidationRule } from "graphql/validation/ValidationContext";
@@ -97,7 +97,7 @@ import { createObjectTypeSpecification, createScalarTypeSpecification, createUni
 import { didYouMean, suggestionList } from "./suggestions";
 import { coreFeatureDefinitionIfKnown } from "./knownCoreFeatures";
 import { joinIdentity } from "./specs/joinSpec";
-import { COST_VERSIONS, CostDirectiveArguments, ListSizeDirectiveArguments, costIdentity } from "./specs/costSpec";
+import { CostDirectiveArguments, ListSizeDirectiveArguments } from "./specs/costSpec";
 
 const linkSpec = LINK_VERSIONS.latest();
 const tagSpec = TAG_VERSIONS.latest();
@@ -1820,18 +1820,16 @@ export class FederationBlueprint extends SchemaBlueprint {
       }
     }
 
-    const costFeature = schema.coreFeatures?.getByIdentity(costIdentity);
-    const costSpec = costFeature && COST_VERSIONS.find(costFeature.url.version);
-    const costDirective = costSpec?.costDirective(schema);
-    const listSizeDirective = costSpec?.listSizeDirective(schema);
+    const costDirective = metadata.costDirective();
+    const listSizeDirective = metadata.listSizeDirective();
 
     // Validate @cost
-    for (const application of costDirective?.applications() ?? []) {
+    for (const application of costDirective.applications()) {
       validateCostNotAppliedToInterface(application, errorCollector);
     }
 
     // Validate @listSize
-    for (const application of listSizeDirective?.applications() ?? []) {
+    for (const application of listSizeDirective.applications()) {
       const parent = application.parent;
       assert(parent instanceof FieldDefinition, "@listSize can only be applied to FIELD_DEFINITION");
       validateListSizeAppliedToList(application, parent, errorCollector);
@@ -1840,6 +1838,9 @@ export class FederationBlueprint extends SchemaBlueprint {
       validateSizedFieldsAreValidLists(application, parent, errorCollector);
     }
 
+    // Validate @authenticated, @requireScopes and @policy
+    validateNoAuthenticationOnInterfaces(metadata, errorCollector);
+
     return errorCollector;
   }
 
@@ -2891,3 +2892,39 @@ function withoutNonExternalLeafFields(selectionSet: SelectionSet): SelectionSet
     return undefined;
   });
 }
+
+function validateNoAuthenticationOnInterfaces(metadata: FederationMetadata, errorCollector: GraphQLError[]) {
+  const authenticatedDirective = metadata.authenticatedDirective();
+  const requiresScopesDirective = metadata.requiresScopesDirective();
+  const policyDirective = metadata.policyDirective();
+  [authenticatedDirective, requiresScopesDirective, policyDirective].forEach((directive) => {
+    for (const application of directive.applications()) {
+      const element = application.parent;
+      function isAppliedOnInterface(type: Type) {
+        return isInterfaceType(type) || isInterfaceObjectType(baseType(type));
+      }
+      function isAppliedOnInterfaceField(elem: SchemaElement<any, any>) {
+        return isFieldDefinition(elem) && isAppliedOnInterface(elem.parent);
+      }
+
+      if (isAppliedOnInterface(element) || isAppliedOnInterfaceField(element)) {
+        let kind = '';
+        switch (element.kind) {
+          case 'FieldDefinition':
+            kind = 'field';
+            break;
+          case 'InterfaceType':
+            kind = 'interface';
+            break;
+          case 'ObjectType':
+            kind = 'interface object';
+            break;
+        }
+        errorCollector.push(ERRORS.AUTHENTICATION_APPLIED_ON_INTERFACE.err(
+            `Invalid use of @${directive.name} on ${kind} "${element.coordinate}": @${directive.name} cannot be applied on interfaces, interface objects or their fields`,
+            {nodes: sourceASTs(application, element.parent)},
+        ));
+      }
+    }
+  });
+}

package/src/specs/authenticatedSpec.ts

@@ -8,6 +8,7 @@ import {
 } from "./coreSpec";
 import { createDirectiveSpecification } from "../directiveAndTypeSpecification";
 import { registerKnownFeature } from "../knownCoreFeatures";
+import {DirectiveDefinition, Schema} from "../definitions";
 
 export class AuthenticatedSpecDefinition extends FeatureDefinition {
   public static readonly directiveName = "authenticated";
@@ -37,6 +38,10 @@ export class AuthenticatedSpecDefinition extends FeatureDefinition {
     }));
   }
 
+  authenticatedDirective(schema: Schema): DirectiveDefinition | undefined {
+    return this.directive(schema, AuthenticatedSpecDefinition.directiveName);
+  }
+
   get defaultCorePurpose(): CorePurpose {
     return 'SECURITY';
   }