@apollo/federation-internals 2.11.3 → 2.11.5-preview.0

package/src/argumentCompositionStrategies.ts

@@ -1,4 +1,4 @@
-import { InputType, NonNullType, Schema, isListType, isNonNullType } from "./definitions"
+import {InputType, NonNullType, Schema, isListType, isNonNullType} from "./definitions"
 import { sameType } from "./types";
 import { valueEquals } from "./values";
 
@@ -19,6 +19,14 @@ function supportFixedTypes(types: (schema: Schema) => InputType[]): TypeSupportV
   };
 }
 
+function supportAnyNonNullNestedArray(): TypeSupportValidator {
+  return (_, type) =>
+    isNonNullType(type) && isListType(type.ofType)
+      && isNonNullType(type.ofType.ofType) && isListType(type.ofType.ofType.ofType)
+        ? { valid: true }
+        : { valid: false, supportedMsg: 'non nullable nested list types of any type' }
+}
+
 function supportAnyNonNullArray(): TypeSupportValidator {
   return (_, type) => isNonNullType(type) && isListType(type.ofType)
     ? { valid: true }
@@ -54,6 +62,104 @@ function unionValues(values: any[]): any {
   }, []);
 }
 
+/**
+ * Performs conjunction of 2d arrays that represent conditions in Disjunctive Normal Form.
+ *
+ * * Each inner array is interpreted as the conjunction of the conditions in the array.
+ * * The top-level array is interpreted as the disjunction of the inner arrays
+ *
+ * Algorithm
+ * * filter out duplicate entries to limit the amount of necessary computations
+ * * calculate cartesian product of the arrays to find all possible combinations
+ *   * simplify combinations by dropping duplicate conditions (i.e. p ^ p = p, p ^ q = q ^ p)
+ * * eliminate entries that are subsumed by others (i.e. (p ^ q) subsumes (p ^ q ^ r))
+ */
+function dnfConjunction<T>(values: T[][][]): T[][] {
+  // should never be the case
+  if (values.length == 0) {
+    return [];
+  }
+
+  // we first filter out duplicate values from candidates
+  // this avoids exponential computation of exactly the same conditions
+  const filtered = filterNestedArrayDuplicates(values);
+
+  // initialize with first entry
+  let result: T[][] = filtered[0];
+  // perform cartesian product to find all possible entries
+  for (let i = 1; i < filtered.length; i++) {
+    const current = filtered[i];
+    const accumulator: T[][] = [];
+    const seen = new Set<string>;
+
+    for (const accElement of result) {
+      for (const currentElement of current) {
+        // filter out elements that are already present in accElement
+        const filteredElement = currentElement.filter((e) => !accElement.includes(e));
+        const candidate = [...accElement, ...filteredElement].sort();
+        const key = JSON.stringify(candidate);
+        // only add entries which has not been seen yet
+        if (!seen.has(key)) {
+          seen.add(key);
+          accumulator.push(candidate);
+        }
+      }
+    }
+    // Now we need to deduplicate the results. Given that
+    // - outer array implies OR requirements
+    // - inner array implies AND requirements
+    // We can filter out any inner arrays that fully contain other inner arrays, i.e.
+    //   A OR B OR (A AND B) OR (A AND B AND C) => A OR B
+    result = deduplicateSubsumedValues(accumulator);
+  }
+  return result;
+}
+
+function filterNestedArrayDuplicates<T>(values: T[][][]): T[][][] {
+  const filtered: T[][][] = [];
+  const seen = new Set<string>;
+  values.forEach((value) => {
+    value.sort();
+    const key = JSON.stringify(value);
+    if (!seen.has(key)) {
+      seen.add(key);
+      filtered.push(value);
+    }
+  });
+  return filtered;
+}
+
+function deduplicateSubsumedValues<T>(values: T[][]): T[][] {
+  const result: T[][] = [];
+  // we first sort by length as the longer ones might be dropped
+  values.sort((first, second) => {
+    if (first.length < second.length) {
+      return -1;
+    } else if (first.length > second.length) {
+      return 1;
+    } else {
+      return 0;
+    }
+  });
+
+  for (const candidate of values) {
+    const entry = new Set(candidate);
+    let redundant = false;
+    for (const r of result) {
+      if (r.every(e => entry.has(e))) {
+        // if `r` is a subset of a `candidate` then it means `candidate` is redundant
+        redundant = true;
+        break;
+      }
+    }
+
+    if (!redundant) {
+      result.push(candidate);
+    }
+  }
+  return result;
+}
+
 export const ARGUMENT_COMPOSITION_STRATEGIES = {
   MAX: {
     name: 'MAX',
@@ -95,7 +201,8 @@ export const ARGUMENT_COMPOSITION_STRATEGIES = {
       schema.booleanType(),
       new NonNullType(schema.booleanType())
     ]),
-    mergeValues: mergeNullableValues(
+    mergeValues:
+        mergeNullableValues(
       (values: boolean[]) => values.every((v) => v)
     ),
   },
@@ -113,5 +220,10 @@ export const ARGUMENT_COMPOSITION_STRATEGIES = {
     name: 'NULLABLE_UNION',
     isTypeSupported: supportAnyArray(),
     mergeValues: mergeNullableValues(unionValues),
+  },
+  DNF_CONJUNCTION: {
+    name: 'DNF_CONJUNCTION',
+    isTypeSupported: supportAnyNonNullNestedArray(),
+    mergeValues: dnfConjunction
   }
 }

package/src/error.ts

@@ -633,6 +633,18 @@ const MAX_VALIDATION_SUBGRAPH_PATHS_EXCEEDED = makeCodeDefinition(
   { addedIn: '2.8.0' },
 );
 
+const AUTHENTICATION_APPLIED_ON_INTERFACE = makeCodeDefinition(
+    'AUTHENTICATION_APPLIED_ON_INTERFACE',
+    'The @authenticated, @requiresScopes and @policy directive cannot be applied on interface, interface fields and interface object',
+    { addedIn: '2.9.4' },
+);
+
+const MISSING_TRANSITIVE_AUTH_REQUIREMENTS = makeCodeDefinition(
+    'MISSING_TRANSITIVE_AUTH_REQUIREMENTS',
+    'Field missing transitive @authenticated, @requiresScopes and/or @policy auth requirements needed to access dependent data.',
+    { addedIn: '2.9.4' },
+)
+
 export const ERROR_CATEGORIES = {
   DIRECTIVE_FIELDS_MISSING_EXTERNAL,
   DIRECTIVE_UNSUPPORTED_ON_INTERFACE,
@@ -734,6 +746,8 @@ export const ERRORS = {
   LIST_SIZE_INVALID_SIZED_FIELD,
   LIST_SIZE_INVALID_SLICING_ARGUMENT,
   MAX_VALIDATION_SUBGRAPH_PATHS_EXCEEDED,
+  AUTHENTICATION_APPLIED_ON_INTERFACE,
+  MISSING_TRANSITIVE_AUTH_REQUIREMENTS,
 };
 
 const codeDefByCode = Object.values(ERRORS).reduce((obj: {[code: string]: ErrorCodeDefinition}, codeDef: ErrorCodeDefinition) => { obj[codeDef.code] = codeDef; return obj; }, {});

package/src/federation.ts

@@ -37,7 +37,7 @@ import {
   isWrapperType,
   possibleRuntimeTypes,
   isIntType,
-  Type,
+  Type, isFieldDefinition,
 } from "./definitions";
 import { assert, MultiMap, printHumanReadableList, OrderedMap, mapValues, assertUnreachable } from "./utils";
 import { SDLValidationRule } from "graphql/validation/ValidationContext";
@@ -97,7 +97,7 @@ import { createObjectTypeSpecification, createScalarTypeSpecification, createUni
 import { didYouMean, suggestionList } from "./suggestions";
 import { coreFeatureDefinitionIfKnown } from "./knownCoreFeatures";
 import { joinIdentity } from "./specs/joinSpec";
-import { COST_VERSIONS, CostDirectiveArguments, ListSizeDirectiveArguments, costIdentity } from "./specs/costSpec";
+import { CostDirectiveArguments, ListSizeDirectiveArguments } from "./specs/costSpec";
 
 const linkSpec = LINK_VERSIONS.latest();
 const tagSpec = TAG_VERSIONS.latest();
@@ -1820,18 +1820,16 @@ export class FederationBlueprint extends SchemaBlueprint {
       }
     }
 
-    const costFeature = schema.coreFeatures?.getByIdentity(costIdentity);
-    const costSpec = costFeature && COST_VERSIONS.find(costFeature.url.version);
-    const costDirective = costSpec?.costDirective(schema);
-    const listSizeDirective = costSpec?.listSizeDirective(schema);
+    const costDirective = metadata.costDirective();
+    const listSizeDirective = metadata.listSizeDirective();
 
     // Validate @cost
-    for (const application of costDirective?.applications() ?? []) {
+    for (const application of costDirective.applications()) {
       validateCostNotAppliedToInterface(application, errorCollector);
     }
 
     // Validate @listSize
-    for (const application of listSizeDirective?.applications() ?? []) {
+    for (const application of listSizeDirective.applications()) {
       const parent = application.parent;
       assert(parent instanceof FieldDefinition, "@listSize can only be applied to FIELD_DEFINITION");
       validateListSizeAppliedToList(application, parent, errorCollector);
@@ -1840,6 +1838,9 @@ export class FederationBlueprint extends SchemaBlueprint {
       validateSizedFieldsAreValidLists(application, parent, errorCollector);
     }
 
+    // Validate @authenticated, @requireScopes and @policy usage on interfaces and interface objects
+    validateNoAuthenticationOnInterfaces(metadata, errorCollector);
+
     return errorCollector;
   }
 
@@ -2891,3 +2892,39 @@ function withoutNonExternalLeafFields(selectionSet: SelectionSet): SelectionSet
     return undefined;
   });
 }
+
+function validateNoAuthenticationOnInterfaces(metadata: FederationMetadata, errorCollector: GraphQLError[]) {
+  const authenticatedDirective = metadata.authenticatedDirective();
+  const requiresScopesDirective = metadata.requiresScopesDirective();
+  const policyDirective = metadata.policyDirective();
+  [authenticatedDirective, requiresScopesDirective, policyDirective].forEach((directive) => {
+    for (const application of directive.applications()) {
+      const element = application.parent;
+      function isAppliedOnInterface(type: Type) {
+        return isInterfaceType(type) || isInterfaceObjectType(baseType(type));
+      }
+      function isAppliedOnInterfaceField(elem: SchemaElement<any, any>) {
+        return isFieldDefinition(elem) && isInterfaceType(elem.parent);
+      }
+
+      if (isAppliedOnInterface(element) || isAppliedOnInterfaceField(element)) {
+        let kind = '';
+        switch (element.kind) {
+          case 'FieldDefinition':
+            kind = 'field';
+            break;
+          case 'InterfaceType':
+            kind = 'interface';
+            break;
+          case 'ObjectType':
+            kind = 'interface object';
+            break;
+        }
+        errorCollector.push(ERRORS.AUTHENTICATION_APPLIED_ON_INTERFACE.err(
+            `Invalid use of @${directive.name} on ${kind} "${element.coordinate}": @${directive.name} cannot be applied on interfaces, interface fields and interface objects`,
+            {nodes: sourceASTs(application, element.parent)},
+        ));
+      }
+    }
+  });
+}

package/src/specs/authenticatedSpec.ts

@@ -8,6 +8,7 @@ import {
 } from "./coreSpec";
 import { createDirectiveSpecification } from "../directiveAndTypeSpecification";
 import { registerKnownFeature } from "../knownCoreFeatures";
+import {DirectiveDefinition, Schema} from "../definitions";
 
 export class AuthenticatedSpecDefinition extends FeatureDefinition {
   public static readonly directiveName = "authenticated";
@@ -37,6 +38,10 @@ export class AuthenticatedSpecDefinition extends FeatureDefinition {
     }));
   }
 
+  authenticatedDirective(schema: Schema): DirectiveDefinition | undefined {
+    return this.directive(schema, AuthenticatedSpecDefinition.directiveName);
+  }
+
   get defaultCorePurpose(): CorePurpose {
     return 'SECURITY';
   }

package/src/specs/policySpec.ts

@@ -6,7 +6,7 @@ import {
   FeatureUrl,
   FeatureVersion,
 } from "./coreSpec";
-import { ListType, NonNullType } from "../definitions";
+import {DirectiveDefinition, ListType, NonNullType, Schema} from "../definitions";
 import { createDirectiveSpecification, createScalarTypeSpecification } from "../directiveAndTypeSpecification";
 import { registerKnownFeature } from "../knownCoreFeatures";
 import { ARGUMENT_COMPOSITION_STRATEGIES } from "../argumentCompositionStrategies";
@@ -42,7 +42,7 @@ export class PolicySpecDefinition extends FeatureDefinition {
           assert(PolicyType, () => `Expected "${policyName}" to be defined`);
           return new NonNullType(new ListType(new NonNullType(new ListType(new NonNullType(PolicyType)))));
         },
-        compositionStrategy: ARGUMENT_COMPOSITION_STRATEGIES.UNION,
+        compositionStrategy: ARGUMENT_COMPOSITION_STRATEGIES.DNF_CONJUNCTION,
       }],
       locations: [
         DirectiveLocation.FIELD_DEFINITION,
@@ -56,6 +56,10 @@ export class PolicySpecDefinition extends FeatureDefinition {
     }));
   }
 
+  policyDirective(schema: Schema): DirectiveDefinition<{policies: string[][]}> | undefined {
+    return this.directive(schema, PolicySpecDefinition.directiveName);
+  }
+
   get defaultCorePurpose(): CorePurpose {
     return 'SECURITY';
   }

package/src/specs/requiresScopesSpec.ts

@@ -6,7 +6,7 @@ import {
   FeatureUrl,
   FeatureVersion,
 } from "./coreSpec";
-import { ListType, NonNullType } from "../definitions";
+import {DirectiveDefinition, ListType, NonNullType, Schema} from "../definitions";
 import { createDirectiveSpecification, createScalarTypeSpecification } from "../directiveAndTypeSpecification";
 import { registerKnownFeature } from "../knownCoreFeatures";
 import { ARGUMENT_COMPOSITION_STRATEGIES } from "../argumentCompositionStrategies";
@@ -43,7 +43,7 @@ export class RequiresScopesSpecDefinition extends FeatureDefinition {
           assert(scopeType, () => `Expected "${scopeName}" to be defined`);
           return new NonNullType(new ListType(new NonNullType(new ListType(new NonNullType(scopeType)))));
         },
-        compositionStrategy: ARGUMENT_COMPOSITION_STRATEGIES.UNION,
+        compositionStrategy: ARGUMENT_COMPOSITION_STRATEGIES.DNF_CONJUNCTION,
       }],
       locations: [
         DirectiveLocation.FIELD_DEFINITION,
@@ -57,6 +57,10 @@ export class RequiresScopesSpecDefinition extends FeatureDefinition {
     }));
   }
 
+  requiresScopesDirective(schema: Schema): DirectiveDefinition<{scopes: string[][]}> | undefined {
+    return this.directive(schema, RequiresScopesSpecDefinition.directiveName);
+  }
+
   get defaultCorePurpose(): CorePurpose {
     return 'SECURITY';
   }