@envelop/extended-validation 1.1.1-alpha-52fc7d2.0

package/README.md

@@ -0,0 +1,135 @@
+## `@envelop/extended-validation`
+
+Extended validation plugin adds support for writing GraphQL validation rules, that has access to all `execute` parameters, including variables.
+
+While GraphQL supports fair amount of built-in validations, and validations could be extended, it's doesn't expose `variables` to the validation rules, since operation variables are not available during `validate` flow (it's only available through execution of the operation, after input/variables coercion is done).
+
+This plugin runs before `validate` but allow developers to write their validation rules in the same way GraphQL `ValidationRule` is defined (based on a GraphQL visitor).
+
+## Getting Started
+
+Start by installing the plugin:
+
+```
+yarn add @envelop/extended-validation
+```
+
+Then, use the plugin with your validation rules:
+
+```ts
+import { useExtendedValidation } from '@envelop/extended-validation';
+
+const getEnveloped = evelop({
+  plugins: [
+    useExtendedValidation({
+      rules: [ ... ] // your rules here
+    })
+  ]
+})
+```
+
+To create your custom rules, implement the `ExtendedValidationRule` interface and return your GraphQL AST visitor.
+
+For example:
+
+```ts
+import { ExtendedValidationRule } from '@envelop/extended-validation';
+
+export const MyRule: ExtendedValidationRule = (validationContext, executionArgs) => {
+  return {
+    OperationDefinition: node => {
+      // This will run for every executed Query/Mutation/Subscription
+      // And now you also have access to the execution params like variables, context and so on.
+      // If you wish to report an error, use validationContext.reportError or throw an exception.
+    },
+  };
+};
+```
+
+## Built-in Rules
+
+### Union Inputs: `@oneOf`
+
+This directive provides validation for input types and implements the concept of union inputs. You can find the [complete spec RFC here](https://github.com/graphql/graphql-spec/pull/825).
+
+You can use union inputs either via a the SDL flow, by annotating types and fields with `@oneOf` or via the `extensions` field.
+
+First, make sure to add that rule to your plugin usage:
+
+```ts
+import { useExtendedValidation, OneOfInputObjectsRule } from '@envelop/extended-validation';
+
+const getEnveloped = evelop({
+  plugins: [
+    useExtendedValidation({
+      rules: [OneOfInputObjectsRule],
+    }),
+  ],
+});
+```
+
+#### Schema Directive Flow
+
+Make sure to include the following directive in your schema:
+
+```graphql
+directive @oneOf on INPUT_OBJECT | FIELD_DEFINITION
+```
+
+Then, apply it to field definitions, or to a complete `input` type:
+
+```graphql
+## Apply to entire input type
+input FindUserInput @oneOf {
+  id: ID
+  organizationAndRegistrationNumber: GraphQLInt
+}
+
+## Or, apply to a set of input arguments
+
+type Query {
+  foo(id: ID, str1: String, str2: String): String @oneOf
+}
+```
+
+#### Programmatic extensions flow
+
+```tsx
+const GraphQLFindUserInput = new GraphQLInputObjectType({
+  name: 'FindUserInput',
+  fields: {
+    id: {
+      type: GraphQLID,
+    },
+    organizationAndRegistrationNumber: {
+      type: GraphQLInt,
+    },
+  },
+  extensions: {
+    oneOf: true,
+  },
+});
+
+const Query = new GraphQLObjectType({
+  name: 'Query',
+  fields: {
+    foo: {
+      type: GraphQLString,
+      args: {
+        id: {
+          type: GraphQLID,
+        },
+        str1: {
+          type: GraphQLString,
+        },
+        str2: {
+          type: GraphQLString,
+        },
+      },
+      extensions: {
+        oneOf: true,
+      },
+    },
+  },
+});
+```

package/common.d.ts

@@ -0,0 +1,6 @@
+import { ASTVisitor, DirectiveNode, ExecutionArgs, GraphQLNamedType, GraphQLType, ValidationContext } from 'graphql';
+export declare type ExtendedValidationRule = (context: ValidationContext, executionArgs: ExecutionArgs) => ASTVisitor;
+export declare function getDirectiveFromAstNode(astNode: {
+    directives?: ReadonlyArray<DirectiveNode>;
+}, names: string | string[]): null | DirectiveNode;
+export declare function unwrapType(type: GraphQLType): GraphQLNamedType;

package/index.d.ts

@@ -0,0 +1,3 @@
+export * from './plugin';
+export * from './common';
+export * from './rules/one-of';

package/index.js

@@ -0,0 +1,132 @@
+'use strict';
+
+Object.defineProperty(exports, '__esModule', { value: true });
+
+const graphql = require('graphql');
+const values_js = require('graphql/execution/values.js');
+
+const SYMBOL_EXTENDED_VALIDATION_RULES = Symbol('SYMBOL_EXTENDED_VALIDATION_RULES');
+const useExtendedValidation = (options) => {
+    let schemaTypeInfo;
+    return {
+        onSchemaChange({ schema }) {
+            schemaTypeInfo = new graphql.TypeInfo(schema);
+        },
+        onParse({ context, extendContext }) {
+            var _a;
+            const rules = (_a = context === null || context === void 0 ? void 0 : context[SYMBOL_EXTENDED_VALIDATION_RULES]) !== null && _a !== void 0 ? _a : [];
+            rules.push(...options.rules);
+            extendContext({
+                [SYMBOL_EXTENDED_VALIDATION_RULES]: rules,
+            });
+        },
+        onExecute({ args, setResultAndStopExecution }) {
+            const rules = args.contextValue[SYMBOL_EXTENDED_VALIDATION_RULES];
+            const errors = [];
+            const typeInfo = schemaTypeInfo || new graphql.TypeInfo(args.schema);
+            const validationContext = new graphql.ValidationContext(args.schema, args.document, typeInfo, e => {
+                errors.push(e);
+            });
+            const visitor = graphql.visitInParallel(rules.map(rule => rule(validationContext, args)));
+            graphql.visit(args.document, graphql.visitWithTypeInfo(typeInfo, visitor));
+            for (const rule of rules) {
+                rule(validationContext, args);
+            }
+            if (errors.length > 0) {
+                let result = {
+                    data: null,
+                    errors,
+                };
+                if (options.onValidationFailed) {
+                    options.onValidationFailed({ args, result, setResult: newResult => (result = newResult) });
+                }
+                return setResultAndStopExecution(result);
+            }
+        },
+    };
+};
+
+function getDirectiveFromAstNode(astNode, names) {
+    const directives = astNode.directives || [];
+    const namesArr = Array.isArray(names) ? names : [names];
+    const authDirective = directives.find(d => namesArr.includes(d.name.value));
+    return authDirective || null;
+}
+function unwrapType(type) {
+    if (graphql.isNonNullType(type) || graphql.isListType(type)) {
+        return unwrapType(type.ofType);
+    }
+    return type;
+}
+
+const ONE_OF_DIRECTIVE_SDL = /* GraphQL */ `
+  directive @oneOf on INPUT_OBJECT | FIELD_DEFINITION
+`;
+const OneOfInputObjectsRule = (validationContext, executionArgs) => {
+    return {
+        Field: node => {
+            var _a, _b;
+            if ((_a = node.arguments) === null || _a === void 0 ? void 0 : _a.length) {
+                const fieldType = validationContext.getFieldDef();
+                if (!fieldType) {
+                    return;
+                }
+                const values = values_js.getArgumentValues(fieldType, node, executionArgs.variableValues);
+                if (fieldType) {
+                    const isOneOfFieldType = ((_b = fieldType.extensions) === null || _b === void 0 ? void 0 : _b.oneOf) || (fieldType.astNode && getDirectiveFromAstNode(fieldType.astNode, 'oneOf'));
+                    if (isOneOfFieldType) {
+                        if (Object.keys(values).length !== 1) {
+                            validationContext.reportError(new graphql.GraphQLError(`Exactly one key must be specified for input for field "${fieldType.type.toString()}.${node.name.value}"`, [node]));
+                        }
+                    }
+                }
+                for (const arg of node.arguments) {
+                    const argType = fieldType.args.find(typeArg => typeArg.name === arg.name.value);
+                    if (argType) {
+                        traverseVariables(validationContext, arg, argType.type, values[arg.name.value]);
+                    }
+                }
+            }
+        },
+    };
+};
+function traverseVariables(validationContext, arg, graphqlType, currentValue) {
+    var _a;
+    // if the current value is empty we don't need to traverse deeper
+    // if it shouldn't be empty, the "original" validation phase should complain.
+    if (currentValue == null) {
+        return;
+    }
+    if (graphql.isListType(graphqlType)) {
+        if (!Array.isArray(currentValue)) {
+            // because of graphql type coercion a single object should be treated as an array of one object
+            currentValue = [currentValue];
+        }
+        currentValue.forEach(value => {
+            traverseVariables(validationContext, arg, graphqlType.ofType, value);
+        });
+        return;
+    }
+    if (typeof currentValue !== 'object' || currentValue == null) {
+        // in case the value is not an object, the "original" validation phase should complain.
+        return;
+    }
+    const inputType = unwrapType(graphqlType);
+    const isOneOfInputType = ((_a = inputType.extensions) === null || _a === void 0 ? void 0 : _a.oneOf) || (inputType.astNode && getDirectiveFromAstNode(inputType.astNode, 'oneOf'));
+    if (isOneOfInputType) {
+        if (Object.keys(currentValue).length !== 1) {
+            validationContext.reportError(new graphql.GraphQLError(`Exactly one key must be specified for input type "${inputType.name}"`, [arg]));
+        }
+    }
+    if (inputType instanceof graphql.GraphQLInputObjectType) {
+        for (const [name, fieldConfig] of Object.entries(inputType.getFields())) {
+            traverseVariables(validationContext, arg, fieldConfig.type, currentValue[name]);
+        }
+    }
+}
+
+exports.ONE_OF_DIRECTIVE_SDL = ONE_OF_DIRECTIVE_SDL;
+exports.OneOfInputObjectsRule = OneOfInputObjectsRule;
+exports.getDirectiveFromAstNode = getDirectiveFromAstNode;
+exports.unwrapType = unwrapType;
+exports.useExtendedValidation = useExtendedValidation;

package/index.mjs

@@ -0,0 +1,124 @@
+import { TypeInfo, ValidationContext, visitInParallel, visit, visitWithTypeInfo, isNonNullType, isListType, GraphQLError, GraphQLInputObjectType } from 'graphql';
+import { getArgumentValues } from 'graphql/execution/values.js';
+
+const SYMBOL_EXTENDED_VALIDATION_RULES = Symbol('SYMBOL_EXTENDED_VALIDATION_RULES');
+const useExtendedValidation = (options) => {
+    let schemaTypeInfo;
+    return {
+        onSchemaChange({ schema }) {
+            schemaTypeInfo = new TypeInfo(schema);
+        },
+        onParse({ context, extendContext }) {
+            var _a;
+            const rules = (_a = context === null || context === void 0 ? void 0 : context[SYMBOL_EXTENDED_VALIDATION_RULES]) !== null && _a !== void 0 ? _a : [];
+            rules.push(...options.rules);
+            extendContext({
+                [SYMBOL_EXTENDED_VALIDATION_RULES]: rules,
+            });
+        },
+        onExecute({ args, setResultAndStopExecution }) {
+            const rules = args.contextValue[SYMBOL_EXTENDED_VALIDATION_RULES];
+            const errors = [];
+            const typeInfo = schemaTypeInfo || new TypeInfo(args.schema);
+            const validationContext = new ValidationContext(args.schema, args.document, typeInfo, e => {
+                errors.push(e);
+            });
+            const visitor = visitInParallel(rules.map(rule => rule(validationContext, args)));
+            visit(args.document, visitWithTypeInfo(typeInfo, visitor));
+            for (const rule of rules) {
+                rule(validationContext, args);
+            }
+            if (errors.length > 0) {
+                let result = {
+                    data: null,
+                    errors,
+                };
+                if (options.onValidationFailed) {
+                    options.onValidationFailed({ args, result, setResult: newResult => (result = newResult) });
+                }
+                return setResultAndStopExecution(result);
+            }
+        },
+    };
+};
+
+function getDirectiveFromAstNode(astNode, names) {
+    const directives = astNode.directives || [];
+    const namesArr = Array.isArray(names) ? names : [names];
+    const authDirective = directives.find(d => namesArr.includes(d.name.value));
+    return authDirective || null;
+}
+function unwrapType(type) {
+    if (isNonNullType(type) || isListType(type)) {
+        return unwrapType(type.ofType);
+    }
+    return type;
+}
+
+const ONE_OF_DIRECTIVE_SDL = /* GraphQL */ `
+  directive @oneOf on INPUT_OBJECT | FIELD_DEFINITION
+`;
+const OneOfInputObjectsRule = (validationContext, executionArgs) => {
+    return {
+        Field: node => {
+            var _a, _b;
+            if ((_a = node.arguments) === null || _a === void 0 ? void 0 : _a.length) {
+                const fieldType = validationContext.getFieldDef();
+                if (!fieldType) {
+                    return;
+                }
+                const values = getArgumentValues(fieldType, node, executionArgs.variableValues);
+                if (fieldType) {
+                    const isOneOfFieldType = ((_b = fieldType.extensions) === null || _b === void 0 ? void 0 : _b.oneOf) || (fieldType.astNode && getDirectiveFromAstNode(fieldType.astNode, 'oneOf'));
+                    if (isOneOfFieldType) {
+                        if (Object.keys(values).length !== 1) {
+                            validationContext.reportError(new GraphQLError(`Exactly one key must be specified for input for field "${fieldType.type.toString()}.${node.name.value}"`, [node]));
+                        }
+                    }
+                }
+                for (const arg of node.arguments) {
+                    const argType = fieldType.args.find(typeArg => typeArg.name === arg.name.value);
+                    if (argType) {
+                        traverseVariables(validationContext, arg, argType.type, values[arg.name.value]);
+                    }
+                }
+            }
+        },
+    };
+};
+function traverseVariables(validationContext, arg, graphqlType, currentValue) {
+    var _a;
+    // if the current value is empty we don't need to traverse deeper
+    // if it shouldn't be empty, the "original" validation phase should complain.
+    if (currentValue == null) {
+        return;
+    }
+    if (isListType(graphqlType)) {
+        if (!Array.isArray(currentValue)) {
+            // because of graphql type coercion a single object should be treated as an array of one object
+            currentValue = [currentValue];
+        }
+        currentValue.forEach(value => {
+            traverseVariables(validationContext, arg, graphqlType.ofType, value);
+        });
+        return;
+    }
+    if (typeof currentValue !== 'object' || currentValue == null) {
+        // in case the value is not an object, the "original" validation phase should complain.
+        return;
+    }
+    const inputType = unwrapType(graphqlType);
+    const isOneOfInputType = ((_a = inputType.extensions) === null || _a === void 0 ? void 0 : _a.oneOf) || (inputType.astNode && getDirectiveFromAstNode(inputType.astNode, 'oneOf'));
+    if (isOneOfInputType) {
+        if (Object.keys(currentValue).length !== 1) {
+            validationContext.reportError(new GraphQLError(`Exactly one key must be specified for input type "${inputType.name}"`, [arg]));
+        }
+    }
+    if (inputType instanceof GraphQLInputObjectType) {
+        for (const [name, fieldConfig] of Object.entries(inputType.getFields())) {
+            traverseVariables(validationContext, arg, fieldConfig.type, currentValue[name]);
+        }
+    }
+}
+
+export { ONE_OF_DIRECTIVE_SDL, OneOfInputObjectsRule, getDirectiveFromAstNode, unwrapType, useExtendedValidation };

package/package.json

@@ -0,0 +1,31 @@
+{
+  "name": "@envelop/extended-validation",
+  "version": "1.1.1-alpha-52fc7d2.0",
+  "sideEffects": false,
+  "peerDependencies": {
+    "graphql": "^14.0.0 || ^15.0.0"
+  },
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/dotansimha/envelop.git",
+    "directory": "packages/plugins/extended-validation"
+  },
+  "author": "Dotan Simha <dotansimha@gmail.com>",
+  "license": "MIT",
+  "main": "index.js",
+  "module": "index.mjs",
+  "typings": "index.d.ts",
+  "typescript": {
+    "definition": "index.d.ts"
+  },
+  "exports": {
+    ".": {
+      "require": "./index.js",
+      "import": "./index.mjs"
+    },
+    "./*": {
+      "require": "./*.js",
+      "import": "./*.mjs"
+    }
+  }
+}

package/plugin.d.ts

@@ -0,0 +1,14 @@
+import { Plugin } from '@envelop/types';
+import { ExecutionArgs, ExecutionResult } from 'graphql';
+import { ExtendedValidationRule } from './common';
+export declare const useExtendedValidation: (options: {
+    rules: ExtendedValidationRule[];
+    /**
+     * Callback that is invoked if the extended validation yields any errors.
+     */
+    onValidationFailed?: ((params: {
+        args: ExecutionArgs;
+        result: ExecutionResult;
+        setResult: (result: ExecutionResult) => void;
+    }) => void) | undefined;
+}) => Plugin;

package/rules/one-of.d.ts

@@ -0,0 +1,3 @@
+import { ExtendedValidationRule } from '../common';
+export declare const ONE_OF_DIRECTIVE_SDL = "\n  directive @oneOf on INPUT_OBJECT | FIELD_DEFINITION\n";
+export declare const OneOfInputObjectsRule: ExtendedValidationRule;