@strapi/plugin-graphql 4.13.0-beta.0 → 4.13.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/package.json +4 -4
  2. package/server/services/builders/mutations/single-type.js +13 -1
  3. package/server/services/builders/resolvers/association.js +4 -1
  4. package/server/services/builders/resolvers/component.js +4 -1
  5. package/server/services/builders/resolvers/mutation.js +5 -2
  6. package/server/services/builders/resolvers/query.js +7 -1
  7. package/server/services/internals/types/response-collection-meta.js +4 -2
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@strapi/plugin-graphql",
3
- "version": "4.13.0-beta.0",
3
+ "version": "4.13.1",
4
4
  "description": "Adds GraphQL endpoint with default API methods.",
5
5
  "repository": {
6
6
  "type": "git",
@@ -27,9 +27,9 @@
27
27
  "@graphql-tools/schema": "8.5.1",
28
28
  "@graphql-tools/utils": "^8.13.1",
29
29
  "@strapi/design-system": "1.9.0",
30
- "@strapi/helper-plugin": "4.13.0-beta.0",
30
+ "@strapi/helper-plugin": "4.13.1",
31
31
  "@strapi/icons": "1.9.0",
32
- "@strapi/utils": "4.13.0-beta.0",
32
+ "@strapi/utils": "4.13.1",
33
33
  "apollo-server-core": "3.12.0",
34
34
  "apollo-server-koa": "3.10.0",
35
35
  "glob": "7.2.3",
@@ -68,5 +68,5 @@
68
68
  "description": "Adds GraphQL endpoint with default API methods.",
69
69
  "kind": "plugin"
70
70
  },
71
- "gitHead": "f1b8431a6a0b7f9bd9a8444adb56217bba91ec07"
71
+ "gitHead": "a9afeb90c525d9b8ab033aa0c87e03a72134e0dd"
72
72
  }
package/server/services/builders/mutations/single-type.js CHANGED
@@ -5,7 +5,7 @@ const { omit, isNil } = require('lodash/fp');
5
5
 
6
6
  const utils = require('@strapi/utils');
7
7
 
8
- const { sanitize } = utils;
8
+ const { sanitize, validate } = utils;
9
9
  const { NotFoundError } = utils.errors;
10
10
 
11
11
  module.exports = ({ strapi }) => {
@@ -53,6 +53,13 @@ module.exports = ({ strapi }) => {
53
53
  .get('content-api')
54
54
  .buildMutationsResolvers({ contentType });
55
55
 
56
+ // For single types, the validation and sanitization of args is done here instead of being
57
+ // delegated to the query builders since we're calling the entity service directly
58
+
59
+ await validate.contentAPI.query(omit(['data', 'files'], transformedArgs), contentType, {
60
+ auth,
61
+ });
62
+
56
63
  const sanitizedQuery = await sanitize.contentAPI.query(
57
64
  omit(['data', 'files'], transformedArgs),
58
65
  contentType,
@@ -91,6 +98,11 @@ module.exports = ({ strapi }) => {
91
98
  .get('content-api')
92
99
  .buildMutationsResolvers({ contentType });
93
100
 
101
+ // For single types, the validation and sanitization of args is done here instead of being
102
+ // delegated to the query builders since we're calling the entity service directly
103
+
104
+ await validate.contentAPI.query(transformedArgs, contentType, { auth: ctx?.state?.auth });
105
+
94
106
  const sanitizedQuery = await sanitize.contentAPI.query(transformedArgs, contentType, {
95
107
  auth: ctx?.state?.auth,
96
108
  });
package/server/services/builders/resolvers/association.js CHANGED
@@ -4,7 +4,7 @@ const { get } = require('lodash/fp');
4
4
 
5
5
  const utils = require('@strapi/utils');
6
6
 
7
- const { sanitize, pipeAsync } = utils;
7
+ const { sanitize, validate, pipeAsync } = utils;
8
8
  const { ApplicationError } = utils.errors;
9
9
 
10
10
  module.exports = ({ strapi }) => {
@@ -41,6 +41,9 @@ module.exports = ({ strapi }) => {
41
41
  usePagination: true,
42
42
  });
43
43
 
44
+ await validate.contentAPI.query(transformedArgs, targetContentType, {
45
+ auth,
46
+ });
44
47
  const sanitizedQuery = await sanitize.contentAPI.query(transformedArgs, targetContentType, {
45
48
  auth,
46
49
  });
package/server/services/builders/resolvers/component.js CHANGED
@@ -1,6 +1,6 @@
1
1
  'use strict';
2
2
 
3
- const { sanitize } = require('@strapi/utils');
3
+ const { sanitize, validate } = require('@strapi/utils');
4
4
 
5
5
  module.exports = ({ strapi }) => ({
6
6
  buildComponentResolver({ contentTypeUID, attributeName }) {
@@ -13,6 +13,9 @@ module.exports = ({ strapi }) => ({
13
13
  const component = strapi.getModel(componentName);
14
14
 
15
15
  const transformedArgs = transformArgs(args, { contentType: component, usePagination: true });
16
+ await validate.contentAPI.query(transformedArgs, contentType, {
17
+ auth: ctx?.state?.auth,
18
+ });
16
19
  const sanitizedQuery = await sanitize.contentAPI.query(transformedArgs, contentType, {
17
20
  auth: ctx?.state?.auth,
18
21
  });
package/server/services/builders/resolvers/mutation.js CHANGED
@@ -1,7 +1,7 @@
1
1
  'use strict';
2
2
 
3
3
  const { pick } = require('lodash/fp');
4
- const { sanitize } = require('@strapi/utils');
4
+ const { sanitize, validate } = require('@strapi/utils');
5
5
 
6
6
  const pickCreateArgs = pick(['params', 'data', 'files']);
7
7
 
@@ -25,7 +25,10 @@ module.exports = ({ strapi }) => ({
25
25
 
26
26
  async delete(parent, args, ctx) {
27
27
  const { id, ...rest } = args;
28
- const sanitizedQuery = sanitize.contentAPI.query(rest, contentType, {
28
+ await validate.contentAPI.query(rest, contentType, {
29
+ auth: ctx?.state?.auth,
30
+ });
31
+ const sanitizedQuery = await sanitize.contentAPI.query(rest, contentType, {
29
32
  auth: ctx?.state?.auth,
30
33
  });
31
34
  return strapi.entityService.delete(uid, id, sanitizedQuery);
package/server/services/builders/resolvers/query.js CHANGED
@@ -1,7 +1,7 @@
1
1
  'use strict';
2
2
 
3
3
  const { omit } = require('lodash/fp');
4
- const { sanitize } = require('@strapi/utils');
4
+ const { sanitize, validate } = require('@strapi/utils');
5
5
 
6
6
  module.exports = ({ strapi }) => ({
7
7
  buildQueriesResolvers({ contentType }) {
@@ -9,6 +9,9 @@ module.exports = ({ strapi }) => ({
9
9
 
10
10
  return {
11
11
  async find(parent, args, ctx) {
12
+ await validate.contentAPI.query(args, contentType, {
13
+ auth: ctx?.state?.auth,
14
+ });
12
15
  const sanitizedQuery = await sanitize.contentAPI.query(args, contentType, {
13
16
  auth: ctx?.state?.auth,
14
17
  });
@@ -17,6 +20,9 @@ module.exports = ({ strapi }) => ({
17
20
  },
18
21
 
19
22
  async findOne(parent, args, ctx) {
23
+ await validate.contentAPI.query(args, contentType, {
24
+ auth: ctx?.state?.auth,
25
+ });
20
26
  const sanitizedQuery = await sanitize.contentAPI.query(args, contentType, {
21
27
  auth: ctx?.state?.auth,
22
28
  });
package/server/services/internals/types/response-collection-meta.js CHANGED
@@ -1,7 +1,7 @@
1
1
  'use strict';
2
2
 
3
3
  const { objectType } = require('nexus');
4
- const { sanitize } = require('@strapi/utils');
4
+ const { sanitize, validate } = require('@strapi/utils');
5
5
 
6
6
  module.exports = ({ strapi }) => {
7
7
  const { RESPONSE_COLLECTION_META_TYPE_NAME, PAGINATION_TYPE_NAME } = strapi
@@ -26,7 +26,9 @@ module.exports = ({ strapi }) => {
26
26
  const { start, limit } = args;
27
27
  const safeLimit = Math.max(limit, 1);
28
28
  const contentType = strapi.getModel(resourceUID);
29
-
29
+ await validate.contentAPI.query(args, contentType, {
30
+ auth: ctx?.state?.auth,
31
+ });
30
32
  const sanitizedQuery = await sanitize.contentAPI.query(args, contentType, {
31
33
  auth: ctx?.state?.auth,
32
34
  });