@strapi/plugin-graphql 4.7.0 → 4.7.2-exp.175f7ac70ee76d6c825e4429e15fc85ee78d23bb

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (10) hide show
  1. package/package.json +16 -5
  2. package/server/services/builders/mutations/collection-type.js +2 -2
  3. package/server/services/builders/mutations/single-type.js +15 -4
  4. package/server/services/builders/queries/collection-type.js +6 -4
  5. package/server/services/builders/queries/single-type.js +3 -2
  6. package/server/services/builders/resolvers/association.js +10 -2
  7. package/server/services/builders/resolvers/component.js +7 -3
  8. package/server/services/builders/resolvers/mutation.js +6 -4
  9. package/server/services/builders/resolvers/query.js +13 -4
  10. package/server/services/internals/types/response-collection-meta.js +6 -2
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@strapi/plugin-graphql",
3
- "version": "4.7.0",
3
+ "version": "4.7.2-exp.175f7ac70ee76d6c825e4429e15fc85ee78d23bb",
4
4
  "description": "Adds GraphQL endpoint with default API methods.",
5
5
  "repository": {
6
6
  "type": "git",
@@ -29,7 +29,10 @@
29
29
  "dependencies": {
30
30
  "@graphql-tools/schema": "8.5.1",
31
31
  "@graphql-tools/utils": "^8.12.0",
32
- "@strapi/utils": "4.7.0",
32
+ "@strapi/design-system": "1.6.3",
33
+ "@strapi/helper-plugin": "4.7.2-exp.175f7ac70ee76d6c825e4429e15fc85ee78d23bb",
34
+ "@strapi/icons": "1.6.3",
35
+ "@strapi/utils": "4.7.2-exp.175f7ac70ee76d6c825e4429e15fc85ee78d23bb",
33
36
  "apollo-server-core": "3.11.1",
34
37
  "apollo-server-koa": "3.10.0",
35
38
  "glob": "^7.1.7",
@@ -46,10 +49,18 @@
46
49
  },
47
50
  "devDependencies": {
48
51
  "cross-env": "^7.0.3",
49
- "koa": "^2.13.4"
52
+ "koa": "^2.13.4",
53
+ "react": "^17.0.2",
54
+ "react-dom": "^17.0.2",
55
+ "react-router-dom": "5.3.4",
56
+ "styled-components": "5.3.3"
50
57
  },
51
58
  "peerDependencies": {
52
- "@strapi/strapi": "^4.0.0"
59
+ "@strapi/strapi": "^4.0.0",
60
+ "react": "^17.0.2",
61
+ "react-dom": "^17.0.2",
62
+ "react-router-dom": "5.3.4",
63
+ "styled-components": "5.3.3"
53
64
  },
54
65
  "engines": {
55
66
  "node": ">=14.19.1 <=18.x.x",
@@ -61,5 +72,5 @@
61
72
  "description": "Adds GraphQL endpoint with default API methods.",
62
73
  "kind": "plugin"
63
74
  },
64
- "gitHead": "948dbb3121330ffd43f3a4f55522c797770e0b2a"
75
+ "gitHead": "175f7ac70ee76d6c825e4429e15fc85ee78d23bb"
65
76
  }
package/server/services/builders/mutations/collection-type.js CHANGED
@@ -123,14 +123,14 @@ module.exports = ({ strapi }) => {
123
123
  // ...uniqueAttributes,
124
124
  },
125
125
 
126
- async resolve(parent, args) {
126
+ async resolve(parent, args, ctx) {
127
127
  const transformedArgs = transformArgs(args, { contentType });
128
128
 
129
129
  const { delete: deleteResolver } = getService('builders')
130
130
  .get('content-api')
131
131
  .buildMutationsResolvers({ contentType });
132
132
 
133
- const value = await deleteResolver(parent, args);
133
+ const value = await deleteResolver(parent, args, ctx);
134
134
 
135
135
  return toEntityResponse(value, { args: transformedArgs, resourceUID: uid });
136
136
  },
package/server/services/builders/mutations/single-type.js CHANGED
@@ -53,8 +53,15 @@ module.exports = ({ strapi }) => {
53
53
  .get('content-api')
54
54
  .buildMutationsResolvers({ contentType });
55
55
 
56
- const findParams = omit(['data', 'files'], transformedArgs);
57
- const entity = await strapi.entityService.findMany(uid, findParams);
56
+ const sanitizedParams = await sanitize.contentAPI.params(
57
+ omit(['data', 'files'], transformedArgs),
58
+ contentType,
59
+ {
60
+ auth,
61
+ }
62
+ );
63
+
64
+ const entity = await strapi.entityService.findMany(uid, sanitizedParams);
58
65
 
59
66
  // Create or update
60
67
  const value = isNil(entity)
@@ -77,14 +84,18 @@ module.exports = ({ strapi }) => {
77
84
 
78
85
  args: {},
79
86
 
80
- async resolve(parent, args) {
87
+ async resolve(parent, args, ctx) {
81
88
  const transformedArgs = transformArgs(args, { contentType });
82
89
 
83
90
  const { delete: deleteResolver } = getService('builders')
84
91
  .get('content-api')
85
92
  .buildMutationsResolvers({ contentType });
86
93
 
87
- const entity = await strapi.entityService.findMany(uid, transformedArgs);
94
+ const sanitizedParams = await sanitize.contentAPI.params(transformedArgs, contentType, {
95
+ auth: ctx?.state?.auth,
96
+ });
97
+
98
+ const entity = await strapi.entityService.findMany(uid, sanitizedParams);
88
99
 
89
100
  if (!entity) {
90
101
  throw new NotFoundError('Entity not found');
package/server/services/builders/queries/collection-type.js CHANGED
@@ -72,14 +72,15 @@ module.exports = ({ strapi }) => {
72
72
 
73
73
  args: getContentTypeArgs(contentType, { multiple: false }),
74
74
 
75
- async resolve(parent, args) {
75
+ async resolve(parent, args, ctx) {
76
76
  const transformedArgs = transformArgs(args, { contentType });
77
77
 
78
78
  const { findOne } = getService('builders')
79
79
  .get('content-api')
80
80
  .buildQueriesResolvers({ contentType });
81
81
 
82
- const value = findOne(parent, transformedArgs);
82
+ // queryResolvers will sanitize params
83
+ const value = findOne(parent, transformedArgs, ctx);
83
84
 
84
85
  return toEntityResponse(value, { args: transformedArgs, resourceUID: uid });
85
86
  },
@@ -102,14 +103,15 @@ module.exports = ({ strapi }) => {
102
103
 
103
104
  args: getContentTypeArgs(contentType),
104
105
 
105
- async resolve(parent, args) {
106
+ async resolve(parent, args, ctx) {
106
107
  const transformedArgs = transformArgs(args, { contentType, usePagination: true });
107
108
 
108
109
  const { find } = getService('builders')
109
110
  .get('content-api')
110
111
  .buildQueriesResolvers({ contentType });
111
112
 
112
- const nodes = await find(parent, transformedArgs);
113
+ // queryResolvers will sanitize params
114
+ const nodes = await find(parent, transformedArgs, ctx);
113
115
 
114
116
  return toEntityResponseCollection(nodes, { args: transformedArgs, resourceUID: uid });
115
117
  },
package/server/services/builders/queries/single-type.js CHANGED
@@ -52,14 +52,15 @@ module.exports = ({ strapi }) => {
52
52
 
53
53
  args: getContentTypeArgs(contentType),
54
54
 
55
- async resolve(parent, args) {
55
+ async resolve(parent, args, ctx) {
56
56
  const transformedArgs = transformArgs(args, { contentType });
57
57
 
58
58
  const queriesResolvers = getService('builders')
59
59
  .get('content-api')
60
60
  .buildQueriesResolvers({ contentType });
61
61
 
62
- const value = queriesResolvers.find(parent, transformedArgs);
62
+ // queryResolvers will sanitize params
63
+ const value = queriesResolvers.find(parent, transformedArgs, ctx);
63
64
 
64
65
  return toEntityResponse(value, { args: transformedArgs, resourceUID: uid });
65
66
  },
package/server/services/builders/resolvers/association.js CHANGED
@@ -41,15 +41,23 @@ module.exports = ({ strapi }) => {
41
41
  usePagination: true,
42
42
  });
43
43
 
44
+ const sanitizedParams = await sanitize.contentAPI.params(
45
+ transformedArgs,
46
+ targetContentType,
47
+ {
48
+ auth,
49
+ }
50
+ );
51
+
44
52
  const data = await strapi.entityService.load(
45
53
  contentTypeUID,
46
54
  parent,
47
55
  attributeName,
48
- transformedArgs
56
+ sanitizedParams
49
57
  );
50
58
 
51
59
  const info = {
52
- args: transformedArgs,
60
+ args: sanitizedParams,
53
61
  resourceUID: targetUID,
54
62
  };
55
63
 
package/server/services/builders/resolvers/component.js CHANGED
@@ -1,18 +1,22 @@
1
1
  'use strict';
2
2
 
3
+ const { sanitize } = require('@strapi/utils');
4
+
3
5
  module.exports = ({ strapi }) => ({
4
6
  buildComponentResolver({ contentTypeUID, attributeName }) {
5
7
  const { transformArgs } = strapi.plugin('graphql').service('builders').utils;
6
8
 
7
- return async (parent, args = {}) => {
9
+ return async (parent, args = {}, ctx) => {
8
10
  const contentType = strapi.getModel(contentTypeUID);
9
11
 
10
12
  const { component: componentName } = contentType.attributes[attributeName];
11
13
  const component = strapi.getModel(componentName);
12
14
 
13
15
  const transformedArgs = transformArgs(args, { contentType: component, usePagination: true });
14
-
15
- return strapi.entityService.load(contentTypeUID, parent, attributeName, transformedArgs);
16
+ const sanitizedParams = await sanitize.contentAPI.params(transformedArgs, contentType, {
17
+ auth: ctx?.state?.auth,
18
+ });
19
+ return strapi.entityService.load(contentTypeUID, parent, attributeName, sanitizedParams);
16
20
  };
17
21
  },
18
22
  });
package/server/services/builders/resolvers/mutation.js CHANGED
@@ -1,6 +1,7 @@
1
1
  'use strict';
2
2
 
3
3
  const { pick } = require('lodash/fp');
4
+ const { sanitize } = require('@strapi/utils');
4
5
 
5
6
  const pickCreateArgs = pick(['params', 'data', 'files']);
6
7
 
@@ -19,14 +20,15 @@ module.exports = ({ strapi }) => ({
19
20
 
20
21
  async update(parent, args) {
21
22
  const { id, data } = args;
22
-
23
23
  return strapi.entityService.update(uid, id, { data });
24
24
  },
25
25
 
26
- async delete(parent, args) {
26
+ async delete(parent, args, ctx) {
27
27
  const { id, ...rest } = args;
28
-
29
- return strapi.entityService.delete(uid, id, rest);
28
+ const sanitizedParams = sanitize.contentAPI.params(rest, contentType, {
29
+ auth: ctx?.state?.auth,
30
+ });
31
+ return strapi.entityService.delete(uid, id, sanitizedParams);
30
32
  },
31
33
  };
32
34
  },
package/server/services/builders/resolvers/query.js CHANGED
@@ -1,18 +1,27 @@
1
1
  'use strict';
2
2
 
3
3
  const { omit } = require('lodash/fp');
4
+ const { sanitize } = require('@strapi/utils');
4
5
 
5
6
  module.exports = ({ strapi }) => ({
6
7
  buildQueriesResolvers({ contentType }) {
7
8
  const { uid } = contentType;
8
9
 
9
10
  return {
10
- async find(parent, args) {
11
- return strapi.entityService.findMany(uid, args);
11
+ async find(parent, args, ctx) {
12
+ const sanitizedParams = await sanitize.contentAPI.params(args, contentType, {
13
+ auth: ctx?.state?.auth,
14
+ });
15
+
16
+ return strapi.entityService.findMany(uid, sanitizedParams);
12
17
  },
13
18
 
14
- async findOne(parent, args) {
15
- return strapi.entityService.findOne(uid, args.id, omit('id', args));
19
+ async findOne(parent, args, ctx) {
20
+ const sanitizedParams = await sanitize.contentAPI.params(args, contentType, {
21
+ auth: ctx?.state?.auth,
22
+ });
23
+
24
+ return strapi.entityService.findOne(uid, args.id, omit('id', sanitizedParams));
16
25
  },
17
26
  };
18
27
  },
package/server/services/internals/types/response-collection-meta.js CHANGED
@@ -1,6 +1,7 @@
1
1
  'use strict';
2
2
 
3
3
  const { objectType } = require('nexus');
4
+ const { sanitize } = require('@strapi/utils');
4
5
 
5
6
  module.exports = ({ strapi }) => {
6
7
  const { RESPONSE_COLLECTION_META_TYPE_NAME, PAGINATION_TYPE_NAME } = strapi
@@ -20,12 +21,15 @@ module.exports = ({ strapi }) => {
20
21
  t.nonNull.field('pagination', {
21
22
  type: PAGINATION_TYPE_NAME,
22
23
 
23
- async resolve(parent) {
24
+ async resolve(parent, _childArgs, ctx) {
24
25
  const { args, resourceUID } = parent;
25
26
  const { start, limit } = args;
26
27
  const safeLimit = Math.max(limit, 1);
27
28
 
28
- const total = await strapi.entityService.count(resourceUID, args);
29
+ const filteredArgs = await sanitize.contentAPI.params(args, parent.contentType, {
30
+ auth: ctx?.state?.auth,
31
+ });
32
+ const total = await strapi.entityService.count(resourceUID, filteredArgs);
29
33
  const pageSize = limit === -1 ? total - start : safeLimit;
30
34
  const pageCount = limit === -1 ? safeLimit : Math.ceil(total / safeLimit);
31
35
  const page = limit === -1 ? safeLimit : Math.floor(start / safeLimit) + 1;