yume/juniper
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Disallow deserialize empty GraphQLBatchRequest (#639) (#644)

Browse source 
* Disallow deserialize empty GraphQLBatchRequest (#639)

* Add test for empty batch request
This commit is contained in:
Kai Ren 2020-04-30 19:16:15 +03:00 committed by GitHub
parent 845331033e
commit 52aea4d68d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 29 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

30
juniper/src/http/mod.rs
View file

@ -4,6 +4,7 @@ pub mod graphiql;
pub mod playground;
use serde::{
de,
ser::{self, SerializeMap},
Deserialize, Serialize,
};
@ -216,7 +217,7 @@ where
}
}
/// Simple wrapper around GraphQLRequest to allow the handling of Batch requests
/// Simple wrapper around GraphQLRequest to allow the handling of Batch requests.
#[derive(Debug, Deserialize, PartialEq)]
#[serde(untagged)]
#[serde(bound = "InputValue<S>: Deserialize<'de>")]
@ -226,10 +227,29 @@ where
{
/// A single operation request.
Single(GraphQLRequest<S>),
/// A batch operation request.
///
/// Empty batch is considered as invalid value, so cannot be deserialized.
#[serde(deserialize_with = "deserialize_non_empty_vec")]
Batch(Vec<GraphQLRequest<S>>),
}
fn deserialize_non_empty_vec<'de, D, T>(deserializer: D) -> Result<Vec<T>, D::Error>
where
D: de::Deserializer<'de>,
T: Deserialize<'de>,
{
use de::Error as _;
let v = Vec::<T>::deserialize(deserializer)?;
if v.is_empty() {
Err(D::Error::invalid_length(0, &"a positive integer"))
} else {
Ok(v)
}
}
impl<S> GraphQLBatchRequest<S>
where
S: ScalarValue,
@ -373,6 +393,9 @@ pub mod tests {
println!(" - test_batched_post");
test_batched_post(integration);
println!(" - test_empty_batched_post");
test_empty_batched_post(integration);
println!(" - test_invalid_json");
test_invalid_json(integration);
@ -499,6 +522,11 @@ pub mod tests {
);
}
fn test_empty_batched_post<T: HTTPIntegration>(integration: &T) {
let response = integration.post("/", "[]");
assert_eq!(response.status_code, 400);
}
fn test_invalid_json<T: HTTPIntegration>(integration: &T) {
let response = integration.get("/?query=blah");
assert_eq!(response.status_code, 400);