url_decode parameters in Rocket integration

Also as part of this change I fixed and enabled
the http integration tests for Rocket.

Fixes https://github.com/graphql-rust/juniper/issues/116.
This commit is contained in:
Christian Legnitto 2017-12-17 00:53:19 -08:00 committed by theduke
parent 883dd0b2ee
commit 9362d6954c
2 changed files with 185 additions and 52 deletions

View file

@ -12,9 +12,9 @@ use executor::ExecutionError;
/// For POST, you can use Serde to deserialize the incoming JSON data directly /// For POST, you can use Serde to deserialize the incoming JSON data directly
/// into this struct - it derives Deserialize for exactly this reason. /// into this struct - it derives Deserialize for exactly this reason.
/// ///
/// For GET, you will need to parse the query string and exctract "query", /// For GET, you will need to parse the query string and extract "query",
/// "operationName", and "variables" manually. /// "operationName", and "variables" manually.
#[derive(Deserialize, Clone, Serialize)] #[derive(Deserialize, Clone, Serialize, PartialEq, Debug)]
pub struct GraphQLRequest { pub struct GraphQLRequest {
query: String, query: String,
#[serde(rename = "operationName")] #[serde(rename = "operationName")]

View file

@ -65,6 +65,7 @@ use juniper::RootNode;
/// See the `http` module for more information. This type can be constructed /// See the `http` module for more information. This type can be constructed
/// automatically from both GET and POST routes by implementing the `FromForm` /// automatically from both GET and POST routes by implementing the `FromForm`
/// and `FromData` traits. /// and `FromData` traits.
#[derive(Debug, PartialEq)]
pub struct GraphQLRequest(http::GraphQLRequest); pub struct GraphQLRequest(http::GraphQLRequest);
/// Simple wrapper around the result of executing a GraphQL query /// Simple wrapper around the result of executing a GraphQL query
@ -107,30 +108,54 @@ impl<'f> FromForm<'f> for GraphQLRequest {
let mut variables = None; let mut variables = None;
for (key, value) in form_items { for (key, value) in form_items {
// Note: we explicitly decode in the match arms to save work rather
// than decoding every form item blindly.
match key.as_str() { match key.as_str() {
"query" => if query.is_some() { "query" => {
return Err("Query parameter must not occur more than once".to_owned()); if query.is_some() {
} else { return Err("Query parameter must not occur more than once".to_owned());
query = Some(value.as_str().to_string()); } else {
}, match value.url_decode() {
"operation_name" => if operation_name.is_some() { Ok(v) => query = Some(v),
return Err( Err(e) => return Err(e.description().to_string()),
"Operation name parameter must not occur more than once".to_owned(), }
); }
} else { }
operation_name = Some(value.as_str().to_string()); "operation_name" => {
}, if operation_name.is_some() {
"variables" => if variables.is_some() { return Err(
return Err( "Operation name parameter must not occur more than once".to_owned(),
"Variables parameter must not occur more than once".to_owned(), );
); } else {
} else { match value.url_decode() {
variables = Some(serde_json::from_str::<InputValue>(value.as_str()) Ok(v) => operation_name = Some(v),
.map_err(|err| err.description().to_owned())?); Err(e) => return Err(e.description().to_string()),
}, }
_ => if strict { }
return Err(format!("Prohibited extra field '{}'", key).to_owned()); }
}, "variables" => {
if variables.is_some() {
return Err(
"Variables parameter must not occur more than once".to_owned(),
);
} else {
let decoded;
match value.url_decode() {
Ok(v) => decoded = v,
Err(e) => return Err(e.description().to_string()),
}
variables = Some(serde_json::from_str::<InputValue>(&decoded).map_err(
|err| {
err.description().to_owned()
},
)?);
}
}
_ => {
if strict {
return Err(format!("Prohibited extra field '{}'", key).to_owned());
}
}
} }
} }
@ -178,13 +203,124 @@ impl<'r> Responder<'r> for GraphQLResponse {
} }
} }
#[cfg(test)]
mod fromform_tests {
use super::*;
use std::str;
use juniper::InputValue;
use rocket::request::{FromForm, FormItems};
fn check_error(input: &str, error: &str, strict: bool) {
let mut items = FormItems::from(input);
let result = GraphQLRequest::from_form(&mut items, strict);
assert!(result.is_err());
assert_eq!(result.unwrap_err(), error);
}
#[test]
fn test_empty_form() {
check_error("", "Query parameter missing", false);
}
#[test]
fn test_no_query() {
check_error("operation_name=foo&variables={}", "Query parameter missing", false);
}
#[test]
fn test_strict() {
check_error(
"query=test&foo=bar",
"Prohibited extra field \'foo\'",
true,
);
}
#[test]
fn test_duplicate_query() {
check_error(
"query=foo&query=bar",
"Query parameter must not occur more than once",
false,
);
}
#[test]
fn test_duplicate_operation_name() {
check_error(
"query=test&operation_name=op1&operation_name=op2",
"Operation name parameter must not occur more than once",
false,
);
}
#[test]
fn test_duplicate_variables() {
check_error(
"query=test&variables={}&variables={}",
"Variables parameter must not occur more than once",
false,
);
}
#[test]
fn test_variables_invalid_json() {
check_error("query=test&variables=NOT_JSON", "JSON error", false);
}
#[test]
fn test_variables_valid_json() {
let form_string = r#"query=test&variables={"foo":"bar"}"#;
let mut items = FormItems::from(form_string);
let result = GraphQLRequest::from_form(&mut items, false);
assert!(result.is_ok());
let variables = ::serde_json::from_str::<InputValue>(r#"{"foo":"bar"}"#).unwrap();
let expected = GraphQLRequest(http::GraphQLRequest::new(
"test".to_string(),
None,
Some(variables),
));
assert_eq!(result.unwrap(), expected);
}
#[test]
fn test_variables_encoded_json() {
let form_string = r#"query=test&variables={"foo": "x%20y%26%3F+z"}"#;
let mut items = FormItems::from(form_string);
let result = GraphQLRequest::from_form(&mut items, false);
assert!(result.is_ok());
let variables = ::serde_json::from_str::<InputValue>(r#"{"foo":"x y&? z"}"#).unwrap();
let expected = GraphQLRequest(http::GraphQLRequest::new(
"test".to_string(),
None,
Some(variables),
));
assert_eq!(result.unwrap(), expected);
}
#[test]
fn test_url_decode() {
let form_string = "query=%25foo%20bar+baz%26%3F&operation_name=test";
let mut items = FormItems::from(form_string);
let result = GraphQLRequest::from_form(&mut items, false);
assert!(result.is_ok());
let expected = GraphQLRequest(http::GraphQLRequest::new(
"%foo bar baz&?".to_string(),
Some("test".to_string()),
None,
));
assert_eq!(result.unwrap(), expected);
}
}
#[cfg(test)] #[cfg(test)]
mod tests { mod tests {
use rocket; use rocket;
use rocket::Rocket; use rocket::Rocket;
use rocket::http::{ContentType, Method}; use rocket::http::ContentType;
use rocket::State; use rocket::State;
use rocket::local::{Client, LocalRequest};
use juniper::RootNode; use juniper::RootNode;
use juniper::tests::model::Database; use juniper::tests::model::Database;
@ -193,7 +329,6 @@ mod tests {
type Schema = RootNode<'static, Database, EmptyMutation<Database>>; type Schema = RootNode<'static, Database, EmptyMutation<Database>>;
#[get("/?<request>")] #[get("/?<request>")]
fn get_graphql_handler( fn get_graphql_handler(
context: State<Database>, context: State<Database>,
@ -213,34 +348,26 @@ mod tests {
} }
struct TestRocketIntegration { struct TestRocketIntegration {
rocket: Rocket, client: Client,
} }
/* impl http_tests::HTTPIntegration for TestRocketIntegration {
impl http_tests::HTTPIntegration for TestRocketIntegration
{
fn get(&self, url: &str) -> http_tests::TestResponse { fn get(&self, url: &str) -> http_tests::TestResponse {
make_test_response(&self.rocket, MockRequest::new( let req = &self.client.get(url);
Method::Get, make_test_response(req)
url))
} }
fn post(&self, url: &str, body: &str) -> http_tests::TestResponse { fn post(&self, url: &str, body: &str) -> http_tests::TestResponse {
make_test_response( let req = &self.client.post(url).header(ContentType::JSON).body(body);
&self.rocket, make_test_response(req)
MockRequest::new(
Method::Post,
url,
).header(ContentType::JSON).body(body))
} }
} }
#[test] #[test]
fn test_rocket_integration() { fn test_rocket_integration() {
let integration = TestRocketIntegration { let rocket = make_rocket();
rocket: make_rocket(), let client = Client::new(rocket).expect("valid rocket");
}; let integration = TestRocketIntegration { client };
http_tests::run_http_test_suite(&integration); http_tests::run_http_test_suite(&integration);
} }
@ -248,16 +375,24 @@ mod tests {
fn make_rocket() -> Rocket { fn make_rocket() -> Rocket {
rocket::ignite() rocket::ignite()
.manage(Database::new()) .manage(Database::new())
.manage(Schema::new(Database::new(), EmptyMutation::<Database>::new())) .manage(Schema::new(
Database::new(),
EmptyMutation::<Database>::new(),
))
.mount("/", routes![post_graphql_handler, get_graphql_handler]) .mount("/", routes![post_graphql_handler, get_graphql_handler])
} }
fn make_test_response<'r>(rocket: &'r Rocket, mut request: MockRequest<'r>) -> http_tests::TestResponse { fn make_test_response<'r>(request: &LocalRequest<'r>) -> http_tests::TestResponse {
let mut response = request.dispatch_with(&rocket); let mut response = request.cloned_dispatch();
let status_code = response.status().code as i32; let status_code = response.status().code as i32;
let content_type = response.header_values("content-type").collect::<Vec<_>>().into_iter().next() let content_type = response
.expect("No content type header from handler").to_owned(); .content_type()
let body = response.body().expect("No body returned from GraphQL handler").into_string(); .expect("No content type header from handler")
.to_string();
let body = response
.body()
.expect("No body returned from GraphQL handler")
.into_string();
http_tests::TestResponse { http_tests::TestResponse {
status_code: status_code, status_code: status_code,
@ -265,6 +400,4 @@ mod tests {
content_type: content_type, content_type: content_type,
} }
} }
*/
} }