From cecf50735bea97dd385e53261bc166abea8c718d Mon Sep 17 00:00:00 2001
From: Magnus Hallin <mhallin@fastmail.com>
Date: Thu, 15 Jun 2017 10:37:30 +0200
Subject: [PATCH] Limit incoming integers to the 32 bit signed range

Also related to #49 - unsigned integers will no longer be represented
as floats.

While this spec might break clients, it makes Juniper follow the GraphQL
specification more closely
---
 src/integrations/serde.rs | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

diff --git a/src/integrations/serde.rs b/src/integrations/serde.rs
index e73b3fa4..b871b1fc 100644
--- a/src/integrations/serde.rs
+++ b/src/integrations/serde.rs
@@ -67,14 +67,26 @@ impl<'de> de::Deserialize<'de> for InputValue {
                 Ok(InputValue::boolean(value))
             }
 
-            fn visit_i64<E>(self, value: i64) -> Result<InputValue, E> {
-                Ok(InputValue::int(value))
+            fn visit_i64<E>(self, value: i64) -> Result<InputValue, E>
+                where E: de::Error,
+            {
+                if value >= i32::min_value() as i64 && value <= i32::max_value() as i64 {
+                    Ok(InputValue::int(value))
+                }
+                else {
+                    Err(E::custom(format!("integer out of range")))
+                }
             }
 
             fn visit_u64<E>(self, value: u64) -> Result<InputValue, E>
                 where E: de::Error,
             {
-                self.visit_f64(value as f64)
+                if value <= i32::max_value() as u64 {
+                    self.visit_i64(value as i64)
+                }
+                else {
+                    Err(E::custom(format!("integer out of range")))
+                }
             }
 
             fn visit_f64<E>(self, value: f64) -> Result<InputValue, E> {