mirror of
https://github.com/retailcrm/graphql-php.git
synced 2025-02-27 01:23:18 +03:00
9387548aa1
Introduces new assertion functions for each kind of type mirroring the existing ones for the higher order types. ref: graphql/graphql-js#1137
367 lines
14 KiB
PHP
367 lines
14 KiB
PHP
<?php
|
|
namespace GraphQL\Validator;
|
|
|
|
use GraphQL\Error\Error;
|
|
use GraphQL\Language\AST\EnumValueNode;
|
|
use GraphQL\Language\AST\ListValueNode;
|
|
use GraphQL\Language\AST\DocumentNode;
|
|
use GraphQL\Language\AST\NodeKind;
|
|
use GraphQL\Language\AST\NullValueNode;
|
|
use GraphQL\Language\AST\VariableNode;
|
|
use GraphQL\Language\Printer;
|
|
use GraphQL\Language\Visitor;
|
|
use GraphQL\Type\Schema;
|
|
use GraphQL\Type\Definition\EnumType;
|
|
use GraphQL\Type\Definition\InputObjectType;
|
|
use GraphQL\Type\Definition\ListOfType;
|
|
use GraphQL\Type\Definition\NonNull;
|
|
use GraphQL\Type\Definition\Type;
|
|
use GraphQL\Type\Definition\ScalarType;
|
|
use GraphQL\Utils\Utils;
|
|
use GraphQL\Utils\TypeInfo;
|
|
use GraphQL\Validator\Rules\AbstractValidationRule;
|
|
use GraphQL\Validator\Rules\ArgumentsOfCorrectType;
|
|
use GraphQL\Validator\Rules\DefaultValuesOfCorrectType;
|
|
use GraphQL\Validator\Rules\DisableIntrospection;
|
|
use GraphQL\Validator\Rules\ExecutableDefinitions;
|
|
use GraphQL\Validator\Rules\FieldsOnCorrectType;
|
|
use GraphQL\Validator\Rules\FragmentsOnCompositeTypes;
|
|
use GraphQL\Validator\Rules\KnownArgumentNames;
|
|
use GraphQL\Validator\Rules\KnownDirectives;
|
|
use GraphQL\Validator\Rules\KnownFragmentNames;
|
|
use GraphQL\Validator\Rules\KnownTypeNames;
|
|
use GraphQL\Validator\Rules\LoneAnonymousOperation;
|
|
use GraphQL\Validator\Rules\NoFragmentCycles;
|
|
use GraphQL\Validator\Rules\NoUndefinedVariables;
|
|
use GraphQL\Validator\Rules\NoUnusedFragments;
|
|
use GraphQL\Validator\Rules\NoUnusedVariables;
|
|
use GraphQL\Validator\Rules\OverlappingFieldsCanBeMerged;
|
|
use GraphQL\Validator\Rules\PossibleFragmentSpreads;
|
|
use GraphQL\Validator\Rules\ProvidedNonNullArguments;
|
|
use GraphQL\Validator\Rules\QueryComplexity;
|
|
use GraphQL\Validator\Rules\QueryDepth;
|
|
use GraphQL\Validator\Rules\ScalarLeafs;
|
|
use GraphQL\Validator\Rules\UniqueArgumentNames;
|
|
use GraphQL\Validator\Rules\UniqueDirectivesPerLocation;
|
|
use GraphQL\Validator\Rules\UniqueFragmentNames;
|
|
use GraphQL\Validator\Rules\UniqueInputFieldNames;
|
|
use GraphQL\Validator\Rules\UniqueOperationNames;
|
|
use GraphQL\Validator\Rules\UniqueVariableNames;
|
|
use GraphQL\Validator\Rules\VariablesAreInputTypes;
|
|
use GraphQL\Validator\Rules\VariablesInAllowedPosition;
|
|
|
|
/**
|
|
* Implements the "Validation" section of the spec.
|
|
*
|
|
* Validation runs synchronously, returning an array of encountered errors, or
|
|
* an empty array if no errors were encountered and the document is valid.
|
|
*
|
|
* A list of specific validation rules may be provided. If not provided, the
|
|
* default list of rules defined by the GraphQL specification will be used.
|
|
*
|
|
* Each validation rule is an instance of GraphQL\Validator\Rules\AbstractValidationRule
|
|
* which returns a visitor (see the [GraphQL\Language\Visitor API](reference.md#graphqllanguagevisitor)).
|
|
*
|
|
* Visitor methods are expected to return an instance of [GraphQL\Error\Error](reference.md#graphqlerrorerror),
|
|
* or array of such instances when invalid.
|
|
*
|
|
* Optionally a custom TypeInfo instance may be provided. If not provided, one
|
|
* will be created from the provided schema.
|
|
*/
|
|
class DocumentValidator
|
|
{
|
|
private static $rules = [];
|
|
|
|
private static $defaultRules;
|
|
|
|
private static $securityRules;
|
|
|
|
private static $initRules = false;
|
|
|
|
/**
|
|
* Primary method for query validation. See class description for details.
|
|
*
|
|
* @api
|
|
* @param Schema $schema
|
|
* @param DocumentNode $ast
|
|
* @param AbstractValidationRule[]|null $rules
|
|
* @param TypeInfo|null $typeInfo
|
|
* @return Error[]
|
|
*/
|
|
public static function validate(
|
|
Schema $schema,
|
|
DocumentNode $ast,
|
|
array $rules = null,
|
|
TypeInfo $typeInfo = null
|
|
)
|
|
{
|
|
if (null === $rules) {
|
|
$rules = static::allRules();
|
|
}
|
|
$typeInfo = $typeInfo ?: new TypeInfo($schema);
|
|
$errors = static::visitUsingRules($schema, $typeInfo, $ast, $rules);
|
|
return $errors;
|
|
}
|
|
|
|
|
|
/**
|
|
* Returns all global validation rules.
|
|
*
|
|
* @api
|
|
* @return AbstractValidationRule[]
|
|
*/
|
|
public static function allRules()
|
|
{
|
|
if (!self::$initRules) {
|
|
static::$rules = array_merge(static::defaultRules(), self::securityRules(), self::$rules);
|
|
static::$initRules = true;
|
|
}
|
|
|
|
return self::$rules;
|
|
}
|
|
|
|
public static function defaultRules()
|
|
{
|
|
if (null === self::$defaultRules) {
|
|
self::$defaultRules = [
|
|
ExecutableDefinitions::class => new ExecutableDefinitions(),
|
|
UniqueOperationNames::class => new UniqueOperationNames(),
|
|
LoneAnonymousOperation::class => new LoneAnonymousOperation(),
|
|
KnownTypeNames::class => new KnownTypeNames(),
|
|
FragmentsOnCompositeTypes::class => new FragmentsOnCompositeTypes(),
|
|
VariablesAreInputTypes::class => new VariablesAreInputTypes(),
|
|
ScalarLeafs::class => new ScalarLeafs(),
|
|
FieldsOnCorrectType::class => new FieldsOnCorrectType(),
|
|
UniqueFragmentNames::class => new UniqueFragmentNames(),
|
|
KnownFragmentNames::class => new KnownFragmentNames(),
|
|
NoUnusedFragments::class => new NoUnusedFragments(),
|
|
PossibleFragmentSpreads::class => new PossibleFragmentSpreads(),
|
|
NoFragmentCycles::class => new NoFragmentCycles(),
|
|
UniqueVariableNames::class => new UniqueVariableNames(),
|
|
NoUndefinedVariables::class => new NoUndefinedVariables(),
|
|
NoUnusedVariables::class => new NoUnusedVariables(),
|
|
KnownDirectives::class => new KnownDirectives(),
|
|
UniqueDirectivesPerLocation::class => new UniqueDirectivesPerLocation(),
|
|
KnownArgumentNames::class => new KnownArgumentNames(),
|
|
UniqueArgumentNames::class => new UniqueArgumentNames(),
|
|
ArgumentsOfCorrectType::class => new ArgumentsOfCorrectType(),
|
|
ProvidedNonNullArguments::class => new ProvidedNonNullArguments(),
|
|
DefaultValuesOfCorrectType::class => new DefaultValuesOfCorrectType(),
|
|
VariablesInAllowedPosition::class => new VariablesInAllowedPosition(),
|
|
OverlappingFieldsCanBeMerged::class => new OverlappingFieldsCanBeMerged(),
|
|
UniqueInputFieldNames::class => new UniqueInputFieldNames(),
|
|
];
|
|
}
|
|
|
|
return self::$defaultRules;
|
|
}
|
|
|
|
/**
|
|
* @return array
|
|
*/
|
|
public static function securityRules()
|
|
{
|
|
// This way of defining rules is deprecated
|
|
// When custom security rule is required - it should be just added via DocumentValidator::addRule();
|
|
// TODO: deprecate this
|
|
|
|
if (null === self::$securityRules) {
|
|
self::$securityRules = [
|
|
DisableIntrospection::class => new DisableIntrospection(DisableIntrospection::DISABLED), // DEFAULT DISABLED
|
|
QueryDepth::class => new QueryDepth(QueryDepth::DISABLED), // default disabled
|
|
QueryComplexity::class => new QueryComplexity(QueryComplexity::DISABLED), // default disabled
|
|
];
|
|
}
|
|
return self::$securityRules;
|
|
}
|
|
|
|
/**
|
|
* Returns global validation rule by name. Standard rules are named by class name, so
|
|
* example usage for such rules:
|
|
*
|
|
* $rule = DocumentValidator::getRule(GraphQL\Validator\Rules\QueryComplexity::class);
|
|
*
|
|
* @api
|
|
* @param string $name
|
|
* @return AbstractValidationRule
|
|
*/
|
|
public static function getRule($name)
|
|
{
|
|
$rules = static::allRules();
|
|
|
|
if (isset($rules[$name])) {
|
|
return $rules[$name];
|
|
}
|
|
|
|
$name = "GraphQL\\Validator\\Rules\\$name";
|
|
return isset($rules[$name]) ? $rules[$name] : null ;
|
|
}
|
|
|
|
/**
|
|
* Add rule to list of global validation rules
|
|
*
|
|
* @api
|
|
* @param AbstractValidationRule $rule
|
|
*/
|
|
public static function addRule(AbstractValidationRule $rule)
|
|
{
|
|
self::$rules[$rule->getName()] = $rule;
|
|
}
|
|
|
|
public static function isError($value)
|
|
{
|
|
return is_array($value)
|
|
? count(array_filter($value, function($item) { return $item instanceof \Exception || $item instanceof \Throwable;})) === count($value)
|
|
: ($value instanceof \Exception || $value instanceof \Throwable);
|
|
}
|
|
|
|
public static function append(&$arr, $items)
|
|
{
|
|
if (is_array($items)) {
|
|
$arr = array_merge($arr, $items);
|
|
} else {
|
|
$arr[] = $items;
|
|
}
|
|
return $arr;
|
|
}
|
|
|
|
/**
|
|
* Utility for validators which determines if a value literal AST is valid given
|
|
* an input type.
|
|
*
|
|
* Note that this only validates literal values, variables are assumed to
|
|
* provide values of the correct type.
|
|
*
|
|
* @return array
|
|
*/
|
|
public static function isValidLiteralValue(Type $type, $valueNode)
|
|
{
|
|
// A value must be provided if the type is non-null.
|
|
if ($type instanceof NonNull) {
|
|
if (!$valueNode || $valueNode instanceof NullValueNode) {
|
|
return [ 'Expected "' . Utils::printSafe($type) . '", found null.' ];
|
|
}
|
|
return static::isValidLiteralValue($type->getWrappedType(), $valueNode);
|
|
}
|
|
|
|
if (!$valueNode || $valueNode instanceof NullValueNode) {
|
|
return [];
|
|
}
|
|
|
|
// This function only tests literals, and assumes variables will provide
|
|
// values of the correct type.
|
|
if ($valueNode instanceof VariableNode) {
|
|
return [];
|
|
}
|
|
|
|
// Lists accept a non-list value as a list of one.
|
|
if ($type instanceof ListOfType) {
|
|
$itemType = $type->getWrappedType();
|
|
if ($valueNode instanceof ListValueNode) {
|
|
$errors = [];
|
|
foreach($valueNode->values as $index => $itemNode) {
|
|
$tmp = static::isValidLiteralValue($itemType, $itemNode);
|
|
|
|
if ($tmp) {
|
|
$errors = array_merge($errors, Utils::map($tmp, function($error) use ($index) {
|
|
return "In element #$index: $error";
|
|
}));
|
|
}
|
|
}
|
|
return $errors;
|
|
}
|
|
|
|
return static::isValidLiteralValue($itemType, $valueNode);
|
|
}
|
|
|
|
// Input objects check each defined field and look for undefined fields.
|
|
if ($type instanceof InputObjectType) {
|
|
if ($valueNode->kind !== NodeKind::OBJECT) {
|
|
return [ "Expected \"{$type->name}\", found not an object." ];
|
|
}
|
|
|
|
$fields = $type->getFields();
|
|
|
|
$errors = [];
|
|
|
|
// Ensure every provided field is defined.
|
|
$fieldNodes = $valueNode->fields;
|
|
|
|
foreach ($fieldNodes as $providedFieldNode) {
|
|
if (empty($fields[$providedFieldNode->name->value])) {
|
|
$errors[] = "In field \"{$providedFieldNode->name->value}\": Unknown field.";
|
|
}
|
|
}
|
|
|
|
// Ensure every defined field is valid.
|
|
$fieldNodeMap = Utils::keyMap($fieldNodes, function($fieldNode) {return $fieldNode->name->value;});
|
|
foreach ($fields as $fieldName => $field) {
|
|
$result = static::isValidLiteralValue(
|
|
$field->getType(),
|
|
isset($fieldNodeMap[$fieldName]) ? $fieldNodeMap[$fieldName]->value : null
|
|
);
|
|
if ($result) {
|
|
$errors = array_merge($errors, Utils::map($result, function($error) use ($fieldName) {
|
|
return "In field \"$fieldName\": $error";
|
|
}));
|
|
}
|
|
}
|
|
|
|
return $errors;
|
|
}
|
|
|
|
if ($type instanceof EnumType) {
|
|
if (!$valueNode instanceof EnumValueNode || !$type->getValue($valueNode->value)) {
|
|
$printed = Printer::doPrint($valueNode);
|
|
return ["Expected type \"{$type->name}\", found $printed."];
|
|
}
|
|
|
|
return [];
|
|
}
|
|
|
|
if ($type instanceof ScalarType) {
|
|
// Scalars determine if a literal values is valid via parseLiteral().
|
|
try {
|
|
$parseResult = $type->parseLiteral($valueNode);
|
|
if (Utils::isInvalid($parseResult)) {
|
|
$printed = Printer::doPrint($valueNode);
|
|
return ["Expected type \"{$type->name}\", found $printed."];
|
|
}
|
|
} catch (\Exception $error) {
|
|
$printed = Printer::doPrint($valueNode);
|
|
$message = $error->getMessage();
|
|
return ["Expected type \"{$type->name}\", found $printed; $message"];
|
|
} catch (\Throwable $error) {
|
|
$printed = Printer::doPrint($valueNode);
|
|
$message = $error->getMessage();
|
|
return ["Expected type \"{$type->name}\", found $printed; $message"];
|
|
}
|
|
|
|
return [];
|
|
}
|
|
|
|
throw new Error('Unknown type: ' . Utils::printSafe($type) . '.');
|
|
}
|
|
|
|
/**
|
|
* This uses a specialized visitor which runs multiple visitors in parallel,
|
|
* while maintaining the visitor skip and break API.
|
|
*
|
|
* @param Schema $schema
|
|
* @param TypeInfo $typeInfo
|
|
* @param DocumentNode $documentNode
|
|
* @param AbstractValidationRule[] $rules
|
|
* @return array
|
|
*/
|
|
public static function visitUsingRules(Schema $schema, TypeInfo $typeInfo, DocumentNode $documentNode, array $rules)
|
|
{
|
|
$context = new ValidationContext($schema, $documentNode, $typeInfo);
|
|
$visitors = [];
|
|
foreach ($rules as $rule) {
|
|
$visitors[] = $rule->getVisitor($context);
|
|
}
|
|
Visitor::visit($documentNode, Visitor::visitWithTypeInfo($typeInfo, Visitor::visitInParallel($visitors)));
|
|
return $context->getErrors();
|
|
}
|
|
}
|