hasura/graphql-engine
1
0
Fork 0
mirror of https://github.com/hasura/graphql-engine.git synced 2024-12-17 12:31:52 +03:00
Code Issues Projects Releases Wiki Activity
50f0e1df51
graphql-engine/server/src-lib/Hasura/GraphQL/Execute/Common.hs
Solomon 9b6b44c888 [Gardening] Eliminate boolean blindness in soAllowList 
PR-URL: https://github.com/hasura/graphql-engine-mono/pull/7815
GitOrigin-RevId: 6768abb39e7ab6b12be8989702223500119169de
2023-02-08 03:36:45 +00:00

86 lines
3.1 KiB
Haskell
Raw Blame History

module Hasura.GraphQL.Execute.Common
( MonadGQLExecutionCheck (..),
)
where
import Data.Aeson.Ordered qualified as JO
import Hasura.Base.Error
import Hasura.GraphQL.Execute.Backend
import Hasura.GraphQL.Transport.HTTP.Protocol
import Hasura.Prelude
import Hasura.RQL.Types.GraphqlSchemaIntrospection
import Hasura.RQL.Types.SchemaCache
import Hasura.Server.Init (AllowListStatus)
import Hasura.Server.Types (RequestId)
import Hasura.Session
import Hasura.Tracing qualified as Tracing
import Network.HTTP.Types qualified as HTTP
import Network.Wai.Extended qualified as Wai
-- | Typeclass representing safety checks (if any) that need to be performed
-- before a GraphQL query should be allowed to be executed. In OSS, the safety
-- check is to check in the query is in the allow list.
--
-- the `executeIntrospection` function has different implementations in OSS and
-- Pro. In Pro, the GraphQL schema introspection can be disabled for specified
-- roles and in OSS there is no restrictions.
--
-- | TODO (from master): Limitation: This parses the query, which is not ideal if we already
-- have the query cached. The parsing happens unnecessary. But getting this to
-- either return a plan or parse was tricky and complicated.
class Monad m => MonadGQLExecutionCheck m where
checkGQLExecution ::
UserInfo ->
([HTTP.Header], Wai.IpAddress) ->
-- | allow list enabled?
AllowListStatus ->
-- | needs allow list
SchemaCache ->
-- | the unparsed GraphQL query string (and related values)
GQLReqUnparsed ->
RequestId ->
m (Either QErr GQLReqParsed)
executeIntrospection ::
UserInfo ->
JO.Value ->
SetGraphqlIntrospectionOptions ->
m (Either QErr ExecutionStep)
checkGQLBatchedReqs ::
UserInfo ->
RequestId ->
[GQLReq GQLQueryText] ->
SchemaCache ->
m (Either QErr ())
instance MonadGQLExecutionCheck m => MonadGQLExecutionCheck (ReaderT r m) where
checkGQLExecution ui det enableAL sc req requestId =
lift $ checkGQLExecution ui det enableAL sc req requestId
executeIntrospection userInfo introspectionQuery rolesDisabled =
lift $ executeIntrospection userInfo introspectionQuery rolesDisabled
checkGQLBatchedReqs userInfo requestId reqs sc =
lift $ checkGQLBatchedReqs userInfo requestId reqs sc
instance MonadGQLExecutionCheck m => MonadGQLExecutionCheck (ExceptT e m) where
checkGQLExecution ui det enableAL sc req requestId =
lift $ checkGQLExecution ui det enableAL sc req requestId
executeIntrospection userInfo introspectionQuery rolesDisabled =
lift $ executeIntrospection userInfo introspectionQuery rolesDisabled
checkGQLBatchedReqs userInfo requestId reqs sc =
lift $ checkGQLBatchedReqs userInfo requestId reqs sc
instance MonadGQLExecutionCheck m => MonadGQLExecutionCheck (Tracing.TraceT m) where
checkGQLExecution ui det enableAL sc req requestId =
lift $ checkGQLExecution ui det enableAL sc req requestId
executeIntrospection userInfo introspectionQuery rolesDisabled =
lift $ executeIntrospection userInfo introspectionQuery rolesDisabled
checkGQLBatchedReqs userInfo requestId reqs sc =
lift $ checkGQLBatchedReqs userInfo requestId reqs sc
Reference in New Issue View Git Blame Copy Permalink