1.0.15

multipliedtwice · multipliedtwice · commit d15123874c85 · 2023-12-01T14:25:55.000+07:00
diff --git a/dist/__tests__/merge-2.spec.js b/dist/__tests__/merge-2.spec.js
diff --git a/dist/__tests__/merge-allowed.spec.d.ts b/dist/__tests__/merge-allowed.spec.d.ts
@@ -0,0 +1 @@
+export {};
diff --git a/dist/__tests__/merge-allowed.spec.js b/dist/__tests__/merge-allowed.spec.js
@@ -0,0 +1,35 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const merge_allowed_1 = require("../merge-allowed");
+describe('mergeAllowedGraphQLQueries', () => {
+    it('should merge queries with the same resolver and different fields', () => {
+        const queries = [
+            'query GetCompany { id }',
+            'query GetCompany { name }',
+            'query GetUser { id }',
+        ];
+        const mergedQueries = (0, merge_allowed_1.mergeAllowedGraphQLQueries)(queries);
+        expect(mergedQueries.get('GetCompany')).toBe('query GetCompany { id name }');
+        expect(mergedQueries.get('GetUser')).toBe('query GetUser { id }');
+    });
+    it('should handle single query without modification', () => {
+        const queries = ['query GetCompany { id name }'];
+        const mergedQueries = (0, merge_allowed_1.mergeAllowedGraphQLQueries)(queries);
+        expect(mergedQueries.get('GetCompany')).toBe('query GetCompany { id name }');
+    });
+    it('should handle empty query list', () => {
+        const queries = [];
+        const mergedQueries = (0, merge_allowed_1.mergeAllowedGraphQLQueries)(queries);
+        expect(mergedQueries.size).toBe(0);
+    });
+    it('should ignore invalid GraphQL queries', () => {
+        const consoleSpy = jest
+            .spyOn(console, 'error')
+            .mockImplementation(() => { });
+        const queries = ['This is not a valid GraphQL query'];
+        const mergedQueries = (0, merge_allowed_1.mergeAllowedGraphQLQueries)(queries);
+        expect(mergedQueries.size).toBe(0);
+        expect(consoleSpy).toHaveBeenCalledWith(expect.stringContaining('Error processing query:'));
+        consoleSpy.mockRestore();
+    });
+});
diff --git a/dist/index.d.ts b/dist/index.d.ts
@@ -20,17 +20,24 @@ export declare class GraphQLQueryPurifier {
      * @private
      */
     private allowAll;
+    /**
+     * Flag to enable logging of input/output.
+     * @private
+     */
+    private debug;
     /**
      * Constructs a GraphQLQueryPurifier instance.
      * @param {Object} params - Configuration parameters.
      * @param {string} params.gqlPath - Path to the directory containing .gql files.
      * @param {boolean} [params.allowAll=false] - Whether to allow all queries.
      * @param {boolean} [params.allowStudio=false] - Whether to allow Apollo Studio introspection queries.
+     * @param {boolean} [params.debug=false] - Flag to enable logging of input/output.
      */
-    constructor({ gqlPath, allowAll, allowStudio, }: {
+    constructor({ gqlPath, allowAll, allowStudio, debug, }: {
         gqlPath: string;
         allowStudio?: boolean;
         allowAll?: boolean;
+        debug?: boolean;
     });
     startWatchingFiles(): void;
     /**
diff --git a/dist/index.js b/dist/index.js
@@ -5,20 +5,21 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.GraphQLQueryPurifier = void 0;
 const fs_1 = __importDefault(require("fs"));
-const graphql_1 = require("graphql");
 const path_1 = __importDefault(require("path"));
 // @ts-ignore
 const glob_1 = __importDefault(require("glob"));
 const merge_1 = require("./merge");
+const merge_allowed_1 = require("./merge-allowed");
 class GraphQLQueryPurifier {
     /**
      * Constructs a GraphQLQueryPurifier instance.
      * @param {Object} params - Configuration parameters.
      * @param {string} params.gqlPath - Path to the directory containing .gql files.
      * @param {boolean} [params.allowAll=false] - Whether to allow all queries.
      * @param {boolean} [params.allowStudio=false] - Whether to allow Apollo Studio introspection queries.
+     * @param {boolean} [params.debug=false] - Flag to enable logging of input/output.
      */
-    constructor({ gqlPath, allowAll = false, allowStudio = false, }) {
+    constructor({ gqlPath, allowAll = false, allowStudio = false, debug = false, }) {
         /**
          * Middleware function to filter incoming GraphQL queries based on the allowed list.
          * If a query is not allowed, it's replaced with a minimal query.
@@ -49,7 +50,7 @@ class GraphQLQueryPurifier {
             }
             if (req.body && req.body.query) {
                 // Use mergeQueries to filter the incoming request query
-                const filteredQuery = (0, merge_1.mergeQueries)(req.body.query, allowedQueries);
+                const filteredQuery = (0, merge_1.mergeQueries)(req.body.query, allowedQueries, this.debug);
                 if (!filteredQuery.trim()) {
                     console.warn(`Query was blocked due to security rules: ${req.body.query}`);
                     req.body.query = '{ __typename }';
@@ -67,6 +68,7 @@ class GraphQLQueryPurifier {
         this.startWatchingFiles();
         this.allowAll = allowAll;
         this.allowStudio = allowStudio;
+        this.debug = debug;
     }
     startWatchingFiles() {
         fs_1.default.watch(this.gqlPath, { recursive: true }, (eventType, filename) => {
@@ -82,41 +84,20 @@ class GraphQLQueryPurifier {
      */
     loadQueries() {
         const files = glob_1.default.sync(`${this.gqlPath}/**/*.gql`.replace(/\\/g, '/'));
-        files.forEach((file) => {
-            if (path_1.default.extname(file) === '.gql') {
-                const content = fs_1.default.readFileSync(file, 'utf8').trim();
-                if (!content) {
-                    console.warn(`Warning: Empty or invalid GraphQL file found: ${file}`);
-                    return;
-                }
-                try {
-                    const parsedQuery = (0, graphql_1.parse)(content);
-                    parsedQuery.definitions.forEach((definition) => {
-                        if (definition.kind === 'OperationDefinition') {
-                            const operationDefinition = definition;
-                            let queryName = operationDefinition.name?.value;
-                            if (!queryName) {
-                                // Extract the name from the first field of the selection set
-                                const firstField = operationDefinition.selectionSet.selections[0];
-                                if (firstField && firstField.kind === 'Field') {
-                                    queryName = firstField.name.value;
-                                }
-                            }
-                            if (queryName) {
-                                this.queryMap[queryName] = content;
-                            }
-                        }
-                    });
-                }
-                catch (error) {
-                    if (error instanceof graphql_1.GraphQLError) {
-                        console.error(`Error parsing GraphQL file ${file}: ${error.message}`);
-                    }
-                    else {
-                        console.error(`Unexpected error processing file ${file}: ${error}`);
-                    }
-                }
+        const fileContents = files
+            .map((file) => {
+            const content = fs_1.default.readFileSync(file, 'utf8').trim();
+            if (!content) {
+                console.warn(`Warning: Empty or invalid GraphQL file found: ${file}`);
+                return '';
             }
+            return content;
+        })
+            .filter((content) => content !== '');
+        const mergedQueries = (0, merge_allowed_1.mergeAllowedGraphQLQueries)(fileContents);
+        this.queryMap = {};
+        mergedQueries.forEach((query, resolver) => {
+            this.queryMap[resolver] = query;
         });
     }
 }
diff --git a/dist/merge-allowed.d.ts b/dist/merge-allowed.d.ts
@@ -0,0 +1 @@
+export declare function mergeAllowedGraphQLQueries(queries: string[]): Map<string, string>;
diff --git a/dist/merge-allowed.js b/dist/merge-allowed.js
@@ -0,0 +1,43 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.mergeAllowedGraphQLQueries = void 0;
+const graphql_1 = require("graphql");
+function mergeAllowedGraphQLQueries(queries) {
+    const resolverMap = new Map();
+    queries.forEach((query) => {
+        try {
+            const parsedQuery = (0, graphql_1.parse)(query);
+            parsedQuery.definitions.forEach((definition) => {
+                if (definition.kind === 'OperationDefinition') {
+                    const operationDefinition = definition;
+                    let queryName = operationDefinition.name?.value;
+                    if (!queryName) {
+                        const firstField = operationDefinition.selectionSet.selections[0];
+                        if (firstField && firstField.kind === 'Field') {
+                            queryName = firstField.name.value;
+                        }
+                    }
+                    if (queryName) {
+                        const existingFields = resolverMap.get(queryName) || new Set();
+                        operationDefinition.selectionSet.selections.forEach((selection) => {
+                            if (selection.kind === 'Field') {
+                                existingFields.add(selection.name.value);
+                            }
+                        });
+                        resolverMap.set(queryName, existingFields);
+                    }
+                }
+            });
+        }
+        catch (error) {
+            console.error(`Error processing query: ${error}`);
+        }
+    });
+    const mergedQueries = new Map();
+    resolverMap.forEach((fields, resolver) => {
+        const mergedQuery = `query ${resolver} { ${Array.from(fields).join(' ')} }`;
+        mergedQueries.set(resolver, mergedQuery);
+    });
+    return mergedQueries;
+}
+exports.mergeAllowedGraphQLQueries = mergeAllowedGraphQLQueries;
diff --git a/dist/merge.d.ts b/dist/merge.d.ts
@@ -1 +1 @@
-export declare function mergeQueries(requestQuery: string, allowedQueries: string[]): string;
+export declare function mergeQueries(requestQuery: string, allowedQueries: string[], debug?: boolean): string;
diff --git a/dist/merge.js b/dist/merge.js
@@ -10,10 +10,13 @@ function getPath(node, ancestors) {
     path.push(node.name.value);
     return path.join('.');
 }
-function mergeQueries(requestQuery, allowedQueries) {
+function mergeQueries(requestQuery, allowedQueries, debug = false) {
     if (!requestQuery.trim()) {
         return '';
     }
+    if (debug) {
+        console.log('Incoming Query:', requestQuery);
+    }
     const parsedRequestQuery = (0, graphql_1.parse)(requestQuery);
     const allowedQueryASTs = allowedQueries.map((query) => (0, graphql_1.parse)(query));
     const allowedPaths = new Set();
@@ -40,6 +43,10 @@ function mergeQueries(requestQuery, allowedQueries) {
     if (!hasValidFields) {
         return ''; // Return an empty string if no valid fields are left
     }
-    return (0, graphql_1.print)(modifiedAST);
+    const modifiedQuery = (0, graphql_1.print)(modifiedAST);
+    if (debug) {
+        console.log('Modified Query:', modifiedQuery);
+    }
+    return modifiedQuery;
 }
 exports.mergeQueries = mergeQueries;
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "graphql-query-purifier",
-  "version": "1.0.14",
+  "version": "1.0.15",
   "description": "A small library to match .gql queries vs user input. Removes fields from user requests that are not expected by your frontend code.",
   "main": "./dist/index.js",
   "author": "multipliedtwice",
diff --git a/readme.md b/readme.md
@@ -17,6 +17,7 @@ With all benefits of typegraphql-prisma and its resolvers, the main concern is s
 ## Features
 
 - **Query Filtering**: Filters incoming GraphQL queries based on a list of allowed queries defined in `.gql` files.
+- **Allowed Query Merge**: Allowing `getCompanies { name }` and `getCompanies { id }` will be resolved into `getCompanies { name id }`
 - **Easy Integration**: Seamlessly integrates with existing Express.js and Apollo Server setups.
 - **Customizable**: Easily adaptable to different GraphQL schema setups.
 
@@ -91,8 +92,15 @@ import { json } from 'body-parser';
 import { GraphQLQueryPurifier } from 'graphql-query-purifier';
 
 const app = express();
-const gqlpath = path.resolve(__dirname, '../../frontend/src/graphql');
-const queryPurifier = new GraphQLQueryPurifier(gqlpath);
+const gqlPath = path.resolve(__dirname, '../prisma/gql');
+const queryPurifier = new GraphQLQueryPurifier({
+  gqlPath,
+
+  // optional:
+  allowStudio: true,
+  allow: false,
+  debug: false,
+});
 
 // make sure body parser is placed before
 app.use(json());
diff --git a/src/__tests__/merge-allowed.spec.ts b/src/__tests__/merge-allowed.spec.ts
@@ -0,0 +1,46 @@
+import { mergeAllowedGraphQLQueries } from '../merge-allowed';
+
+describe('mergeAllowedGraphQLQueries', () => {
+  it('should merge queries with the same resolver and different fields', () => {
+    const queries = [
+      'query GetCompany { id }',
+      'query GetCompany { name }',
+      'query GetUser { id }',
+    ];
+
+    const mergedQueries = mergeAllowedGraphQLQueries(queries);
+    expect(mergedQueries.get('GetCompany')).toBe(
+      'query GetCompany { id name }'
+    );
+    expect(mergedQueries.get('GetUser')).toBe('query GetUser { id }');
+  });
+
+  it('should handle single query without modification', () => {
+    const queries = ['query GetCompany { id name }'];
+    const mergedQueries = mergeAllowedGraphQLQueries(queries);
+    expect(mergedQueries.get('GetCompany')).toBe(
+      'query GetCompany { id name }'
+    );
+  });
+
+  it('should handle empty query list', () => {
+    const queries: string[] = [];
+    const mergedQueries = mergeAllowedGraphQLQueries(queries);
+    expect(mergedQueries.size).toBe(0);
+  });
+
+  it('should ignore invalid GraphQL queries', () => {
+    const consoleSpy = jest
+      .spyOn(console, 'error')
+      .mockImplementation(() => {});
+    const queries = ['This is not a valid GraphQL query'];
+
+    const mergedQueries = mergeAllowedGraphQLQueries(queries);
+    expect(mergedQueries.size).toBe(0);
+
+    expect(consoleSpy).toHaveBeenCalledWith(
+      expect.stringContaining('Error processing query:')
+    );
+    consoleSpy.mockRestore();
+  });
+});
diff --git a/src/index.ts b/src/index.ts
diff --git a/src/merge-allowed.ts b/src/merge-allowed.ts
diff --git a/src/merge.ts b/src/merge.ts

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+export declare function mergeAllowedGraphQLQueries(queries: string[]): Map<string, string>;`
Original file line number	Diff line number	Diff line change
`@@ -1 +1 @@`
`1`		`-export declare function mergeQueries(requestQuery: string, allowedQueries: string[]): string;`
	`1`	`+export declare function mergeQueries(requestQuery: string, allowedQueries: string[], debug?: boolean): string;`
Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "graphql-query-purifier",`
`3`		`- "version": "1.0.14",`
	`3`	`+ "version": "1.0.15",`
`4`	`4`	`"description": "A small library to match .gql queries vs user input. Removes fields from user requests that are not expected by your frontend code.",`
`5`	`5`	`"main": "./dist/index.js",`
`6`	`6`	`"author": "multipliedtwice",`