Skip to content

feat(graphql-armor): add context injection plugin for enhanced validation #770

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

feat(graphql-armor): add context injection plugin for enhanced validation #770

wants to merge 1 commit into from

Conversation

Lainocs
Copy link
Member

@Lainocs Lainocs commented Apr 4, 2025

Enhanced Validation Context Handling for Apollo Server

Overview

This PR introduces improved validation context handling in GraphQL Armor, specifically for Apollo Server integration. The changes enable better access to request context during validation rules execution, which is crucial for implementing more sophisticated security checks.

Key Changes

1. New Context Helper Module

  • Added context-helper.ts with utilities for injecting request context into validation rules
  • Introduced injectRequestContextRule helper function to wrap validation rules with request context
  • Implemented contextInjectionPlugin for Apollo Server to handle context injection

2. Enhanced Types

  • Added new types in @escape.tech/graphql-armor-types:
    • EnhancedValidationContext interface for extended validation context
    • User interface for authentication-related features
    • Improved callback types for accept/reject scenarios
    • Added type guards for better type safety

3. Updated Protection Rules

Modified all protection rules to use the new context injection system:

  • Max Aliases Protection
  • Max Depth Protection
  • Max Directives Protection
  • (and other protection rules)

4. Testing Updates

  • Updated test suite to account for the new context injection plugin
  • Adjusted plugin count expectations in test cases

Technical Details

The changes introduce a more robust way to access request context during validation by:

  1. Injecting the Apollo request context into validation rules
  2. Providing type-safe access to request information
  3. Enabling better error handling and user context awareness

Benefits

  • Improved security validation capabilities
  • Better type safety throughout the validation process
  • More flexible error handling and user context awareness
  • Cleaner separation of concerns between validation and context handling

Testing

  • All existing tests have been updated to reflect the new changes
  • New test cases have been added to verify context injection functionality
  • Test coverage has been maintained or improved

Breaking Changes

None. This is a backward-compatible enhancement that adds functionality without breaking existing behavior.

Dependencies

No new dependencies were added. The changes utilize existing Apollo Server and GraphQL types.

@changeset-bot changeset-bot
Copy link

changeset-bot bot commented Apr 4, 2025

⚠️ No Changeset found

Latest commit: 9690d76

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@Lainocs Lainocs linked an issue Apr 4, 2025 that may be closed by this pull request
Pass the original request context to onReject handlers #769
Open
@codecov-commenter
Copy link

⚠️ Please install the 'codecov app svg image' to ensure uploads and comments are reliably processed by Codecov.

Codecov Report

Attention: Patch coverage is 24.00000% with 19 lines in your changes missing coverage. Please review.

Project coverage is 87.50%. Comparing base (3824fe0) to head (9690d76).

Files with missing lines Patch % Lines
...ackages/graphql-armor/src/apollo/context-helper.ts 20.83% 19 Missing ⚠️

❗ Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #770      +/-   ##
==========================================
- Coverage   91.73%   87.50%   -4.24%     
==========================================
  Files          17       18       +1     
  Lines         375      400      +25     
  Branches      117      131      +14     
==========================================
+ Hits          344      350       +6     
- Misses         31       50      +19

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Pass the original request context to onReject handlers
2 participants
@Lainocs @codecov-commenter