fix: more compliance issues

Author: YassinEldeeb

graph/src/data/query/result.rs

@@ -5,6 +5,8 @@ use http::header::{
     ACCESS_CONTROL_ALLOW_HEADERS, ACCESS_CONTROL_ALLOW_METHODS, ACCESS_CONTROL_ALLOW_ORIGIN,
     CONTENT_TYPE,
 };
+use http::StatusCode;
+use hyper::{Body, Request};
 use serde::ser::*;
 use serde::Serialize;
 use std::convert::TryFrom;
@@ -188,12 +190,26 @@ impl QueryResults {
         self.results.push(other);
     }
 
+    fn has_query_parameter(&self, query: Option<&str>) -> bool {
+        if let Some(query_str) = query {
+            for param in query_str.split('&') {
+                let param_parts: Vec<&str> = param.splitn(2, '=').collect();
+                if param_parts.len() == 2 && param_parts[0] == "query" {
+                    return true;
+                }
+            }
+        }
+        false
+    }
+
     pub fn as_http_response<T: From<String>>(&self) -> http::Response<T> {
         let status_code = http::StatusCode::OK;
+
         let json =
             serde_json::to_string(self).expect("Failed to serialize GraphQL response to JSON");
+
         http::Response::builder()
-            .status(status_code)
+            .status(StatusCode::BAD_REQUEST)
             .header(ACCESS_CONTROL_ALLOW_ORIGIN, "*")
             .header(ACCESS_CONTROL_ALLOW_HEADERS, "Content-Type, User-Agent")
             .header(ACCESS_CONTROL_ALLOW_METHODS, "GET, OPTIONS, POST")

server/http/src/server.rs

@@ -67,12 +67,14 @@ where
         let graphql_runner = self.graphql_runner.clone();
         let node_id = self.node_id.clone();
         let new_service = make_service_fn(move |_| {
-            futures03::future::ok::<_, Error>(GraphQLService::new(
+            let graphql_service = GraphQLService::new(
                 logger_for_service.clone(),
                 graphql_runner.clone(),
                 ws_port,
                 node_id.clone(),
-            ))
+            );
+
+            futures03::future::ok::<_, Error>(graphql_service)
         });
 
         // Create a task to run the server and handle HTTP requests

server/http/src/service.rs

@@ -1,3 +1,4 @@
+use std::collections::HashMap;
 use std::convert::TryFrom;
 use std::pin::Pin;
 use std::task::Context;
@@ -6,8 +7,10 @@ use std::time::Instant;
 
 use graph::prelude::serde_json;
 use graph::prelude::serde_json::json;
+use graph::prelude::thiserror::private::DisplayAsDisplay;
 use graph::prelude::*;
 use graph::semver::VersionReq;
+use graph::url::Url;
 use graph::{components::server::query::GraphQLServerError, data::query::QueryTarget};
 use http::header;
 use http::header::{
@@ -249,6 +252,53 @@ where
         .boxed()
     }
 
+    /// Handles requests without content type.
+    fn handle_requests_without_content_type(&self) -> GraphQLServiceResponse {
+        async {
+            let response_obj = json!({
+                "message": "Content-Type header is required"
+            });
+            let response_str = serde_json::to_string(&response_obj).unwrap();
+
+            Ok(Response::builder()
+                .status(400)
+                .header(CONTENT_TYPE, "application/json")
+                .header(ACCESS_CONTROL_ALLOW_ORIGIN, "*")
+                .body(Body::from(response_str))
+                .unwrap())
+        }
+        .boxed()
+    }
+
+    /// Handles requests without query param.
+    async fn handle_requests_without_query_param(&self) -> GraphQLServiceResponse {
+        async {
+            let response_obj = json!({
+                "message": "`query` param has to be provided!"
+            });
+            let response_str = serde_json::to_string(&response_obj).unwrap();
+
+            Ok(Response::builder()
+                .status(400)
+                .header(CONTENT_TYPE, "application/json")
+                .header(ACCESS_CONTROL_ALLOW_ORIGIN, "*")
+                .body(Body::from(response_str))
+                .unwrap())
+        }
+        .boxed()
+    }
+
+    fn has_request_body(&self, req: &Request<Body>) -> bool {
+        if let Some(length) = req.headers().get(hyper::header::CONTENT_LENGTH) {
+            if let Ok(length) = length.to_str() {
+                if let Ok(length) = length.parse::<usize>() {
+                    return length > 0;
+                }
+            }
+        }
+        false
+    }
+
     fn handle_call(self, req: Request<Body>) -> GraphQLServiceResponse {
         let method = req.method().clone();
 
@@ -262,6 +312,13 @@ where
             segments.collect::<Vec<_>>()
         };
 
+        let headers = req.headers();
+        let content_type = headers.get("content-type");
+
+        if method == Method::POST && (content_type.is_none() || !self.has_request_body(&req)) {
+            return self.handle_requests_without_content_type().boxed();
+        }
+
         match (method, path_segments.as_slice()) {
             (Method::GET, [""]) => self.index().boxed(),
             (Method::GET, &["subgraphs", "id", _, "graphql"])

server/index-node/src/service.rs

@@ -223,6 +223,9 @@ where
             segments.collect::<Vec<_>>()
         };
 
+        let cloned_uri = &req.uri().clone();
+        let req_query: Option<&str> = cloned_uri.query().clone();
+
         match (method, path_segments.as_slice()) {
             (Method::GET, [""]) => Ok(Self::index()),
             (Method::GET, ["graphiql.css"]) => Ok(Self::serve_file(