Merge pull request #4029 from magento-honey-badgers/query-get-request-support

[honey] Graphql-229: Query get request support

Author: cpartica

app/code/Magento/GraphQl/Controller/GraphQl.php

@@ -12,6 +12,7 @@
 use Magento\Framework\App\RequestInterface;
 use Magento\Framework\App\ResponseInterface;
 use Magento\Framework\GraphQl\Exception\ExceptionFormatter;
+use Magento\Framework\GraphQl\Exception\GraphQlInputException;
 use Magento\Framework\GraphQl\Query\QueryProcessor;
 use Magento\Framework\GraphQl\Query\Resolver\ContextInterface;
 use Magento\Framework\GraphQl\Schema\SchemaGeneratorInterface;
@@ -47,12 +48,12 @@ class GraphQl implements FrontControllerInterface
     private $queryProcessor;
 
     /**
-     * @var \Magento\Framework\GraphQl\Exception\ExceptionFormatter
+     * @var ExceptionFormatter
      */
     private $graphQlError;
 
     /**
-     * @var \Magento\Framework\GraphQl\Query\Resolver\ContextInterface
+     * @var ContextInterface
      */
     private $resolverContext;
 
@@ -71,8 +72,8 @@ class GraphQl implements FrontControllerInterface
      * @param SchemaGeneratorInterface $schemaGenerator
      * @param SerializerInterface $jsonSerializer
      * @param QueryProcessor $queryProcessor
-     * @param \Magento\Framework\GraphQl\Exception\ExceptionFormatter $graphQlError
-     * @param \Magento\Framework\GraphQl\Query\Resolver\ContextInterface $resolverContext
+     * @param ExceptionFormatter $graphQlError
+     * @param ContextInterface $resolverContext
      * @param HttpRequestProcessor $requestProcessor
      * @param QueryFields $queryFields
      */
@@ -107,12 +108,14 @@ public function dispatch(RequestInterface $request) : ResponseInterface
         $statusCode = 200;
         try {
             /** @var Http $request */
+            $this->requestProcessor->validateRequest($request);
             $this->requestProcessor->processHeaders($request);
-            $data = $this->jsonSerializer->unserialize($request->getContent());
 
-            $query = isset($data['query']) ? $data['query'] : '';
-            $variables = isset($data['variables']) ? $data['variables'] : null;
-            // We have to extract queried field names to avoid instantiation of non necessary fields in webonyx schema
+            $data = $this->getDataFromRequest($request);
+            $query = $data['query'] ?? '';
+            $variables = $data['variables'] ?? null;
+
+            // We must extract queried field names to avoid instantiation of unnecessary fields in webonyx schema
             // Temporal coupling is required for performance optimization
             $this->queryFields->setQuery($query, $variables);
             $schema = $this->schemaGenerator->generate();
@@ -121,7 +124,7 @@ public function dispatch(RequestInterface $request) : ResponseInterface
                 $schema,
                 $query,
                 $this->resolverContext,
-                isset($data['variables']) ? $data['variables'] : []
+                $data['variables'] ?? []
             );
         } catch (\Exception $error) {
             $result['errors'] = isset($result) && isset($result['errors']) ? $result['errors'] : [];
@@ -134,4 +137,26 @@ public function dispatch(RequestInterface $request) : ResponseInterface
         )->setHttpResponseCode($statusCode);
         return $this->response;
     }
+
+    /**
+     * Get data from request body or query string
+     *
+     * @param RequestInterface $request
+     * @return array
+     */
+    private function getDataFromRequest(RequestInterface $request) : array
+    {
+        /** @var Http $request */
+        if ($request->isPost()) {
+            $data = $this->jsonSerializer->unserialize($request->getContent());
+        } elseif ($request->isGet()) {
+            $data = $request->getParams();
+            $data['variables'] = isset($data['variables']) ?
+                $this->jsonSerializer->unserialize($data['variables']) : null;
+        } else {
+            return [];
+        }
+
+        return $data;
+    }
 }

app/code/Magento/GraphQl/Controller/HttpHeaderProcessor/ContentTypeProcessor.php

@@ -7,7 +7,7 @@
 
 namespace Magento\GraphQl\Controller\HttpHeaderProcessor;
 
-use Magento\Framework\Exception\NoSuchEntityException;
+use Magento\Framework\App\HttpRequestInterface;
 use Magento\Framework\GraphQl\Exception\GraphQlInputException;
 use Magento\GraphQl\Controller\HttpHeaderProcessorInterface;
 use Magento\Store\Model\StoreManagerInterface;
@@ -35,8 +35,9 @@ public function __construct(StoreManagerInterface $storeManager)
     /**
      * Handle the value of the store and set the scope
      *
-     * {@inheritDoc}
-     * @throws NoSuchEntityException
+     * @param string $headerValue
+     * @return void
+     * @throws GraphQlInputException
      */
     public function processHeaderValue(string $headerValue) : void
     {

app/code/Magento/GraphQl/Controller/HttpHeaderProcessor/StoreProcessor.php

@@ -19,12 +19,19 @@ class HttpRequestProcessor
      */
     private $headerProcessors = [];
 
+    /**
+     * @var HttpRequestValidatorInterface[] array
+     */
+    private $requestValidators = [];
+
     /**
      * @param HttpHeaderProcessorInterface[] $graphQlHeaders
+     * @param HttpRequestValidatorInterface[] $requestValidators
      */
-    public function __construct(array $graphQlHeaders = [])
+    public function __construct(array $graphQlHeaders = [], array $requestValidators = [])
     {
         $this->headerProcessors = $graphQlHeaders;
+        $this->requestValidators = $requestValidators;
     }
 
     /**
@@ -39,4 +46,17 @@ public function processHeaders(Http $request) : void
             $headerClass->processHeaderValue((string)$request->getHeader($headerName));
         }
     }
+
+    /**
+     * Validate HTTP request
+     *
+     * @param Http $request
+     * @return void
+     */
+    public function validateRequest(Http $request) : void
+    {
+        foreach ($this->requestValidators as $requestValidator) {
+            $requestValidator->validate($request);
+        }
+    }
 }

app/code/Magento/GraphQl/Controller/HttpRequestProcessor.php

@@ -0,0 +1,40 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+declare(strict_types=1);
+
+namespace Magento\GraphQl\Controller\HttpRequestValidator;
+
+use Magento\Framework\App\HttpRequestInterface;
+use Magento\Framework\GraphQl\Exception\GraphQlInputException;
+use Magento\GraphQl\Controller\HttpRequestValidatorInterface;
+
+/**
+ * Processes the "Content-Type" header entry
+ */
+class ContentTypeValidator implements HttpRequestValidatorInterface
+{
+    /**
+     * Handle the mandatory application/json header
+     *
+     * @param HttpRequestInterface $request
+     * @return void
+     * @throws GraphQlInputException
+     */
+    public function validate(HttpRequestInterface $request) : void
+    {
+        $headerName = 'Content-Type';
+        $requiredHeaderValue = 'application/json';
+
+        $headerValue = (string)$request->getHeader($headerName);
+        if ($request->isPost()
+            && strpos($headerValue, $requiredHeaderValue) === false
+        ) {
+            throw new GraphQlInputException(
+                new \Magento\Framework\Phrase('Request content type must be application/json')
+            );
+        }
+    }
+}

app/code/Magento/GraphQl/Controller/HttpRequestValidator/ContentTypeValidator.php

@@ -0,0 +1,40 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+declare(strict_types=1);
+
+namespace Magento\GraphQl\Controller\HttpRequestValidator;
+
+use Magento\Framework\App\HttpRequestInterface;
+use Magento\Framework\GraphQl\Exception\GraphQlInputException;
+use Magento\Framework\App\Request\Http;
+use Magento\GraphQl\Controller\HttpRequestValidatorInterface;
+
+/**
+ * Validator to check HTTP verb for Graphql requests
+ */
+class HttpVerbValidator implements HttpRequestValidatorInterface
+{
+    /**
+     * Check if request is using correct verb for query or mutation
+     *
+     * @param HttpRequestInterface $request
+     * @return void
+     * @throws GraphQlInputException
+     */
+    public function validate(HttpRequestInterface $request) : void
+    {
+        /** @var Http $request */
+        if (false === $request->isPost()) {
+            $query = $request->getParam('query', '');
+            // The easiest way to determine mutations without additional parsing
+            if (strpos(trim($query), 'mutation') === 0) {
+                throw new GraphQlInputException(
+                    new \Magento\Framework\Phrase('Mutation requests allowed only for POST requests')
+                );
+            }
+        }
+    }
+}

app/code/Magento/GraphQl/Controller/HttpRequestValidator/HttpVerbValidator.php

@@ -0,0 +1,24 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+declare(strict_types=1);
+
+namespace Magento\GraphQl\Controller;
+
+use Magento\Framework\App\HttpRequestInterface;
+
+/**
+ * Use this interface to implement a validator for a Graphql HTTP requests
+ */
+interface HttpRequestValidatorInterface
+{
+    /**
+     * Perform validation of request
+     *
+     * @param HttpRequestInterface $request
+     * @return void
+     */
+    public function validate(HttpRequestInterface $request) : void;
+}

app/code/Magento/GraphQl/Controller/HttpRequestValidatorInterface.php

@@ -28,9 +28,12 @@
     <type name="Magento\GraphQl\Controller\HttpRequestProcessor">
         <arguments>
             <argument name="graphQlHeaders" xsi:type="array">
-                <item name="Content-Type" xsi:type="object">Magento\GraphQl\Controller\HttpHeaderProcessor\ContentTypeProcessor</item>
                 <item name="Store" xsi:type="object">Magento\GraphQl\Controller\HttpHeaderProcessor\StoreProcessor</item>
             </argument>
+            <argument name="requestValidators" xsi:type="array">
+                <item name="ContentTypeValidator" xsi:type="object">Magento\GraphQl\Controller\HttpRequestValidator\ContentTypeValidator</item>
+                <item name="VerbValidator" xsi:type="object">Magento\GraphQl\Controller\HttpRequestValidator\HttpVerbValidator</item>
+            </argument>
         </arguments>
     </type>
 </config>

app/code/Magento/GraphQl/etc/graphql/di.xml

@@ -51,7 +51,7 @@ public function __construct(
      * @return array|string|int|float|bool
      * @throws \Exception
      */
-    public function postQuery(string $query, array $variables = [], string $operationName = '', array $headers = [])
+    public function post(string $query, array $variables = [], string $operationName = '', array $headers = [])
     {
         $url = $this->getEndpointUrl();
         $headers = array_merge($headers, ['Accept: application/json', 'Content-Type: application/json']);
@@ -63,19 +63,57 @@ public function postQuery(string $query, array $variables = [], string $operatio
         $postData = $this->json->jsonEncode($requestArray);
 
         $responseBody = $this->curlClient->post($url, $postData, $headers);
-        $responseBodyArray = $this->json->jsonDecode($responseBody);
+        return $this->processResponse($responseBody);
+    }
+
+    /**
+     * Perform HTTP GET request for query
+     *
+     * @param string $query
+     * @param array $variables
+     * @param string $operationName
+     * @param array $headers
+     * @return mixed
+     * @throws \Exception
+     */
+    public function get(string $query, array $variables = [], string $operationName = '', array $headers = [])
+    {
+        $url = $this->getEndpointUrl();
+        $requestArray = [
+            'query' => $query,
+            'variables' => $variables ? $this->json->jsonEncode($variables) : null,
+            'operationName' => $operationName ?? null
+        ];
+        array_filter($requestArray);
+
+        $responseBody = $this->curlClient->get($url, $requestArray, $headers);
+        return $this->processResponse($responseBody);
+    }
+
+    /**
+     * Process response from GraphQl server
+     *
+     * @param string $response
+     * @return mixed
+     * @throws \Exception
+     */
+    private function processResponse(string $response)
+    {
+        $responseArray = $this->json->jsonDecode($response);
 
-        if (!is_array($responseBodyArray)) {
-            throw new \Exception('Unknown GraphQL response body: ' . json_encode($responseBodyArray));
+        if (!is_array($responseArray)) {
+            //phpcs:ignore Magento2.Exceptions.DirectThrow
+            throw new \Exception('Unknown GraphQL response body: ' . $response);
         }
 
-        $this->processErrors($responseBodyArray);
+        $this->processErrors($responseArray);
 
-        if (!isset($responseBodyArray['data'])) {
-            throw new \Exception('Unknown GraphQL response body: ' . json_encode($responseBodyArray));
-        } else {
-            return $responseBodyArray['data'];
+        if (!isset($responseArray['data'])) {
+            //phpcs:ignore Magento2.Exceptions.DirectThrow
+            throw new \Exception('Unknown GraphQL response body: ' . $response);
         }
+
+        return $responseArray['data'];
     }
 
     /**
@@ -107,6 +145,7 @@ private function processErrors($responseBodyArray)
                     $responseBodyArray
                 );
             }
+            //phpcs:ignore Magento2.Exceptions.DirectThrow
             throw new \Exception('GraphQL responded with an unknown error: ' . json_encode($responseBodyArray));
         }
     }