229: [GraphQL caching] Add support for queries via HTTP GET

- Address review comments
- Add customer validator interface for graphql requests

Author: danielrenaud

app/code/Magento/GraphQl/Controller/GraphQl.php

@@ -12,7 +12,7 @@
 use Magento\Framework\App\RequestInterface;
 use Magento\Framework\App\ResponseInterface;
 use Magento\Framework\GraphQl\Exception\ExceptionFormatter;
-use Magento\Framework\GraphQl\Exception\GraphQlRequestException;
+use Magento\Framework\GraphQl\Exception\GraphQlInputException;
 use Magento\Framework\GraphQl\Query\QueryProcessor;
 use Magento\Framework\GraphQl\Query\Resolver\ContextInterface;
 use Magento\Framework\GraphQl\Schema\SchemaGeneratorInterface;
@@ -24,7 +24,6 @@
  * Front controller for web API GraphQL area.
  *
  * @api
- * @SuppressWarnings(PHPMD.CouplingBetweenObjects)
  */
 class GraphQl implements FrontControllerInterface
 {
@@ -49,12 +48,12 @@ class GraphQl implements FrontControllerInterface
     private $queryProcessor;
 
     /**
-     * @var \Magento\Framework\GraphQl\Exception\ExceptionFormatter
+     * @var ExceptionFormatter
      */
     private $graphQlError;
 
     /**
-     * @var \Magento\Framework\GraphQl\Query\Resolver\ContextInterface
+     * @var ContextInterface
      */
     private $resolverContext;
 
@@ -73,8 +72,8 @@ class GraphQl implements FrontControllerInterface
      * @param SchemaGeneratorInterface $schemaGenerator
      * @param SerializerInterface $jsonSerializer
      * @param QueryProcessor $queryProcessor
-     * @param \Magento\Framework\GraphQl\Exception\ExceptionFormatter $graphQlError
-     * @param \Magento\Framework\GraphQl\Query\Resolver\ContextInterface $resolverContext
+     * @param ExceptionFormatter $graphQlError
+     * @param ContextInterface $resolverContext
      * @param HttpRequestProcessor $requestProcessor
      * @param QueryFields $queryFields
      */
@@ -109,30 +108,24 @@ public function dispatch(RequestInterface $request) : ResponseInterface
         $statusCode = 200;
         try {
             /** @var Http $request */
-            if ($this->isHttpVerbValid($request)) {
-                $this->requestProcessor->processHeaders($request);
-                $data = $this->getDataFromRequest($request);
-                $query = isset($data['query']) ? $data['query'] : '';
-                $variables = isset($data['variables']) ? $data['variables'] : null;
-
-                // We must extract queried field names to avoid instantiation of unnecessary fields in webonyx schema
-                // Temporal coupling is required for performance optimization
-                $this->queryFields->setQuery($query, $variables);
-                $schema = $this->schemaGenerator->generate();
-
-                $result = $this->queryProcessor->process(
-                    $schema,
-                    $query,
-                    $this->resolverContext,
-                    isset($data['variables']) ? $data['variables'] : []
-                );
-            } else {
-                $errorMessage = __('Mutation requests allowed only for POST requests');
-                $result['errors'] = [
-                    $this->graphQlError->create(new GraphQlRequestException($errorMessage))
-                ];
-                $statusCode = ExceptionFormatter::HTTP_GRAPH_QL_SCHEMA_ERROR_STATUS;
-            }
+            $this->requestProcessor->validateRequest($request);
+            $this->requestProcessor->processHeaders($request);
+
+            $data = $this->getDataFromRequest($request);
+            $query = $data['query'] ?? '';
+            $variables = $data['variables'] ?? null;
+
+            // We must extract queried field names to avoid instantiation of unnecessary fields in webonyx schema
+            // Temporal coupling is required for performance optimization
+            $this->queryFields->setQuery($query, $variables);
+            $schema = $this->schemaGenerator->generate();
+
+            $result = $this->queryProcessor->process(
+                $schema,
+                $query,
+                $this->resolverContext,
+                $data['variables'] ?? []
+            );
         } catch (\Exception $error) {
             $result['errors'] = isset($result) && isset($result['errors']) ? $result['errors'] : [];
             $result['errors'][] = $this->graphQlError->create($error);
@@ -148,37 +141,22 @@ public function dispatch(RequestInterface $request) : ResponseInterface
     /**
      * Get data from request body or query string
      *
-     * @param Http $request
+     * @param RequestInterface $request
      * @return array
      */
-    private function getDataFromRequest(Http $request) : array
+    private function getDataFromRequest(RequestInterface $request) : array
     {
+        /** @var Http $request */
         if ($request->isPost()) {
             $data = $this->jsonSerializer->unserialize($request->getContent());
-        } else {
+        } elseif ($request->isGet()) {
             $data = $request->getParams();
             $data['variables'] = isset($data['variables']) ?
                 $this->jsonSerializer->unserialize($data['variables']) : null;
+        } else {
+            return [];
         }
 
         return $data;
     }
-
-    /**
-     * Check if request is using correct verb for query or mutation
-     *
-     * @param Http $request
-     * @return boolean
-     */
-    private function isHttpVerbValid(Http $request)
-    {
-        $requestData = $this->getDataFromRequest($request);
-        $query = $requestData['query'] ?? '';
-
-        // The easiest way to determine mutations without additional parsing
-        if ($request->isSafeMethod() && strpos(trim($query), 'mutation') === 0) {
-            return false;
-        }
-        return true;
-    }
 }

app/code/Magento/GraphQl/Controller/HttpHeaderProcessor/ContentTypeProcessor.php

@@ -36,12 +36,10 @@ public function __construct(StoreManagerInterface $storeManager)
      * Handle the value of the store and set the scope
      *
      * @param string $headerValue
-     * @param HttpRequestInterface $request
      * @return void
      * @throws GraphQlInputException
-     * @SuppressWarnings(PHPMD.UnusedFormalParameter)
      */
-    public function processHeaderValue(string $headerValue, HttpRequestInterface $request) : void
+    public function processHeaderValue(string $headerValue) : void
     {
         if ($headerValue) {
             $storeCode = ltrim(rtrim($headerValue));

app/code/Magento/GraphQl/Controller/HttpHeaderProcessor/StoreProcessor.php

@@ -7,8 +7,6 @@
 
 namespace Magento\GraphQl\Controller;
 
-use Magento\Framework\App\HttpRequestInterface;
-
 /**
  * Use this interface to implement a processor for each entry of a header in an HTTP GraphQL request.
  */
@@ -21,8 +19,7 @@ interface HttpHeaderProcessorInterface
      * to enforce required headers like "application/json"
      *
      * @param string $headerValue
-     * @param HttpRequestInterface $request
      * @return void
      */
-    public function processHeaderValue(string $headerValue, HttpRequestInterface $request) : void;
+    public function processHeaderValue(string $headerValue) : void;
 }

app/code/Magento/GraphQl/Controller/HttpHeaderProcessorInterface.php

@@ -19,12 +19,19 @@ class HttpRequestProcessor
      */
     private $headerProcessors = [];
 
+    /**
+     * @var HttpRequestValidatorInterface[] array
+     */
+    private $requestValidators = [];
+
     /**
      * @param HttpHeaderProcessorInterface[] $graphQlHeaders
+     * @param HttpRequestValidatorInterface[] $requestValidators
      */
-    public function __construct(array $graphQlHeaders = [])
+    public function __construct(array $graphQlHeaders = [], array $requestValidators = [])
     {
         $this->headerProcessors = $graphQlHeaders;
+        $this->requestValidators = $requestValidators;
     }
 
     /**
@@ -36,7 +43,20 @@ public function __construct(array $graphQlHeaders = [])
     public function processHeaders(Http $request) : void
     {
         foreach ($this->headerProcessors as $headerName => $headerClass) {
-            $headerClass->processHeaderValue((string)$request->getHeader($headerName), $request);
+            $headerClass->processHeaderValue((string)$request->getHeader($headerName));
+        }
+    }
+
+    /**
+     * Validate HTTP request
+     *
+     * @param Http $request
+     * @return void
+     */
+    public function validateRequest(Http $request) : void
+    {
+        foreach ($this->requestValidators as $requestValidator) {
+            $requestValidator->validate($request);
         }
     }
 }

app/code/Magento/GraphQl/Controller/HttpRequestProcessor.php

@@ -0,0 +1,40 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+declare(strict_types=1);
+
+namespace Magento\GraphQl\Controller\HttpRequestValidator;
+
+use Magento\Framework\App\HttpRequestInterface;
+use Magento\Framework\GraphQl\Exception\GraphQlInputException;
+use Magento\GraphQl\Controller\HttpRequestValidatorInterface;
+
+/**
+ * Processes the "Content-Type" header entry
+ */
+class ContentTypeValidator implements HttpRequestValidatorInterface
+{
+    /**
+     * Handle the mandatory application/json header
+     *
+     * @param HttpRequestInterface $request
+     * @return void
+     * @throws GraphQlInputException
+     */
+    public function validate(HttpRequestInterface $request) : void
+    {
+        $headerName = 'Content-Type';
+        $requiredHeaderValue = 'application/json';
+
+        $headerValue = (string)$request->getHeader($headerName);
+        if ($request->isPost()
+            && strpos($headerValue, $requiredHeaderValue) === false
+        ) {
+            throw new GraphQlInputException(
+                new \Magento\Framework\Phrase('Request content type must be application/json')
+            );
+        }
+    }
+}

app/code/Magento/GraphQl/Controller/HttpRequestValidator/ContentTypeValidator.php

@@ -0,0 +1,40 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+declare(strict_types=1);
+
+namespace Magento\GraphQl\Controller\HttpRequestValidator;
+
+use Magento\Framework\App\HttpRequestInterface;
+use Magento\Framework\GraphQl\Exception\GraphQlInputException;
+use Magento\Framework\App\Request\Http;
+use Magento\GraphQl\Controller\HttpRequestValidatorInterface;
+
+/**
+ * Validator to check HTTP verb for Graphql requests
+ */
+class HttpVerbValidator implements HttpRequestValidatorInterface
+{
+    /**
+     * Check if request is using correct verb for query or mutation
+     *
+     * @param HttpRequestInterface $request
+     * @return void
+     * @throws GraphQlInputException
+     */
+    public function validate(HttpRequestInterface $request) : void
+    {
+        /** @var Http $request */
+        if (false === $request->isPost()) {
+            $query = $request->getParam('query', '');
+            // The easiest way to determine mutations without additional parsing
+            if (strpos(trim($query), 'mutation') === 0) {
+                throw new GraphQlInputException(
+                    new \Magento\Framework\Phrase('Mutation requests allowed only for POST requests')
+                );
+            }
+        }
+    }
+}

app/code/Magento/GraphQl/Controller/HttpRequestValidator/HttpVerbValidator.php

@@ -0,0 +1,24 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+declare(strict_types=1);
+
+namespace Magento\GraphQl\Controller;
+
+use Magento\Framework\App\HttpRequestInterface;
+
+/**
+ * Use this interface to implement a validator for a Graphql HTTP requests
+ */
+interface HttpRequestValidatorInterface
+{
+    /**
+     * Perform validation of request
+     *
+     * @param HttpRequestInterface $request
+     * @return void
+     */
+    public function validate(HttpRequestInterface $request) : void;
+}

app/code/Magento/GraphQl/Controller/HttpRequestValidatorInterface.php

@@ -28,9 +28,12 @@
     <type name="Magento\GraphQl\Controller\HttpRequestProcessor">
         <arguments>
             <argument name="graphQlHeaders" xsi:type="array">
-                <item name="Content-Type" xsi:type="object">Magento\GraphQl\Controller\HttpHeaderProcessor\ContentTypeProcessor</item>
                 <item name="Store" xsi:type="object">Magento\GraphQl\Controller\HttpHeaderProcessor\StoreProcessor</item>
             </argument>
+            <argument name="requestValidators" xsi:type="array">
+                <item name="ContentTypeValidator" xsi:type="object">Magento\GraphQl\Controller\HttpRequestValidator\ContentTypeValidator</item>
+                <item name="VerbValidator" xsi:type="object">Magento\GraphQl\Controller\HttpRequestValidator\HttpVerbValidator</item>
+            </argument>
         </arguments>
     </type>
 </config>