graphql-armor icon indicating copy to clipboard operation
graphql-armor copied to clipboard

Published 20 hours ago verified publisher icon Escape-Technologies

feat(graphql-armor): add context injection plugin for enhanced validation

Open Lainocs opened this issue 8 months ago • 2 comments

Enhanced Validation Context Handling for Apollo Server

Overview

This PR introduces improved validation context handling in GraphQL Armor, specifically for Apollo Server integration. The changes enable better access to request context during validation rules execution, which is crucial for implementing more sophisticated security checks.

Key Changes

1. New Context Helper Module

  • Added context-helper.ts with utilities for injecting request context into validation rules
  • Introduced injectRequestContextRule helper function to wrap validation rules with request context
  • Implemented contextInjectionPlugin for Apollo Server to handle context injection

2. Enhanced Types

  • Added new types in @escape.tech/graphql-armor-types:
    • EnhancedValidationContext interface for extended validation context
    • User interface for authentication-related features
    • Improved callback types for accept/reject scenarios
    • Added type guards for better type safety

3. Updated Protection Rules

Modified all protection rules to use the new context injection system:

  • Max Aliases Protection
  • Max Depth Protection
  • Max Directives Protection
  • (and other protection rules)

4. Testing Updates

  • Updated test suite to account for the new context injection plugin
  • Adjusted plugin count expectations in test cases

Technical Details

The changes introduce a more robust way to access request context during validation by:

  1. Injecting the Apollo request context into validation rules
  2. Providing type-safe access to request information
  3. Enabling better error handling and user context awareness

Benefits

  • Improved security validation capabilities
  • Better type safety throughout the validation process
  • More flexible error handling and user context awareness
  • Cleaner separation of concerns between validation and context handling

Testing

  • All existing tests have been updated to reflect the new changes
  • New test cases have been added to verify context injection functionality
  • Test coverage has been maintained or improved

Breaking Changes

None. This is a backward-compatible enhancement that adds functionality without breaking existing behavior.

Dependencies

No new dependencies were added. The changes utilize existing Apollo Server and GraphQL types.

Lainocs avatar Apr 04 '25 15:04 Lainocs

⚠️ No Changeset found

Latest commit: 40e7a0bf7a5dedc12cb6269cb4fa71ef09f63866

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

changeset-bot[bot] avatar Apr 04 '25 15:04 changeset-bot[bot]

:warning: Please install the 'codecov app svg image' to ensure uploads and comments are reliably processed by Codecov.

Codecov Report

Attention: Patch coverage is 24.00000% with 19 lines in your changes missing coverage. Please review.

Project coverage is 87.83%. Comparing base (13978ed) to head (40e7a0b).

Files with missing lines Patch % Lines
...ackages/graphql-armor/src/apollo/context-helper.ts 20.83% 19 Missing :warning:

:exclamation: Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #770      +/-   ##
==========================================
- Coverage   91.96%   87.83%   -4.14%     
==========================================
  Files          17       18       +1     
  Lines         386      411      +25     
  Branches      121      126       +5     
==========================================
+ Hits          355      361       +6     
- Misses         31       50      +19

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

:rocket: New features to boost your workflow:
  • :snowflake: Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • :package: JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

codecov-commenter avatar Apr 04 '25 15:04 codecov-commenter