graphql-client
graphql-client copied to clipboard
graphql-rust
Variables don't seem to be validated
We noticed recently that when we built a query and accidentally added a query variable, and then passed that variable as an argument to a field in an operation that was invalid, we didn't receive any kind of build errors, which made me wonder if arguments and variables are being properly validated, and I don't think they are.
I intend on looking into this deeper, but as a first pass, to reproduce what I'm talking about, you can add any argument you want in the keywords_query test here, and the test will not fail.
The example I used to reproduce this was
query searchQuery($criteria: extern!, $invalid_var: Float!) {
search {
transactions(criteria: $searchID, invalid_var: $invalid_var) {
for
status
}
}
}
Where invalid_var doesn't exist in the schema.
In the meantime, before I have the time to look into this, does anyone know if (and if so, where) these variables are being validated? Or are they not currently part of validation?
There is very little query validation built into the crate — it is something that can be implemented, but it's work that nobody has done yet.
@tomhoule I think we'd like to take a look at adding this! Would you be able to help review a PR? 😄
As you probably noticed I sadly don't have free time to work on graphql-client at the moment, but I can definitely make time to review a PR with tests. So yes, that would be awesome :)
I've been using eslint to validate my query documents.
https://github.com/apollographql/eslint-plugin-graphql
eslint --ext .graphql .
// .eslintrc.js
module.exports = {
parser: "babel-eslint",
rules: {
"graphql/template-strings": [
"error",
{
env: "literal",
schemaJson: require("./schema.json"),
},
],
},
plugins: ["graphql"],
};
I also ran into this issue recently. I have to say it kinda shook my faith in the whole "Typed, correct" tagline...
What work needs to be done in order to do query validation?
Query validation is part of the graphql spec. Someone would need to implement it.