Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: remove handler for validation and parse errors #1510

Merged
merged 15 commits into from
Sep 8, 2022
Merged

feat: remove handler for validation and parse errors #1510

Show file tree
Hide file tree
Changes from 4 commits
Commits
Show all changes
15 commits
Select commit Hold shift + click to select a range
8a96151
feat: remove hanlder for validation and parse errors
saihaj Sep 5, 2022
d097ab6
tests
saihaj Sep 5, 2022
fd6237a
make it work
saihaj Sep 5, 2022
3454e9d
Add docs
saihaj Sep 5, 2022
c76e157
Fix serialization issue
ardatan Sep 6, 2022
c0caede
Go
ardatan Sep 6, 2022
1e301d5
..
ardatan Sep 6, 2022
d9cd5bf
update docs
saihaj Sep 6, 2022
91ca853
update test
saihaj Sep 6, 2022
c6fbb18
make it work
saihaj Sep 6, 2022
37ecc67
feat: add originalError in dev mode (#1514)
n1ru4l Sep 7, 2022
fb98f25
remove Fn appendix
saihaj Sep 7, 2022
6e87a0c
name graphql error
saihaj Sep 7, 2022
4debcc1
make ts happy
saihaj Sep 7, 2022
9db1b6b
make toJSON required
saihaj Sep 7, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
8 changes: 8 additions & 0 deletions .changeset/rude-cats-peel.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
---
'@envelop/core': major
---

Remove `handleValidationErrors` and `handleParseErrors` options from `useMaskedErrors`.

> ONLY masking validation errors OR ONLY disabling introspection errors does not make sense, as both can be abused for reverse-engineering the GraphQL schema (see https://github.com/nikitastupin/clairvoyance for reverse-engineering the schema based on validation error suggestions).
> https://github.com/n1ru4l/envelop/issues/1482#issue-1340015060
62 changes: 62 additions & 0 deletions packages/core/docs/use-masked-errors.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
#### `useMaskedErrors`

Prevent unexpected error messages from leaking to the GraphQL clients.

```ts
import { envelop, useSchema, useMaskedErrors } from '@envelop/core'
import { makeExecutableSchema, GraphQLError } from 'graphql'

const schema = makeExecutableSchema({
typeDefs: /* GraphQL */ `
type Query {
something: String!
somethingElse: String!
somethingSpecial: String!
}
`,
resolvers: {
Query: {
something: () => {
throw new GraphQLError('Error that is propagated to the clients.')
},
somethingElse: () => {
throw new Error("Unsafe error that will be masked as 'Unexpected Error.'.")
},
somethingSpecial: () => {
throw new GraphQLError('The error will have an extensions field.', {
code: 'ERR_CODE',
randomNumber: 123
})
}
}
}
})

const getEnveloped = envelop({
plugins: [useSchema(schema), useMaskedErrors()]
})
```

You may customize the default error message `Unexpected error.` with your own `errorMessage`:

```ts
const getEnveloped = envelop({
plugins: [useSchema(schema), useMaskedErrors({ errorMessage: 'Something went wrong.' })]
})
```

Or provide a custom formatter when masking the output:

```ts
export const customFormatError: FormatErrorHandler = err => {
if (err.originalError) {
return new GraphQLError('Sorry, something went wrong.')
}

return err
}

const getEnveloped = envelop({
plugins: [useSchema(schema), useMaskedErrors({ formatError: customFormatError })]
})
```
65 changes: 65 additions & 0 deletions packages/core/src/plugins/use-masked-errors.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,65 @@
import { Plugin, ExecutionResult } from '@envelop/types';
import { handleStreamOrSingleExecutionResult } from '../utils.js';

export const DEFAULT_ERROR_MESSAGE = 'Unexpected error.';

export type FormatErrorHandler = (error: unknown, message: string) => Error;

export const formatError: FormatErrorHandler = (err, message) => {
if (err?.name === 'GraphQLError') {
if (err?.originalError) {
if (err.originalError.name === 'GraphQLError') {
return err as Error;
}
return new Error(message);
}
return err as Error;
}
return new Error(message);
};
saihaj marked this conversation as resolved.
Show resolved Hide resolved

export type UseMaskedErrorsOpts = {
/** The function used for format/identify errors. */
formatError?: FormatErrorHandler;
/** The error message that shall be used for masked errors. */
errorMessage?: string;
};

const makeHandleResult =
(format: FormatErrorHandler, message: string) =>
({ result, setResult }: { result: ExecutionResult; setResult: (result: ExecutionResult) => void }) => {
if (result.errors != null) {
setResult({ ...result, errors: result.errors.map(error => format(error, message)) });
}
};

export const useMaskedErrors = (opts?: UseMaskedErrorsOpts): Plugin => {
const format = opts?.formatError ?? formatError;
const message = opts?.errorMessage || DEFAULT_ERROR_MESSAGE;
saihaj marked this conversation as resolved.
Show resolved Hide resolved
const handleResult = makeHandleResult(format, message);

return {
onPluginInit(context) {
context.registerContextErrorHandler(({ error, setError }) => {
setError(format(error, message));
});
},
onExecute() {
return {
onExecuteDone(payload) {
return handleStreamOrSingleExecutionResult(payload, handleResult);
},
};
},
onSubscribe() {
return {
onSubscribeResult(payload) {
return handleStreamOrSingleExecutionResult(payload, handleResult);
},
onSubscribeError({ error, setError }) {
setError(format(error, message));
},
};
},
};
};