-
Notifications
You must be signed in to change notification settings - Fork 2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Input Value Validation #3086
Input Value Validation #3086
Conversation
d4a59f5
to
d3aaf3e
Compare
77ffb26
to
026cdd2
Compare
d3aaf3e
to
b56f8dd
Compare
026cdd2
to
855af69
Compare
b56f8dd
to
f958baa
Compare
0ac6329
to
6bba95b
Compare
f958baa
to
1a7b39a
Compare
6bba95b
to
7f31940
Compare
3f23ab5
to
01652d0
Compare
7f31940
to
f7f624e
Compare
@leebyron question: are you going to validate default argument values of Directive definitions and arguments of applied Directives too? For example: # custom Scalar
scalar CacheKey
directive @cached(
key: CacheKey = {key: "DEFAULT", duration=1000}
) on FIELD_DEFINITION
type Query {
hello: String @cached(key: {key: "hello", duration = 500})
} |
01652d0
to
56f78d8
Compare
a30c9ca
to
88fa4f9
Compare
Yes both. Though one additional follow up might be necessary. Arguments of applied directives in operations have always been validated in the ValuesOfCorrectType validator. In schema they never translate into something so they haven't been validated. This seems like an easy thing to fix. Directive definition argument default value validation is in the RFC spec change and included in the last PR in this stack |
13d9314
to
30deb95
Compare
757931d
to
d1fbfb3
Compare
30deb95
to
d5fb50a
Compare
Factors out input validation to reusable functions: * Introduces `validateInputLiteral` by extracting this behavior from `ValuesOfCorrectTypeRule`. * Introduces `validateInputValue` by extracting this behavior from `coerceInputValue` * Simplifies `coerceInputValue` to return early on validation error * Unifies error reporting between `validateInputValue` and `validateInputLiteral`, causing some error message strings to change, but error data (eg locations) are preserved. These two parallel functions will be used to validate default values in #3049 Potentially breaking if you rely on the existing behavior of `coerceInputValue` to call a callback function, as the call signature has changed. GraphQL behavior should not change, though error messages are now slightly different.
d1fbfb3
to
9a9d330
Compare
[#3086 rebased on main](#3086). Depends on #3812 @leebyron comments from original PR: > Factors out input validation to reusable functions: > > * Introduces `validateInputLiteral` by extracting this behavior from `ValuesOfCorrectTypeRule`. > * Introduces `validateInputValue` by extracting this behavior from `coerceInputValue` > * Simplifies `coerceInputValue` to return early on validation error > * Unifies error reporting between `validateInputValue` and `validateInputLiteral`, causing some error message strings to change, but error data (eg locations) are preserved. > > These two parallel functions will be used to validate default values > > Potentially breaking if you rely on the existing behavior of `coerceInputValue` to call a callback function, as the call signature has changed. GraphQL behavior should not change, though error messages are now slightly different. Note: also breaking if you rely on the default callback function to throw. Grossly similar behavior is available with `validateInputValue()`. Co-authored-by: Lee Byron <lee.byron@robinhood.com>
Merged rebased version of this PR as #3813. |
Depends on #3065
Factors out input validation to reusable functions:
validateInputLiteral
by extracting this behavior fromValuesOfCorrectTypeRule
.validateInputValue
by extracting this behavior fromcoerceInputValue
coerceInputValue
to return early on validation errorvalidateInputValue
andvalidateInputLiteral
, causing some error message strings to change, but error data (eg locations) are preserved.These two parallel functions will be used to validate default values in #3049
Potentially breaking if you rely on the existing behavior of
coerceInputValue
to call a callback function, as the call signature has changed. GraphQL behavior should not change, though error messages are now slightly different.