Update middleware with options and new design (#774)

Author: Shane32

Directory.Build.props

@@ -1,7 +1,7 @@
 <Project>
 
   <PropertyGroup>
-    <VersionPrefix>6.0.0-preview</VersionPrefix>
+    <VersionPrefix>7.0.0-preview</VersionPrefix>
     <LangVersion>latest</LangVersion>
     <PackageLicenseExpression>MIT</PackageLicenseExpression>
     <PackageIcon>logo.64x64.png</PackageIcon>

samples/Samples.Server/GraphQLHttpMiddlewareWithLogs.cs

@@ -1,4 +1,8 @@
+#nullable enable
+
+using System.Diagnostics;
 using GraphQL.Server.Transports.AspNetCore;
+using GraphQL.Transport;
 using GraphQL.Types;
 
 namespace GraphQL.Samples.Server;
@@ -10,32 +14,28 @@ public class GraphQLHttpMiddlewareWithLogs<TSchema> : GraphQLHttpMiddleware<TSch
     private readonly ILogger _logger;
 
     public GraphQLHttpMiddlewareWithLogs(
-        ILogger<GraphQLHttpMiddleware<TSchema>> logger,
-        IGraphQLTextSerializer requestDeserializer)
-        : base(requestDeserializer)
+        RequestDelegate next,
+        IGraphQLTextSerializer serializer,
+        IDocumentExecuter<TSchema> documentExecuter,
+        IServiceScopeFactory serviceScopeFactory,
+        GraphQLHttpMiddlewareOptions options,
+        ILogger<GraphQLHttpMiddleware<TSchema>> logger)
+        : base(next, serializer, documentExecuter, serviceScopeFactory, options)
     {
         _logger = logger;
     }
 
-    protected override Task RequestExecutedAsync(in GraphQLRequestExecutionResult requestExecutionResult)
+    protected override async Task<ExecutionResult> ExecuteRequestAsync(HttpContext context, GraphQLRequest? request, IServiceProvider serviceProvider, IDictionary<string, object?> userContext)
     {
-        if (requestExecutionResult.Result.Errors != null)
+        var timer = Stopwatch.StartNew();
+        var ret = await base.ExecuteRequestAsync(context, request, serviceProvider, userContext);
+        if (ret.Errors != null)
         {
-            if (requestExecutionResult.IndexInBatch.HasValue)
-                _logger.LogError("GraphQL execution completed in {Elapsed} with error(s) in batch [{Index}]: {Errors}", requestExecutionResult.Elapsed, requestExecutionResult.IndexInBatch, requestExecutionResult.Result.Errors);
-            else
-                _logger.LogError("GraphQL execution completed in {Elapsed} with error(s): {Errors}", requestExecutionResult.Elapsed, requestExecutionResult.Result.Errors);
+            _logger.LogError("GraphQL execution completed in {Elapsed} with error(s): {Errors}", timer.Elapsed, ret.Errors);
         }
         else
-            _logger.LogInformation("GraphQL execution successfully completed in {Elapsed}", requestExecutionResult.Elapsed);
-
-        return base.RequestExecutedAsync(requestExecutionResult);
-    }
+            _logger.LogInformation("GraphQL execution successfully completed in {Elapsed}", timer.Elapsed);
 
-    protected override CancellationToken GetCancellationToken(HttpContext context)
-    {
-        // custom CancellationToken example
-        var cts = CancellationTokenSource.CreateLinkedTokenSource(base.GetCancellationToken(context), new CancellationTokenSource(TimeSpan.FromSeconds(5)).Token);
-        return cts.Token;
+        return ret;
     }
 }

samples/Samples.Server/Startup.cs

@@ -4,6 +4,7 @@
 using GraphQL.Samples.Schemas.Chat;
 using GraphQL.Server;
 using GraphQL.Server.Authorization.AspNetCore;
+using GraphQL.Server.Transports.AspNetCore;
 using GraphQL.Server.Ui.Altair;
 using GraphQL.Server.Ui.GraphiQL;
 using GraphQL.Server.Ui.Playground;
@@ -34,7 +35,6 @@ public void ConfigureServices(IServiceCollection services)
 
         services.AddGraphQL(builder => builder
             .AddApolloTracing()
-            .AddHttpMiddleware<ChatSchema, GraphQLHttpMiddlewareWithLogs<ChatSchema>>()
             .AddWebSocketsHttpMiddleware<ChatSchema>()
             .AddSchema<ChatSchema>()
             .ConfigureExecutionOptions(options =>
@@ -63,7 +63,7 @@ public void Configure(IApplicationBuilder app)
         app.UseWebSockets();
 
         app.UseGraphQLWebSockets<ChatSchema>();
-        app.UseGraphQL<ChatSchema, GraphQLHttpMiddlewareWithLogs<ChatSchema>>();
+        app.UseGraphQL<GraphQLHttpMiddlewareWithLogs<ChatSchema>>("/graphql", new GraphQLHttpMiddlewareOptions());
 
         app.UseGraphQLPlayground(new PlaygroundOptions
         {

samples/Samples.Server/StartupWithRouting.cs

@@ -35,7 +35,6 @@ public void ConfigureServices(IServiceCollection services)
 
         services.AddGraphQL(builder => builder
             .AddApolloTracing()
-            .AddHttpMiddleware<ChatSchema, GraphQLHttpMiddlewareWithLogs<ChatSchema>>()
             .AddWebSocketsHttpMiddleware<ChatSchema>()
             .AddSchema<ChatSchema>()
             .ConfigureExecutionOptions(options =>
@@ -69,7 +68,7 @@ public void Configure(IApplicationBuilder app)
         app.UseEndpoints(endpoints =>
         {
             endpoints.MapGraphQLWebSockets<ChatSchema>();
-            endpoints.MapGraphQL<ChatSchema, GraphQLHttpMiddlewareWithLogs<ChatSchema>>();
+            endpoints.MapGraphQL<GraphQLHttpMiddlewareWithLogs<ChatSchema>>();
 
             endpoints.MapGraphQLPlayground(new PlaygroundOptions
             {

src/Transports.AspNetCore/AuthorizationHelper.cs

@@ -0,0 +1,66 @@
+#nullable enable
+
+using System.Security.Claims;
+using System.Security.Principal;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.Extensions.DependencyInjection;
+
+namespace GraphQL.Server.Transports.AspNetCore;
+
+/// <summary>
+/// Helper methods for performing connection authorization.
+/// </summary>
+public static class AuthorizationHelper
+{
+    /// <summary>
+    /// Performs connection authorization according to the options set within
+    /// <see cref="AuthorizationParameters{TState}"/>.  Returns <see langword="true"/>
+    /// if authorization was successful or not required.
+    /// </summary>
+    public static async ValueTask<bool> AuthorizeAsync<TState>(AuthorizationParameters<TState> options, TState state)
+    {
+        if (options.AuthorizationRequired)
+        {
+            if (!((options.HttpContext.User ?? NoUser()).Identity ?? NoIdentity()).IsAuthenticated)
+            {
+                if (options.OnNotAuthenticated != null)
+                    await options.OnNotAuthenticated(state);
+                return false;
+            }
+        }
+
+        if (options.AuthorizedRoles?.Count > 0)
+        {
+            var user = options.HttpContext.User ?? NoUser();
+            foreach (var role in options.AuthorizedRoles)
+            {
+                if (user.IsInRole(role))
+                    goto PassRoleCheck;
+            }
+            if (options.OnNotAuthorizedRole != null)
+                await options.OnNotAuthorizedRole(state);
+            return false;
+        }
+    PassRoleCheck:
+
+        if (options.AuthorizedPolicy != null)
+        {
+            var authorizationService = options.HttpContext.RequestServices.GetRequiredService<IAuthorizationService>();
+            var authResult = await authorizationService.AuthorizeAsync(options.HttpContext.User ?? NoUser(), null, options.AuthorizedPolicy);
+            if (!authResult.Succeeded)
+            {
+                if (options.OnNotAuthorizedPolicy != null)
+                    await options.OnNotAuthorizedPolicy(state, authResult);
+                return false;
+            }
+        }
+
+        return true;
+    }
+
+    private static IIdentity NoIdentity()
+        => throw new InvalidOperationException($"IIdentity could not be retrieved from HttpContext.User.Identity.");
+
+    private static ClaimsPrincipal NoUser()
+        => throw new InvalidOperationException("ClaimsPrincipal could not be retrieved from HttpContext.User.");
+}

src/Transports.AspNetCore/AuthorizationParameters.cs

@@ -0,0 +1,71 @@
+#nullable enable
+
+using System.Security.Claims;
+using System.Security.Principal;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Http;
+
+namespace GraphQL.Server.Transports.AspNetCore;
+
+/// <summary>
+/// Authorization parameters.
+/// This struct is used to group all necessary parameters together and perform arbitrary
+/// actions based on provided authentication properties/attributes/etc.
+/// It is not intended to be called from user code.
+/// </summary>
+public readonly struct AuthorizationParameters<TState>
+{
+    /// <summary>
+    /// Initializes an instance with a specified <see cref="Microsoft.AspNetCore.Http.HttpContext"/>
+    /// and parameters copied from the specified instance of <see cref="GraphQLHttpMiddlewareOptions"/>.
+    /// </summary>
+    public AuthorizationParameters(
+        HttpContext httpContext,
+        GraphQLHttpMiddlewareOptions middlewareOptions,
+        Func<TState, Task>? onNotAuthenticated,
+        Func<TState, Task>? onNotAuthorizedRole,
+        Func<TState, AuthorizationResult, Task>? onNotAuthorizedPolicy)
+    {
+        HttpContext = httpContext;
+        AuthorizationRequired = middlewareOptions.AuthorizationRequired;
+        AuthorizedRoles = middlewareOptions.AuthorizedRoles;
+        AuthorizedPolicy = middlewareOptions.AuthorizedPolicy;
+        OnNotAuthenticated = onNotAuthenticated;
+        OnNotAuthorizedRole = onNotAuthorizedRole;
+        OnNotAuthorizedPolicy = onNotAuthorizedPolicy;
+    }
+
+    /// <summary>
+    /// Gets or sets the <see cref="Microsoft.AspNetCore.Http.HttpContext"/> for the request.
+    /// </summary>
+    public HttpContext HttpContext { get; }
+
+    /// <inheritdoc cref="GraphQLHttpMiddlewareOptions.AuthorizationRequired"/>
+    public bool AuthorizationRequired { get; }
+
+    /// <inheritdoc cref="GraphQLHttpMiddlewareOptions.AuthorizedRoles"/>
+    public List<string>? AuthorizedRoles { get; }
+
+    /// <inheritdoc cref="GraphQLHttpMiddlewareOptions.AuthorizedPolicy"/>
+    public string? AuthorizedPolicy { get; }
+
+    /// <summary>
+    /// A delegate which executes if <see cref="AuthorizationRequired"/> is set
+    /// but <see cref="IIdentity.IsAuthenticated"/> returns <see langword="false"/>.
+    /// </summary>
+    public Func<TState, Task>? OnNotAuthenticated { get; }
+
+    /// <summary>
+    /// A delegate which executes if <see cref="AuthorizedRoles"/> is set but
+    /// <see cref="ClaimsPrincipal.IsInRole(string)"/> returns <see langword="false"/>
+    /// for all roles.
+    /// </summary>
+    public Func<TState, Task>? OnNotAuthorizedRole { get; }
+
+    /// <summary>
+    /// A delegate which executes if <see cref="AuthorizedPolicy"/> is set but
+    /// <see cref="IAuthorizationService.AuthorizeAsync(ClaimsPrincipal, object, string)"/>
+    /// returns an unsuccessful <see cref="AuthorizationResult"/> for the specified policy.
+    /// </summary>
+    public Func<TState, AuthorizationResult, Task>? OnNotAuthorizedPolicy { get; }
+}

src/Transports.AspNetCore/Errors/AccessDeniedError.cs

@@ -0,0 +1,38 @@
+#nullable enable
+
+using GraphQL.Validation;
+using GraphQLParser.AST;
+using Microsoft.AspNetCore.Authorization;
+
+namespace GraphQL.Server.Transports.AspNetCore.Errors;
+
+/// <summary>
+/// Represents an error indicating that the user is not allowed access to the specified resource.
+/// </summary>
+public class AccessDeniedError : ValidationError
+{
+    /// <inheritdoc cref="AccessDeniedError"/>
+    public AccessDeniedError(string resource)
+        : base($"Access denied for {resource}.")
+    {
+    }
+
+    /// <inheritdoc cref="AccessDeniedError"/>
+    public AccessDeniedError(string resource, GraphQLParser.ROM originalQuery, params ASTNode[] nodes)
+        : base(originalQuery, null!, $"Access denied for {resource}.", nodes)
+    {
+    }
+
+    /// <summary>
+    /// Returns the policy that would allow access to these node(s).
+    /// </summary>
+    public string? PolicyRequired { get; set; }
+
+    /// <inheritdoc cref="AuthorizationResult"/>
+    public AuthorizationResult? PolicyAuthorizationResult { get; set; }
+
+    /// <summary>
+    /// Returns the list of role memberships that would allow access to these node(s).
+    /// </summary>
+    public List<string>? RolesRequired { get; set; }
+}

src/Transports.AspNetCore/Errors/BatchedRequestsNotSupportedError.cs

@@ -0,0 +1,14 @@
+#nullable enable
+
+using GraphQL.Execution;
+
+namespace GraphQL.Server.Transports.AspNetCore.Errors;
+
+/// <summary>
+/// Represents an error indicating that batched requests are not supported.
+/// </summary>
+public class BatchedRequestsNotSupportedError : RequestError
+{
+    /// <inheritdoc cref="BatchedRequestsNotSupportedError"/>
+    public BatchedRequestsNotSupportedError() : base("Batched requests are not supported.") { }
+}

src/Transports.AspNetCore/Errors/HttpMethodValidationError.cs

@@ -0,0 +1,19 @@
+#nullable enable
+
+using GraphQL.Validation;
+using GraphQLParser.AST;
+
+namespace GraphQL.Server.Transports.AspNetCore.Errors;
+
+/// <summary>
+/// Represents a validation error indicating that the requested operation is not valid
+/// for the type of HTTP request.
+/// </summary>
+public class HttpMethodValidationError : ValidationError
+{
+    /// <inheritdoc cref="HttpMethodValidationError"/>
+    public HttpMethodValidationError(GraphQLParser.ROM originalQuery, ASTNode node, string message)
+        : base(originalQuery, null!, message, node)
+    {
+    }
+}

src/Transports.AspNetCore/Errors/InvalidContentTypeError.cs

@@ -0,0 +1,17 @@
+#nullable enable
+
+using GraphQL.Execution;
+
+namespace GraphQL.Server.Transports.AspNetCore.Errors;
+
+/// <summary>
+/// Represents an error indicating that the content-type is invalid, for example, could not be parsed or is not supported.
+/// </summary>
+public class InvalidContentTypeError : RequestError
+{
+    /// <inheritdoc cref="InvalidContentTypeError"/>
+    public InvalidContentTypeError() : base("Invalid 'Content-Type' header.") { }
+
+    /// <inheritdoc cref="InvalidContentTypeError"/>
+    public InvalidContentTypeError(string message) : base("Invalid 'Content-Type' header: " + message) { }
+}