chore: audit Deno (#37)

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

Author: enisdenjo

.github/workflows/audits.yml

@@ -300,6 +300,36 @@ jobs:
             README.md
             report.json
 
+  deno:
+    runs-on: ubuntu-latest
+    if: "!contains(github.event.head_commit.message, '[skip ci]')"
+    env:
+      PORT: 4000
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Set up node
+        uses: actions/setup-node@v3
+        with:
+          node-version: 18
+          cache: yarn
+      - name: Install
+        run: yarn install --immutable
+      - name: Build
+        run: yarn build:esm
+      - name: Start
+        run: yarn workspace deno start -d --wait
+      # TODO: cache docker build artifacts
+      - name: Audit
+        run: node scripts/audit-implementation.mjs .
+      - name: Upload report
+        uses: actions/upload-artifact@v3
+        with:
+          name: deno-report
+          path: |
+            README.md
+            report.json
+
   report:
     name: Report
     runs-on: ubuntu-latest
@@ -316,6 +346,7 @@ jobs:
         hotchocolate,
         postgraphile,
         pioneer,
+        deno,
       ]
     steps:
       - name: Checkout
@@ -373,6 +404,11 @@ jobs:
         with:
           name: pioneer-report
           path: implementations/pioneer
+      - name: Download deno report
+        uses: actions/download-artifact@v3
+        with:
+          name: deno-report
+          path: implementations/deno
       - name: Commit
         run: |
           git config user.name "github-actions[bot]"

implementations/apollo-server/README.md

@@ -165,6 +165,6 @@ Status code 400 is not 200
 ```
 26. SHOULD not contain the data entry on JSON parsing failure when accepting application/graphql-response+json<br />
 ```
-Response body is not valid JSON. Got "<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n<meta charset=\"utf-8\">\n<title>Error</title>\n</head>\n<body>\n<pre>SyntaxError: Unexpected end of JSON input<br> &nbsp; &nbsp;at JSON.parse (&lt;anonymous&gt;)<br> &nbsp; &nbsp;at parse (/home/runner/work/graphql-http/graphql-http/node_modules/body-parser/lib/types/json.js:89:19)<br> &nbsp; &nbsp;at /home/runner/work/graphql-http/graphql-http/node_modules/body-parser/lib/read.js:128:18<br> &nbsp; &nbsp;at AsyncResource.runInAsyncScope (node:async_hooks:203:9)<br> &nbsp; &nbsp;at invokeCallback (/home/runner/work/graphql-http/graphql-http/node_modules/raw-body/index.js:231:16)<br> &nbsp; &nbsp;at done (/home/runner/work/graphql-http/graphql-http/node_modules/raw-body/index.js:220:7)<br> &nbsp; &nbsp;at IncomingMessage.onEnd (/home/runner/work/graphql-http/graphql-http/node_modules/raw-body/index.js:280:7)<br> &nbsp; &nbsp;at IncomingMessage.emit (node:events:513:28)<br> &nbsp; &nbsp;at endReadableNT (node:internal/streams/rea...
+Response body is not valid JSON. Got "<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n<meta charset=\"utf-8\">\n<title>Error</title>\n</head>\n<body>\n<pre>SyntaxError: Unexpected end of JSON input<br> &nbsp; &nbsp;at JSON.parse (&lt;anonymous&gt;)<br> &nbsp; &nbsp;at parse (/home/runner/work/graphql-http/graphql-http/node_modules/body-parser/lib/types/json.js:89:19)<br> &nbsp; &nbsp;at /home/runner/work/graphql-http/graphql-http/node_modules/body-parser/lib/read.js:128:18<br> &nbsp; &nbsp;at AsyncResource.runInAsyncScope (node:async_hooks:204:9)<br> &nbsp; &nbsp;at invokeCallback (/home/runner/work/graphql-http/graphql-http/node_modules/raw-body/index.js:231:16)<br> &nbsp; &nbsp;at done (/home/runner/work/graphql-http/graphql-http/node_modules/raw-body/index.js:220:7)<br> &nbsp; &nbsp;at IncomingMessage.onEnd (/home/runner/work/graphql-http/graphql-http/node_modules/raw-body/index.js:280:7)<br> &nbsp; &nbsp;at IncomingMessage.emit (node:events:513:28)<br> &nbsp; &nbsp;at endReadableNT (node:internal/streams/rea...
 ```
 

implementations/deno/Dockerfile

@@ -0,0 +1,7 @@
+FROM denoland/deno:1.29.2
+
+# curl is necessary for healthchecks
+RUN apt update && apt install curl -y
+
+COPY index.ts .
+RUN deno cache index.ts

implementations/deno/README.md

@@ -0,0 +1,236 @@
+_* This report was auto-generated by graphql-http_
+
+# GraphQL over HTTP audit report
+
+- **79** audits in total
+- ✅ **32** pass
+- ⚠️ **44** warnings (optional)
+- ❌ **3** errors (required)
+
+## Passing
+1. MUST accept application/json and match the content-type
+2. SHOULD accept \*/\* and use application/json for the content-type
+3. SHOULD assume application/json content-type when accept is missing
+4. MUST accept POST requests
+5. MAY accept application/x-www-form-urlencoded formatted GET requests
+6. MAY NOT allow executing mutations on GET requests
+7. SHOULD respond with 4xx status code if content-type is not supplied on POST requests
+8. MUST accept application/json POST requests
+9. MUST require a request body on POST
+10. SHOULD use 200 status code with errors field on missing {query} parameter when accepting application/json
+11. SHOULD use 200 status code with errors field on object {query} parameter when accepting application/json
+12. SHOULD use 200 status code with errors field on number {query} parameter when accepting application/json
+13. SHOULD use 200 status code with errors field on boolean {query} parameter when accepting application/json
+14. SHOULD use 200 status code with errors field on array {query} parameter when accepting application/json
+15. MUST allow string {query} parameter when accepting application/json
+16. SHOULD use 200 status code with errors field on object {operationName} parameter when accepting application/json
+17. SHOULD use 200 status code with errors field on number {operationName} parameter when accepting application/json
+18. SHOULD use 200 status code with errors field on boolean {operationName} parameter when accepting application/json
+19. SHOULD use 200 status code with errors field on array {operationName} parameter when accepting application/json
+20. MUST allow string {operationName} parameter when accepting application/json
+21. MUST allow null {variables} parameter when accepting application/json
+22. MUST allow null {operationName} parameter when accepting application/json
+23. MUST allow null {extensions} parameter when accepting application/json
+24. MUST allow map {variables} parameter when accepting application/json
+25. MUST allow map {extensions} parameter when accepting application/json
+26. SHOULD use 200 status code if parameters are invalid when accepting application/json
+27. SHOULD use 200 status code on document parsing failure when accepting application/json
+28. SHOULD use 200 status code on document validation failure when accepting application/json
+29. SHOULD use 4xx or 5xx status codes on JSON parsing failure when accepting application/graphql-response+json
+30. SHOULD use 4xx or 5xx status codes if parameters are invalid when accepting application/graphql-response+json
+31. SHOULD use 4xx or 5xx status codes on document parsing failure when accepting application/graphql-response+json
+32. SHOULD use 4xx or 5xx status codes on document validation failure when accepting application/graphql-response+json
+
+## Warnings
+The server _SHOULD_ support these, but is not required.
+1. SHOULD accept application/graphql-response+json and match the content-type<br />
+```
+Status code 406 is not 200
+```
+2. SHOULD use 400 status code on missing {query} parameter when accepting application/graphql-response+json<br />
+```
+Status code 406 is not 400
+```
+3. SHOULD use 400 status code on object {query} parameter when accepting application/graphql-response+json<br />
+```
+Status code 406 is not 400
+```
+4. SHOULD use 400 status code on number {query} parameter when accepting application/graphql-response+json<br />
+```
+Status code 406 is not 400
+```
+5. SHOULD use 400 status code on boolean {query} parameter when accepting application/graphql-response+json<br />
+```
+Status code 406 is not 400
+```
+6. SHOULD use 400 status code on array {query} parameter when accepting application/graphql-response+json<br />
+```
+Status code 406 is not 400
+```
+7. SHOULD allow string {query} parameter when accepting application/graphql-response+json<br />
+```
+Status code 406 is not 200
+```
+8. SHOULD use 400 status code on object {operationName} parameter when accepting application/graphql-response+json<br />
+```
+Status code 406 is not 400
+```
+9. SHOULD use 400 status code on number {operationName} parameter when accepting application/graphql-response+json<br />
+```
+Status code 406 is not 400
+```
+10. SHOULD use 400 status code on boolean {operationName} parameter when accepting application/graphql-response+json<br />
+```
+Status code 406 is not 400
+```
+11. SHOULD use 400 status code on array {operationName} parameter when accepting application/graphql-response+json<br />
+```
+Status code 406 is not 400
+```
+12. SHOULD allow string {operationName} parameter when accepting application/graphql-response+json<br />
+```
+Status code 406 is not 200
+```
+13. SHOULD allow null {variables} parameter when accepting application/graphql-response+json<br />
+```
+Status code 406 is not 200
+```
+14. SHOULD allow null {operationName} parameter when accepting application/graphql-response+json<br />
+```
+Status code 406 is not 200
+```
+15. SHOULD allow null {extensions} parameter when accepting application/graphql-response+json<br />
+```
+Status code 406 is not 200
+```
+16. SHOULD use 400 status code on string {variables} parameter when accepting application/graphql-response+json<br />
+```
+Status code 406 is not 400
+```
+17. SHOULD use 400 status code on number {variables} parameter when accepting application/graphql-response+json<br />
+```
+Status code 406 is not 400
+```
+18. SHOULD use 400 status code on boolean {variables} parameter when accepting application/graphql-response+json<br />
+```
+Status code 406 is not 400
+```
+19. SHOULD use 400 status code on array {variables} parameter when accepting application/graphql-response+json<br />
+```
+Status code 406 is not 400
+```
+20. SHOULD use 200 status code with errors field on string {variables} parameter when accepting application/json<br />
+```
+Status code 400 is not 200
+```
+21. SHOULD use 200 status code with errors field on number {variables} parameter when accepting application/json<br />
+```
+Status code 400 is not 200
+```
+22. SHOULD use 200 status code with errors field on boolean {variables} parameter when accepting application/json<br />
+```
+Status code 400 is not 200
+```
+23. SHOULD use 200 status code with errors field on array {variables} parameter when accepting application/json<br />
+```
+Execution result {"data":{"__typename":"Query"}} does not have a property 'errors'
+```
+24. SHOULD allow map {variables} parameter when accepting application/graphql-response+json<br />
+```
+Status code 406 is not 200
+```
+25. MAY allow URL-encoded JSON string {variables} parameter in GETs when accepting application/graphql-response+json<br />
+```
+Status code 406 is not 200
+```
+26. MAY allow URL-encoded JSON string {variables} parameter in GETs when accepting application/json<br />
+```
+Execution result {"errors":[{"message":"Variable \"$name\" of required type \"String!\" was not provided.","locations":[{"line":1,"column":12}]}]} does have a property 'errors'
+```
+27. SHOULD use 400 status code on string {extensions} parameter when accepting application/graphql-response+json<br />
+```
+Status code 406 is not 400
+```
+28. SHOULD use 400 status code on number {extensions} parameter when accepting application/graphql-response+json<br />
+```
+Status code 406 is not 400
+```
+29. SHOULD use 400 status code on boolean {extensions} parameter when accepting application/graphql-response+json<br />
+```
+Status code 406 is not 400
+```
+30. SHOULD use 400 status code on array {extensions} parameter when accepting application/graphql-response+json<br />
+```
+Status code 406 is not 400
+```
+31. SHOULD use 200 status code with errors field on string {extensions} parameter when accepting application/json<br />
+```
+Execution result {"data":{"__typename":"Query"}} does not have a property 'errors'
+```
+32. SHOULD use 200 status code with errors field on number {extensions} parameter when accepting application/json<br />
+```
+Execution result {"data":{"__typename":"Query"}} does not have a property 'errors'
+```
+33. SHOULD use 200 status code with errors field on boolean {extensions} parameter when accepting application/json<br />
+```
+Execution result {"data":{"__typename":"Query"}} does not have a property 'errors'
+```
+34. SHOULD use 200 status code with errors field on array {extensions} parameter when accepting application/json<br />
+```
+Execution result {"data":{"__typename":"Query"}} does not have a property 'errors'
+```
+35. SHOULD allow map {extensions} parameter when accepting application/graphql-response+json<br />
+```
+Status code 406 is not 200
+```
+36. SHOULD use 200 status code on JSON parsing failure when accepting application/json<br />
+```
+Status code 400 is not 200
+```
+37. SHOULD use 400 status code on JSON parsing failure when accepting application/graphql-response+json<br />
+```
+Status code 406 is not 400
+```
+38. SHOULD not contain the data entry on JSON parsing failure when accepting application/graphql-response+json<br />
+```
+Response body is not valid JSON. Got "Not Acceptable"
+```
+39. SHOULD use 400 status code if parameters are invalid when accepting application/graphql-response+json<br />
+```
+Status code 406 is not 400
+```
+40. SHOULD not contain the data entry if parameters are invalid when accepting application/graphql-response+json<br />
+```
+Response body is not valid JSON. Got "Not Acceptable"
+```
+41. SHOULD use 400 status code on document parsing failure when accepting application/graphql-response+json<br />
+```
+Status code 406 is not 400
+```
+42. SHOULD not contain the data entry on document parsing failure when accepting application/graphql-response+json<br />
+```
+Response body is not valid JSON. Got "Not Acceptable"
+```
+43. SHOULD use 400 status code on document validation failure when accepting application/graphql-response+json<br />
+```
+Status code 406 is not 400
+```
+44. SHOULD not contain the data entry on document validation failure when accepting application/graphql-response+json<br />
+```
+Response body is not valid JSON. Got "Not Acceptable"
+```
+
+## Errors
+The server _MUST_ support these.
+1. MUST use utf-8 encoding when responding<br />
+```
+Body is not UTF-8 encoded
+```
+2. MUST accept utf-8 encoding<br />
+```
+Content-Type header "application/json" does not contain "utf-8"
+```
+3. MUST assume utf-8 if encoding is unspecified<br />
+```
+Content-Type header "application/json" does not contain "utf-8"
+```

implementations/deno/docker-compose.yml

@@ -0,0 +1,12 @@
+services:
+  server:
+    build: .
+    environment:
+      - PORT=${PORT}
+    ports:
+      - ${PORT}:${PORT}
+    entrypoint: [deno, run, --allow-env, --allow-net, index.ts]
+    healthcheck:
+      test: curl -f http://localhost:$$PORT/graphql?query=%7B__typename%7D || exit 1
+      interval: 3s
+      timeout: 1s

implementations/deno/index.ts

@@ -0,0 +1,24 @@
+import { makeExecutableSchema } from 'https://deno.land/x/[email protected]/mod.ts';
+import { gql } from 'https://deno.land/x/[email protected]/mod.ts';
+import { Server } from 'https://deno.land/[email protected]/http/server.ts';
+import { GraphQLHTTP } from 'https://deno.land/x/[email protected]/mod.ts';
+
+const schema = makeExecutableSchema({
+  typeDefs: gql`
+    type Query {
+      hello: String
+    }
+  `,
+  resolvers: {
+    Query: {
+      hello: () => 'world',
+    },
+  },
+});
+
+const server = new Server({
+  handler: GraphQLHTTP({ schema }),
+  port: Deno.env.get('PORT'),
+});
+
+server.listenAndServe();

implementations/deno/package.json

@@ -0,0 +1,8 @@
+{
+  "private": true,
+  "name": "deno",
+  "packageManager": "[email protected]",
+  "scripts": {
+    "start": "docker compose up --build"
+  }
+}

implementations/deno/report.json

@@ -0,0 +1,6 @@
+{
+  "total": 79,
+  "ok": 32,
+  "warn": 44,
+  "error": 3
+}

implementations/graphql-helix/README.md

@@ -176,7 +176,7 @@ Status code 400 is not 200
 ```
 30. SHOULD not contain the data entry on JSON parsing failure when accepting application/graphql-response+json<br />
 ```
-Response body is not valid JSON. Got "<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n<meta charset=\"utf-8\">\n<title>Error</title>\n</head>\n<body>\n<pre>SyntaxError: Unexpected end of JSON input<br> &nbsp; &nbsp;at JSON.parse (&lt;anonymous&gt;)<br> &nbsp; &nbsp;at parse (/home/runner/work/graphql-http/graphql-http/node_modules/body-parser/lib/types/json.js:89:19)<br> &nbsp; &nbsp;at /home/runner/work/graphql-http/graphql-http/node_modules/body-parser/lib/read.js:128:18<br> &nbsp; &nbsp;at AsyncResource.runInAsyncScope (node:async_hooks:203:9)<br> &nbsp; &nbsp;at invokeCallback (/home/runner/work/graphql-http/graphql-http/node_modules/raw-body/index.js:231:16)<br> &nbsp; &nbsp;at done (/home/runner/work/graphql-http/graphql-http/node_modules/raw-body/index.js:220:7)<br> &nbsp; &nbsp;at IncomingMessage.onEnd (/home/runner/work/graphql-http/graphql-http/node_modules/raw-body/index.js:280:7)<br> &nbsp; &nbsp;at IncomingMessage.emit (node:events:513:28)<br> &nbsp; &nbsp;at endReadableNT (node:internal/streams/rea...
+Response body is not valid JSON. Got "<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n<meta charset=\"utf-8\">\n<title>Error</title>\n</head>\n<body>\n<pre>SyntaxError: Unexpected end of JSON input<br> &nbsp; &nbsp;at JSON.parse (&lt;anonymous&gt;)<br> &nbsp; &nbsp;at parse (/home/runner/work/graphql-http/graphql-http/node_modules/body-parser/lib/types/json.js:89:19)<br> &nbsp; &nbsp;at /home/runner/work/graphql-http/graphql-http/node_modules/body-parser/lib/read.js:128:18<br> &nbsp; &nbsp;at AsyncResource.runInAsyncScope (node:async_hooks:204:9)<br> &nbsp; &nbsp;at invokeCallback (/home/runner/work/graphql-http/graphql-http/node_modules/raw-body/index.js:231:16)<br> &nbsp; &nbsp;at done (/home/runner/work/graphql-http/graphql-http/node_modules/raw-body/index.js:220:7)<br> &nbsp; &nbsp;at IncomingMessage.onEnd (/home/runner/work/graphql-http/graphql-http/node_modules/raw-body/index.js:280:7)<br> &nbsp; &nbsp;at IncomingMessage.emit (node:events:513:28)<br> &nbsp; &nbsp;at endReadableNT (node:internal/streams/rea...
 ```
 
 ## Errors

yarn.lock

@@ -5893,6 +5893,12 @@ __metadata:
   languageName: node
   linkType: hard
 
+"deno@workspace:implementations/deno":
+  version: 0.0.0-use.local
+  resolution: "deno@workspace:implementations/deno"
+  languageName: unknown
+  linkType: soft
+
 "depd@npm:2.0.0, depd@npm:^2.0.0, depd@npm:~2.0.0":
   version: 2.0.0
   resolution: "depd@npm:2.0.0"