From 0a3c0030e7882b2993c5f40d93bfb1e1df1a2460 Mon Sep 17 00:00:00 2001 From: Dan Debrunner Date: Wed, 28 Aug 2024 09:01:51 -0400 Subject: [PATCH 1/4] test: add tests for mkAllPublic --- protection/makeAllPublic/api.graphql | 35 +++++++++++---------- protection/makeAllPublic/operations.graphql | 6 ++++ protection/makeAllPublic/tests/Test.js | 34 ++++++++++++++++++++ 3 files changed, 58 insertions(+), 17 deletions(-) create mode 100644 protection/makeAllPublic/operations.graphql diff --git a/protection/makeAllPublic/api.graphql b/protection/makeAllPublic/api.graphql index fbe1cbf..70a1a6a 100644 --- a/protection/makeAllPublic/api.graphql +++ b/protection/makeAllPublic/api.graphql @@ -1,21 +1,22 @@ type Customer { - name: String - city: String + name: String + city: String } type Query { - # An ecmascript generator of customer data. - # Of course, in real life you will call an API or a database. You can do that by changing the `endpoint` argument on the `@rest` directive. - # https://stepzen.com/docs/connecting-backends/how-to-connect-a-rest-service - customer (id: ID): Customer - @rest (endpoint: "stepzen:empty" - ecmascript: """ - function transformREST(s) { - var id = get('id') - if (id==1) - return (JSON.stringify({"name":"John Doe","city":"Miami"})) - else - return (JSON.stringify({"name":"Jane Smith","city":"Santa Clara"})) - } - """ + # An ecmascript generator of customer data. + # Of course, in real life you will call an API or a database. You can do that by changing the `endpoint` argument on the `@rest` directive. + # https://stepzen.com/docs/connecting-backends/how-to-connect-a-rest-service + customer(id: ID!): Customer + @rest( + endpoint: "stepzen:empty" + ecmascript: """ + function transformREST(s) { + var id = get('id') + if (id==1) + return (JSON.stringify({"name":"John Doe","city":"Miami"})) + else + return (JSON.stringify({"name":"Jane Smith","city":"Santa Clara"})) + } + """ ) -} \ No newline at end of file +} diff --git a/protection/makeAllPublic/operations.graphql b/protection/makeAllPublic/operations.graphql new file mode 100644 index 0000000..80228d0 --- /dev/null +++ b/protection/makeAllPublic/operations.graphql @@ -0,0 +1,6 @@ +query Customer($id: ID!) { + customer(id: $ID) { + name + city + } +} diff --git a/protection/makeAllPublic/tests/Test.js b/protection/makeAllPublic/tests/Test.js index f165dd1..44d8379 100644 --- a/protection/makeAllPublic/tests/Test.js +++ b/protection/makeAllPublic/tests/Test.js @@ -6,8 +6,42 @@ const { testDescription = getTestDescription("snippets", __dirname); +const requestsFile = path.join(path.dirname(__dirname), "operations.graphql"); +const requests = fs.readFileSync(requestsFile, "utf8").toString(); + describe(testDescription, function () { + // note tests using no authorization since api is public const tests = [ + { + label: "customer-1", + query: requests, + operationName: "Customer", + variables: { + id:1 + }, + expected: { + customer: { + name: "John Doe", + city: "Miami", + }, + }, + authType: authTypes.noAuth, + }, + { + label: "customer-2", + query: requests, + operationName: "Customer", + variables: { + id:2 + }, + expected: { + customer: { + name: "Jane Smith", + city: "Santa Clara", + }, + }, + authType: authTypes.noAuth, + }, ] return deployAndRun(__dirname, tests); }); \ No newline at end of file From 6a2bd42c45ffd6c863525d3e56cfbdd1f5d823ee Mon Sep 17 00:00:00 2001 From: Dan Debrunner Date: Wed, 28 Aug 2024 09:04:44 -0400 Subject: [PATCH 2/4] chore: imports --- protection/makeAllPublic/tests/Test.js | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/protection/makeAllPublic/tests/Test.js b/protection/makeAllPublic/tests/Test.js index 44d8379..4040f09 100644 --- a/protection/makeAllPublic/tests/Test.js +++ b/protection/makeAllPublic/tests/Test.js @@ -1,3 +1,5 @@ +const fs = require("fs"); +const path = require("node:path"); const { deployAndRun, authTypes, @@ -17,7 +19,7 @@ describe(testDescription, function () { query: requests, operationName: "Customer", variables: { - id:1 + id: 1, }, expected: { customer: { @@ -32,7 +34,7 @@ describe(testDescription, function () { query: requests, operationName: "Customer", variables: { - id:2 + id: 2, }, expected: { customer: { @@ -42,6 +44,6 @@ describe(testDescription, function () { }, authType: authTypes.noAuth, }, - ] + ]; return deployAndRun(__dirname, tests); -}); \ No newline at end of file +}); From 67008dbee30f2e7fbcb880fae7b42c403ae0f185 Mon Sep 17 00:00:00 2001 From: Dan Debrunner Date: Wed, 28 Aug 2024 09:06:59 -0400 Subject: [PATCH 3/4] chore: fix operation --- protection/makeAllPublic/operations.graphql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/protection/makeAllPublic/operations.graphql b/protection/makeAllPublic/operations.graphql index 80228d0..7a85250 100644 --- a/protection/makeAllPublic/operations.graphql +++ b/protection/makeAllPublic/operations.graphql @@ -1,5 +1,5 @@ query Customer($id: ID!) { - customer(id: $ID) { + customer(id: $id) { name city } From 2c6ea8cf00753b38df361d509b2c3246369f971d Mon Sep 17 00:00:00 2001 From: Dan Debrunner Date: Wed, 28 Aug 2024 09:15:05 -0400 Subject: [PATCH 4/4] chore: drop Authorization header for noAuth --- tests/gqltest.js | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/tests/gqltest.js b/tests/gqltest.js index b8d9397..c0048c3 100644 --- a/tests/gqltest.js +++ b/tests/gqltest.js @@ -46,6 +46,7 @@ function deployEndpoint(endpoint, dirname) { // The test will fail if the request does not // have status 200 or has any GraphQL errors. function runGqlOk(authType, endpoint, query, variables, operationName) { + let authValue; switch (authType) { case authTypes.adminKey: authValue = adminKey; @@ -59,12 +60,18 @@ function runGqlOk(authType, endpoint, query, variables, operationName) { default: authValue = ""; } + + let headers = { + "Content-Type": "application/json", + }; + + if (authValue) { + headers.Authorization = authValue; + } + return fetch(endpoint, { method: "POST", - headers: { - "Content-Type": "application/json", - Authorization: authValue, - }, + headers: headers, body: JSON.stringify({ query: query, variables: variables,