public ValueTask InvokeAsync(IMiddlewareContext context)
{
if (context.Result is SerializedData s)
{
context.Result = s.Data is IReadOnlyDictionary <string, object> d
? d
: DictionaryDeserializer.DeserializeResult(
context.Selection.Type,
s.Data,
context.Service <InputParser>(),
context.Path);
}
else if (context.Result is null &&
!context.Selection.Field.Directives.Contains(DirectiveNames.Computed) &&
context.Parent <object>() is IReadOnlyDictionary <string, object> dict)
{
string responseName = context.Selection.SyntaxNode.Alias == null
? context.Selection.SyntaxNode.Name.Value
: context.Selection.SyntaxNode.Alias.Value;
dict.TryGetValue(responseName, out var obj);
context.Result = DictionaryDeserializer.DeserializeResult(
context.Selection.Type,
obj,
context.Service <InputParser>(),
context.Path);
}
return(_next.Invoke(context));
}
private static async Task <AuthorizeResult> AuthorizeWithPolicyAsync(
IMiddlewareContext context,
AuthorizeDirective directive,
ClaimsPrincipal principal)
{
IServiceProvider services = context.Service <IServiceProvider>();
IAuthorizationService?authorizeService =
services.GetService <IAuthorizationService>();
IAuthorizationPolicyProvider?policyProvider =
services.GetService <IAuthorizationPolicyProvider>();
if (authorizeService == null || policyProvider == null)
{
// authorization service is not configured so the user is
// authorized with the previous checks.
return(string.IsNullOrWhiteSpace(directive.Policy)
? AuthorizeResult.Allowed
: AuthorizeResult.NotAllowed);
}
AuthorizationPolicy?policy = null;
if ((directive.Roles is null || directive.Roles.Count == 0) &&
string.IsNullOrWhiteSpace(directive.Policy))
{
policy = await policyProvider.GetDefaultPolicyAsync()
.ConfigureAwait(false);
if (policy == null)
{
return(AuthorizeResult.NoDefaultPolicy);
}
}
public async Task InvokeAsync(IMiddlewareContext context)
{
var queryAuthorizationService = context.Service <IServiceProvider>().GetService <IQueryAuthorizationService>();
if (queryAuthorizationService != null)
{
var authorizationResult = await queryAuthorizationService.IsAllowedAsync(queryType);
if (authorizationResult != AuthorizationResult.Allowed)
{
var eb = ErrorBuilder.New()
.SetMessage(authorizationResult == AuthorizationResult.Unauthorized ? "Unauthorized" : "Forbidden")
.SetCode("AuthorizationResult")
.SetExtension("StatusCode", authorizationResult == AuthorizationResult.Unauthorized ? "401" : "403")
.SetPath(context.Path)
.AddLocation(context.Selection.SyntaxNode);
context.Result = eb.Build();
return;
}
}
await _next.Invoke(context);
}
public async Task InvokeAsync(IMiddlewareContext context)
{
var queryArgument = context.ArgumentValue <object>("params");
if (queryArgument != null)
{
var service = context.Service <IGraphQLValidationService>();
var result = await service.ValidateObjectAsync(queryArgument, context.RequestAborted);
if (!result.IsValid)
{
var eb = ErrorBuilder.New()
.SetMessage("There are some validations errors")
.SetCode("ValidationError")
.SetPath(context.Path)
.AddLocation(context.Selection.SyntaxNode);
foreach (var error in result.Errors)
{
eb.SetExtension(error.Field, error.Errors);
}
context.Result = eb.Build();
return;
}
}
await _next.Invoke(context);
}
public async Task InvokeAsync(IMiddlewareContext context)
{
var fieldName = context.Field.Name;
var objectType = context.ObjectType.Name;
var contextAccessor = context.Service <IHttpContextAccessor>();
if (!contextAccessor.HttpContext.User.Identity.IsAuthenticated)
{
context.Result = ErrorBuilder.New()
.SetMessage("Forbidden")
.SetCode("503")
.SetPath(context.Path)
.AddLocation(context.FieldSelection)
.Build();
return;
}
if (fieldName.Value == "PostalCode" && objectType.Value == "Restaurant")
{
context.Result = ErrorBuilder.New()
.SetMessage("Forbidden")
.SetCode("503")
.SetPath(context.Path)
.AddLocation(context.FieldSelection)
.Build();
return;
}
await _next.Invoke(context);
}
public async Task Invoke(
IMiddlewareContext context)
{
if (context.Selection.SyntaxNode.Arguments.Any())
{
var serviceProvider = context.Service <IServiceProvider>();
var errors = new List <(IInputField Argument, IList <ValidationFailure> Failures)>();
foreach (IInputField argument in context.Field.Arguments)
{
var validationOptions = new ArgumentValidationOptions <object>(
argument, context.ArgumentValue <object>(argument.Name));
if (!validationOptions.AllowedToValidate())
{
continue;
}
IValidator validator = validationOptions.GetValidator(serviceProvider);
if (validator == null)
{
continue;
}
ValidationResult result = await validator.ValidateAsync(
validationOptions.BuildValidationContext(), context.RequestAborted).ConfigureAwait(false);
if (result.Errors.Any())
{
errors.Add((argument, result.Errors));
}
}
if (errors.Any())
{
var errorBuilder = ActivatorUtilities.CreateInstance(
serviceProvider, _errorBuilderType) as IValidationErrorBuilder;
foreach (var error in errors)
{
foreach (var failure in error.Failures)
{
context.ReportError(
errorBuilder.BuildError(
ErrorBuilder.New(), failure, error.Argument, context)
.Build());
}
}
return;
}
}
await _next(context).ConfigureAwait(false);
}
public async Task Invoke(
IMiddlewareContext context)
{
var factory = ActivatorUtilities.CreateInstance(
context.Service <IServiceProvider>(), _factoryType) as ITransactionScopeFactory;
using System.Transactions.TransactionScope scope = factory.CreateScope(context);
await _next(context).ConfigureAwait(false);
scope.Complete();
}
private static IReadOnlyQueryRequest CreateQuery(
IMiddlewareContext context,
NameString schemaName,
IImmutableStack <SelectionPathComponent> path)
{
var fieldRewriter = new ExtractFieldQuerySyntaxRewriter(
context.Schema,
context.Service <IEnumerable <IQueryDelegationRewriter> >());
OperationType operationType =
context.Schema.IsRootType(context.ObjectType)
? context.Operation.Operation
: OperationType.Query;
ExtractedField extractedField = fieldRewriter.ExtractField(
schemaName, context.Document, context.Operation,
context.FieldSelection, context.ObjectType);
IEnumerable <VariableValue> scopedVariables =
ResolveScopedVariables(
context, schemaName, operationType, path);
IReadOnlyCollection <VariableValue> variableValues =
CreateVariableValues(
context, scopedVariables, extractedField);
DocumentNode query = RemoteQueryBuilder.New()
.SetOperation(operationType)
.SetSelectionPath(path)
.SetRequestField(extractedField.Field)
.AddVariables(CreateVariableDefs(variableValues))
.AddFragmentDefinitions(extractedField.Fragments)
.Build();
var requestBuilder = QueryRequestBuilder.New();
AddVariables(context, schemaName,
requestBuilder, query, variableValues);
requestBuilder.SetQuery(query);
requestBuilder.AddProperty(
WellKnownProperties.IsAutoGenerated,
true);
return(requestBuilder.Create());
}
public async Task InvokeAsync(IMiddlewareContext context)
{
await _next(context).ConfigureAwait(false);
IValueNode sortArg = context.ArgumentLiteral <IValueNode>(_contextData.ArgumentName);
if (sortArg is NullValueNode)
{
return;
}
IQueryable <T>?source = null;
if (context.Result is IQueryable <T> q)
{
source = q;
}
else if (context.Result is IEnumerable <T> e)
{
source = e.AsQueryable();
}
if (source is not null &&
context.Field.Arguments[_contextData.ArgumentName].Type is InputObjectType iot &&
iot is ISortInputType {
EntityType : not null
} fit)
{
var visitorCtx = new QueryableSortVisitorContext(
context.Service <InputParser>(),
iot,
fit.EntityType,
source is EnumerableQuery);
QueryableSortVisitor.Default.Visit(sortArg, visitorCtx);
source = visitorCtx.Sort(source);
context.Result = source;
}
}
public async Task InvokeAsync(IMiddlewareContext context)
{
await _next(context).ConfigureAwait(false);
IValueNode filter = context.ArgumentLiteral <IValueNode>(_contextData.ArgumentName);
if (filter is NullValueNode)
{
return;
}
IQueryable <T>?source = null;
if (context.Result is IQueryable <T> q)
{
source = q;
}
else if (context.Result is IEnumerable <T> e)
{
source = e.AsQueryable();
}
if (source is not null &&
context.Field.Arguments[_contextData.ArgumentName].Type is InputObjectType iot &&
iot is IFilterInputType fit)
{
var visitorContext = new QueryableFilterVisitorContext(
iot,
fit.EntityType,
_converter,
source is EnumerableQuery,
context.Service <InputParser>());
QueryableFilterVisitor.Default.Visit(filter, visitorContext);
source = source.Where(visitorContext.CreateFilter <T>());
context.Result = source;
}
}
public async Task InvokeAsync(IMiddlewareContext context)
{
await _next(context);
IQueryable <TSource>?source = null;
if (context.Result is IQueryable <TSource> q)
{
source = q;
}
else if (context.Result is IEnumerable <TSource> e)
{
source = e.AsQueryable();
}
if (source is not null)
{
var mapper = context.Service <IMapper>();
context.Result = source.ProjectTo <TProjection>(mapper.ConfigurationProvider);
}
}
public async Task Invoke(IMiddlewareContext context)
{
if (context.FieldSelection.Arguments.Count == 0)
{
await _next(context);
return;
}
var errors = context.FieldSelection.Arguments
.Select(a => context.Argument <object>(a.Name.Value))
.SelectMany(ValidateObject);
if (errors.Any())
{
foreach (var error in errors)
{
context.ReportError(ErrorBuilder.New()
.SetCode(error.ErrorCode)
.SetMessage(error.ErrorMessage)
.SetExtension("memberNames", error.PropertyName)
.AddLocation(context.FieldSelection.Location.Line, context.FieldSelection.Location.Column)
.SetPath(context.Path)
.Build());
}
context.Result = null;
}
else
{
await _next(context);
}
IEnumerable <ValidationFailure> ValidateObject(object argument)
{
try
{
var actualObjectType = argument.GetType();
var validatorGenericType = typeof(IValidator <>);
var validatorType = validatorGenericType.MakeGenericType(actualObjectType);
object validator = null;
try
{
validator = context.Service(validatorType);
}
catch (InvalidOperationException)
{
// No service found
return(Enumerable.Empty <ValidationFailure>());
}
if (validator == null)
{
return(Enumerable.Empty <ValidationFailure>());
}
var validateMethodInfo = validatorType.GetMethod(nameof(IValidator.Validate), new[] { actualObjectType });
var results = validateMethodInfo.Invoke(validator, new[] { argument }) as ValidationResult;
return(results.Errors.AsEnumerable());
}
catch (Exception ex)
{
throw new Exception($"Failed to validate with error '{ex.Message}'.");
}
}
}