Search in sources :

Example 11 with GraphQLProcessorResponseDTO

use of org.wso2.carbon.apimgt.gateway.inbound.websocket.GraphQLProcessorResponseDTO in project carbon-apimgt by wso2.

the class GraphQLResponseProcessorTest method testHandleResponseScopeValidationSkipWhenSecurityDisabled.

@Test
public void testHandleResponseScopeValidationSkipWhenSecurityDisabled() {
    InboundMessageContext inboundMessageContext = new InboundMessageContext();
    int msgSize = 100;
    String msgText = "{\"type\":\"data\",\"id\":\"1\",\"payload\":{\"data\":" + "{\"liftStatusChange\":{\"name\":\"Astra Express\"}}}}";
    PowerMockito.mockStatic(InboundWebsocketProcessorUtil.class);
    InboundProcessorResponseDTO responseDTO = new InboundProcessorResponseDTO();
    PowerMockito.when(InboundWebsocketProcessorUtil.authenticateToken(inboundMessageContext)).thenReturn(responseDTO);
    // VerbInfoDTO with security disabled
    VerbInfoDTO verbInfoDTO = new VerbInfoDTO();
    verbInfoDTO.setHttpVerb("SUBSCRIPTION");
    verbInfoDTO.setThrottling("Unlimited");
    verbInfoDTO.setAuthType("None");
    GraphQLOperationDTO graphQLOperationDTO = new GraphQLOperationDTO(verbInfoDTO, "liftStatusChange");
    inboundMessageContext.addVerbInfoForGraphQLMsgId("1", graphQLOperationDTO);
    // Creating response for scope validation
    GraphQLProcessorResponseDTO graphQLProcessorResponseDTO = new GraphQLProcessorResponseDTO();
    graphQLProcessorResponseDTO.setError(true);
    graphQLProcessorResponseDTO.setErrorCode(WebSocketApiConstants.FrameErrorConstants.RESOURCE_FORBIDDEN_ERROR);
    graphQLProcessorResponseDTO.setErrorMessage("User is NOT authorized to access the Resource");
    graphQLProcessorResponseDTO.setCloseConnection(false);
    graphQLProcessorResponseDTO.setId("1");
    PowerMockito.when(InboundWebsocketProcessorUtil.validateScopes(inboundMessageContext, "liftStatusChange", "1")).thenReturn(graphQLProcessorResponseDTO);
    PowerMockito.when(InboundWebsocketProcessorUtil.doThrottleForGraphQL(msgSize, verbInfoDTO, inboundMessageContext, "1")).thenReturn(responseDTO);
    GraphQLResponseProcessor responseProcessor = new GraphQLResponseProcessor();
    InboundProcessorResponseDTO processorResponseDTO = responseProcessor.handleResponse(msgSize, msgText, inboundMessageContext);
    Assert.assertFalse(processorResponseDTO.isError());
    Assert.assertNull(processorResponseDTO.getErrorMessage());
    Assert.assertNotEquals(processorResponseDTO.getErrorMessage(), "User is NOT authorized to access the Resource");
}
Also used : GraphQLOperationDTO(org.wso2.carbon.apimgt.gateway.dto.GraphQLOperationDTO) GraphQLProcessorResponseDTO(org.wso2.carbon.apimgt.gateway.inbound.websocket.GraphQLProcessorResponseDTO) VerbInfoDTO(org.wso2.carbon.apimgt.impl.dto.VerbInfoDTO) InboundProcessorResponseDTO(org.wso2.carbon.apimgt.gateway.inbound.websocket.InboundProcessorResponseDTO) InboundMessageContext(org.wso2.carbon.apimgt.gateway.inbound.InboundMessageContext) Test(org.junit.Test) PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest)

Example 12 with GraphQLProcessorResponseDTO

use of org.wso2.carbon.apimgt.gateway.inbound.websocket.GraphQLProcessorResponseDTO in project carbon-apimgt by wso2.

the class GraphQLRequestProcessor method validateQueryDepth.

/**
 * Validate query depth of graphql subscription payload.
 *
 * @param subscriptionAnalyzer  Query complexity and depth analyzer for subscription operations
 * @param inboundMessageContext InboundMessageContext
 * @param payload               GraphQL payload
 * @param operationId           GraphQL message Id
 * @return GraphQLProcessorResponseDTO
 */
private GraphQLProcessorResponseDTO validateQueryDepth(SubscriptionAnalyzer subscriptionAnalyzer, InboundMessageContext inboundMessageContext, String payload, String operationId) {
    GraphQLProcessorResponseDTO responseDTO = new GraphQLProcessorResponseDTO();
    responseDTO.setId(operationId);
    QueryAnalyzerResponseDTO queryAnalyzerResponseDTO = subscriptionAnalyzer.analyseSubscriptionQueryDepth(inboundMessageContext.getInfoDTO().getGraphQLMaxDepth(), payload);
    if (!queryAnalyzerResponseDTO.isSuccess() && !queryAnalyzerResponseDTO.getErrorList().isEmpty()) {
        List<String> errorList = queryAnalyzerResponseDTO.getErrorList();
        log.error("Query depth validation failed for: " + payload + " errors: " + errorList.toString());
        responseDTO.setError(true);
        responseDTO.setErrorCode(WebSocketApiConstants.FrameErrorConstants.GRAPHQL_QUERY_TOO_DEEP);
        responseDTO.setErrorMessage(WebSocketApiConstants.FrameErrorConstants.GRAPHQL_QUERY_TOO_DEEP_MESSAGE + " : " + queryAnalyzerResponseDTO.getErrorList().toString());
        return responseDTO;
    }
    return responseDTO;
}
Also used : GraphQLProcessorResponseDTO(org.wso2.carbon.apimgt.gateway.inbound.websocket.GraphQLProcessorResponseDTO) QueryAnalyzerResponseDTO(org.wso2.carbon.apimgt.common.gateway.dto.QueryAnalyzerResponseDTO)

Example 13 with GraphQLProcessorResponseDTO

use of org.wso2.carbon.apimgt.gateway.inbound.websocket.GraphQLProcessorResponseDTO in project carbon-apimgt by wso2.

the class InboundWebsocketProcessorUtil method doThrottleForGraphQL.

/**
 * Checks if the request is throttled for GraphQL subscriptions.
 *
 * @param msgSize               Websocket msg size
 * @param verbInfoDTO           VerbInfoDTO for invoking operation.
 * @param inboundMessageContext InboundMessageContext
 * @param operationId           Operation ID
 * @return InboundProcessorResponseDTO
 */
public static InboundProcessorResponseDTO doThrottleForGraphQL(int msgSize, VerbInfoDTO verbInfoDTO, InboundMessageContext inboundMessageContext, String operationId) {
    GraphQLProcessorResponseDTO responseDTO = new GraphQLProcessorResponseDTO();
    responseDTO.setId(operationId);
    return InboundWebsocketProcessorUtil.doThrottle(msgSize, verbInfoDTO, inboundMessageContext, responseDTO);
}
Also used : GraphQLProcessorResponseDTO(org.wso2.carbon.apimgt.gateway.inbound.websocket.GraphQLProcessorResponseDTO)

Example 14 with GraphQLProcessorResponseDTO

use of org.wso2.carbon.apimgt.gateway.inbound.websocket.GraphQLProcessorResponseDTO in project carbon-apimgt by wso2.

the class GraphQLRequestProcessor method validateQueryPayload.

/**
 * Validates GraphQL query payload using QueryValidator and graphql schema of the invoking API.
 *
 * @param inboundMessageContext InboundMessageContext
 * @param document              Graphql payload
 * @param operationId           Graphql message id
 * @return InboundProcessorResponseDTO
 */
private InboundProcessorResponseDTO validateQueryPayload(InboundMessageContext inboundMessageContext, Document document, String operationId) {
    GraphQLProcessorResponseDTO responseDTO = new GraphQLProcessorResponseDTO();
    responseDTO.setId(operationId);
    QueryValidator queryValidator = new QueryValidator(new Validator());
    // payload validation
    String validationErrorMessage = queryValidator.validatePayload(inboundMessageContext.getGraphQLSchemaDTO().getGraphQLSchema(), document);
    if (validationErrorMessage != null) {
        String error = WebSocketApiConstants.FrameErrorConstants.GRAPHQL_INVALID_QUERY_MESSAGE + " : " + validationErrorMessage;
        log.error(error);
        responseDTO.setError(true);
        responseDTO.setErrorCode(WebSocketApiConstants.FrameErrorConstants.GRAPHQL_INVALID_QUERY);
        responseDTO.setErrorMessage(error);
        return responseDTO;
    }
    return responseDTO;
}
Also used : GraphQLProcessorResponseDTO(org.wso2.carbon.apimgt.gateway.inbound.websocket.GraphQLProcessorResponseDTO) QueryValidator(org.wso2.carbon.apimgt.common.gateway.graphql.QueryValidator) QueryValidator(org.wso2.carbon.apimgt.common.gateway.graphql.QueryValidator) Validator(graphql.validation.Validator)

Aggregations

GraphQLProcessorResponseDTO (org.wso2.carbon.apimgt.gateway.inbound.websocket.GraphQLProcessorResponseDTO)14 InboundProcessorResponseDTO (org.wso2.carbon.apimgt.gateway.inbound.websocket.InboundProcessorResponseDTO)8 Test (org.junit.Test)7 PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)7 InboundMessageContext (org.wso2.carbon.apimgt.gateway.inbound.InboundMessageContext)7 VerbInfoDTO (org.wso2.carbon.apimgt.impl.dto.VerbInfoDTO)6 GraphQLSchema (graphql.schema.GraphQLSchema)3 SchemaParser (graphql.schema.idl.SchemaParser)3 TypeDefinitionRegistry (graphql.schema.idl.TypeDefinitionRegistry)3 JSONObject (org.json.simple.JSONObject)3 JSONParser (org.json.simple.parser.JSONParser)3 GraphQLSchemaDTO (org.wso2.carbon.apimgt.api.gateway.GraphQLSchemaDTO)3 GraphQLOperationDTO (org.wso2.carbon.apimgt.gateway.dto.GraphQLOperationDTO)3 APIManagementException (org.wso2.carbon.apimgt.api.APIManagementException)2 QueryAnalyzerResponseDTO (org.wso2.carbon.apimgt.common.gateway.dto.QueryAnalyzerResponseDTO)2 Validator (graphql.validation.Validator)1 QueryValidator (org.wso2.carbon.apimgt.common.gateway.graphql.QueryValidator)1 APISecurityException (org.wso2.carbon.apimgt.gateway.handlers.security.APISecurityException)1 APIKeyValidationInfoDTO (org.wso2.carbon.apimgt.impl.dto.APIKeyValidationInfoDTO)1