这是indexloc提供的服务,不要输入任何密码
Skip to content

check input empty strings for metadata api (close #2302) #2300

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 15 commits into from
Jul 11, 2019
Merged

check input empty strings for metadata api (close #2302) #2300

merged 15 commits into from
Jul 11, 2019

Conversation

@ajeetdsouza
Copy link
Contributor

@ajeetdsouza ajeetdsouza commented May 29, 2019
edited
Loading

Description

The current metadata API allows a user to pass empty strings for things like role names, collection names, query names, etc, which should never be empty. This PR adds checks for these cases - any API calls made with empty strings as values for these types will now fail with a comprehensive error message.

Affected components

  • Server
  • Tests

Related Issues

close #2302

Solution and Design

NEText wraps regular text, and uses a smart constructor mkNEText :: Text -> Maybe NEText that fails when provided an empty value. The following type aliases and newtypes used to contain standard Text, and have been changed to contain NEText:

  • RelName
  • TQueryName
  • TriggerName
  • RoleName
  • CollectionName
  • QueryName
  • RemoteSchemaName

Steps to test and verify

A new PyTest class (TestNEText) has been added to test_v1_queries.py, which test empty text input failure for the following types using the API:

  • RelName
  • TriggerName
  • RoleName
  • CollectionName
  • QueryName
  • RemoteSchemaName

Limitations, known bugs & workarounds

  • None

To the Reviewer (Server)

  • No new modules have been added.
  • A newtype NEText has been created for non-empty Text types. A smart constructor mkNEText :: Text -> Maybe NEText has been created for this.
  • The following newtypes used to wrap Text, and now wrap NEText: RelName, RoleName, CollectionName, QueryName, RemoteSchemaName
  • The following types were aliased to Text, and are now newtypes wrapping NEText: TriggerName
  • The following convenience functions have been added to extract Text from newtypes: relNameToTxt, triggerNameToTxt, roleNameToTxt
  • The following NEText constants have been created: adminText, rootText
  • Tests have been added in the TestNEText class

Critical files

  • src-lib/Hasura/GraphQL/Resolve/Insert.hs
  • src-lib/Hasura/RQL/Types/Common.hs
  • src-lib/Hasura/RQL/Types/EventTrigger.hs
  • src-lib/Hasura/RQL/Types/Permission.hs
  • src-lib/Hasura/RQL/Types/QueryCollection.hs
  • src-lib/Hasura/RQL/Types/RemoteSchema.hs
  • src-lib/Hasura/Server/App.hs
  • src-lib/Hasura/Server/Auth/JWT.hs
  • src-lib/Hasura/Server/Init.hs
  • tests-py/test_v1_queries.py (TestNEText and the corresponding tests)

@ajeetdsouza ajeetdsouza requested a review from rakeshkky May 29, 2019 12:53
@ajeetdsouza ajeetdsouza requested a review from 0x777 as a code owner May 29, 2019 12:53
@hasura-bot
Copy link
Contributor

hasura-bot commented May 29, 2019

Beep boop! 🤖

Hey @ajeetdsouza, thanks for your PR!

One of my human friends will review this PR and get back to you as soon as possible. 🕐

Stay awesome! 😎

@netlify
Copy link

netlify bot commented May 29, 2019
edited
Loading

Deploy preview for hasura-docs ready!

Built with commit 7816d9d

https://deploy-preview-2300--hasura-docs.netlify.com

@hasura-bot
Copy link
Contributor

hasura-bot commented May 29, 2019

Review app for commit 32dc7e2 deployed to Heroku: https://hge-ci-pull-2300.herokuapp.com
Docker image for server: hasura/graphql-engine:pull2300-32dc7e21

@hasura-bot
Copy link
Contributor

hasura-bot commented May 30, 2019

Review app for commit d25479a deployed to Heroku: https://hge-ci-pull-2300.herokuapp.com
Docker image for server: hasura/graphql-engine:pull2300-d25479a0

@rakeshkky
Copy link
Member

rakeshkky commented May 30, 2019

  • Identify similar patterns for unNEText and reduce them

@rakeshkky rakeshkky changed the title Create newtype for non-empty text check input empty strings for metadata api (close #2302) May 30, 2019
rakeshkky
rakeshkky reviewed Jun 3, 2019
View reviewed changes
@hasura-bot
Copy link
Contributor

hasura-bot commented Jun 3, 2019

Review app for commit 5eb4a54 deployed to Heroku: https://hge-ci-pull-2300.herokuapp.com
Docker image for server: hasura/graphql-engine:pull2300-5eb4a546

rakeshkky
rakeshkky reviewed Jun 3, 2019
View reviewed changes
rakeshkky
rakeshkky reviewed Jun 3, 2019
View reviewed changes
@ajeetdsouza ajeetdsouza self-assigned this Jun 3, 2019
@hasura-bot
Copy link
Contributor

hasura-bot commented Jun 3, 2019

Review app for commit 72a578b deployed to Heroku: https://hge-ci-pull-2300.herokuapp.com
Docker image for server: hasura/graphql-engine:pull2300-72a578b5

rakeshkky
rakeshkky reviewed Jun 6, 2019
View reviewed changes
rakeshkky
rakeshkky reviewed Jun 6, 2019
View reviewed changes
@hasura-bot
Copy link
Contributor

hasura-bot commented Jun 6, 2019

Review app for commit 9b239c8 deployed to Heroku: https://hge-ci-pull-2300.herokuapp.com
Docker image for server: hasura/graphql-engine:pull2300-9b239c8f

@shahidhk shahidhk added the c/server Related to server label Jun 10, 2019
@ajeetdsouza ajeetdsouza requested a review from rikinsk-zz as a code owner June 19, 2019 10:30
@hasura-bot
Copy link
Contributor

hasura-bot commented Jun 19, 2019

Review app for commit a8a9033 deployed to Heroku: https://hge-ci-pull-2300.herokuapp.com
Docker image for server: hasura/graphql-engine:pull2300-a8a90339

rakeshkky
rakeshkky reviewed Jun 21, 2019
View reviewed changes
@hasura-bot
Copy link
Contributor

hasura-bot commented Jun 21, 2019

Review app for commit fa166e8 deployed to Heroku: https://hge-ci-pull-2300.herokuapp.com
Docker image for server: hasura/graphql-engine:pull2300-fa166e8e

@dsandip dsandip added the k/bug Something isn't working label Jul 2, 2019
@hasura-bot
Copy link
Contributor

hasura-bot commented Jul 2, 2019

Review app for commit 875fe13 deployed to Heroku: https://hge-ci-pull-2300.herokuapp.com
Docker image for server: hasura/graphql-engine:pull2300-875fe13d

rakeshkky
rakeshkky previously approved these changes Jul 2, 2019
View reviewed changes
@hasura-bot
Copy link
Contributor

hasura-bot commented Jul 8, 2019

Review app for commit be236b3 deployed to Heroku: https://hge-ci-pull-2300.herokuapp.com
Docker image for server: hasura/graphql-engine:pull2300-be236b37

rakeshkky
rakeshkky previously approved these changes Jul 11, 2019
View reviewed changes
Copy link
Member

@rakeshkky rakeshkky left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

server LGTM

@hasura-bot
Copy link
Contributor

hasura-bot commented Jul 11, 2019

Review app for commit 7816d9d deployed to Heroku: https://hge-ci-pull-2300.herokuapp.com
Docker image for server: hasura/graphql-engine:pull2300-7816d9d1

shahidhk
shahidhk approved these changes Jul 11, 2019
View reviewed changes
Copy link
Member

@shahidhk shahidhk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@shahidhk shahidhk merged commit 92c4cff into hasura:master Jul 11, 2019
@hasura-bot
Copy link
Contributor

hasura-bot commented Jul 11, 2019

Review app https://hge-ci-pull-2300.herokuapp.com is deleted

@hasura-bot
Copy link
Contributor

hasura-bot commented Jul 11, 2019

Beep boop! 🤖

GIF

Awesome work @ajeetdsouza! All of us at Hasura ❤️ what you did.

Thanks again 🤗

@rakeshkky rakeshkky mentioned this pull request Jul 12, 2019
Closed
polRk pushed a commit to polRk/graphql-engine that referenced this pull request Feb 12, 2020
@ajeetdsouza @polRk
check input for empty strings for metadata api (close hasura#2302) (h…
e531f26 
…asura#2300)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@shahidhk shahidhk shahidhk approved these changes

@rakeshkky rakeshkky rakeshkky left review comments

@0x777 0x777 Awaiting requested review from 0x777

@rikinsk-zz rikinsk-zz Awaiting requested review from rikinsk-zz

Assignees

@ajeetdsouza ajeetdsouza

Labels

c/server Related to server k/bug Something isn't working

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

check input empty strings for metadata api

5 participants

@ajeetdsouza @hasura-bot @rakeshkky @shahidhk @dsandip