Socket
Socket
Sign inDemoInstall

express-graphql

Package Overview
Dependencies
18
Maintainers
1
Versions
42
Alerts
File Explorer

Advanced tools

npm Scripts
License

Install Socket

Detect and block malicious and high-risk dependencies

Install

Comparing version 0.5.1 to 0.5.2

157

dist/index.js

@@ -0,2 +1,8 @@

'use strict';
Object.defineProperty(exports, "__esModule", {
value: true
});
var _typeof = typeof Symbol === "function" && typeof Symbol.iterator === "symbol" ? function (obj) { return typeof obj; } : function (obj) { return obj && typeof Symbol === "function" && obj.constructor === Symbol ? "symbol" : typeof obj; };
/**

@@ -11,17 +17,7 @@ * Copyright (c) 2015, Facebook, Inc.

/**
* Used to configure the graphQLHTTP middleware by providing a schema
* and other configuration options.
*
* Options can be provided as an Object, a Promise for an Object, or a Function
* that returns an Object or a Promise for an Object.
*/
'use strict';
exports.default = graphqlHTTP;
Object.defineProperty(exports, '__esModule', {
value: true
});
exports['default'] = graphqlHTTP;
var _accepts = require('accepts');
function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { 'default': obj }; }
var _accepts2 = _interopRequireDefault(_accepts);

@@ -34,2 +30,6 @@ var _graphql = require('graphql');

var _url = require('url');
var _url2 = _interopRequireDefault(_url);
var _parseBody = require('./parseBody');

@@ -39,2 +39,4 @@

function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
/**

@@ -45,2 +47,10 @@ * Middleware for express; takes an options object or function as input to

/**
* Used to configure the graphQLHTTP middleware by providing a schema
* and other configuration options.
*
* Options can be provided as an Object, a Promise for an Object, or a Function
* that returns an Object or a Promise for an Object.
*/
function graphqlHTTP(options) {

@@ -54,13 +64,13 @@ if (!options) {

// asyncronous state machine below.
var schema = undefined;
var context = undefined;
var rootValue = undefined;
var pretty = undefined;
var graphiql = undefined;
var formatErrorFn = undefined;
var showGraphiQL = undefined;
var query = undefined;
var variables = undefined;
var operationName = undefined;
var validationRules = undefined;
var schema = void 0;
var context = void 0;
var rootValue = void 0;
var pretty = void 0;
var graphiql = void 0;
var formatErrorFn = void 0;
var showGraphiQL = void 0;
var query = void 0;
var variables = void 0;
var operationName = void 0;
var validationRules = void 0;

@@ -72,7 +82,7 @@ // Promises are used as a mechanism for capturing any thrown errors during

new Promise(function (resolve) {
resolve(typeof options === 'function' ? options(request) : options);
resolve(typeof options === 'function' ? options(request, response) : options);
}).then(function (optionsData) {
// Assert that optionsData is in fact an Object.
if (!optionsData || typeof optionsData !== 'object') {
throw new Error('GraphQL middleware option function must return an options object.');
if (!optionsData || (typeof optionsData === 'undefined' ? 'undefined' : _typeof(optionsData)) !== 'object') {
throw new Error('GraphQL middleware option function must return an options object ' + 'or a promise which will be resolved to an options object.');
}

@@ -100,4 +110,4 @@

if (request.method !== 'GET' && request.method !== 'POST') {
response.set('Allow', 'GET, POST');
throw (0, _httpErrors2['default'])(405, 'GraphQL only supports GET and POST requests.');
response.setHeader('Allow', 'GET, POST');
throw (0, _httpErrors2.default)(405, 'GraphQL only supports GET and POST requests.');
}

@@ -107,7 +117,8 @@

return (0, _parseBody.parseBody)(request);
}).then(function (data) {
showGraphiQL = graphiql && canDisplayGraphiQL(request, data);
}).then(function (bodyData) {
var urlData = request.url && _url2.default.parse(request.url, true).query || {};
showGraphiQL = graphiql && canDisplayGraphiQL(request, urlData, bodyData);
// Get GraphQL params from the request and POST body data.
var params = getGraphQLParams(request, data);
var params = getGraphQLParams(urlData, bodyData);
query = params.query;

@@ -123,3 +134,3 @@ variables = params.variables;

}
throw (0, _httpErrors2['default'])(400, 'Must provide query string.');
throw (0, _httpErrors2.default)(400, 'Must provide query string.');
}

@@ -131,3 +142,3 @@

// Parse source to AST, reporting any syntax error.
var documentAST = undefined;
var documentAST = void 0;
try {

@@ -137,3 +148,3 @@ documentAST = (0, _graphql.parse)(source);

// Return 400: Bad Request if any syntax errors errors exist.
response.status(400);
response.statusCode = 400;
return { errors: [syntaxError] };

@@ -146,3 +157,3 @@ }

// Return 400: Bad Request if any validation errors exist.
response.status(400);
response.statusCode = 400;
return { errors: validationErrors };

@@ -164,4 +175,4 @@ }

// Otherwise, report a 405: Method Not Allowed error.
response.set('Allow', 'POST');
throw (0, _httpErrors2['default'])(405, 'Can only perform a ' + operationAST.operation + ' operation ' + 'from a POST request.');
response.setHeader('Allow', 'POST');
throw (0, _httpErrors2.default)(405, 'Can only perform a ' + operationAST.operation + ' operation ' + 'from a POST request.');
}

@@ -174,8 +185,8 @@ }

// Return 400: Bad Request if any execution context errors exist.
response.status(400);
response.statusCode = 400;
return { errors: [contextError] };
}
})['catch'](function (error) {
}).catch(function (error) {
// If an error was caught, report the httpError status, or 500.
response.status(error.status || 500);
response.statusCode = error.status || 500;
return { errors: [error] };

@@ -187,9 +198,17 @@ }).then(function (result) {

}
// If allowed to show GraphiQL, present it instead of JSON.
if (showGraphiQL) {
response.set('Content-Type', 'text/html').send((0, _renderGraphiQL.renderGraphiQL)({ query: query, variables: variables, operationName: operationName, result: result }));
var data = (0, _renderGraphiQL.renderGraphiQL)({
query: query, variables: variables,
operationName: operationName, result: result
});
response.setHeader('Content-Type', 'text/html');
response.write(data);
response.end();
} else {
// Otherwise, present JSON directly.
response.set('Content-Type', 'application/json').send(JSON.stringify(result, null, pretty ? 2 : 0));
var _data = JSON.stringify(result, null, pretty ? 2 : 0);
response.setHeader('Content-Type', 'application/json');
response.write(_data);
response.end();
}

@@ -203,8 +222,8 @@ });

*/
function getGraphQLParams(request, data) {
function getGraphQLParams(urlData, bodyData) {
// GraphQL Query string.
var query = request.query.query || data.query;
var query = urlData.query || bodyData.query;
// Parse the variables if needed.
var variables = request.query.variables || data.variables;
var variables = urlData.variables || bodyData.variables;
if (variables && typeof variables === 'string') {

@@ -214,3 +233,3 @@ try {

} catch (error) {
throw (0, _httpErrors2['default'])(400, 'Variables are invalid JSON.');
throw (0, _httpErrors2.default)(400, 'Variables are invalid JSON.');
}

@@ -220,3 +239,3 @@ }

// Name of GraphQL operation to execute.
var operationName = request.query.operationName || data.operationName;
var operationName = urlData.operationName || bodyData.operationName;

@@ -229,40 +248,8 @@ return { query: query, variables: variables, operationName: operationName };

*/
function canDisplayGraphiQL(request, data) {
function canDisplayGraphiQL(request, urlData, bodyData) {
// If `raw` exists, GraphiQL mode is not enabled.
var raw = request.query.raw !== undefined || data.raw !== undefined;
var raw = urlData.raw !== undefined || bodyData.raw !== undefined;
// Allowed to show GraphiQL if not requested as raw and this request
// prefers HTML over JSON.
return !raw && request.accepts(['json', 'html']) === 'html';
}
module.exports = exports['default'];
/**
* A GraphQL schema from graphql-js.
*/
/**
* A value to pass as the context to the graphql() function.
*/
/**
* An object to pass as the rootValue to the graphql() function.
*/
/**
* A boolean to configure whether the output should be pretty-printed.
*/
/**
* An optional function which will be used to format any errors produced by
* fulfilling a GraphQL operation. If no function is provided, GraphQL's
* default spec-compliant `formatError` function will be used.
*/
/**
* An optional array of validation rules that will be applied on the document
* in additional to those defined by the GraphQL spec.
*/
/**
* A boolean to optionally enable GraphiQL mode.
*/
return !raw && (0, _accepts2.default)(request).types(['json', 'html']) === 'html';
}

35

dist/parseBody.js

@@ -0,2 +1,8 @@

'use strict';
Object.defineProperty(exports, "__esModule", {
value: true
});
var _typeof = typeof Symbol === "function" && typeof Symbol.iterator === "symbol" ? function (obj) { return typeof obj; } : function (obj) { return obj && typeof Symbol === "function" && obj.constructor === Symbol ? "symbol" : typeof obj; };
/**

@@ -11,11 +17,4 @@ * Copyright (c) 2015, Facebook, Inc.

'use strict';
Object.defineProperty(exports, '__esModule', {
value: true
});
exports.parseBody = parseBody;
function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { 'default': obj }; }
var _contentType = require('content-type');

@@ -41,6 +40,8 @@

function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
function parseBody(req) {
return new Promise(function (resolve, reject) {
// If express has already parsed a body as a keyed object, use it.
if (typeof req.body === 'object' && !(req.body instanceof Buffer)) {
if (_typeof(req.body) === 'object' && !(req.body instanceof Buffer)) {
return resolve(req.body);

@@ -54,3 +55,3 @@ }

var typeInfo = _contentType2['default'].parse(req);
var typeInfo = _contentType2.default.parse(req);

@@ -93,7 +94,7 @@ // If express has already parsed a body as a string, and the content-type

}
throw (0, _httpErrors2['default'])(400, 'POST body sent invalid JSON.');
throw (0, _httpErrors2.default)(400, 'POST body sent invalid JSON.');
}
function urlEncodedParser(body) {
return _querystring2['default'].parse(body);
return _querystring2.default.parse(body);
}

@@ -122,3 +123,3 @@

if (charset.slice(0, 4) !== 'utf-') {
throw (0, _httpErrors2['default'])(415, 'Unsupported charset "' + charset.toUpperCase() + '".');
throw (0, _httpErrors2.default)(415, 'Unsupported charset "' + charset.toUpperCase() + '".');
}

@@ -133,5 +134,5 @@

// Read body from stream.
(0, _rawBody2['default'])(stream, { encoding: charset, length: length, limit: limit }, function (err, body) {
(0, _rawBody2.default)(stream, { encoding: charset, length: length, limit: limit }, function (err, body) {
if (err) {
return reject(err.type === 'encoding.unsupported' ? (0, _httpErrors2['default'])(415, 'Unsupported charset "' + charset.toUpperCase() + '".') : (0, _httpErrors2['default'])(400, 'Invalid body: ' + err.message + '.'));
return reject(err.type === 'encoding.unsupported' ? (0, _httpErrors2.default)(415, 'Unsupported charset "' + charset.toUpperCase() + '".') : (0, _httpErrors2.default)(400, 'Invalid body: ' + err.message + '.'));
}

@@ -154,7 +155,7 @@

case 'deflate':
return req.pipe(_zlib2['default'].createInflate());
return req.pipe(_zlib2.default.createInflate());
case 'gzip':
return req.pipe(_zlib2['default'].createGunzip());
return req.pipe(_zlib2.default.createGunzip());
}
throw (0, _httpErrors2['default'])(415, 'Unsupported content-encoding "' + encoding + '".');
throw (0, _httpErrors2.default)(415, 'Unsupported content-encoding "' + encoding + '".');
}

26

dist/renderGraphiQL.js

@@ -0,2 +1,14 @@

'use strict';
Object.defineProperty(exports, "__esModule", {
value: true
});
exports.renderGraphiQL = renderGraphiQL;
// Current latest version of GraphiQL.
var GRAPHIQL_VERSION = '0.7.1';
// Ensures string values are save to be used within a <script> tag.
/**

@@ -11,13 +23,2 @@ * Copyright (c) 2015, Facebook, Inc.

'use strict';
Object.defineProperty(exports, '__esModule', {
value: true
});
exports.renderGraphiQL = renderGraphiQL;
// Current latest version of GraphiQL.
var GRAPHIQL_VERSION = '0.7.0';
// Ensures string values are save to be used within a <script> tag.
function safeSerialize(data) {

@@ -34,3 +35,2 @@ return data ? JSON.stringify(data).replace(/\//g, '\\/') : null;

*/
function renderGraphiQL(data) {

@@ -43,3 +43,3 @@ var queryString = data.query;

/* eslint-disable max-len */
return '<!--\nThe request to this GraphQL server provided the header "Accept: text/html"\nand as a result has been presented GraphiQL - an in-browser IDE for\nexploring GraphQL.\n\nIf you wish to receive JSON, provide the header "Accept: application/json" or\nadd "&raw" to the end of the URL within a browser.\n-->\n<!DOCTYPE html>\n<html>\n<head>\n <style>\n html, body {\n height: 100%;\n margin: 0;\n overflow: hidden;\n width: 100%;\n }\n </style>\n <link href="//cdn.jsdelivr.net/graphiql/' + GRAPHIQL_VERSION + '/graphiql.css" rel="stylesheet" />\n <script src="//cdn.jsdelivr.net/fetch/0.9.0/fetch.min.js"></script>\n <script src="//cdn.jsdelivr.net/react/15.0.0/react.min.js"></script>\n <script src="//cdn.jsdelivr.net/react/15.0.0/react-dom.min.js"></script>\n <script src="//cdn.jsdelivr.net/graphiql/' + GRAPHIQL_VERSION + '/graphiql.min.js"></script>\n</head>\n<body>\n <script>\n // Collect the URL parameters\n var parameters = {};\n window.location.search.substr(1).split(\'&\').forEach(function (entry) {\n var eq = entry.indexOf(\'=\');\n if (eq >= 0) {\n parameters[decodeURIComponent(entry.slice(0, eq))] =\n decodeURIComponent(entry.slice(eq + 1));\n }\n });\n\n // Produce a Location query string from a parameter object.\n function locationQuery(params) {\n return \'?\' + Object.keys(params).map(function (key) {\n return encodeURIComponent(key) + \'=\' +\n encodeURIComponent(params[key]);\n }).join(\'&\');\n }\n\n // Derive a fetch URL from the current URL, sans the GraphQL parameters.\n var graphqlParamNames = {\n query: true,\n variables: true,\n operationName: true\n };\n\n var otherParams = {};\n for (var k in parameters) {\n if (parameters.hasOwnProperty(k) && graphqlParamNames[k] !== true) {\n otherParams[k] = parameters[k];\n }\n }\n var fetchURL = locationQuery(otherParams);\n\n // Defines a GraphQL fetcher using the fetch API.\n function graphQLFetcher(graphQLParams) {\n return fetch(fetchURL, {\n method: \'post\',\n headers: {\n \'Accept\': \'application/json\',\n \'Content-Type\': \'application/json\'\n },\n body: JSON.stringify(graphQLParams),\n credentials: \'include\',\n }).then(function (response) {\n return response.text();\n }).then(function (responseBody) {\n try {\n return JSON.parse(responseBody);\n } catch (error) {\n return responseBody;\n }\n });\n }\n\n // When the query and variables string is edited, update the URL bar so\n // that it can be easily shared.\n function onEditQuery(newQuery) {\n parameters.query = newQuery;\n updateURL();\n }\n\n function onEditVariables(newVariables) {\n parameters.variables = newVariables;\n updateURL();\n }\n\n function onEditOperationName(newOperationName) {\n parameters.operationName = newOperationName;\n updateURL();\n }\n\n function updateURL() {\n history.replaceState(null, null, locationQuery(parameters));\n }\n\n // Render <GraphiQL /> into the body.\n ReactDOM.render(\n React.createElement(GraphiQL, {\n fetcher: graphQLFetcher,\n onEditQuery: onEditQuery,\n onEditVariables: onEditVariables,\n onEditOperationName: onEditOperationName,\n query: ' + safeSerialize(queryString) + ',\n response: ' + safeSerialize(resultString) + ',\n variables: ' + safeSerialize(variablesString) + ',\n operationName: ' + safeSerialize(operationName) + ',\n }),\n document.body\n );\n </script>\n</body>\n</html>';
return '<!--\nThe request to this GraphQL server provided the header "Accept: text/html"\nand as a result has been presented GraphiQL - an in-browser IDE for\nexploring GraphQL.\n\nIf you wish to receive JSON, provide the header "Accept: application/json" or\nadd "&raw" to the end of the URL within a browser.\n-->\n<!DOCTYPE html>\n<html>\n<head>\n <meta charset="utf-8" />\n <title>GraphiQL</title>\n <meta name="robots" content="noindex" />\n <style>\n html, body {\n height: 100%;\n margin: 0;\n overflow: hidden;\n width: 100%;\n }\n </style>\n <link href="//cdn.jsdelivr.net/graphiql/' + GRAPHIQL_VERSION + '/graphiql.css" rel="stylesheet" />\n <script src="//cdn.jsdelivr.net/fetch/0.9.0/fetch.min.js"></script>\n <script src="//cdn.jsdelivr.net/react/15.0.0/react.min.js"></script>\n <script src="//cdn.jsdelivr.net/react/15.0.0/react-dom.min.js"></script>\n <script src="//cdn.jsdelivr.net/graphiql/' + GRAPHIQL_VERSION + '/graphiql.min.js"></script>\n</head>\n<body>\n <script>\n // Collect the URL parameters\n var parameters = {};\n window.location.search.substr(1).split(\'&\').forEach(function (entry) {\n var eq = entry.indexOf(\'=\');\n if (eq >= 0) {\n parameters[decodeURIComponent(entry.slice(0, eq))] =\n decodeURIComponent(entry.slice(eq + 1));\n }\n });\n\n // Produce a Location query string from a parameter object.\n function locationQuery(params) {\n return \'?\' + Object.keys(params).map(function (key) {\n return encodeURIComponent(key) + \'=\' +\n encodeURIComponent(params[key]);\n }).join(\'&\');\n }\n\n // Derive a fetch URL from the current URL, sans the GraphQL parameters.\n var graphqlParamNames = {\n query: true,\n variables: true,\n operationName: true\n };\n\n var otherParams = {};\n for (var k in parameters) {\n if (parameters.hasOwnProperty(k) && graphqlParamNames[k] !== true) {\n otherParams[k] = parameters[k];\n }\n }\n var fetchURL = locationQuery(otherParams);\n\n // Defines a GraphQL fetcher using the fetch API.\n function graphQLFetcher(graphQLParams) {\n return fetch(fetchURL, {\n method: \'post\',\n headers: {\n \'Accept\': \'application/json\',\n \'Content-Type\': \'application/json\'\n },\n body: JSON.stringify(graphQLParams),\n credentials: \'include\',\n }).then(function (response) {\n return response.text();\n }).then(function (responseBody) {\n try {\n return JSON.parse(responseBody);\n } catch (error) {\n return responseBody;\n }\n });\n }\n\n // When the query and variables string is edited, update the URL bar so\n // that it can be easily shared.\n function onEditQuery(newQuery) {\n parameters.query = newQuery;\n updateURL();\n }\n\n function onEditVariables(newVariables) {\n parameters.variables = newVariables;\n updateURL();\n }\n\n function onEditOperationName(newOperationName) {\n parameters.operationName = newOperationName;\n updateURL();\n }\n\n function updateURL() {\n history.replaceState(null, null, locationQuery(parameters));\n }\n\n // Render <GraphiQL /> into the body.\n ReactDOM.render(\n React.createElement(GraphiQL, {\n fetcher: graphQLFetcher,\n onEditQuery: onEditQuery,\n onEditVariables: onEditVariables,\n onEditOperationName: onEditOperationName,\n query: ' + safeSerialize(queryString) + ',\n response: ' + safeSerialize(resultString) + ',\n variables: ' + safeSerialize(variablesString) + ',\n operationName: ' + safeSerialize(operationName) + ',\n }),\n document.body\n );\n </script>\n</body>\n</html>';
}

68

package.json
{
"name": "express-graphql",
"version": "0.5.1",
"description": "Create a GraphQL HTTP server with Express.",
"version": "0.5.2",
"description": "Production ready GraphQL HTTP middleware.",
"contributors": [
"Lee Byron <lee@leebyron.com> (http://leebyron.com/)",
"Daniel Schafer <dschafer@fb.com>"
"Daniel Schafer <dschafer@fb.com>",
"Caleb Meredith <calebmeredith8@gmail.com>"
],

@@ -19,2 +20,4 @@ "license": "BSD-3-Clause",

"express",
"connect",
"http",
"graphql",

@@ -37,2 +40,11 @@ "middleware",

},
"babel": {
"presets": [
"es2015"
],
"plugins": [
"transform-class-properties",
"transform-flow-strip-types"
]
},
"scripts": {

@@ -51,24 +63,34 @@ "prepublish": ". ./resources/prepublish.sh",

"dependencies": {
"content-type": "~1.0.1",
"http-errors": "~1.3.1",
"raw-body": "~2.1.2"
"accepts": "^1.3.0",
"content-type": "^1.0.0",
"http-errors": "^1.3.0",
"raw-body": "^2.1.0"
},
"devDependencies": {
"babel": "5.8.21",
"babel-core": "5.8.22",
"babel-eslint": "4.1.8",
"babel-runtime": "5.8.20",
"body-parser": "^1.14.0",
"chai": "3.2.0",
"coveralls": "2.11.4",
"eslint": "1.1.0",
"eslint-plugin-babel": "2.1.1",
"express": "4.13.3",
"babel-cli": "^6.9.0",
"babel-eslint": "6.0.4",
"babel-plugin-transform-async-to-generator": "6.8.0",
"babel-plugin-transform-class-properties": "6.9.0",
"babel-plugin-transform-flow-strip-types": "6.8.0",
"babel-plugin-transform-runtime": "6.9.0",
"babel-preset-es2015": "6.9.0",
"babel-register": "6.9.0",
"babel-runtime": "6.9.0",
"body-parser": "1.15.1",
"chai": "3.5.0",
"connect": "3.4.1",
"content-type": "1.0.1",
"coveralls": "2.11.9",
"eslint": "2.10.2",
"eslint-plugin-babel": "3.2.0",
"express": "4.13.4",
"express3": "*",
"flow-bin": "0.21.0",
"graphql": "0.5.0",
"isparta": "3.0.3",
"mocha": "2.2.5",
"multer": "1.0.3",
"sane": "1.1.3",
"flow-bin": "0.25.0",
"graphql": "0.6.0",
"http-errors": "1.4.0",
"isparta": "4.0.0",
"mocha": "2.5.3",
"multer": "1.1.0",
"raw-body": "2.1.6",
"sane": "1.3.4",
"supertest": "1.0.1",

@@ -78,4 +100,4 @@ "supertest-as-promised": "2.0.2"

"peerDependencies": {
"graphql": "^0.5.0"
"graphql": "^0.5.0-b || ^0.6.0"
}
}
README.md
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap

About

Packages

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc