Validate the query hash before persisting queries
This commit is contained in:
parent
734b43b613
commit
2878de5b26
|
@ -28,7 +28,7 @@ default = [
|
||||||
"uuid",
|
"uuid",
|
||||||
]
|
]
|
||||||
apollo_tracing = ["chrono"]
|
apollo_tracing = ["chrono"]
|
||||||
apollo_persisted_queries = ["async-mutex", "lru"]
|
apollo_persisted_queries = ["async-mutex", "lru", "sha2"]
|
||||||
multipart = ["bytes", "multer", "tempfile"]
|
multipart = ["bytes", "multer", "tempfile"]
|
||||||
unblock = ["blocking"]
|
unblock = ["blocking"]
|
||||||
string_number = ["num-traits"]
|
string_number = ["num-traits"]
|
||||||
|
@ -70,6 +70,7 @@ bytes = { version = "0.5.4", optional = true }
|
||||||
lru = { version = "0.6.0", optional = true }
|
lru = { version = "0.6.0", optional = true }
|
||||||
multer = { version = "1.2.2", optional = true }
|
multer = { version = "1.2.2", optional = true }
|
||||||
num-traits = { version = "0.2.12", optional = true }
|
num-traits = { version = "0.2.12", optional = true }
|
||||||
|
sha2 = { version = "0.9.1", optional = true }
|
||||||
tempfile = { version = "3.1.0", optional = true }
|
tempfile = { version = "3.1.0", optional = true }
|
||||||
|
|
||||||
[dev-dependencies]
|
[dev-dependencies]
|
||||||
|
|
|
@ -4,6 +4,7 @@ use std::sync::Arc;
|
||||||
|
|
||||||
use async_mutex::Mutex;
|
use async_mutex::Mutex;
|
||||||
use serde::Deserialize;
|
use serde::Deserialize;
|
||||||
|
use sha2::{Digest, Sha256};
|
||||||
|
|
||||||
use crate::extensions::{Extension, ExtensionContext, ExtensionFactory};
|
use crate::extensions::{Extension, ExtensionContext, ExtensionFactory};
|
||||||
use crate::{from_value, Request, ServerError, ServerResult};
|
use crate::{from_value, Request, ServerError, ServerResult};
|
||||||
|
@ -98,10 +99,14 @@ impl<T: CacheStorage> Extension for ApolloPersistedQueriesExtension<T> {
|
||||||
Err(ServerError::new("PersistedQueryNotFound".to_string()))
|
Err(ServerError::new("PersistedQueryNotFound".to_string()))
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
self.storage
|
let sha256_hash = format!("{:x}", Sha256::digest(request.query.as_bytes()));
|
||||||
.set(persisted_query.sha256_hash, request.query.clone())
|
|
||||||
.await;
|
if (persisted_query.sha256_hash != sha256_hash) {
|
||||||
Ok(request)
|
Err(ServerError::new("provided sha does not match query"))
|
||||||
|
} else {
|
||||||
|
self.storage.set(sha256_hash, request.query.clone()).await;
|
||||||
|
Ok(request)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
Ok(request)
|
Ok(request)
|
||||||
|
@ -134,7 +139,7 @@ mod tests {
|
||||||
"persistedQuery".to_string(),
|
"persistedQuery".to_string(),
|
||||||
value!({
|
value!({
|
||||||
"version": 1,
|
"version": 1,
|
||||||
"sha256Hash": "abc",
|
"sha256Hash": "854174ebed716fe24fd6659c30290aecd9bc1d17dc4f47939a1848a1b8ed3c6b",
|
||||||
}),
|
}),
|
||||||
);
|
);
|
||||||
|
|
||||||
|
@ -150,7 +155,7 @@ mod tests {
|
||||||
"persistedQuery".to_string(),
|
"persistedQuery".to_string(),
|
||||||
value!({
|
value!({
|
||||||
"version": 1,
|
"version": 1,
|
||||||
"sha256Hash": "abc",
|
"sha256Hash": "854174ebed716fe24fd6659c30290aecd9bc1d17dc4f47939a1848a1b8ed3c6b",
|
||||||
}),
|
}),
|
||||||
);
|
);
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user