Production setting on serv package options not applied
0xnook opened this issue · comments
When running with config options Production: true
and DisableAllowList: false
one would expect that the allow list with queries from config/queries
gets enforced, but they are not.
Only after setting GO_ENV="production"
, the setting is applied.
What version of GraphJin are you using? graphjin version
v0.20.31
Have you tried reproducing the issue with the latest release?
What is the hardware spec (RAM, OS)?
Linux
Steps to reproduce the issue (config used to run GraphJin).
Run the following file with GO_ENV unset, go run main.go
package main
import (
"log"
"github.com/dosco/graphjin/serv"
"github.com/dosco/graphjin/core"
_ "github.com/jackc/pgx/v4/stdlib"
)
func main() {
conf := serv.Config{
Serv: serv.Serv{
AppName: "Test App",
HostPort: "localhost:8080",
WebUI: false,
DB: serv.Database{
Host: "127.0.0.1",
Port: 5555,
DBName: "postgres",
User: "postgres",
Schema: "public",
},
},
Core: core.Config{
Production: true,
DisableAllowList: false,
EnableCamelcase: true,
RolesQuery: "SELECT * FROM users WHERE users.id = $user_id:bigint",
},
}
gjs, err := serv.NewGraphJinService(&conf)
if err != nil {
log.Fatal(err)
}
if err := gjs.Start(); err != nil {
log.Fatal(err)
}
}
Any query will be allowed, named ones will be saved to allow list, and non-named ones give warnings:
WRN allow list save: no query name defined. only named queries are saved to the allow list
Expected behaviour and actual result.
The one from GO_ENV="production" go run main.go
Then the endpoint filters queries as expected:
{
"errors": [
{
"message": "not found in prepared statements"
}
]
}
Noticed that serv.Config.Serv also has a Production variable (not only serv.Config.Core) when looking for the cause, which gives the desired behavior.