GraphQL.render does not validate type and field names
satorg opened this issue · comments
For example, for a type defined like
@GQLName("Foo { str: String }\ntype Bar")
case class Foo(
@GQLName("bool: Boolean\n num")
num: Int
)
the renderer simply emits
type Foo { str: String }
type Bar {
bool: Boolean
num: Int!
}
without any concern.
Pretty much same effect can be achieved by naming classes and fields directly via backticks:
case class `Foo { str: String }\ntype Bar`(
`bool: Boolean\n num`: Int
)
Does it work when you create an interpreter?
I think render
is pretty basic and it should be responsible for validation, however validateSchema
should definitely fail.
Yes, the interpreter starts and even is able to serve queries unless that spurious type gets involved.
In the latter case a response can look like
{
"data": null,
"errors": [
{
"message": "Field 'num' does not exist on type 'Foo { str: String }\ntype Bar'."
}
]
}
Otherwise everything pretends to be good.
I would expect though (just IMO, I may be wrong) that the GraphQL
instance per se should fail to create if a schema is invalid somehow.
Yeah we have a function called validateSchema
that runs when interpreter
is called and that verifies all the things that the type system was not able to ensure. We should definitely add a check there 👍
Thank you!