GraphQL.render does not validate type and field names

Question

GraphQL.render does not validate type and field names

satorg opened this issue a year ago · comments

For example, for a type defined like

@GQLName("Foo { str: String }\ntype Bar")
case class Foo(
    @GQLName("bool: Boolean\n  num")
    num: Int
)

the renderer simply emits

type Foo { str: String }
type Bar {
  bool: Boolean
  num: Int!
}

without any concern.

Pretty much same effect can be achieved by naming classes and fields directly via backticks:

case class `Foo { str: String }\ntype Bar`(
  `bool: Boolean\n  num`: Int
)

Pierre Ricadat · Answer 1 · Wed May 24 2023 15:47:02 GMT+0800 (China Standard Time)

Does it work when you create an interpreter?
I think render is pretty basic and it should be responsible for validation, however validateSchema should definitely fail.

Sergey Torgashov · Answer 2 · Wed May 24 2023 16:39:25 GMT+0800 (China Standard Time)

Yes, the interpreter starts and even is able to serve queries unless that spurious type gets involved.
In the latter case a response can look like

{
    "data": null,
    "errors": [
        {
            "message": "Field 'num' does not exist on type 'Foo { str: String }\ntype Bar'."
        }
    ]
}

Otherwise everything pretends to be good.

I would expect though (just IMO, I may be wrong) that the GraphQL instance per se should fail to create if a schema is invalid somehow.

Pierre Ricadat · Answer 3 · Wed May 24 2023 16:40:55 GMT+0800 (China Standard Time)

Yeah we have a function called validateSchema that runs when interpreter is called and that verifies all the things that the type system was not able to ensure. We should definitely add a check there 👍

Sergey Torgashov · Answer 4 · Thu May 25 2023 22:18:36 GMT+0800 (China Standard Time)

Thank you!