(req, res)
| 51 | } |
| 52 | |
| 53 | export const graphql: Handler = async function (req, res) { |
| 54 | const originalBody = await req.body.json<GraphQLRequest>() |
| 55 | |
| 56 | if (!originalBody.query) { |
| 57 | return res.send(400, { |
| 58 | error: 'Request has no "query" field.', |
| 59 | }) |
| 60 | } |
| 61 | |
| 62 | const ignoreOriginCacheHeaders = IGNORE_ORIGIN_CACHE_HEADERS === '1' |
| 63 | const authorizationHeader = req.headers.get(HTTPHeaders.authorization) || '' |
| 64 | |
| 65 | const defaultResponseHeaders: Record<string, string> = { |
| 66 | [HTTPHeaders.contentType]: 'application/json', |
| 67 | [HTTPHeaders.cacheControl]: 'public, no-cache, no-store', |
| 68 | [HTTPHeaders.xCache]: CacheHitHeader.MISS, |
| 69 | [HTTPHeaders.fgCache]: CacheHitHeader.MISS, |
| 70 | [HTTPHeaders.fgOriginIgnoreCacheHeaders]: ignoreOriginCacheHeaders |
| 71 | ? 'true' |
| 72 | : 'false', |
| 73 | [HTTPHeaders.xFrameOptions]: 'deny', |
| 74 | [HTTPHeaders.xRobotsTag]: 'noindex', |
| 75 | [HTTPHeaders.vary]: 'Accept-Encoding, Accept, X-Requested-With, Origin', |
| 76 | |
| 77 | [HTTPHeaders.contentSecurityPolicy]: `default-src 'none'`, |
| 78 | [HTTPHeaders.strictTransportSecurity]: |
| 79 | 'max-age=31536000; includeSubdomains; preload', |
| 80 | } |
| 81 | |
| 82 | let queryDocumentNode = null |
| 83 | let hasPrivateTypes = false |
| 84 | let isMutationRequest = false |
| 85 | let authRequired = false |
| 86 | let content = originalBody.query |
| 87 | let inspectSchema = !!AUTH_DIRECTIVE || !!privateTypes |
| 88 | |
| 89 | try { |
| 90 | queryDocumentNode = parse(originalBody.query, { noLocation: true }) |
| 91 | isMutationRequest = isMutation(queryDocumentNode) |
| 92 | |
| 93 | if (!isMutationRequest) { |
| 94 | content = normalizeDocument(originalBody.query) |
| 95 | |
| 96 | if (inspectSchema) { |
| 97 | const schema = await findSchema() |
| 98 | if (schema && !graphQLSchema) { |
| 99 | graphQLSchema = buildGraphQLSchema(schema) |
| 100 | } |
| 101 | |
| 102 | if (graphQLSchema) { |
| 103 | defaultResponseHeaders[HTTPHeaders.fgInspected] = 'true' |
| 104 | if (AUTH_DIRECTIVE) { |
| 105 | authRequired = requiresAuth( |
| 106 | AUTH_DIRECTIVE, |
| 107 | graphQLSchema, |
| 108 | queryDocumentNode, |
| 109 | ) |
| 110 | } |
no test coverage detected