| 129 | } |
| 130 | |
| 131 | func TestSubscriptionWhereVariableRejected(t *testing.T) { |
| 132 | db, err := sql.Open("sqlite3", t.TempDir()+"/where-var.sqlite3") |
| 133 | if err != nil { |
| 134 | t.Fatal(err) |
| 135 | } |
| 136 | defer db.Close() //nolint:errcheck |
| 137 | |
| 138 | _, err = db.Exec(` |
| 139 | CREATE TABLE users ( |
| 140 | id INTEGER PRIMARY KEY, |
| 141 | email TEXT |
| 142 | ); |
| 143 | INSERT INTO users (id, email) VALUES (1, 'user@test.com'); |
| 144 | `) |
| 145 | if err != nil { |
| 146 | t.Fatal(err) |
| 147 | } |
| 148 | |
| 149 | conf := &core.Config{ |
| 150 | DBType: "sqlite", |
| 151 | DisableAllowList: true, |
| 152 | } |
| 153 | gj, err := core.NewGraphJin(conf, db) |
| 154 | if err != nil { |
| 155 | t.Fatal(err) |
| 156 | } |
| 157 | defer gj.Close() |
| 158 | |
| 159 | gql := `subscription($where: UsersWhereInput) { |
| 160 | users(where: $where) { |
| 161 | id |
| 162 | email |
| 163 | } |
| 164 | }` |
| 165 | |
| 166 | _, err = gj.Subscribe(context.Background(), gql, json.RawMessage(`{"where":{"id":{"eq":1}}}`), nil) |
| 167 | if err == nil { |
| 168 | t.Fatal("expected where variable to be rejected") |
| 169 | } |
| 170 | if !strings.Contains(err.Error(), "where must be an inline object; use variables only inside filter values") { |
| 171 | t.Fatalf("unexpected error: %v", err) |
| 172 | } |
| 173 | } |