| 90 | } |
| 91 | |
| 92 | func TestAllowList(t *testing.T) { |
| 93 | |
| 94 | gql1 := ` |
| 95 | query getProducts { |
| 96 | products(id: 2) { |
| 97 | id |
| 98 | } |
| 99 | }` |
| 100 | |
| 101 | gql2 := ` |
| 102 | query getProducts { |
| 103 | products(id: 3) { |
| 104 | id |
| 105 | name |
| 106 | } |
| 107 | }` |
| 108 | |
| 109 | gql3 := ` |
| 110 | query getUsers { |
| 111 | users(id: 3) { |
| 112 | id |
| 113 | name |
| 114 | } |
| 115 | }` |
| 116 | |
| 117 | dir, err := os.MkdirTemp("", "test") |
| 118 | if err != nil { |
| 119 | t.Fatal(err) |
| 120 | } |
| 121 | defer os.RemoveAll(dir) //nolint:errcheck |
| 122 | |
| 123 | fs := core.NewOsFS(dir) |
| 124 | err = fs.Put("queries/getProducts.gql", []byte(gql1)) |
| 125 | if err != nil { |
| 126 | t.Error(err) |
| 127 | return |
| 128 | } |
| 129 | |
| 130 | conf1 := newConfig(&core.Config{DBType: dbType, DisableAllowList: true}) |
| 131 | gj1, err := core.NewGraphJin(conf1, db, core.OptionSetFS(fs)) |
| 132 | if err != nil { |
| 133 | t.Error(err) |
| 134 | return |
| 135 | } |
| 136 | defer gj1.Close() |
| 137 | |
| 138 | exp1 := `{"products": {"id": 2}}` |
| 139 | |
| 140 | res1, err := gj1.GraphQL(context.Background(), gql1, nil, nil) |
| 141 | assert.NoError(t, err) |
| 142 | assert.JSONEq(t, exp1, string(res1.Data)) |
| 143 | |
| 144 | conf2 := newConfig(&core.Config{DBType: dbType, Production: true}) |
| 145 | gj2, err := core.NewGraphJin(conf2, db, core.OptionSetFS(fs)) |
| 146 | assert.NoError(t, err) |
| 147 | defer gj2.Close() |
| 148 | |
| 149 | res2, err := gj2.GraphQL(context.Background(), gql2, nil, nil) |