2020-01-03 21:16:26 +00:00
|
|
|
<?php
|
|
|
|
|
|
2022-04-26 07:49:36 +00:00
|
|
|
use Appwrite\Extend\Exception;
|
2024-03-07 23:30:23 +00:00
|
|
|
use Appwrite\Extend\Exception as AppwriteException;
|
2022-10-12 01:04:11 +00:00
|
|
|
use Appwrite\GraphQL\Promises\Adapter;
|
2022-10-27 21:04:31 +00:00
|
|
|
use Appwrite\GraphQL\Schema;
|
2025-01-17 04:31:39 +00:00
|
|
|
use Appwrite\SDK\AuthType;
|
|
|
|
|
use Appwrite\SDK\Method;
|
|
|
|
|
use Appwrite\SDK\MethodType;
|
|
|
|
|
use Appwrite\SDK\Response as SDKResponse;
|
2025-11-04 06:08:35 +00:00
|
|
|
use Appwrite\Utopia\Database\Documents\User;
|
2022-07-13 11:21:02 +00:00
|
|
|
use Appwrite\Utopia\Request;
|
2021-02-25 20:43:21 +00:00
|
|
|
use Appwrite\Utopia\Response;
|
2022-06-22 04:44:58 +00:00
|
|
|
use GraphQL\Error\DebugFlag;
|
2022-04-05 13:48:51 +00:00
|
|
|
use GraphQL\GraphQL;
|
2022-10-27 21:04:31 +00:00
|
|
|
use GraphQL\Type\Schema as GQLSchema;
|
2022-04-20 10:30:48 +00:00
|
|
|
use GraphQL\Validator\Rules\DisableIntrospection;
|
2022-04-07 06:40:28 +00:00
|
|
|
use GraphQL\Validator\Rules\QueryComplexity;
|
|
|
|
|
use GraphQL\Validator\Rules\QueryDepth;
|
|
|
|
|
use Swoole\Coroutine\WaitGroup;
|
2024-10-08 07:54:40 +00:00
|
|
|
use Utopia\App;
|
2022-10-27 21:04:31 +00:00
|
|
|
use Utopia\Database\Document;
|
2024-03-07 23:30:23 +00:00
|
|
|
use Utopia\Database\Validator\Authorization;
|
2024-04-22 05:56:36 +00:00
|
|
|
use Utopia\System\System;
|
2024-10-08 07:54:40 +00:00
|
|
|
use Utopia\Validator\JSON;
|
|
|
|
|
use Utopia\Validator\Text;
|
2024-03-04 22:12:54 +00:00
|
|
|
|
2024-10-08 07:54:40 +00:00
|
|
|
App::init()
|
2024-03-04 22:12:54 +00:00
|
|
|
->groups(['graphql'])
|
|
|
|
|
->inject('project')
|
2026-01-14 15:08:00 +00:00
|
|
|
->inject('authorization')
|
|
|
|
|
->action(function (Document $project, Authorization $authorization) {
|
2024-03-04 22:12:54 +00:00
|
|
|
if (
|
|
|
|
|
array_key_exists('graphql', $project->getAttribute('apis', []))
|
|
|
|
|
&& !$project->getAttribute('apis', [])['graphql']
|
2026-01-14 15:08:00 +00:00
|
|
|
&& !(User::isPrivileged($authorization->getRoles()) || User::isApp($authorization->getRoles()))
|
2024-03-04 22:12:54 +00:00
|
|
|
) {
|
|
|
|
|
throw new AppwriteException(AppwriteException::GENERAL_API_DISABLED);
|
|
|
|
|
}
|
|
|
|
|
});
|
2020-01-03 21:16:26 +00:00
|
|
|
|
2024-10-08 07:54:40 +00:00
|
|
|
App::get('/v1/graphql')
|
2023-08-01 15:26:48 +00:00
|
|
|
->desc('GraphQL endpoint')
|
2022-07-19 01:31:14 +00:00
|
|
|
->groups(['graphql'])
|
2021-03-04 18:40:52 +00:00
|
|
|
->label('scope', 'graphql')
|
2025-01-17 04:31:39 +00:00
|
|
|
->label('sdk', new Method(
|
|
|
|
|
namespace: 'graphql',
|
2025-03-31 05:48:17 +00:00
|
|
|
group: 'graphql',
|
2025-01-17 04:31:39 +00:00
|
|
|
name: 'get',
|
2025-12-13 16:06:44 +00:00
|
|
|
auth: [AuthType::ADMIN, AuthType::KEY, AuthType::SESSION, AuthType::JWT],
|
2025-01-17 04:31:39 +00:00
|
|
|
hide: true,
|
|
|
|
|
description: '/docs/references/graphql/get.md',
|
|
|
|
|
responses: [
|
|
|
|
|
new SDKResponse(
|
|
|
|
|
code: Response::STATUS_CODE_OK,
|
|
|
|
|
model: Response::MODEL_ANY,
|
|
|
|
|
)
|
|
|
|
|
]
|
|
|
|
|
))
|
2022-04-07 06:39:33 +00:00
|
|
|
->label('abuse-limit', 60)
|
2022-04-07 06:39:42 +00:00
|
|
|
->label('abuse-time', 60)
|
2023-03-01 12:43:34 +00:00
|
|
|
->param('query', '', new Text(0, 0), 'The query to execute.')
|
2022-10-14 01:32:16 +00:00
|
|
|
->param('operationName', '', new Text(256), 'The name of the operation to execute.', true)
|
|
|
|
|
->param('variables', '', new Text(0), 'The JSON encoded variables to use in the query.', true)
|
2021-02-25 20:43:21 +00:00
|
|
|
->inject('request')
|
|
|
|
|
->inject('response')
|
2022-07-14 08:11:39 +00:00
|
|
|
->inject('schema')
|
2022-10-14 01:32:16 +00:00
|
|
|
->inject('promiseAdapter')
|
2022-10-27 21:04:31 +00:00
|
|
|
->action(function (string $query, string $operationName, string $variables, Request $request, Response $response, GQLSchema $schema, Adapter $promiseAdapter) {
|
2022-10-14 01:32:16 +00:00
|
|
|
$query = [
|
|
|
|
|
'query' => $query,
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
if (!empty($operationName)) {
|
|
|
|
|
$query['operationName'] = $operationName;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!empty($variables)) {
|
|
|
|
|
$query['variables'] = \json_decode($variables, true);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$output = execute($schema, $promiseAdapter, $query);
|
|
|
|
|
|
|
|
|
|
$response
|
|
|
|
|
->setStatusCode(Response::STATUS_CODE_OK)
|
|
|
|
|
->json($output);
|
|
|
|
|
});
|
2022-04-11 11:08:57 +00:00
|
|
|
|
2024-10-08 07:54:40 +00:00
|
|
|
App::post('/v1/graphql/mutation')
|
2023-08-01 15:26:48 +00:00
|
|
|
->desc('GraphQL endpoint')
|
2022-12-15 00:36:47 +00:00
|
|
|
->groups(['graphql'])
|
|
|
|
|
->label('scope', 'graphql')
|
2025-01-17 04:31:39 +00:00
|
|
|
->label('sdk', new Method(
|
|
|
|
|
namespace: 'graphql',
|
2025-03-31 05:48:17 +00:00
|
|
|
group: 'graphql',
|
2025-01-17 04:31:39 +00:00
|
|
|
name: 'mutation',
|
2025-12-13 16:06:44 +00:00
|
|
|
auth: [AuthType::ADMIN, AuthType::KEY, AuthType::SESSION, AuthType::JWT],
|
2025-01-17 04:31:39 +00:00
|
|
|
description: '/docs/references/graphql/post.md',
|
|
|
|
|
responses: [
|
|
|
|
|
new SDKResponse(
|
|
|
|
|
code: Response::STATUS_CODE_OK,
|
|
|
|
|
model: Response::MODEL_ANY,
|
|
|
|
|
)
|
|
|
|
|
],
|
|
|
|
|
type: MethodType::GRAPHQL,
|
|
|
|
|
additionalParameters: [
|
|
|
|
|
'query' => ['default' => [], 'validator' => new JSON(), 'description' => 'The query or queries to execute.', 'optional' => false],
|
|
|
|
|
],
|
|
|
|
|
))
|
2022-12-15 00:36:47 +00:00
|
|
|
->label('abuse-limit', 60)
|
|
|
|
|
->label('abuse-time', 60)
|
|
|
|
|
->inject('request')
|
|
|
|
|
->inject('response')
|
|
|
|
|
->inject('schema')
|
|
|
|
|
->inject('promiseAdapter')
|
|
|
|
|
->action(function (Request $request, Response $response, GQLSchema $schema, Adapter $promiseAdapter) {
|
|
|
|
|
$query = $request->getParams();
|
|
|
|
|
|
|
|
|
|
if ($request->getHeader('x-sdk-graphql') == 'true') {
|
|
|
|
|
$query = $query['query'];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$type = $request->getHeader('content-type');
|
|
|
|
|
|
|
|
|
|
if (\str_starts_with($type, 'application/graphql')) {
|
|
|
|
|
$query = parseGraphql($request);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (\str_starts_with($type, 'multipart/form-data')) {
|
|
|
|
|
$query = parseMultipart($query, $request);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$output = execute($schema, $promiseAdapter, $query);
|
|
|
|
|
|
|
|
|
|
$response
|
|
|
|
|
->setStatusCode(Response::STATUS_CODE_OK)
|
|
|
|
|
->json($output);
|
|
|
|
|
});
|
|
|
|
|
|
2024-10-08 07:54:40 +00:00
|
|
|
App::post('/v1/graphql')
|
2023-08-01 15:26:48 +00:00
|
|
|
->desc('GraphQL endpoint')
|
2022-07-19 01:31:14 +00:00
|
|
|
->groups(['graphql'])
|
2022-04-11 11:08:57 +00:00
|
|
|
->label('scope', 'graphql')
|
2025-01-17 04:31:39 +00:00
|
|
|
->label('sdk', new Method(
|
|
|
|
|
namespace: 'graphql',
|
2025-03-31 05:48:17 +00:00
|
|
|
group: 'graphql',
|
2025-01-17 04:31:39 +00:00
|
|
|
name: 'query',
|
2025-12-13 16:06:44 +00:00
|
|
|
auth: [AuthType::ADMIN, AuthType::KEY, AuthType::SESSION, AuthType::JWT],
|
2025-01-17 04:31:39 +00:00
|
|
|
description: '/docs/references/graphql/post.md',
|
|
|
|
|
responses: [
|
|
|
|
|
new SDKResponse(
|
|
|
|
|
code: Response::STATUS_CODE_OK,
|
|
|
|
|
model: Response::MODEL_ANY,
|
|
|
|
|
)
|
|
|
|
|
],
|
|
|
|
|
type: MethodType::GRAPHQL,
|
|
|
|
|
additionalParameters: [
|
|
|
|
|
'query' => ['default' => [], 'validator' => new JSON(), 'description' => 'The query or queries to execute.', 'optional' => false],
|
|
|
|
|
],
|
|
|
|
|
))
|
2022-04-11 11:08:57 +00:00
|
|
|
->label('abuse-limit', 60)
|
|
|
|
|
->label('abuse-time', 60)
|
|
|
|
|
->inject('request')
|
|
|
|
|
->inject('response')
|
2022-07-14 08:11:39 +00:00
|
|
|
->inject('schema')
|
2022-10-14 01:32:16 +00:00
|
|
|
->inject('promiseAdapter')
|
2022-10-27 21:04:31 +00:00
|
|
|
->action(function (Request $request, Response $response, GQLSchema $schema, Adapter $promiseAdapter) {
|
2022-10-14 01:32:16 +00:00
|
|
|
$query = $request->getParams();
|
|
|
|
|
|
|
|
|
|
if ($request->getHeader('x-sdk-graphql') == 'true') {
|
|
|
|
|
$query = $query['query'];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$type = $request->getHeader('content-type');
|
2022-12-13 02:43:29 +00:00
|
|
|
|
2022-10-14 01:32:16 +00:00
|
|
|
if (\str_starts_with($type, 'application/graphql')) {
|
|
|
|
|
$query = parseGraphql($request);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (\str_starts_with($type, 'multipart/form-data')) {
|
|
|
|
|
$query = parseMultipart($query, $request);
|
|
|
|
|
}
|
2024-10-08 07:54:40 +00:00
|
|
|
|
2022-10-14 01:32:16 +00:00
|
|
|
$output = execute($schema, $promiseAdapter, $query);
|
|
|
|
|
|
|
|
|
|
$response
|
|
|
|
|
->setStatusCode(Response::STATUS_CODE_OK)
|
|
|
|
|
->json($output);
|
|
|
|
|
});
|
2021-11-25 08:04:39 +00:00
|
|
|
|
2022-07-07 06:13:12 +00:00
|
|
|
/**
|
2022-07-19 01:41:31 +00:00
|
|
|
* Execute a GraphQL request
|
|
|
|
|
*
|
2022-10-27 21:04:31 +00:00
|
|
|
* @param GQLSchema $schema
|
2022-10-12 01:04:11 +00:00
|
|
|
* @param Adapter $promiseAdapter
|
2022-10-14 01:32:16 +00:00
|
|
|
* @param array $query
|
|
|
|
|
* @return array
|
2022-07-07 06:13:12 +00:00
|
|
|
* @throws Exception
|
|
|
|
|
*/
|
2022-10-14 01:32:16 +00:00
|
|
|
function execute(
|
2022-10-27 21:04:31 +00:00
|
|
|
GQLSchema $schema,
|
2022-10-12 01:04:11 +00:00
|
|
|
Adapter $promiseAdapter,
|
2022-10-14 01:32:16 +00:00
|
|
|
array $query
|
|
|
|
|
): array {
|
2024-04-01 11:02:47 +00:00
|
|
|
$maxBatchSize = System::getEnv('_APP_GRAPHQL_MAX_BATCH_SIZE', 10);
|
|
|
|
|
$maxComplexity = System::getEnv('_APP_GRAPHQL_MAX_COMPLEXITY', 250);
|
|
|
|
|
$maxDepth = System::getEnv('_APP_GRAPHQL_MAX_DEPTH', 3);
|
2022-07-07 07:39:42 +00:00
|
|
|
|
2022-07-14 03:57:34 +00:00
|
|
|
if (!empty($query) && !isset($query[0])) {
|
2022-07-13 03:49:59 +00:00
|
|
|
$query = [$query];
|
2022-07-07 06:13:12 +00:00
|
|
|
}
|
2022-07-14 03:57:34 +00:00
|
|
|
if (empty($query)) {
|
2022-09-21 06:36:43 +00:00
|
|
|
throw new Exception(Exception::GRAPHQL_NO_QUERY);
|
2022-04-11 11:08:57 +00:00
|
|
|
}
|
2022-07-14 03:56:02 +00:00
|
|
|
if (\count($query) > $maxBatchSize) {
|
2022-09-21 06:36:43 +00:00
|
|
|
throw new Exception(Exception::GRAPHQL_TOO_MANY_QUERIES);
|
2022-07-14 03:57:34 +00:00
|
|
|
}
|
2022-07-14 03:57:51 +00:00
|
|
|
foreach ($query as $item) {
|
2022-07-19 02:11:58 +00:00
|
|
|
if (empty($item['query'])) {
|
2022-10-14 00:18:08 +00:00
|
|
|
throw new Exception(Exception::GRAPHQL_NO_QUERY);
|
2022-07-14 03:57:51 +00:00
|
|
|
}
|
2022-07-14 03:56:02 +00:00
|
|
|
}
|
2022-07-13 05:21:41 +00:00
|
|
|
|
2022-07-19 13:28:47 +00:00
|
|
|
$flags = DebugFlag::INCLUDE_DEBUG_MESSAGE | DebugFlag::INCLUDE_TRACE;
|
2022-04-26 07:49:36 +00:00
|
|
|
$validations = GraphQL::getStandardValidationRules();
|
2022-07-14 03:57:34 +00:00
|
|
|
|
2026-01-19 06:26:17 +00:00
|
|
|
if (System::getEnv('_APP_GRAPHQL_INTROSPECTION', 'enabled') === 'disabled') {
|
2022-06-22 04:44:58 +00:00
|
|
|
$validations[] = new DisableIntrospection();
|
2026-01-19 06:26:17 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (System::getEnv('_APP_OPTIONS_ABUSE', 'enabled') !== 'disabled') {
|
2022-09-29 04:46:01 +00:00
|
|
|
$validations[] = new QueryComplexity($maxComplexity);
|
|
|
|
|
$validations[] = new QueryDepth($maxDepth);
|
2022-12-15 00:44:23 +00:00
|
|
|
}
|
2024-10-08 07:54:40 +00:00
|
|
|
if (App::getMode() === App::MODE_TYPE_PRODUCTION) {
|
2022-07-19 13:28:47 +00:00
|
|
|
$flags = DebugFlag::NONE;
|
2022-06-22 04:44:58 +00:00
|
|
|
}
|
2022-07-13 05:21:41 +00:00
|
|
|
|
2022-07-13 03:49:59 +00:00
|
|
|
$promises = [];
|
2022-07-13 05:21:41 +00:00
|
|
|
foreach ($query as $indexed) {
|
2022-07-13 03:49:59 +00:00
|
|
|
$promises[] = GraphQL::promiseToExecute(
|
|
|
|
|
$promiseAdapter,
|
2022-07-14 08:11:39 +00:00
|
|
|
$schema,
|
2022-07-13 03:49:59 +00:00
|
|
|
$indexed['query'],
|
2022-07-13 05:06:48 +00:00
|
|
|
variableValues: $indexed['variables'] ?? null,
|
|
|
|
|
operationName: $indexed['operationName'] ?? null,
|
2022-07-13 03:49:59 +00:00
|
|
|
validationRules: $validations
|
|
|
|
|
);
|
|
|
|
|
}
|
2022-04-07 06:40:28 +00:00
|
|
|
|
2022-05-02 08:21:40 +00:00
|
|
|
$output = [];
|
2022-04-11 11:08:57 +00:00
|
|
|
$wg = new WaitGroup();
|
|
|
|
|
$wg->add();
|
2022-07-13 03:49:59 +00:00
|
|
|
$promiseAdapter->all($promises)->then(
|
2022-07-19 13:28:47 +00:00
|
|
|
function (array $results) use (&$output, &$wg, $flags) {
|
2022-07-14 08:11:39 +00:00
|
|
|
try {
|
2022-07-19 13:28:47 +00:00
|
|
|
$output = processResult($results, $flags);
|
2022-07-14 08:11:39 +00:00
|
|
|
} finally {
|
|
|
|
|
$wg->done();
|
|
|
|
|
}
|
2022-04-11 11:08:57 +00:00
|
|
|
}
|
2022-04-26 07:49:36 +00:00
|
|
|
);
|
2022-04-11 11:08:57 +00:00
|
|
|
$wg->wait();
|
2022-05-02 08:21:40 +00:00
|
|
|
|
2022-10-14 01:32:16 +00:00
|
|
|
return $output;
|
2022-04-11 11:08:57 +00:00
|
|
|
}
|
2022-07-13 11:21:02 +00:00
|
|
|
|
|
|
|
|
/**
|
2022-10-14 01:32:16 +00:00
|
|
|
* Parse an "application/graphql" type request
|
2022-07-13 11:21:02 +00:00
|
|
|
*
|
|
|
|
|
* @param Request $request
|
|
|
|
|
* @return array
|
|
|
|
|
*/
|
2022-10-12 07:20:44 +00:00
|
|
|
function parseGraphql(Request $request): array
|
2022-07-13 11:21:02 +00:00
|
|
|
{
|
2022-10-14 01:32:16 +00:00
|
|
|
return ['query' => $request->getRawPayload()];
|
2022-07-13 11:21:02 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
2022-10-14 01:32:16 +00:00
|
|
|
* Parse an "multipart/form-data" type request
|
2022-07-13 11:21:02 +00:00
|
|
|
*
|
|
|
|
|
* @param array $query
|
|
|
|
|
* @param Request $request
|
|
|
|
|
* @return array
|
|
|
|
|
*/
|
2022-10-12 07:20:44 +00:00
|
|
|
function parseMultipart(array $query, Request $request): array
|
2022-07-13 11:21:02 +00:00
|
|
|
{
|
|
|
|
|
$operations = \json_decode($query['operations'], true);
|
|
|
|
|
$map = \json_decode($query['map'], true);
|
2022-12-13 02:43:29 +00:00
|
|
|
|
2022-07-13 11:21:02 +00:00
|
|
|
foreach ($map as $fileKey => $locations) {
|
|
|
|
|
foreach ($locations as $location) {
|
|
|
|
|
$items = &$operations;
|
|
|
|
|
foreach (\explode('.', $location) as $key) {
|
|
|
|
|
if (!isset($items[$key]) || !\is_array($items[$key])) {
|
|
|
|
|
$items[$key] = [];
|
|
|
|
|
}
|
|
|
|
|
$items = &$items[$key];
|
|
|
|
|
}
|
|
|
|
|
$items = $request->getFiles($fileKey);
|
|
|
|
|
}
|
|
|
|
|
}
|
2022-12-13 02:43:29 +00:00
|
|
|
|
2022-07-13 11:21:02 +00:00
|
|
|
$query['query'] = $operations['query'];
|
|
|
|
|
$query['variables'] = $operations['variables'];
|
|
|
|
|
|
2022-12-13 02:43:29 +00:00
|
|
|
unset($query['operations']);
|
|
|
|
|
unset($query['map']);
|
|
|
|
|
|
2022-07-13 11:21:02 +00:00
|
|
|
return $query;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
2022-10-13 04:33:55 +00:00
|
|
|
* Process an array of results for output.
|
2022-07-13 11:21:02 +00:00
|
|
|
*
|
|
|
|
|
* @param $result
|
|
|
|
|
* @param $debugFlags
|
2022-07-19 01:41:31 +00:00
|
|
|
* @return array
|
2022-07-13 11:21:02 +00:00
|
|
|
*/
|
2022-07-19 01:41:31 +00:00
|
|
|
function processResult($result, $debugFlags): array
|
2022-07-13 11:21:02 +00:00
|
|
|
{
|
2022-10-14 01:33:42 +00:00
|
|
|
// Only one query, return the result
|
2022-07-13 11:21:02 +00:00
|
|
|
if (!isset($result[1])) {
|
2022-07-19 01:41:31 +00:00
|
|
|
return $result[0]->toArray($debugFlags);
|
2022-07-13 11:21:02 +00:00
|
|
|
}
|
2022-10-13 04:33:55 +00:00
|
|
|
|
2022-10-14 01:33:42 +00:00
|
|
|
// Batched queries, return an array of results
|
|
|
|
|
return \array_map(
|
|
|
|
|
static function ($item) use ($debugFlags) {
|
|
|
|
|
return $item->toArray($debugFlags);
|
|
|
|
|
},
|
2022-10-13 04:33:55 +00:00
|
|
|
$result
|
2022-10-14 01:33:42 +00:00
|
|
|
);
|
2022-07-13 11:21:02 +00:00
|
|
|
}
|
2022-10-27 21:04:31 +00:00
|
|
|
|
2024-10-08 07:54:40 +00:00
|
|
|
App::shutdown()
|
2022-10-27 21:04:31 +00:00
|
|
|
->groups(['schema'])
|
|
|
|
|
->inject('project')
|
2024-10-08 07:54:40 +00:00
|
|
|
->action(function (Document $project) {
|
|
|
|
|
Schema::setDirty($project->getId());
|
2025-01-17 04:39:16 +00:00
|
|
|
});
|
