2026-01-02 13:41:09 +00:00
|
|
|
# Copyright (C) 2012-2026 Zammad Foundation, https://zammad-foundation.org/
|
2021-10-27 09:21:43 +00:00
|
|
|
|
|
|
|
|
class GraphqlController < ApplicationController
|
2021-11-03 11:10:23 +00:00
|
|
|
# Handled in the GraphQL processing, not on controller level.
|
|
|
|
|
skip_before_action :verify_csrf_token
|
2021-10-27 09:21:43 +00:00
|
|
|
|
2022-02-14 10:52:11 +00:00
|
|
|
prepend_before_action lambda {
|
|
|
|
|
begin
|
|
|
|
|
authentication_check_only
|
|
|
|
|
rescue Exceptions::Forbidden
|
|
|
|
|
# Don't throw if the user is not authenticated. Just continue without a current_user.
|
|
|
|
|
end
|
|
|
|
|
}
|
2021-10-27 09:21:43 +00:00
|
|
|
|
|
|
|
|
def execute
|
2021-12-15 16:03:17 +00:00
|
|
|
if params[:_json]
|
|
|
|
|
return render json: multiplex
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
render json: single_query
|
2026-01-22 10:00:52 +00:00
|
|
|
rescue GraphqlValidations::Error => e
|
2026-04-22 15:23:21 +00:00
|
|
|
render json: { errors: [{ message: e.message }] }, status: :unprocessable_content
|
2021-10-27 09:21:43 +00:00
|
|
|
rescue => e
|
|
|
|
|
raise e if !Rails.env.development?
|
|
|
|
|
|
|
|
|
|
handle_error_in_development(e)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
private
|
|
|
|
|
|
2021-12-15 16:03:17 +00:00
|
|
|
def multiplex
|
|
|
|
|
queries = params[:_json].map do |param|
|
|
|
|
|
{
|
|
|
|
|
query: param[:query],
|
|
|
|
|
operation_name: param[:operationName],
|
|
|
|
|
variables: prepare_variables(param[:variables]),
|
|
|
|
|
context: context
|
|
|
|
|
}
|
|
|
|
|
end
|
|
|
|
|
Gql::ZammadSchema.multiplex(queries)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def single_query
|
|
|
|
|
query = params[:query]
|
|
|
|
|
variables = prepare_variables(params[:variables])
|
|
|
|
|
operation_name = params[:operation_name]
|
|
|
|
|
|
|
|
|
|
Gql::ZammadSchema.execute(query, variables: variables, context: context, operation_name: operation_name)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def context
|
|
|
|
|
# context must be kept in sync with GraphqlChannel!
|
|
|
|
|
{
|
2025-01-24 08:08:23 +00:00
|
|
|
sid: session.id,
|
|
|
|
|
current_user: current_user,
|
|
|
|
|
current_user_id: current_user&.id,
|
2021-12-15 16:03:17 +00:00
|
|
|
# :controller is used by login/logout mutations and MUST NOT be used otherwise.
|
2025-01-24 08:08:23 +00:00
|
|
|
controller: self,
|
2021-12-15 16:03:17 +00:00
|
|
|
}
|
|
|
|
|
end
|
|
|
|
|
|
2021-10-27 09:21:43 +00:00
|
|
|
# Handle variables in form data, JSON body, or a blank value
|
|
|
|
|
def prepare_variables(variables_param)
|
|
|
|
|
case variables_param
|
|
|
|
|
when String
|
|
|
|
|
if variables_param.present?
|
|
|
|
|
JSON.parse(variables_param) || {}
|
|
|
|
|
else
|
|
|
|
|
{}
|
|
|
|
|
end
|
|
|
|
|
when Hash
|
|
|
|
|
variables_param
|
|
|
|
|
when ActionController::Parameters
|
|
|
|
|
variables_param.to_unsafe_hash # GraphQL-Ruby will validate name and type of incoming variables.
|
|
|
|
|
when nil
|
|
|
|
|
{}
|
|
|
|
|
else
|
|
|
|
|
raise ArgumentError, "Unexpected parameter: #{variables_param}"
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def handle_error_in_development(e)
|
|
|
|
|
logger.error e.message
|
|
|
|
|
logger.error e.backtrace.join("\n")
|
|
|
|
|
|
|
|
|
|
render json: { errors: [{ message: e.message, backtrace: e.backtrace }], data: {} }, status: :internal_server_error
|
|
|
|
|
end
|
|
|
|
|
end
|
