From a0aefa74b416f0d9c1ebbf46e913c9d0b38dea94 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Marti=C5=A1ka?= Date: Tue, 21 Sep 2021 10:07:49 +0200 Subject: [PATCH] Correct handling of empty GraphQL requests --- .../SmallRyeGraphQLExecutionHandler.java | 22 ++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/extensions/smallrye-graphql/runtime/src/main/java/io/quarkus/smallrye/graphql/runtime/SmallRyeGraphQLExecutionHandler.java b/extensions/smallrye-graphql/runtime/src/main/java/io/quarkus/smallrye/graphql/runtime/SmallRyeGraphQLExecutionHandler.java index babd92de9a5c1..c7b47d902cf10 100644 --- a/extensions/smallrye-graphql/runtime/src/main/java/io/quarkus/smallrye/graphql/runtime/SmallRyeGraphQLExecutionHandler.java +++ b/extensions/smallrye-graphql/runtime/src/main/java/io/quarkus/smallrye/graphql/runtime/SmallRyeGraphQLExecutionHandler.java @@ -38,6 +38,7 @@ public class SmallRyeGraphQLExecutionHandler extends SmallRyeGraphQLAbstractHand + StandardCharsets.UTF_8.name(); private static final String DEFAULT_REQUEST_CONTENT_TYPE = "application/json; charset=" + StandardCharsets.UTF_8.name(); + private static final String MISSING_OPERATION = "Missing operation body"; public SmallRyeGraphQLExecutionHandler(boolean allowGet, boolean allowPostWithQueryParameters, CurrentIdentityAssociation currentIdentityAssociation, @@ -90,10 +91,22 @@ private void handlePost(HttpServerResponse response, RoutingContext ctx, String String postResponse; if (hasQueryParameters(ctx) && allowPostWithQueryParameters) { JsonObject jsonObjectFromQueryParameters = getJsonObjectFromQueryParameters(ctx); - JsonObject mergedJsonObject = Json.createMergePatch(jsonObjectFromQueryParameters).apply(jsonObjectFromBody) - .asJsonObject(); + JsonObject mergedJsonObject; + if (jsonObjectFromBody != null) { + mergedJsonObject = Json.createMergePatch(jsonObjectFromQueryParameters).apply(jsonObjectFromBody) + .asJsonObject(); + } else { + mergedJsonObject = jsonObjectFromQueryParameters; + } + if (!mergedJsonObject.containsKey(QUERY)) { + response.setStatusCode(400).end(MISSING_OPERATION); + } postResponse = doRequest(mergedJsonObject); } else { + if (jsonObjectFromBody == null) { + response.setStatusCode(400).end(MISSING_OPERATION); + return; + } postResponse = doRequest(jsonObjectFromBody); } response.setStatusCode(200).setStatusMessage(OK).end(Buffer.buffer(postResponse, requestedCharset)); @@ -114,7 +127,7 @@ private void handleGet(HttpServerResponse response, RoutingContext ctx, String r .end(Buffer.buffer(getResponse, requestedCharset)); } else { - response.setStatusCode(204).end(); + response.setStatusCode(400).end(MISSING_OPERATION); } } catch (UnsupportedEncodingException uee) { throw new RuntimeException(uee); @@ -170,6 +183,9 @@ private JsonObject getJsonObjectFromBody(RoutingContext ctx) throws IOException return input.build(); // Else we expect a Json in the content } else { + if (body == null || body.isEmpty()) { + return null; + } try (StringReader bodyReader = new StringReader(body); JsonReader jsonReader = jsonReaderFactory.createReader(bodyReader)) { return jsonReader.readObject();