Comments (13)
iki
commented on May 8, 2024
2
Actually, GraphQL specifies passing errors via errors field in the response and not using application transport protocol level, which may or may not be HTTP.
This concept can be simplified as always send 200 with graphql json response, or 500 if server blows up and is shared for example by facebook relay, graphcool, apollo-server, and graphene on server side, and expected for example by apollo-client on client-side.
Sending other error codes with graphql json response may result in graphql clients assuming server error and not trying to parse json in body, so the passed errors field is lost and error is replaced with generic http status error. This happens e.g. with apollo-client.
It would be nice to either unify on single concept, or make it configurable.
Here, the forced 500 on missing data in response makes server to ignore any error status provided previously by user via ctx.throw(status, error). Imo it would help e.g. to only set the status to 500 if it wasn't set previously.
from koa-graphql.
kaareal
commented on May 8, 2024
1
after getting ready to write a test i noticed in your test files, there is already a test covering this
https://github.com/kaareal/koa-graphql/blob/master/src/__tests__/http-test.js#L905
so i am thinking this might be desired, though i don't understand the reasoning.
from koa-graphql.
miuan
commented on May 8, 2024
1
Hi all,
(not sure if I am in right tread)
I have some decorators for resolver as admin,owner,user example usage:
const UsersResolvers : IResolvers = {
Query : {
allUsers: protect.to.admin(allUsers),
User: protect.to.owner(User, protect.by.id),
},
Mutation : {
signIn: protect.to.public(signIn),
createUser: protect.to.admin(createUser),
updateUser: protect.to.owner(updateUser, protect.by.id),
}
admin for example looks like
const _admin = (protectedFn) => async (root, data, ctx) => {
// admin throw exception when is the loged user not admin
await adminCheck(ctx);
return await protectedFn(root, data, ctx);
}
but when exception happen, I do not return any data and code result.data == null in line https://github.com/chentsulin/koa-graphql/blob/master/src/index.js#L275 response with status 500 ( for me is ok:-) ) but the apollo-client and graphiql they always expect 200 and thats the problem...
so I would like ask if exist better way how to do protection in decorator, to have response status 200 and still tell the client, he is not allowed to these data?
from koa-graphql.
chentsulin
commented on May 8, 2024
You will get status 400 or 500 if error be thrown:
https://github.com/chentsulin/koa-graphql/blob/master/src/index.js#L198
https://github.com/chentsulin/koa-graphql/blob/master/src/index.js#L206
https://github.com/chentsulin/koa-graphql/blob/master/src/index.js#L244
https://github.com/chentsulin/koa-graphql/blob/master/src/index.js#L267
from koa-graphql.
kaareal
commented on May 8, 2024
I am seeing the same thing getting an response with { data: {...}, errors: [{...}] }
in both koa-graphql and express-graphql, with status code 200.
This seems to happen when there is a bug in the schema e.g. reference issues.
I am quite new to graphql and I am wondering if this is by design => that its correct to return 200 when some data could be delivered ?
I can write up test if that has any interest.
from koa-graphql.
chentsulin
commented on May 8, 2024
@kaareal It's great to have a reproduce example if you can write it up.
It's weird because only those four lines of code assign errors to the result, and they also assign 400, 500 status to the response:
https://github.com/chentsulin/koa-graphql/blob/master/src/index.js#L198-L199
https://github.com/chentsulin/koa-graphql/blob/master/src/index.js#L206-L207
https://github.com/chentsulin/koa-graphql/blob/master/src/index.js#L244-L245
https://github.com/chentsulin/koa-graphql/blob/master/src/index.js#L267-L268
from koa-graphql.
madole
commented on May 8, 2024
I'd like to understand the reasoning too, I'd prefer if any errors chucked a ~500/~400.
from koa-graphql.
chentsulin
commented on May 8, 2024
@leebyron @stubailo do you know the reason why we provide status 200 when error be thrown in schema?
from koa-graphql.
leebyron
commented on May 8, 2024
If any data exists, then 200 is appropriate. That is some errors were transient or partial and there is still data to be provided. If there is no data then an error code is appropriate, perhaps for a syntax error, validation error, or the rare query error which manages to bubble up and null out data
from koa-graphql.
stubailo
commented on May 8, 2024
At the end of the day the HTTP transport is not specified so can be application specific. It depends on what you are intending to use the http code for - is it caching? Displaying errors in the UI?
from koa-graphql.
kaareal
commented on May 8, 2024
Make sense. Thanks @leebyron, @chentsulin
I still not 100% sure why that unit test, doesn't return data:null => and therefor a http error, it seems to me there is no data in this example.
from koa-graphql.
felipap
commented on May 8, 2024
Any updates on this?
from koa-graphql.
chentsulin
commented on May 8, 2024
Now we have exactly same behavior copied from express-graphql and it seems to be spec-compliant. So I'm going to close this issue.
from koa-graphql.
Related Issues (20)
- Working with query in resolve() HOT 2
- Validation doens't check the variables HOT 3
- support fieldResolver HOT 1
- graphiql support for subscriptions endpoint HOT 6
- Impossible to access cookies within mutateAndGetPayload HOT 1
- GraphQL v14 support HOT 1
- 0.8.0 returns 500 on errors from GraphQLScalarType/parseValue HOT 1
- [flow] type error HOT 2
- Read response object after koa-graphql has run HOT 1
- Status of this Module? HOT 8
- formatError should be renamed to customFormatErrorFn
- Fix coverage reporting
- The graphiql property doesn't allow assigning any value with type other than a boolean (TypeScript). HOT 3
- The types of 'astNode.loc' are incompatible between these types
- Perform mutation on GET HOT 1
- Add graphql@15 as a valid peer dep HOT 1
- [question] Does this lib support subscription? HOT 2
- Versions 0.9.0 and 0.10.0 are not published HOT 5
- Support for experimental @defer & @stream
- Feature request: add option for context factory function HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from koa-graphql.