feat(GraphQL): Add GraphQL schema validation Endpoint.

dgraph/cmd/alpha/run.go

@@ -497,6 +497,29 @@ func setupServer(closer *y.Closer) {
 		adminSchemaHandler(w, r, adminServer)
 	})))
 
+	http.Handle("/admin/schema/validate", http.HandlerFunc(func(w http.ResponseWriter,
+		r *http.Request) {
+		schema := readRequest(w, r)
+		if schema == nil {
+			w.WriteHeader(http.StatusOK)
+			return
+		}
+
+		w.Header().Set("Content-Type", "application/json")
+
+		err := admin.SchemaValidate(string(schema))
+		if err != nil {
+			w.WriteHeader(http.StatusBadRequest)
+			// There could be multiple errors, so replace the newline with whitespace since the newline is an
+			// invalid JSON character.
+			errStr := strings.ReplaceAll(err.Error(), "\n", " ")
+			x.Check2(w.Write([]byte(fmt.Sprintf(`{"status":"invalid", "error" : "%s"}`, errStr))))
+			return
+		}
+		w.WriteHeader(http.StatusOK)
+		x.Check2(w.Write([]byte(`{"status":"valid"}`)))
+	}))
+
 	http.Handle("/admin/shutdown", allowedMethodsHandler(allowedMethods{http.MethodGet: true},
 		adminAuthHandler(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 			shutDownHandler(w, r, adminServer)

graphql/admin/admin.go

@@ -353,6 +353,18 @@ var (
 	mainHealthStore = &GraphQLHealthStore{}
 )
 
+func SchemaValidate(sch string) error {
+	schHandler, err := schema.NewHandler(sch, true)
+	if err != nil {
+		return err
+	}
+
+	if _, err := schema.FromString(schHandler.GQLSchema()); err != nil {
+		return err
+	}
+	return nil
+}
+
 // GraphQLHealth is used to report the health status of a GraphQL server.
 // It is required for kubernetes probing.
 type GraphQLHealth struct {
@@ -583,7 +595,7 @@ func getCurrentGraphQLSchema() (*gqlSchema, error) {
 }
 
 func generateGQLSchema(sch *gqlSchema) (schema.Schema, error) {
-	schHandler, err := schema.NewHandler(sch.Schema)
+	schHandler, err := schema.NewHandler(sch.Schema, false)
 	if err != nil {
 		return nil, err
 	}

graphql/admin/schema.go

@@ -49,7 +49,7 @@ func resolveUpdateGQLSchema(ctx context.Context, m schema.Mutation) (*resolve.Re
 		return resolve.EmptyResult(m, err), false
 	}
 
-	schHandler, err := schema.NewHandler(input.Set.Schema)
+	schHandler, err := schema.NewHandler(input.Set.Schema, false)
 	if err != nil {
 		return resolve.EmptyResult(m, err), false
 	}

graphql/authorization/auth.go

@@ -26,6 +26,7 @@ import (
 	"net/http"
 	"regexp"
 	"strings"
+	"sync"
 
 	"github.com/vektah/gqlparser/v2/gqlerror"
 
@@ -46,7 +47,7 @@ const (
 )
 
 var (
-	metainfo AuthMeta
+	authMeta AuthMeta
 )
 
 type AuthMeta struct {
@@ -56,6 +57,7 @@ type AuthMeta struct {
 	Namespace       string
 	Algo            string
 	Audience        []string
+	sync.RWMutex
 }
 
 // Validate required fields.
@@ -135,37 +137,54 @@ func Parse(schema string) (AuthMeta, error) {
 	return meta, nil
 }
 
-func ParseAuthMeta(schema string) error {
-	var err error
-	metainfo, err = Parse(schema)
+func ParseAuthMeta(schema string) (*AuthMeta, error) {
+	metaInfo, err := Parse(schema)
 	if err != nil {
-		return err
+		return nil, err
 	}
 
-	if metainfo.Algo != RSA256 {
-		return err
+	if metaInfo.Algo != RSA256 {
+		return nil, err
 	}
 
 	// The jwt library internally uses `bytes.IndexByte(data, '\n')` to fetch new line and fails
 	// if we have newline "\n" as ASCII value {92,110} instead of the actual ASCII value of 10.
 	// To fix this we replace "\n" with new line's ASCII value.
-	bytekey := bytes.ReplaceAll([]byte(metainfo.VerificationKey), []byte{92, 110}, []byte{10})
+	bytekey := bytes.ReplaceAll([]byte(metaInfo.VerificationKey), []byte{92, 110}, []byte{10})
 
-	metainfo.RSAPublicKey, err = jwt.ParseRSAPublicKeyFromPEM(bytekey)
-	return err
+	if metaInfo.RSAPublicKey, err = jwt.ParseRSAPublicKeyFromPEM(bytekey); err != nil {
+		return nil, err
+	}
+	return &metaInfo, nil
 }
 
 func GetHeader() string {
-	return metainfo.Header
+	authMeta.RLock()
+	defer authMeta.RUnlock()
+	return authMeta.Header
 }
 
 func GetAuthMeta() AuthMeta {
-	return metainfo
+	authMeta.RLock()
+	defer authMeta.RUnlock()
+	return authMeta
+}
+
+func SetAuthMeta(m AuthMeta) {
+	authMeta.Lock()
+	defer authMeta.Unlock()
+
+	authMeta.VerificationKey = m.VerificationKey
+	authMeta.RSAPublicKey = m.RSAPublicKey
+	authMeta.Header = m.Header
+	authMeta.Namespace = m.Namespace
+	authMeta.Algo = m.Algo
+	authMeta.Audience = m.Audience
 }
 
 // AttachAuthorizationJwt adds any incoming JWT authorization data into the grpc context metadata.
 func AttachAuthorizationJwt(ctx context.Context, r *http.Request) context.Context {
-	authorizationJwt := r.Header.Get(metainfo.Header)
+	authorizationJwt := r.Header.Get(authMeta.Header)
 	if authorizationJwt == "" {
 		return ctx
 	}
@@ -197,7 +216,7 @@ func (c *CustomClaims) UnmarshalJSON(data []byte) error {
 	}
 
 	// Unmarshal the auth variables for a particular namespace.
-	if authValue, ok := result[metainfo.Namespace]; ok {
+	if authValue, ok := result[authMeta.Namespace]; ok {
 		if authJson, ok := authValue.(string); ok {
 			if err := json.Unmarshal([]byte(authJson), &c.AuthVariables); err != nil {
 				return err
@@ -216,13 +235,13 @@ func (c *CustomClaims) validateAudience() error {
 	}
 
 	// If there is an audience claim, but no value provided, fail
-	if metainfo.Audience == nil {
+	if authMeta.Audience == nil {
 		return fmt.Errorf("audience value was expected but not provided")
 	}
 
 	var match = false
 	for _, audStr := range c.Audience {
-		for _, expectedAudStr := range metainfo.Audience {
+		for _, expectedAudStr := range authMeta.Audience {
 			if subtle.ConstantTimeCompare([]byte(audStr), []byte(expectedAudStr)) == 1 {
 				match = true
 				break
@@ -252,7 +271,10 @@ func ExtractCustomClaims(ctx context.Context) (*CustomClaims, error) {
 }
 
 func validateJWTCustomClaims(jwtStr string) (*CustomClaims, error) {
-	if metainfo.Algo == "" {
+	authMeta.RLock()
+	defer authMeta.RUnlock()
+
+	if authMeta.Algo == "" {
 		return nil, fmt.Errorf(
 			"jwt token cannot be validated because verification algorithm is not set")
 	}
@@ -263,17 +285,17 @@ func validateJWTCustomClaims(jwtStr string) (*CustomClaims, error) {
 	token, err :=
 		jwt.ParseWithClaims(jwtStr, &CustomClaims{}, func(token *jwt.Token) (interface{}, error) {
 			algo, _ := token.Header["alg"].(string)
-			if algo != metainfo.Algo {
+			if algo != authMeta.Algo {
 				return nil, errors.Errorf("unexpected signing method: Expected %s Found %s",
-					metainfo.Algo, algo)
+					authMeta.Algo, algo)
 			}
 			if algo == HMAC256 {
 				if _, ok := token.Method.(*jwt.SigningMethodHMAC); ok {
-					return []byte(metainfo.VerificationKey), nil
+					return []byte(authMeta.VerificationKey), nil
 				}
 			} else if algo == RSA256 {
 				if _, ok := token.Method.(*jwt.SigningMethodRSA); ok {
-					return metainfo.RSAPublicKey, nil
+					return authMeta.RSAPublicKey, nil
 				}
 			}
 			return nil, errors.Errorf("couldn't parse signing method from token header: %s", algo)

graphql/bench/auth_test.go

@@ -47,6 +47,7 @@ func getAuthMeta(schema string) *testutil.AuthMeta {
 	if err != nil {
 		panic(err)
 	}
+	authorization.SetAuthMeta(authMeta)
 
 	return &testutil.AuthMeta{
 		PublicKey: authMeta.VerificationKey,

graphql/e2e/auth/auth_test.go

@@ -1260,6 +1260,7 @@ func TestMain(m *testing.M) {
 		if err != nil {
 			panic(err)
 		}
+		authorization.SetAuthMeta(authMeta)
 
 		metaInfo = &testutil.AuthMeta{
 			PublicKey: authMeta.VerificationKey,

graphql/e2e/common/common.go

@@ -37,8 +37,8 @@ import (
 )
 
 const (
-	graphqlURL      = "http://localhost:8180/graphql"
-	graphqlAdminURL = "http://localhost:8180/admin"
+	GraphqlURL      = "http://localhost:8180/graphql"
+	GraphqlAdminURL = "http://localhost:8180/admin"
 	AlphagRPC       = "localhost:9180"
 
 	adminDgraphHealthURL           = "http://localhost:8280/health?all"
@@ -173,7 +173,7 @@ type student struct {
 }
 
 func BootstrapServer(schema, data []byte) {
-	err := checkGraphQLStarted(graphqlAdminURL)
+	err := checkGraphQLStarted(GraphqlAdminURL)
 	if err != nil {
 		x.Panic(errors.Errorf(
 			"Waited for GraphQL test server to become available, but it never did.\n"+
@@ -195,7 +195,7 @@ func BootstrapServer(schema, data []byte) {
 	}
 	client := dgo.NewDgraphClient(api.NewDgraphClient(d))
 
-	err = addSchema(graphqlAdminURL, string(schema))
+	err = addSchema(GraphqlAdminURL, string(schema))
 	if err != nil {
 		x.Panic(err)
 	}
@@ -371,7 +371,7 @@ func gzipCompressionHeader(t *testing.T) {
 		}`,
 	}
 
-	req, err := queryCountry.createGQLPost(graphqlURL)
+	req, err := queryCountry.createGQLPost(GraphqlURL)
 	require.NoError(t, err)
 
 	req.Header.Set("Content-Encoding", "gzip")
@@ -398,7 +398,7 @@ func gzipCompressionNoHeader(t *testing.T) {
 		gzipEncoding: true,
 	}
 
-	req, err := queryCountry.createGQLPost(graphqlURL)
+	req, err := queryCountry.createGQLPost(GraphqlURL)
 	require.NoError(t, err)
 
 	req.Header.Del("Content-Encoding")
@@ -424,7 +424,7 @@ func getQueryEmptyVariable(t *testing.T) {
 			}
 		}`,
 	}
-	req, err := queryCountry.createGQLGet(graphqlURL)
+	req, err := queryCountry.createGQLGet(GraphqlURL)
 	require.NoError(t, err)
 
 	q := req.URL.Query()
@@ -634,7 +634,7 @@ func allCountriesAdded() ([]*country, error) {
 		return nil, errors.Wrap(err, "unable to build GraphQL query")
 	}
 
-	req, err := http.NewRequest("POST", graphqlURL, bytes.NewBuffer(body))
+	req, err := http.NewRequest("POST", GraphqlURL, bytes.NewBuffer(body))
 	if err != nil {
 		return nil, errors.Wrap(err, "unable to build GraphQL request")
 	}

graphql/e2e/common/error.go

@@ -78,7 +78,7 @@ func graphQLCompletionOn(t *testing.T) {
 			}
 
 			// Check that the error is valid
-			gqlResponse := queryCountry.ExecuteAsPost(t, graphqlURL)
+			gqlResponse := queryCountry.ExecuteAsPost(t, GraphqlURL)
 			require.NotNil(t, gqlResponse.Errors)
 			require.Equal(t, 1, len(gqlResponse.Errors))
 			require.Contains(t, gqlResponse.Errors[0].Error(),
@@ -166,7 +166,7 @@ func deepMutationErrors(t *testing.T) {
 				},
 			}
 
-			gqlResponse := executeRequest(t, graphqlURL, updateCountryParams)
+			gqlResponse := executeRequest(t, GraphqlURL, updateCountryParams)
 			require.NotNil(t, gqlResponse.Errors)
 			require.Equal(t, 1, len(gqlResponse.Errors))
 			require.EqualError(t, gqlResponse.Errors[0], tcase.exp)
@@ -192,7 +192,7 @@ func requestValidationErrors(t *testing.T) {
 				Query:     tcase.GQLRequest,
 				Variables: tcase.variables,
 			}
-			gqlResponse := test.ExecuteAsPost(t, graphqlURL)
+			gqlResponse := test.ExecuteAsPost(t, GraphqlURL)
 
 			require.Nil(t, gqlResponse.Data)
 			if diff := cmp.Diff(tcase.Errors, gqlResponse.Errors); diff != "" {

graphql/e2e/common/fragment.go

@@ -31,7 +31,7 @@ func fragmentInMutation(t *testing.T) {
 		}},
 	}
 
-	gqlResponse := addStarshipParams.ExecuteAsPost(t, graphqlURL)
+	gqlResponse := addStarshipParams.ExecuteAsPost(t, GraphqlURL)
 	RequireNoGQLErrors(t, gqlResponse)
 
 	addStarshipExpected := fmt.Sprintf(`{"addStarship":{
@@ -83,7 +83,7 @@ func fragmentInQuery(t *testing.T) {
 		},
 	}
 
-	gqlResponse := queryStarshipParams.ExecuteAsPost(t, graphqlURL)
+	gqlResponse := queryStarshipParams.ExecuteAsPost(t, GraphqlURL)
 	RequireNoGQLErrors(t, gqlResponse)
 
 	queryStarshipExpected := fmt.Sprintf(`
@@ -152,7 +152,7 @@ func fragmentInQueryOnInterface(t *testing.T) {
 		`,
 	}
 
-	gqlResponse := queryCharacterParams.ExecuteAsPost(t, graphqlURL)
+	gqlResponse := queryCharacterParams.ExecuteAsPost(t, GraphqlURL)
 	RequireNoGQLErrors(t, gqlResponse)
 
 	queryCharacterExpected := fmt.Sprintf(`
@@ -227,7 +227,7 @@ func fragmentInQueryOnObject(t *testing.T) {
 		`,
 	}
 
-	gqlResponse := queryHumanParams.ExecuteAsPost(t, graphqlURL)
+	gqlResponse := queryHumanParams.ExecuteAsPost(t, GraphqlURL)
 	RequireNoGQLErrors(t, gqlResponse)
 
 	queryCharacterExpected := fmt.Sprintf(`