cturan
/
vendure
mirror of https://github.com/vendure-ecommerce/vendure


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147
							import { CallHandler, ExecutionContext, Injectable, NestInterceptor } from '@nestjs/common';
import { GqlExecutionContext } from '@nestjs/graphql';
import { LanguageCode } from '@vendure/common/lib/generated-types';
import { assertNever } from '@vendure/common/lib/shared-utils';
import {
    DefinitionNode,
    GraphQLInputType,
    GraphQLList,
    GraphQLNonNull,
    GraphQLResolveInfo,
    GraphQLSchema,
    OperationDefinitionNode,
    TypeNode,
} from 'graphql';

import { UserInputError } from '../../common/error/errors';
import { ConfigService } from '../../config/config.service';
import {
    CustomFieldConfig,
    CustomFields,
    LocaleStringCustomFieldConfig,
    StringCustomFieldConfig,
} from '../../config/custom-field/custom-field-types';
import { parseContext } from '../common/parse-context';
import { RequestContext } from '../common/request-context';
import { REQUEST_CONTEXT_KEY } from '../common/request-context.service';
import { validateCustomFieldValue } from '../common/validate-custom-field-value';

/**
 * This interceptor is responsible for enforcing the validation constraints defined for any CustomFields.
 * For example, if a custom 'int' field has a "min" value of 0, and a mutation attempts to set its value
 * to a negative integer, then that mutation will fail with an error.
 */
@Injectable()
export class ValidateCustomFieldsInterceptor implements NestInterceptor {
    private readonly inputsWithCustomFields: Set<string>;

    constructor(private configService: ConfigService) {
        this.inputsWithCustomFields = Object.keys(configService.customFields).reduce((inputs, entityName) => {
            inputs.add(`Create${entityName}Input`);
            inputs.add(`Update${entityName}Input`);
            return inputs;
        }, new Set<string>());
    }

    intercept(context: ExecutionContext, next: CallHandler<any>) {
        const { isGraphQL } = parseContext(context);
        if (isGraphQL) {
            const gqlExecutionContext = GqlExecutionContext.create(context);
            const { operation, schema } = gqlExecutionContext.getInfo<GraphQLResolveInfo>();
            const variables = gqlExecutionContext.getArgs();
            const ctx: RequestContext = gqlExecutionContext.getContext().req[REQUEST_CONTEXT_KEY];

            if (operation.operation === 'mutation') {
                const inputTypeNames = this.getArgumentMap(operation, schema);
                Object.entries(inputTypeNames).forEach(([inputName, typeName]) => {
                    if (this.inputsWithCustomFields.has(typeName)) {
                        if (variables[inputName]) {
                            this.validateInput(typeName, ctx.languageCode, variables[inputName]);
                        }
                    }
                });
            }
        }
        return next.handle();
    }

    private validateInput(
        typeName: string,
        languageCode: LanguageCode,
        variableValues?: { [key: string]: any },
    ) {
        if (variableValues) {
            const entityName = typeName.replace(/(Create|Update)(.+)Input/, '$2');
            const customFieldConfig = this.configService.customFields[entityName as keyof CustomFields];

            if (variableValues.customFields) {
                this.validateCustomFieldsObject(customFieldConfig, languageCode, variableValues.customFields);
            }
            const translations = variableValues.translations;
            if (Array.isArray(translations)) {
                for (const translation of translations) {
                    if (translation.customFields) {
                        this.validateCustomFieldsObject(
                            customFieldConfig,
                            languageCode,
                            translation.customFields,
                        );
                    }
                }
            }
        }
    }

    private validateCustomFieldsObject(
        customFieldConfig: CustomFieldConfig[],
        languageCode: LanguageCode,
        customFieldsObject: { [key: string]: any },
    ) {
        for (const [key, value] of Object.entries(customFieldsObject)) {
            const config = customFieldConfig.find(c => c.name === key);
            if (config) {
                validateCustomFieldValue(config, value, languageCode);
            }
        }
    }

    private getArgumentMap(
        operation: OperationDefinitionNode,
        schema: GraphQLSchema,
    ): { [inputName: string]: string } {
        const mutationType = schema.getMutationType();
        if (!mutationType) {
            return {};
        }
        const map: { [inputName: string]: string } = {};

        for (const selection of operation.selectionSet.selections) {
            if (selection.kind === 'Field') {
                const name = selection.name.value;
                const inputType = mutationType.getFields()[name];
                for (const arg of inputType.args) {
                    map[arg.name] = this.getInputTypeName(arg.type);
                }
            }
        }
        return map;
    }

    private getNamedTypeName(type: TypeNode): string {
        if (type.kind === 'NonNullType' || type.kind === 'ListType') {
            return this.getNamedTypeName(type.type);
        } else {
            return type.name.value;
        }
    }

    private getInputTypeName(type: GraphQLInputType): string {
        if (type instanceof GraphQLNonNull) {
            return this.getInputTypeName(type.ofType);
        }
        if (type instanceof GraphQLList) {
            return this.getInputTypeName(type.ofType);
        }
        return type.name;
    }
}