docs(audits/server): add lighthouse implementation (#60)

Co-authored-by: enisdenjo <badurinadenis@gmail.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

README.md

@@ -788,6 +788,7 @@ Their compliance with the [GraphQL over HTTP spec](https://graphql.github.io/gra
 | [graphql-helix](https://www.graphql-helix.com) | [✅ Compliant](/implementations/graphql-helix/README.md) |
 | [graphql-yoga](https://www.the-guild.dev/graphql/yoga-server) | [✅ Compliant](/implementations/graphql-yoga/README.md) |
 | [hotchocolate](https://chillicream.com/docs/hotchocolate) | [✅ Compliant](/implementations/hotchocolate/README.md) |
+| [lighthouse](https://lighthouse-php.com) | [✅ Compliant](/implementations/lighthouse/README.md) |
 | [pioneer](https://pioneer.dexclaimation.com) | [✅ Compliant](/implementations/pioneer/README.md) |
 | [postgraphile](https://www.graphile.org/postgraphile) | [✅ Compliant](/implementations/postgraphile/README.md) |
 <!-- prettier-ignore-end -->

implementations/lighthouse/Dockerfile

@@ -0,0 +1,17 @@
+FROM php:8.1-cli
+
+WORKDIR /app
+
+COPY --from=composer /usr/bin/composer /usr/bin/composer
+
+RUN apt-get update && \
+    apt-get install --yes \
+        git \
+        libzip-dev \
+        zip \
+    && docker-php-ext-install \
+        zip \
+    && rm -rf /var/lib/apt/lists/*
+RUN composer create-project laravel/laravel /app
+RUN composer require nuwave/lighthouse
+RUN php artisan vendor:publish --tag=lighthouse-schema

implementations/lighthouse/README.md

@@ -0,0 +1,282 @@
+<i>* This report was auto-generated by graphql-http</i>
+
+<h1>GraphQL over HTTP audit report</h1>
+
+<ul>
+<li><b>37</b> audits in total</li>
+<li><span style="font-family: monospace">✅</span> <b>30</b> pass</li>
+<li><span style="font-family: monospace">⚠️</span> <b>7</b> warnings (optional)</li>
+</ul>
+
+<h2>Passing</h2>
+<ol>
+<li><code>4655</code> MUST accept application/json and match the content-type</li>
+<li><code>47DE</code> SHOULD accept */* and use application/json for the content-type</li>
+<li><code>80D8</code> SHOULD assume application/json content-type when accept is missing</li>
+<li><code>82A3</code> MUST use utf-8 encoding when responding</li>
+<li><code>BF61</code> MUST accept utf-8 encoded request</li>
+<li><code>78D5</code> MUST assume utf-8 in request if encoding is unspecified</li>
+<li><code>2C94</code> MUST accept POST requests</li>
+<li><code>5A70</code> MAY accept application/x-www-form-urlencoded formatted GET requests</li>
+<li><code>03D4</code> MUST accept application/json POST requests</li>
+<li><code>34A2</code> SHOULD allow string {query} parameter when accepting application/graphql-response+json</li>
+<li><code>13EE</code> MUST allow string {query} parameter when accepting application/json</li>
+<li><code>8161</code> SHOULD allow string {operationName} parameter when accepting application/graphql-response+json</li>
+<li><code>B8B3</code> MUST allow string {operationName} parameter when accepting application/json</li>
+<li><code>94B0</code> SHOULD allow null {variables} parameter when accepting application/graphql-response+json</li>
+<li><code>0220</code> MUST allow null {variables} parameter when accepting application/json</li>
+<li><code>94B1</code> SHOULD allow null {operationName} parameter when accepting application/graphql-response+json</li>
+<li><code>0221</code> MUST allow null {operationName} parameter when accepting application/json</li>
+<li><code>94B2</code> SHOULD allow null {extensions} parameter when accepting application/graphql-response+json</li>
+<li><code>0222</code> MUST allow null {extensions} parameter when accepting application/json</li>
+<li><code>2EA1</code> SHOULD allow map {variables} parameter when accepting application/graphql-response+json</li>
+<li><code>28B9</code> MUST allow map {variables} parameter when accepting application/json</li>
+<li><code>D6D5</code> MAY allow URL-encoded JSON string {variables} parameter in GETs when accepting application/graphql-response+json</li>
+<li><code>6A70</code> MAY allow URL-encoded JSON string {variables} parameter in GETs when accepting application/json</li>
+<li><code>428F</code> SHOULD allow map {extensions} parameter when accepting application/graphql-response+json</li>
+<li><code>1B7A</code> MUST allow map {extensions} parameter when accepting application/json</li>
+<li><code>572B</code> SHOULD use 200 status code on document parsing failure when accepting application/json</li>
+<li><code>FDE2</code> SHOULD use 200 status code on document validation failure when accepting application/json</li>
+<li><code>7B9B</code> SHOULD use a status code of 200 on variable coercion failure when accepting application/json</li>
+<li><code>D586</code> SHOULD not contain the data entry on document parsing failure when accepting application/graphql-response+json</li>
+<li><code>5E5B</code> SHOULD not contain the data entry on document validation failure when accepting application/graphql-response+json</li>
+</ol>
+
+<h2>Warnings</h2>
+The server <i>SHOULD</i> support these, but is not required.
+<ol>
+<li><code>22EB</code> SHOULD accept application/graphql-response+json and match the content-type
+<details>
+<summary>Response header content-type does not contain application/graphql-response+json</summary>
+<pre><code class="lang-json">{
+  "statusText": "OK",
+  "status": 200,
+  "headers": {
+    "x-powered-by": "PHP/8.1.17",
+    "host": "localhost:4000",
+    "date": "<timestamp>",
+    "content-type": "application/json",
+    "connection": "close",
+    "cache-control": "no-cache, private"
+  },
+  "body": {
+    "data": {
+      "__typename": "Query"
+    }
+  }
+}
+</code></pre>
+</details>
+</li>
+<li><code>9C48</code> MAY NOT allow executing mutations on GET requests
+<details>
+<summary>Response status is not between 400 and 499</summary>
+<pre><code class="lang-json">{
+  "statusText": "OK",
+  "status": 200,
+  "headers": {
+    "x-powered-by": "PHP/8.1.17",
+    "host": "localhost:4000",
+    "date": "<timestamp>",
+    "content-type": "application/json",
+    "connection": "close",
+    "cache-control": "no-cache, private"
+  },
+  "body": {
+    "errors": [
+      {
+        "message": "Schema is not configured for mutations.",
+        "locations": [
+          {
+            "line": 1,
+            "column": 1
+          }
+        ],
+        "extensions": {
+          "line": 350,
+          "file": "/app/vendor/webonyx/graphql-php/src/Executor/ReferenceExecutor.php"
+        }
+      }
+    ]
+  }
+}
+</code></pre>
+</details>
+</li>
+<li><code>865D</code> SHOULD use 4xx or 5xx status codes on document parsing failure when accepting application/graphql-response+json
+<details>
+<summary>Response status is not between 400 and 599</summary>
+<pre><code class="lang-json">{
+  "statusText": "OK",
+  "status": 200,
+  "headers": {
+    "x-powered-by": "PHP/8.1.17",
+    "host": "localhost:4000",
+    "date": "<timestamp>",
+    "content-type": "application/json",
+    "connection": "close",
+    "cache-control": "no-cache, private"
+  },
+  "body": {
+    "errors": [
+      {
+        "message": "Syntax Error: Expected Name, found <EOF>",
+        "locations": [
+          {
+            "line": 1,
+            "column": 2
+          }
+        ],
+        "extensions": {
+          "line": 383,
+          "file": "/app/vendor/webonyx/graphql-php/src/Language/Parser.php"
+        }
+      }
+    ]
+  }
+}
+</code></pre>
+</details>
+</li>
+<li><code>556A</code> SHOULD use 400 status code on document parsing failure when accepting application/graphql-response+json
+<details>
+<summary>Response status code is not 400</summary>
+<pre><code class="lang-json">{
+  "statusText": "OK",
+  "status": 200,
+  "headers": {
+    "x-powered-by": "PHP/8.1.17",
+    "host": "localhost:4000",
+    "date": "<timestamp>",
+    "content-type": "application/json",
+    "connection": "close",
+    "cache-control": "no-cache, private"
+  },
+  "body": {
+    "errors": [
+      {
+        "message": "Syntax Error: Expected Name, found <EOF>",
+        "locations": [
+          {
+            "line": 1,
+            "column": 2
+          }
+        ],
+        "extensions": {
+          "line": 383,
+          "file": "/app/vendor/webonyx/graphql-php/src/Language/Parser.php"
+        }
+      }
+    ]
+  }
+}
+</code></pre>
+</details>
+</li>
+<li><code>51FE</code> SHOULD use 4xx or 5xx status codes on document validation failure when accepting application/graphql-response+json
+<details>
+<summary>Response status is not between 400 and 599</summary>
+<pre><code class="lang-json">{
+  "statusText": "OK",
+  "status": 200,
+  "headers": {
+    "x-powered-by": "PHP/8.1.17",
+    "host": "localhost:4000",
+    "date": "<timestamp>",
+    "content-type": "application/json",
+    "connection": "close",
+    "cache-control": "no-cache, private"
+  },
+  "body": {
+    "errors": [
+      {
+        "message": "Syntax Error: Expected Name, found Int \"8\"",
+        "locations": [
+          {
+            "line": 1,
+            "column": 3
+          }
+        ],
+        "extensions": {
+          "line": 383,
+          "file": "/app/vendor/webonyx/graphql-php/src/Language/Parser.php"
+        }
+      }
+    ]
+  }
+}
+</code></pre>
+</details>
+</li>
+<li><code>74FF</code> SHOULD use 400 status code on document validation failure when accepting application/graphql-response+json
+<details>
+<summary>Response status code is not 400</summary>
+<pre><code class="lang-json">{
+  "statusText": "OK",
+  "status": 200,
+  "headers": {
+    "x-powered-by": "PHP/8.1.17",
+    "host": "localhost:4000",
+    "date": "<timestamp>",
+    "content-type": "application/json",
+    "connection": "close",
+    "cache-control": "no-cache, private"
+  },
+  "body": {
+    "errors": [
+      {
+        "message": "Syntax Error: Expected Name, found Int \"8\"",
+        "locations": [
+          {
+            "line": 1,
+            "column": 3
+          }
+        ],
+        "extensions": {
+          "line": 383,
+          "file": "/app/vendor/webonyx/graphql-php/src/Language/Parser.php"
+        }
+      }
+    ]
+  }
+}
+</code></pre>
+</details>
+</li>
+<li><code>86EE</code> SHOULD use a status code of 400 on variable coercion failure when accepting application/graphql-response+json
+<details>
+<summary>Response status code is not 400</summary>
+<pre><code class="lang-json">{
+  "statusText": "OK",
+  "status": 200,
+  "headers": {
+    "x-powered-by": "PHP/8.1.17",
+    "host": "localhost:4000",
+    "date": "<timestamp>",
+    "content-type": "application/json",
+    "connection": "close",
+    "cache-control": "no-cache, private"
+  },
+  "body": {
+    "errors": [
+      {
+        "message": "Variable \"$id\" is never used in operation \"CoerceFailure\".",
+        "locations": [
+          {
+            "line": 1,
+            "column": 21
+          }
+        ],
+        "extensions": {
+          "line": 41,
+          "file": "/app/vendor/webonyx/graphql-php/src/Validator/Rules/NoUnusedVariables.php"
+        }
+      }
+    ]
+  }
+}
+</code></pre>
+</details>
+</li>
+</ol>
+

implementations/lighthouse/docker-compose.yml

@@ -0,0 +1,12 @@
+services:
+  lighthouse:
+    build: .
+    environment:
+      - PORT=${PORT}
+    ports:
+      - ${PORT}:${PORT}
+    entrypoint: 'php artisan serve --host=0.0.0.0 --port=${PORT}'
+    healthcheck:
+      test: curl -f http://localhost:$$PORT/graphql?query=%7B__typename%7D || exit 1
+      interval: 3s
+      timeout: 1s

implementations/lighthouse/package.json

@@ -0,0 +1,9 @@
+{
+  "private": true,
+  "name": "lighthouse",
+  "url": "https://lighthouse-php.com",
+  "packageManager": "yarn@3.2.3",
+  "scripts": {
+    "start": "docker compose up"
+  }
+}

implementations/lighthouse/report.json

@@ -0,0 +1,6 @@
+{
+  "total": 37,
+  "ok": 30,
+  "warn": 7,
+  "error": 0
+}

yarn.lock

@@ -9311,6 +9311,12 @@ __metadata:
   languageName: node
   linkType: hard
 
+"lighthouse@workspace:implementations/lighthouse":
+  version: 0.0.0-use.local
+  resolution: "lighthouse@workspace:implementations/lighthouse"
+  languageName: unknown
+  linkType: soft
+
 "lines-and-columns@npm:^1.1.6":
   version: 1.2.4
   resolution: "lines-and-columns@npm:1.2.4"