Skip to content

Commit

Permalink
feat(audits): Notices section for optional recommendations (#76)
Browse files Browse the repository at this point in the history
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
  • Loading branch information
enisdenjo and github-actions[bot] authored Apr 12, 2023
1 parent 8cd7dfb commit b8bdc71
Show file tree
Hide file tree
Showing 33 changed files with 6,517 additions and 140 deletions.
2 changes: 1 addition & 1 deletion docs/interfaces/audits_common.AuditFail.md
Original file line number Diff line number Diff line change
Expand Up @@ -52,4 +52,4 @@ ___

### status

**status**: ``"warn"`` \| ``"error"``
**status**: ``"notice"`` \| ``"warn"`` \| ``"error"``
9 changes: 6 additions & 3 deletions docs/modules/handler.md
Original file line number Diff line number Diff line change
Expand Up @@ -252,14 +252,17 @@ Creates an appropriate GraphQL over HTTP response following the provided argumen

If the first argument is an `ExecutionResult`, the operation will be treated as "successful".

If the first argument is _any_ object without the `data` field, it will be treated as an error (as per the spec)
and the response will be constructed with the help of `acceptedMediaType` complying with the GraphQL over HTTP spec.
If the first argument is (an array of) `GraphQLError`, or an `ExecutionResult` without the `data` field, it will be treated
the response will be constructed with the help of `acceptedMediaType` complying with the GraphQL over HTTP spec.

If the first argument is an `Error`, the operation will be treated as a bad request responding with `400: Bad Request` and the
error will be present in the `ExecutionResult` style.

#### Parameters

| Name | Type |
| :------ | :------ |
| `resultOrErrors` | readonly `GraphQLError`[] \| `Readonly`<`ExecutionResult`<`ObjMap`<`unknown`\>, `ObjMap`<`unknown`\>\>\> \| `Readonly`<`GraphQLError`\> |
| `resultOrErrors` | readonly `GraphQLError`[] \| `Readonly`<`ExecutionResult`<`ObjMap`<`unknown`\>, `ObjMap`<`unknown`\>\>\> \| `Readonly`<`GraphQLError`\> \| `Readonly`<`Error`\> |
| `acceptedMediaType` | [`AcceptableMediaType`](handler.md#acceptablemediatype) |

#### Returns
Expand Down
39 changes: 34 additions & 5 deletions implementations/apollo-server/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,9 +3,10 @@
<h1>GraphQL over HTTP audit report</h1>

<ul>
<li><b>37</b> audits in total</li>
<li><span style="font-family: monospace">✅</span> <b>31</b> pass</li>
<li><span style="font-family: monospace">⚠️</span> <b>6</b> warnings (optional)</li>
<li><b>60</b> audits in total</li>
<li><span style="font-family: monospace">✅</span> <b>54</b> pass</li>
<li><span style="font-family: monospace">💡</span> <b>3</b> notices (suggestions)</li>
<li><span style="font-family: monospace">⚠️</span> <b>3</b> warnings (optional)</li>
</ul>

<h2>Passing</h2>
Expand All @@ -19,9 +20,20 @@
<li><code>78D5</code> MUST assume utf-8 in request if encoding is unspecified</li>
<li><code>2C94</code> MUST accept POST requests</li>
<li><code>9C48</code> MAY NOT allow executing mutations on GET requests</li>
<li><code>9ABE</code> MAY respond with 4xx status code if content-type is not supplied on POST requests</li>
<li><code>03D4</code> MUST accept application/json POST requests</li>
<li><code>A5BF</code> MAY use 400 status code when request body is missing on POST</li>
<li><code>423L</code> MAY use 400 status code on missing {query} parameter</li>
<li><code>LKJ0</code> MAY use 400 status code on object {query} parameter</li>
<li><code>LKJ1</code> MAY use 400 status code on number {query} parameter</li>
<li><code>LKJ2</code> MAY use 400 status code on boolean {query} parameter</li>
<li><code>LKJ3</code> MAY use 400 status code on array {query} parameter</li>
<li><code>34A2</code> SHOULD allow string {query} parameter when accepting application/graphql-response+json</li>
<li><code>13EE</code> MUST allow string {query} parameter when accepting application/json</li>
<li><code>6C00</code> MAY use 400 status code on object {operationName} parameter</li>
<li><code>6C01</code> MAY use 400 status code on number {operationName} parameter</li>
<li><code>6C02</code> MAY use 400 status code on boolean {operationName} parameter</li>
<li><code>6C03</code> MAY use 400 status code on array {operationName} parameter</li>
<li><code>8161</code> SHOULD allow string {operationName} parameter when accepting application/graphql-response+json</li>
<li><code>B8B3</code> MUST allow string {operationName} parameter when accepting application/json</li>
<li><code>94B0</code> SHOULD allow null {variables} parameter when accepting application/graphql-response+json</li>
Expand All @@ -30,10 +42,22 @@
<li><code>0221</code> MUST allow null {operationName} parameter when accepting application/json</li>
<li><code>94B2</code> SHOULD allow null {extensions} parameter when accepting application/graphql-response+json</li>
<li><code>0222</code> MUST allow null {extensions} parameter when accepting application/json</li>
<li><code>4760</code> MAY use 400 status code on string {variables} parameter</li>
<li><code>4761</code> MAY use 400 status code on number {variables} parameter</li>
<li><code>4762</code> MAY use 400 status code on boolean {variables} parameter</li>
<li><code>4763</code> MAY use 400 status code on array {variables} parameter</li>
<li><code>2EA1</code> SHOULD allow map {variables} parameter when accepting application/graphql-response+json</li>
<li><code>28B9</code> MUST allow map {variables} parameter when accepting application/json</li>
<li><code>58B0</code> MAY use 400 status code on string {extensions} parameter</li>
<li><code>58B1</code> MAY use 400 status code on number {extensions} parameter</li>
<li><code>58B2</code> MAY use 400 status code on boolean {extensions} parameter</li>
<li><code>58B3</code> MAY use 400 status code on array {extensions} parameter</li>
<li><code>428F</code> SHOULD allow map {extensions} parameter when accepting application/graphql-response+json</li>
<li><code>1B7A</code> MUST allow map {extensions} parameter when accepting application/json</li>
<li><code>B6DC</code> MAY use 4xx or 5xx status codes on JSON parsing failure</li>
<li><code>BCF8</code> MAY use 400 status code on JSON parsing failure</li>
<li><code>8764</code> MAY use 4xx or 5xx status codes if parameters are invalid</li>
<li><code>3E3A</code> MAY use 400 status code if parameters are invalid</li>
<li><code>865D</code> SHOULD use 4xx or 5xx status codes on document parsing failure when accepting application/graphql-response+json</li>
<li><code>556A</code> SHOULD use 400 status code on document parsing failure when accepting application/graphql-response+json</li>
<li><code>D586</code> SHOULD not contain the data entry on document parsing failure when accepting application/graphql-response+json</li>
Expand All @@ -43,8 +67,8 @@
<li><code>86EE</code> SHOULD use a status code of 400 on variable coercion failure when accepting application/graphql-response+json</li>
</ol>

<h2>Warnings</h2>
The server <i>SHOULD</i> support these, but is not required.
<h2>Notices</h2>
The server <i>MAY</i> support these, but are truly optional. These are suggestions following recommended conventions.
<ol>
<li><code>5A70</code> MAY accept application/x-www-form-urlencoded formatted GET requests
<details>
Expand Down Expand Up @@ -160,6 +184,11 @@ The server <i>SHOULD</i> support these, but is not required.
</code></pre>
</details>
</li>
</ol>

<h2>Warnings</h2>
The server <i>SHOULD</i> support these, but is not required.
<ol>
<li><code>572B</code> SHOULD use 200 status code on document parsing failure when accepting application/json
<details>
<summary>Response status code is not 200</summary>
Expand Down
7 changes: 4 additions & 3 deletions implementations/apollo-server/report.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
{
"total": 37,
"ok": 31,
"warn": 6,
"total": 60,
"ok": 54,
"notice": 3,
"warn": 3,
"error": 0
}
Loading

0 comments on commit b8bdc71

Please sign in to comment.