Require multipart content type for multipart requests (fix #76)

Author: oliemansm

build.gradle

@@ -70,6 +70,7 @@ apply plugin: 'biz.aQute.bnd.builder'
 apply plugin: 'com.jfrog.bintray'
 apply plugin: 'maven-publish'
 apply plugin: 'idea'
+apply plugin: 'maven'
 
 jar {
     manifest {

src/main/java/graphql/servlet/GraphQLServlet.java

@@ -3,11 +3,7 @@
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.fasterxml.jackson.core.JsonParser;
 import com.fasterxml.jackson.core.type.TypeReference;
-import com.fasterxml.jackson.databind.DeserializationContext;
-import com.fasterxml.jackson.databind.InjectableValues;
-import com.fasterxml.jackson.databind.JsonDeserializer;
-import com.fasterxml.jackson.databind.ObjectMapper;
-import com.fasterxml.jackson.databind.ObjectReader;
+import com.fasterxml.jackson.databind.*;
 import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
 import com.google.common.io.ByteStreams;
 import graphql.ExecutionInput;
@@ -29,23 +25,10 @@
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.Part;
-import java.io.BufferedInputStream;
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.Writer;
+import java.io.*;
 import java.security.AccessController;
 import java.security.PrivilegedAction;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.LinkedHashMap;
-import java.util.List;
-import java.util.Map;
-import java.util.Objects;
-import java.util.Optional;
+import java.util.*;
 import java.util.function.BiConsumer;
 import java.util.function.Consumer;
 import java.util.function.Function;
@@ -64,12 +47,17 @@ public abstract class GraphQLServlet extends HttpServlet implements Servlet, Gra
     public static final int STATUS_BAD_REQUEST = 400;
 
     protected abstract GraphQLSchemaProvider getSchemaProvider();
+
     protected abstract GraphQLContext createContext(Optional<HttpServletRequest> request, Optional<HttpServletResponse> response);
+
     protected abstract Object createRootObject(Optional<HttpServletRequest> request, Optional<HttpServletResponse> response);
+
     protected abstract ExecutionStrategyProvider getExecutionStrategyProvider();
+
     protected abstract Instrumentation getInstrumentation();
 
     protected abstract GraphQLErrorHandler getGraphQLErrorHandler();
+
     protected abstract PreparsedDocumentProvider getPreparsedDocumentProvider();
 
     private final LazyObjectMapperBuilder lazyObjectMapperBuilder;
@@ -126,9 +114,8 @@ public GraphQLServlet(ObjectMapperConfigurer objectMapperConfigurer, List<GraphQ
             final Object rootObject = createRootObject(Optional.of(request), Optional.of(response));
 
             try {
-                Collection<Part> parts = request.getParts();
-                if (!parts.isEmpty()) {
-                    final Map<String, List<Part>> fileItems = parts.stream()
+                if (request.getContentType().equals("multipart/form-data") && !request.getParts().isEmpty()) {
+                    final Map<String, List<Part>> fileItems = request.getParts().stream()
                             .collect(Collectors.toMap(
                                     Part::getName,
                                     Collections::singletonList,
@@ -189,18 +176,7 @@ public GraphQLServlet(ObjectMapperConfigurer objectMapperConfigurer, List<GraphQ
                     response.setStatus(STATUS_BAD_REQUEST);
                     log.info("Bad POST multipart request: no part named \"graphql\" or \"query\"");
                 } else {
-                    // this is not a multipart request
-                    InputStream inputStream = request.getInputStream();
-
-                    if (!inputStream.markSupported()) {
-                        inputStream = new BufferedInputStream(inputStream);
-                    }
-
-                    if (isBatchedQuery(inputStream)) {
-                        doBatchedQuery(getGraphQLRequestMapper().readValues(inputStream), getSchemaProvider().getSchema(request), context, rootObject, request, response);
-                    } else {
-                        doQuery(getGraphQLRequestMapper().readValue(inputStream), getSchemaProvider().getSchema(request), context, rootObject, request, response);
-                    }
+                    handleNonMultipartRequest(request, response, context, rootObject);
                 }
             } catch (Exception e) {
                 log.info("Bad POST request: parsing failed", e);
@@ -209,6 +185,21 @@ public GraphQLServlet(ObjectMapperConfigurer objectMapperConfigurer, List<GraphQ
         };
     }
 
+    private void handleNonMultipartRequest(HttpServletRequest request, HttpServletResponse response, GraphQLContext context, Object rootObject) throws Exception {
+        // this is not a multipart request
+        InputStream inputStream = request.getInputStream();
+
+        if (!inputStream.markSupported()) {
+            inputStream = new BufferedInputStream(inputStream);
+        }
+
+        if (isBatchedQuery(inputStream)) {
+            doBatchedQuery(getGraphQLRequestMapper().readValues(inputStream), getSchemaProvider().getSchema(request), context, rootObject, request, response);
+        } else {
+            doQuery(getGraphQLRequestMapper().readValue(inputStream), getSchemaProvider().getSchema(request), context, rootObject, request, response);
+        }
+    }
+
     protected ObjectMapper getMapper() {
         return lazyObjectMapperBuilder.getMapper();
     }
@@ -285,12 +276,12 @@ private Optional<Part> getFileItem(Map<String, List<Part>> fileItems, String nam
     private GraphQL newGraphQL(GraphQLSchema schema) {
         ExecutionStrategyProvider executionStrategyProvider = getExecutionStrategyProvider();
         return GraphQL.newGraphQL(schema)
-            .queryExecutionStrategy(executionStrategyProvider.getQueryExecutionStrategy())
-            .mutationExecutionStrategy(executionStrategyProvider.getMutationExecutionStrategy())
-            .subscriptionExecutionStrategy(executionStrategyProvider.getSubscriptionExecutionStrategy())
-            .instrumentation(getInstrumentation())
-            .preparsedDocumentProvider(getPreparsedDocumentProvider())
-            .build();
+                .queryExecutionStrategy(executionStrategyProvider.getQueryExecutionStrategy())
+                .mutationExecutionStrategy(executionStrategyProvider.getMutationExecutionStrategy())
+                .subscriptionExecutionStrategy(executionStrategyProvider.getSubscriptionExecutionStrategy())
+                .instrumentation(getInstrumentation())
+                .preparsedDocumentProvider(getPreparsedDocumentProvider())
+                .build();
     }
 
     private void doQuery(GraphQLRequest graphQLRequest, GraphQLSchema schema, GraphQLContext context, Object rootObject, HttpServletRequest httpReq, HttpServletResponse httpRes) throws Exception {
@@ -348,7 +339,7 @@ private void query(String query, String operationName, Map<String, Object> varia
             graphQLResponse.setResponse(response);
             responseHandler.handle(graphQLResponse);
 
-            if(getGraphQLErrorHandler().errorsPresent(errors)) {
+            if (getGraphQLErrorHandler().errorsPresent(errors)) {
                 runCallbacks(operationCallbacks, c -> c.onError(context, operationName, query, variables, data, errors, extensions));
             } else {
                 runCallbacks(operationCallbacks, c -> c.onSuccess(context, operationName, query, variables, data, extensions));
@@ -367,7 +358,7 @@ private Map<String, Object> createResultFromDataErrorsAndExtensions(Object data,
             result.put("errors", getGraphQLErrorHandler().processErrors(errors));
         }
 
-        if(extensions != null){
+        if (extensions != null) {
             result.put("extensions", extensions);
         }
 
@@ -380,16 +371,16 @@ private <R> List<R> runListeners(Function<? super GraphQLServletListener, R> act
         }
 
         return listeners.stream()
-            .map(listener -> {
-                try {
-                    return action.apply(listener);
-                } catch (Throwable t) {
-                    log.error("Error running listener: {}", listener, t);
-                    return null;
-                }
-            })
-            .filter(Objects::nonNull)
-            .collect(Collectors.toList());
+                .map(listener -> {
+                    try {
+                        return action.apply(listener);
+                    } catch (Throwable t) {
+                        log.error("Error running listener: {}", listener, t);
+                        return null;
+                    }
+                })
+                .filter(Objects::nonNull)
+                .collect(Collectors.toList());
     }
 
     private <T> void runCallbacks(List<T> callbacks, Consumer<T> action) {
@@ -425,7 +416,8 @@ private static Map<String, Object> deserializeVariablesObject(Object variables,
             return genericVariables;
         } else if (variables instanceof String) {
             try {
-                return mapper.readValue((String) variables, new TypeReference<Map<String, Object>>() {});
+                return mapper.readValue((String) variables, new TypeReference<Map<String, Object>>() {
+                });
             } catch (IOException e) {
                 throw new RuntimeException(e);
             }

src/main/java/graphql/servlet/SimpleGraphQLServlet.java

@@ -65,25 +65,25 @@ public SimpleGraphQLServlet(GraphQLSchemaProvider schemaProvider, ExecutionStrat
             this.instrumentation = instrumentation;
         }
 
-        if(errorHandler == null) {
+        if (errorHandler == null) {
             this.errorHandler = new DefaultGraphQLErrorHandler();
         } else {
             this.errorHandler = errorHandler;
         }
 
-        if(contextBuilder == null) {
+        if (contextBuilder == null) {
             this.contextBuilder = new DefaultGraphQLContextBuilder();
         } else {
             this.contextBuilder = contextBuilder;
         }
 
-        if(rootObjectBuilder == null) {
+        if (rootObjectBuilder == null) {
             this.rootObjectBuilder = new DefaultGraphQLRootObjectBuilder();
         } else {
             this.rootObjectBuilder = rootObjectBuilder;
         }
 
-        if(preparsedDocumentProvider == null) {
+        if (preparsedDocumentProvider == null) {
             this.preparsedDocumentProvider = NoOpPreparsedDocumentProvider.INSTANCE;
         } else {
             this.preparsedDocumentProvider = preparsedDocumentProvider;