Rewrite multipart support for servlet <3.0 (fixes #18)

apottere · apottere · commit 75f2e38e7cd6 · 2017-04-05T15:58:58.000-04:00
diff --git a/src/main/java/graphql/servlet/GraphQLContext.java b/src/main/java/graphql/servlet/GraphQLContext.java
@@ -18,6 +18,7 @@
 import lombok.NonNull;
 import lombok.RequiredArgsConstructor;
 import lombok.Setter;
+import org.apache.commons.fileupload.FileItem;
 import org.apache.commons.fileupload.FileItemIterator;
 import org.apache.commons.fileupload.FileItemStream;
 import org.apache.commons.fileupload.servlet.ServletFileUpload;
@@ -42,5 +43,5 @@ public class GraphQLContext {
     private Optional<Subject> subject = Optional.empty();
 
     @Getter @Setter
-    private Optional<Collection<Part>> parts = Optional.empty();
+    private Optional<Map<String, List<FileItem>>> files = Optional.empty();
 }
diff --git a/src/main/java/graphql/servlet/GraphQLServlet.java b/src/main/java/graphql/servlet/GraphQLServlet.java
@@ -34,6 +34,9 @@
 import lombok.Setter;
 import lombok.SneakyThrows;
 import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.fileupload.FileItem;
+import org.apache.commons.fileupload.FileItemFactory;
+import org.apache.commons.fileupload.disk.DiskFileItemFactory;
 import org.apache.commons.fileupload.servlet.ServletFileUpload;
 
 import javax.security.auth.Subject;
@@ -42,7 +45,6 @@
 import javax.servlet.http.HttpServlet;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.Part;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.InputStreamReader;
@@ -75,14 +77,113 @@ public abstract class GraphQLServlet extends HttpServlet implements Servlet, Gra
 
     private final List<GraphQLOperationListener> operationListeners;
     private final List<GraphQLServletListener> servletListeners;
+    private final ServletFileUpload fileUpload;
+
+    private final RequestHandler getHandler;
+    private final RequestHandler postHandler;
 
     public GraphQLServlet() {
-        this(null, null);
+        this(null, null, null);
     }
 
-    public GraphQLServlet(List<GraphQLOperationListener> operationListeners, List<GraphQLServletListener> servletListeners) {
+    public GraphQLServlet(List<GraphQLOperationListener> operationListeners, List<GraphQLServletListener> servletListeners, FileItemFactory fileItemFactory) {
         this.operationListeners = operationListeners != null ? new ArrayList<>(operationListeners) : new ArrayList<>();
         this.servletListeners = servletListeners != null ? new ArrayList<>(servletListeners) : new ArrayList<>();
+        this.fileUpload = new ServletFileUpload(fileItemFactory != null ? fileItemFactory : new DiskFileItemFactory());
+
+        this.getHandler = (request, response) -> {
+            GraphQLContext context = createContext(Optional.of(request), Optional.of(response));
+            String path = request.getPathInfo();
+            if (path == null) {
+                path = request.getServletPath();
+            }
+            if (path.contentEquals("/schema.json")) {
+                query(CharStreams.toString(new InputStreamReader(GraphQLServlet.class.getResourceAsStream("introspectionQuery"))), null, new HashMap<>(), getSchema(), request, response, context);
+            } else {
+                if (request.getParameter("query") != null) {
+                    Map<String, Object> variables = new HashMap<>();
+                    if (request.getParameter("variables") != null) {
+                        variables.putAll(mapper.readValue(request.getParameter("variables"), new TypeReference<Map<String, Object>>() { }));
+                    }
+                    String operationName = null;
+                    if (request.getParameter("operationName") != null) {
+                        operationName = request.getParameter("operationName");
+                    }
+                    query(request.getParameter("query"), operationName, variables, getReadOnlySchema(), request, response, context);
+                } else {
+                    response.setStatus(STATUS_BAD_REQUEST);
+                    log.info("Bad GET request: path was not \"/schema.json\" or no query variable named \"query\" given");
+                }
+            }
+        };
+
+        this.postHandler = (request, response) -> {
+            GraphQLContext context = createContext(Optional.of(request), Optional.of(response));
+            GraphQLRequest graphQLRequest = null;
+
+            try {
+                InputStream inputStream = null;
+
+                if (ServletFileUpload.isMultipartContent(request)) {
+                    Map<String, List<FileItem>> fileItems = fileUpload.parseParameterMap(request);
+
+                    if (fileItems.containsKey("graphql")) {
+                        Optional<FileItem> graphqlItem = getFileItem(fileItems, "graphql");
+                        if(graphqlItem.isPresent()) {
+                            inputStream = graphqlItem.get().getInputStream();
+                        }
+
+                    } else if(fileItems.containsKey("query")) {
+                        Optional<FileItem> queryItem = getFileItem(fileItems, "query");
+                        if(queryItem.isPresent()) {
+                            graphQLRequest = new GraphQLRequest();
+                            graphQLRequest.setQuery(new String(queryItem.get().get()));
+
+                            Optional<FileItem> operationNameItem = getFileItem(fileItems, "operationName");
+                            if(operationNameItem.isPresent()) {
+                                graphQLRequest.setOperationName(new String(operationNameItem.get().get()).trim());
+                            }
+
+                            Optional<FileItem> variablesItem = getFileItem(fileItems, "variables");
+                            if(variablesItem.isPresent()) {
+                                String variables = new String(variablesItem.get().get());
+                                if(!variables.isEmpty()) {
+                                    graphQLRequest.setVariables((Map<String, Object>) mapper.readValue(variables, Map.class));
+                                }
+                            }
+                        }
+                    }
+
+                    if(inputStream == null && graphQLRequest == null) {
+                        response.setStatus(STATUS_BAD_REQUEST);
+                        log.info("Bad POST multipart request: no part named \"graphql\" or \"query\"");
+                        return;
+                    }
+
+                    context.setFiles(Optional.of(fileItems));
+
+                } else {
+                    // this is not a multipart request
+                    inputStream = request.getInputStream();
+                }
+
+                if(graphQLRequest == null) {
+                    graphQLRequest = mapper.readValue(inputStream, GraphQLRequest.class);
+                }
+
+            } catch (Exception e) {
+                log.info("Bad POST request: parsing failed", e);
+                response.setStatus(STATUS_BAD_REQUEST);
+                return;
+            }
+
+            Map<String,Object> variables = graphQLRequest.getVariables();
+            if (variables == null) {
+                variables = new HashMap<>();
+            }
+
+            query(graphQLRequest.getQuery(), graphQLRequest.getOperationName(), variables, getSchema(), request, response, context);
+        };
     }
 
     public void addOperationListener(GraphQLOperationListener operationListener) {
@@ -121,71 +222,6 @@ public String executeQuery(String query) {
         }
     }
 
-    private final RequestHandler getHandler = (request, response) -> {
-        GraphQLContext context = createContext(Optional.of(request), Optional.of(response));
-        String path = request.getPathInfo();
-        if (path == null) {
-            path = request.getServletPath();
-        }
-        if (path.contentEquals("/schema.json")) {
-            query(CharStreams.toString(new InputStreamReader(GraphQLServlet.class.getResourceAsStream("introspectionQuery"))), null, new HashMap<>(), getSchema(), request, response, context);
-        } else {
-            if (request.getParameter("query") != null) {
-                Map<String, Object> variables = new HashMap<>();
-                if (request.getParameter("variables") != null) {
-                    variables.putAll(mapper.readValue(request.getParameter("variables"), new TypeReference<Map<String, Object>>() { }));
-                }
-                String operationName = null;
-                if (request.getParameter("operationName") != null) {
-                    operationName = request.getParameter("operationName");
-                }
-                query(request.getParameter("query"), operationName, variables, getReadOnlySchema(), request, response, context);
-            } else {
-                response.setStatus(STATUS_BAD_REQUEST);
-                log.info("Bad GET request: path was not \"/schema.json\" or no query variable named \"query\" given");
-            }
-        }
-    };
-
-    private final RequestHandler postHandler = (request, response) -> {
-        GraphQLContext context = createContext(Optional.of(request), Optional.of(response));
-        InputStream inputStream = null;
-
-        if (ServletFileUpload.isMultipartContent(request)) {
-            Part part = request.getPart("graphql");
-            if(part != null) {
-                inputStream = part.getInputStream();
-            }
-
-            if (inputStream == null) {
-                response.setStatus(STATUS_BAD_REQUEST);
-                log.info("Bad POST multipart request: no part named \"graphql\"");
-                return;
-            }
-
-            context.setParts(Optional.of(request.getParts()));
-
-        } else {
-            // this is not a multipart request
-            inputStream = request.getInputStream();
-        }
-
-        GraphQLRequest graphQLRequest;
-        try {
-            graphQLRequest = mapper.readValue(inputStream, GraphQLRequest.class);
-        } catch (Exception e) {
-            log.info("Bad POST request: deserialization failed", e);
-            response.setStatus(STATUS_BAD_REQUEST);
-            return;
-        }
-
-        Map<String,Object> variables = graphQLRequest.variables;
-        if (variables == null) {
-            variables = new HashMap<>();
-        }
-        query(graphQLRequest.query, graphQLRequest.operationName, variables, getSchema(), request, response, context);
-    };
-
     private void doRequest(HttpServletRequest request, HttpServletResponse response, RequestHandler handler) {
         try {
             runListeners(servletListeners, l -> l.onStart(request, response));
@@ -210,6 +246,16 @@ protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws S
         doRequest(req, resp, postHandler);
     }
 
+    private Optional<FileItem> getFileItem(Map<String, List<FileItem>> fileItems, String name) {
+        List<FileItem> items = fileItems.get(name);
+        if(items == null || items.isEmpty()) {
+            return Optional.empty();
+        }
+
+        return items.stream().findFirst();
+    }
+
+
     private void query(String query, String operationName, Map<String, Object> variables, GraphQLSchema schema, HttpServletRequest req, HttpServletResponse resp, GraphQLContext context) throws IOException {
         if (Subject.getSubject(AccessController.getContext()) == null && context.getSubject().isPresent()) {
             Subject.doAs(context.getSubject().get(), new PrivilegedAction<Void>() {
diff --git a/src/main/java/graphql/servlet/SimpleGraphQLServlet.java b/src/main/java/graphql/servlet/SimpleGraphQLServlet.java
@@ -42,7 +42,7 @@ public SimpleGraphQLServlet(GraphQLSchema schema, ExecutionStrategy executionStr
     }
 
     public SimpleGraphQLServlet(GraphQLSchema schema, ExecutionStrategy executionStrategy, List<GraphQLOperationListener> operationListeners, List<GraphQLServletListener> servletListeners) {
-        super(operationListeners, servletListeners);
+        super(operationListeners, servletListeners, null);
 
         this.schema = schema;
         this.readOnlySchema = new GraphQLSchema(schema.getQueryType(), EMPTY_MUTATION_TYPE, schema.getDictionary());
diff --git a/src/test/groovy/graphql/servlet/GraphQLServletSpec.groovy b/src/test/groovy/graphql/servlet/GraphQLServletSpec.groovy
@@ -22,6 +22,8 @@ import graphql.schema.GraphQLObjectType
 import graphql.schema.GraphQLSchema
 import org.springframework.mock.web.MockHttpServletRequest
 import org.springframework.mock.web.MockHttpServletResponse
+import org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder
+import org.springframework.test.web.servlet.request.MockMvcRequestBuilders
 import spock.lang.Shared
 import spock.lang.Specification
 
@@ -213,13 +215,14 @@ class GraphQLServletSpec extends Specification {
             getResponseContent().data.echoTwo == "test-two"
     }
 
-    def "query over HTTP POST multipart returns data"() {
+    def "query over HTTP POST multipart named 'graphql' returns data"() {
         setup:
-            request.setContentType("multipart/graphql, boundary=Test")
+            request.setContentType("multipart/form-data, boundary=test")
             request.setMethod("POST")
-            request.addPart(new TestMultipartPart(name: 'graphql', content: mapper.writeValueAsString([
-                query: 'query { echo(arg:"test") }'
-            ])))
+
+            request.setContent(new TestMultipartContentBuilder()
+                .addPart('graphql', mapper.writeValueAsString([query: 'query { echo(arg:"test") }']))
+                .build())
 
         when:
             servlet.doPost(request, response)
@@ -230,14 +233,13 @@ class GraphQLServletSpec extends Specification {
             getResponseContent().data.echo == "test"
     }
 
-    def "query over HTTP POST multipart with variables returns data"() {
+    def "query over HTTP POST multipart named 'query' returns data"() {
         setup:
-            request.setContentType("multipart/graphql")
+            request.setContentType("multipart/form-data, boundary=test")
             request.setMethod("POST")
-            request.addPart(new TestMultipartPart(name: 'graphql', content: mapper.writeValueAsString([
-                query: 'query Echo($arg: String) { echo(arg:$arg) }',
-                variables: '{"arg": "test"}'
-            ])))
+            request.setContent(new TestMultipartContentBuilder()
+                .addPart('query', 'query { echo(arg:"test") }')
+                .build())
 
         when:
             servlet.doPost(request, response)
@@ -248,14 +250,14 @@ class GraphQLServletSpec extends Specification {
             getResponseContent().data.echo == "test"
     }
 
-    def "query over HTTP POST multipart with operationName returns data"() {
+    def "query over HTTP POST multipart named 'query' with operationName returns data"() {
         setup:
-            request.setContentType("multipart/graphql")
+            request.setContentType("multipart/form-data, boundary=test")
             request.setMethod("POST")
-            request.addPart(new TestMultipartPart(name: 'graphql', content: mapper.writeValueAsString([
-                query: 'query one{ echoOne: echo(arg:"test-one") } query two{ echoTwo: echo(arg:"test-two") }',
-                operationName: 'two'
-            ])))
+            request.setContent(new TestMultipartContentBuilder()
+                .addPart('query', 'query one{ echoOne: echo(arg:"test-one") } query two{ echoTwo: echo(arg:"test-two") }')
+                .addPart('operationName', 'two')
+                .build())
 
         when:
             servlet.doPost(request, response)
@@ -267,6 +269,24 @@ class GraphQLServletSpec extends Specification {
             getResponseContent().data.echoTwo == "test-two"
     }
 
+    def "query over HTTP POST multipart named 'query' with variables returns data"() {
+        setup:
+            request.setContentType("multipart/form-data, boundary=test")
+            request.setMethod("POST")
+            request.setContent(new TestMultipartContentBuilder()
+                .addPart('query', 'query Echo($arg: String) { echo(arg:$arg) }')
+                .addPart('variables', '{"arg": "test"}')
+                .build())
+
+        when:
+            servlet.doPost(request, response)
+
+        then:
+            response.getStatus() == STATUS_OK
+            response.getContentType() == CONTENT_TYPE_JSON_UTF8
+            getResponseContent().data.echo == "test"
+    }
+
     def "mutation over HTTP POST body returns data"() {
         setup:
             request.setContent(mapper.writeValueAsBytes([
@@ -332,4 +352,8 @@ class GraphQLServletSpec extends Specification {
             resp.data == null
             resp.errors != null
     }
+
+    private byte[] createContent(String data) {
+        data.split('\\n').collect { it.replaceAll('^\\s+', '') }.join('\n').getBytes()
+    }
 }
diff --git a/src/test/groovy/graphql/servlet/TestMultipartPart.groovy b/src/test/groovy/graphql/servlet/TestMultipartPart.groovy

Original file line number	Diff line number	Diff line change
`@@ -42,7 +42,7 @@ public SimpleGraphQLServlet(GraphQLSchema schema, ExecutionStrategy executionStr`
`42`	`42`	`}`
`43`	`43`
`44`	`44`	`public SimpleGraphQLServlet(GraphQLSchema schema, ExecutionStrategy executionStrategy, List<GraphQLOperationListener> operationListeners, List<GraphQLServletListener> servletListeners) {`
`45`		`- super(operationListeners, servletListeners);`
	`45`	`+ super(operationListeners, servletListeners, null);`
`46`	`46`
`47`	`47`	`this.schema = schema;`
`48`	`48`	`this.readOnlySchema = new GraphQLSchema(schema.getQueryType(), EMPTY_MUTATION_TYPE, schema.getDictionary());`