Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature: new unsecureGraphQLErrors client option to enable unfiltered errors in GraphQL response #127

Open
Tenrys opened this issue Apr 3, 2023 · 3 comments
Open

Feature: new unsecureGraphQLErrors client option to enable unfiltered errors in GraphQL response #127

Tenrys opened this issue Apr 3, 2023 · 3 comments
Labels
👋 easy contribution Good issue if wanting to contribute is: feature request New feature request package: client Client package
Milestone
v1.1.0

Comments

@Tenrys
Copy link
Contributor

Tenrys commented Apr 3, 2023

image

Here the issue is that if you have a filter with only null (undefined) values for fields that are non-nullable, Prisma will crash as that is not a valid query.

It would be nice if Prisma AppSync silently "collapsed" the filter to prevent a mistake, or alternatively, gave the proper error. The "cause" bit in that screenshot is my own change to the library in order to demonstrate the issue.

This only happened while dynamically generating the query through front-end code, of course.
@maoosi
Copy link
Owner

maoosi commented Apr 3, 2023

@Tenrys In theory, you should already be able to access the appropriate underlying error from your Terminal (CloudWatch on AWS). Please let me know if this is not the case.

The GraphQL response is intentionally designed to provide only a high-level summary of the underlying error. We avoid displaying explicit details in the response for security reasons, as we do not want to expose internal information to anyone querying your API.

My initial thoughts on this issue are that we should not suppress errors silently, as users might assume their query was successful when it was actually invalid.

Ideally, we would report a more specific error, but this would be a significant undertaking since Prisma Client does not generate simple error messages. As a result, we would need to identify non-nullable fields from your schema, pass this information to the runtime, and parse all queries to verify and report their validity.

@Tenrys
Copy link
Contributor Author

Tenrys commented Apr 4, 2023

it is visible on cloudwatch, but for the other developers on my team trying to use the API I'm building for them, it is time consuming having to dig up the logs for that request every time something does crash. I would like to have the option to show more raw details at least if there was a way to flag the API as being "in development" or such.

@maoosi
Copy link
Owner

maoosi commented Apr 4, 2023

We could imagine a new client option to enable unfiltered errors in GraphQL response. However, since it is not a good security practice, I would name it accordingly:

const prismaAppSync = new PrismaAppSync({ unsecureGraphQLErrors: true })

@maoosi maoosi changed the title Issue: Prisma internal error if providing filters without data Feature: new unsecureGraphQLErrors client option to enable unfiltered errors in GraphQL response Apr 10, 2023
@maoosi maoosi added is: feature request New feature request package: client Client package labels Apr 10, 2023
@maoosi maoosi added this to the 1.0.0-rc.7 milestone Apr 10, 2023
@maoosi maoosi added the 👋 easy contribution Good issue if wanting to contribute label Apr 10, 2023
@maoosi maoosi modified the milestones: 1.0.0-rc.7, 1.0.0-rc.8 Jun 10, 2023
@maoosi maoosi modified the milestones: 1.0.0-rc.8, 1.0.0-rc.9 Sep 22, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
👋 easy contribution Good issue if wanting to contribute is: feature request New feature request package: client Client package
Projects
Prisma-AppSync Roadmap
Status: Planned
Milestone
v1.1.0
Development

No branches or pull requests
2 participants
@Tenrys @maoosi