50 lines
1.3 KiB
Ruby
50 lines
1.3 KiB
Ruby
|
class GraphqlController < ApplicationController
|
||
|
|
# Unauthenticated users have access to the API for public data
|
||
|
|
skip_before_action :authenticate_user!
|
||
|
|
|
||
|
|
before_action :check_graphql_feature_flag!
|
||
|
|
|
||
|
|
def execute
|
||
|
|
variables = ensure_hash(params[:variables])
|
||
|
|
query = params[:query]
|
||
|
|
operation_name = params[:operationName]
|
||
|
|
context = {
|
||
|
|
current_user: current_user
|
||
|
|
}
|
||
|
|
result = GitlabSchema.execute(query, variables: variables, context: context, operation_name: operation_name)
|
||
|
|
render json: result
|
||
|
|
end
|
||
|
|
|
||
|
|
private
|
||
|
|
|
||
|
|
# Overridden from the ApplicationController to make the response look like
|
||
|
|
# a GraphQL response. That is nicely picked up in Graphiql.
|
||
|
|
def render_404
|
||
|
|
error = { errors: [ message: "Not found" ] }
|
||
|
|
|
||
|
|
render json: error, status: :not_found
|
||
|
|
end
|
||
|
|
|
||
|
|
def check_graphql_feature_flag!
|
||
|
|
render_404 unless Feature.enabled?(:graphql)
|
||
|
|
end
|
||
|
|
|
||
|
|
# Handle form data, JSON body, or a blank value
|
||
|
|
def ensure_hash(ambiguous_param)
|
||
|
|
case ambiguous_param
|
||
|
|
when String
|
||
|
|
if ambiguous_param.present?
|
||
|
|
ensure_hash(JSON.parse(ambiguous_param))
|
||
|
|
else
|
||
|
|
{}
|
||
|
|
end
|
||
|
|
when Hash, ActionController::Parameters
|
||
|
|
ambiguous_param
|
||
|
|
when nil
|
||
|
|
{}
|
||
|
|
else
|
||
|
|
raise ArgumentError, "Unexpected parameter: #{ambiguous_param}"
|
||
|
|
end
|
||
|
|
end
|
||
|
|
end
|