Update upstream v1.5.0

.github/workflows/codeql-analysis.yml

@@ -0,0 +1,70 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ master ]
+  schedule:
+    - cron: '16 17 * * 5'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'go' ]
+        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
+        # Learn more about CodeQL language support at https://git.io/codeql-language-support
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v2
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v1
+      with:
+        languages: ${{ matrix.language }}
+        # If you wish to specify custom queries, you can do so here or in a config file.
+        # By default, queries listed here will override any specified in a config file.
+        # Prefix the list here with "+" to use these queries and those in the config file.
+        # queries: ./path/to/local/query, your-org/your-repo/queries@main
+
+    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
+    # If this step fails, then you should remove it and run the build manually (see below)
+    - name: Autobuild
+      uses: github/codeql-action/autobuild@v1
+
+    # ℹ️ Command-line programs to run using the OS shell.
+    # 📚 https://git.io/JvXDl
+
+    # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
+    #    and modify them (or add more) to build your code if your project
+    #    uses a compiled language
+
+    #- run: |
+    #   make bootstrap
+    #   make release
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v1

README.md

@@ -11,7 +11,7 @@ safe for production use.
 
 - minimal API
 - support for `context.Context`
-- support for the `OpenTracing` standard
+- support for the `OpenTelemetry` and `OpenTracing` standards
 - schema type-checking against resolvers
 - resolvers are matched to the schema based on method sets (can resolve a GraphQL schema with a Go interface or Go struct).
 - handles panics in resolvers
@@ -26,8 +26,9 @@ Feedback is welcome and appreciated.
 
 ## (Some) Documentation
 
-### Basic Sample
+### Getting started
 
+In order to run a simple GraphQL server locally create a `main.go` file with the following content:
 ```go
 package main
 
@@ -54,12 +55,12 @@ func main() {
         log.Fatal(http.ListenAndServe(":8080", nil))
 }
 ```
-
-To test:
+Then run the file with `go run main.go`. To test:
 
 ```sh
 curl -XPOST -d '{"query": "{ hello }"}' localhost:8080/query
 ```
+For more realistic usecases check our [examples section](https://github.com/graph-gophers/graphql-go/wiki/Examples).
 
 ### Resolvers
 
@@ -107,8 +108,7 @@ func (r *helloWorldResolver) Hello(ctx context.Context) (string, error) {
 - `UseFieldResolvers()` specifies whether to use struct field resolvers.
 - `MaxDepth(n int)` specifies the maximum field nesting depth in a query. The default is 0 which disables max depth checking.
 - `MaxParallelism(n int)` specifies the maximum number of resolvers per request allowed to run in parallel. The default is 10.
-- `Tracer(tracer trace.Tracer)` is used to trace queries and fields. It defaults to `trace.OpenTracingTracer`.
-- `ValidationTracer(tracer trace.ValidationTracer)` is used to trace validation errors. It defaults to `trace.NoopValidationTracer`.
+- `Tracer(tracer trace.Tracer)` is used to trace queries and fields. It defaults to `noop.Tracer`.
 - `Logger(logger log.Logger)` is used to log panics during query execution. It defaults to `exec.DefaultLogger`.
 - `PanicHandler(panicHandler errors.PanicHandler)` is used to transform panics into errors during query execution. It defaults to `errors.DefaultPanicHandler`.
 - `DisableIntrospection()` disables introspection queries.
@@ -164,6 +164,55 @@ Which could produce a GraphQL error such as:
 }
 ```
 
-### [Examples](https://github.com/graph-gophers/graphql-go/wiki/Examples)
+### Tracing
+
+By default the library uses `noop.Tracer`. If you want to change that you can use the OpenTelemetry or the OpenTracing implementations, respectively:
+
+```go
+// OpenTelemetry tracer
+package main
+
+import (
+	"github.com/graph-gophers/graphql-go"
+	"github.com/graph-gophers/graphql-go/example/starwars"
+	otelgraphql "github.com/graph-gophers/graphql-go/trace/otel"
+	"github.com/graph-gophers/graphql-go/trace/tracer"
+)
+// ...
+_, err := graphql.ParseSchema(starwars.Schema, nil, graphql.Tracer(otelgraphql.DefaultTracer()))
+// ...
+```
+Alternatively you can pass an existing trace.Tracer instance:
+```go
+tr := otel.Tracer("example")
+_, err = graphql.ParseSchema(starwars.Schema, nil, graphql.Tracer(&otelgraphql.Tracer{Tracer: tr}))
+```
+
 
-### [Companies that use this library](https://github.com/graph-gophers/graphql-go/wiki/Users)
+```go
+// OpenTracing tracer
+package main
+
+import (
+	"github.com/graph-gophers/graphql-go"
+	"github.com/graph-gophers/graphql-go/example/starwars"
+	"github.com/graph-gophers/graphql-go/trace/opentracing"
+	"github.com/graph-gophers/graphql-go/trace/tracer"
+)
+// ...
+_, err := graphql.ParseSchema(starwars.Schema, nil, graphql.Tracer(opentracing.Tracer{}))
+
+// ...
+```
+
+If you need to implement a custom tracer the library would accept any tracer which implements the interface below:
+```go
+type Tracer interface {
+    TraceQuery(ctx context.Context, queryString string, operationName string, variables map[string]interface{}, varTypes map[string]*introspection.Type) (context.Context, func([]*errors.QueryError))
+    TraceField(ctx context.Context, label, typeName, fieldName string, trivial bool, args map[string]interface{}) (context.Context, func(*errors.QueryError))
+    TraceValidation(context.Context) func([]*errors.QueryError)
+}
+```
+
+
+### [Examples](https://github.com/graph-gophers/graphql-go/wiki/Examples)

SECURITY.md

@@ -0,0 +1,17 @@
+# Security Policy
+
+## Supported Versions
+
+We always try to maintain the library secure and suggest our users to upgrade to the latest stable version. We realize that sometimes this is not possible.
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 1.x     | :white_check_mark: |
+| < 1.0   | :x:                |
+
+## MaxDepth
+If you are using the `graphql.MaxDepth` schema option, make sure that you upgrade to version v1.3.0 or higher due to a bug causing security vulnerability in earlier versions.
+
+## Reporting a Vulnerability
+
+If you find a security vulnerability with this library, please, DO NOT submit a pull request right away. Please, report the issue to @pavelnikolov and/or @tony in the Gophers Slack in a private message.

example/apollo_federation/README.md

@@ -0,0 +1,35 @@
+# Apollo Federation
+
+A simple example of integration with apollo federation as subgraph. Tested with Go v1.18, Node.js v16.14.2 and yarn 1.22.18.
+
+To run this server
+
+`go run ./example/apollo_federation/subgraph_one/server.go`
+
+`go run ./example/apollo_federation/subgraph_two/server.go`
+
+`cd example/apollo_federation/gateway`
+
+`yarn start`
+
+and go to localhost:4000 to interact
+
+Execute the query:
+
+```
+query {
+  hello
+  hi
+}
+```
+
+and you should see a result similar to this:
+
+```json
+{
+  "data": {
+    "hello": "Hello from subgraph one!",
+    "hi": "Hi from subgraph two!"
+  }
+}
+```

example/apollo_federation/gateway/.gitignore

@@ -0,0 +1,2 @@
+/node_modules
+/yarn.lock

example/apollo_federation/gateway/index.js

@@ -0,0 +1,20 @@
+const { ApolloServer }  = require('apollo-server')
+const { ApolloGateway, IntrospectAndCompose } = require('@apollo/gateway');
+
+const gateway = new ApolloGateway({
+    supergraphSdl: new IntrospectAndCompose({
+        subgraphs: [
+            { name: 'one', url: 'http://localhost:4001/query' },
+            { name: 'two', url: 'http://localhost:4002/query' },
+        ],
+    }),
+});
+
+const server = new ApolloServer({
+    gateway,
+    subscriptions: false,
+});
+
+server.listen().then(({ url }) => {
+    console.log(`Server ready at ${url}`);
+});

example/apollo_federation/gateway/package.json

@@ -0,0 +1,14 @@
+{
+  "name": "apollo-federation-gateway",
+  "version": "1.0.0",
+  "description": "Graphql Federation",
+  "main": "index.js",
+  "scripts": {
+    "start": "node index.js"
+  },
+  "dependencies": {
+    "@apollo/gateway": "^0.49.0",
+    "apollo-server": "^2.21.1",
+    "graphql": "^15.5.0"
+  }
+}

example/apollo_federation/subgraph_one/server.go

@@ -0,0 +1,34 @@
+package main
+
+import (
+	"log"
+	"net/http"
+
+	"github.com/tribunadigital/graphql-go"
+	"github.com/tribunadigital/graphql-go/relay"
+)
+
+var schema = `
+	schema {
+		query: Query
+	}
+
+	type Query {
+		hello: String!
+	}
+`
+
+type resolver struct{}
+
+func (r *resolver) Hello() string {
+	return "Hello from subgraph one!"
+}
+
+func main() {
+	opts := []graphql.SchemaOpt{graphql.UseFieldResolvers(), graphql.MaxParallelism(20)}
+	schema := graphql.MustParseSchema(schema, &resolver{}, opts...)
+
+	http.Handle("/query", &relay.Handler{Schema: schema})
+
+	log.Fatal(http.ListenAndServe(":4001", nil))
+}

example/apollo_federation/subgraph_two/server.go

@@ -0,0 +1,34 @@
+package main
+
+import (
+	"log"
+	"net/http"
+
+	"github.com/tribunadigital/graphql-go"
+	"github.com/tribunadigital/graphql-go/relay"
+)
+
+var schema = `
+	schema {
+		query: Query
+	}
+
+	type Query {
+		hi: String!
+	}
+`
+
+type resolver struct{}
+
+func (r *resolver) Hi() string {
+	return "Hi from subgraph two!"
+}
+
+func main() {
+	opts := []graphql.SchemaOpt{graphql.UseFieldResolvers(), graphql.MaxParallelism(20)}
+	schema := graphql.MustParseSchema(schema, &resolver{}, opts...)
+
+	http.Handle("/query", &relay.Handler{Schema: schema})
+
+	log.Fatal(http.ListenAndServe(":4002", nil))
+}