Rust GraphQL lib async-graphql is reporting a High severity (7.5/10) security issue. DOS GraphQL Nested Fragments overflow
Update to version 4.0.6 for the fix. This version isn’t published to crates.io, yet. 4.0.6 info
Next you’ll want to add a helper function in your resolvers.
export enum QueryStatus {
success = 'SUCCESS',
notFound = 'NOT_FOUND',
error = 'ERROR',
}
export const success = (node: Customer) => ({ status: QueryStatus.success, node });
export const notFound = (message: string) => ({ status: QueryStatus.notFound, message });
export const error = (message: string) => ({ status: QueryStatus.error, message });
I just received a question on why GraphQL always returns HTTP status 200.
The specification defines GraphQL at the application layer, but the status code reflects the status of a transport layer.
To return query statuses you need to add a type to the schema with a field for status.
type Customer {
id: Int!
name: String!
}
type CustomerResult {
status: String!
message: String
node: Customer
}
type Query {
customer(id: Int!): CustomerResult!
}