Hello!
First of all, thank you for developing such an amazing engine. It's beautiful work and a very good innovation that will move the Java ecosystem forward.
I found one issue, but not sure if is it by design, or it's lack of my knowledge.
I have such DSL:
directive @stripHtml on ARGUMENT_DEFINITION | INPUT_FIELD_DEFINITION
type Query {
searchProfile(contains: String! @stripHtml, limit: Int): [Profile!]!
}
type Mutation {
signUp(input: SignUpInput!): SignUpPayload!
}
input SignUpInput {
username: String! @stripHtml
password: String!
firstName: String!
lastName: String!
}
type Profile {
username: String!
fullName: String!
}I would like to use @stripHtml directive to sanitize values, like in searchProfile the contains argument must remove all HTML code from the value, and the same for the field username in SignUpInput.
Looks like the current version of graphql-java allows doing so by using custom data fetchers only, and sanitizing values customly inside the data fetcher. But this isn't an easy way, as it requires going through all mapped entities and checking does it inside a list of fields or arguments annotated with this directive.
But I'm looking for an API that allows doing so somehow before, and with the sanitized results already in DataFetchingEnvironment class, like this method will return sanitized values already:
|
Map<String, Object> getArguments(); |
.
And in terms of SignUpInput, let's imagine I'm using a plain Java DTO class for that input, and the sanitized value will be passed to the method setUsername(String username).
@andimarek @bbakerman What do you think, is it possible to add some processor API that will allow us to post-process the value?
Hello!
First of all, thank you for developing such an amazing engine. It's beautiful work and a very good innovation that will move the Java ecosystem forward.
I found one issue, but not sure if is it by design, or it's lack of my knowledge.
I have such DSL:
I would like to use
@stripHtmldirective to sanitize values, like insearchProfilethecontainsargument must remove all HTML code from the value, and the same for the fieldusernameinSignUpInput.Looks like the current version of
graphql-javaallows doing so by using custom data fetchers only, and sanitizing values customly inside the data fetcher. But this isn't an easy way, as it requires going through all mapped entities and checking does it inside a list of fields or arguments annotated with this directive.But I'm looking for an API that allows doing so somehow before, and with the sanitized results already in
DataFetchingEnvironmentclass, like this method will return sanitized values already:graphql-java/src/main/java/graphql/schema/DataFetchingEnvironment.java
Line 47 in 477d9a0
And in terms of
SignUpInput, let's imagine I'm using a plain Java DTO class for that input, and the sanitized value will be passed to the methodsetUsername(String username).@andimarek @bbakerman What do you think, is it possible to add some processor API that will allow us to post-process the value?