fix: Request parameters query field can only be a string

enisdenjo · enisdenjo · commit 16c9600b37ca · 2023-06-12T13:05:47.000+02:00
Closes enisdenjo#65
diff --git a/src/common.ts b/src/common.ts
@@ -4,7 +4,7 @@
  *
  */
 
-import type { DocumentNode, GraphQLError } from 'graphql';
+import type { GraphQLError } from 'graphql';
 import { isObject } from './utils';
 
 /**
@@ -36,7 +36,7 @@ export const TOKEN_QUERY_KEY = 'token' as const;
  */
 export interface RequestParams {
   operationName?: string;
-  query: DocumentNode | string;
+  query: string;
   variables?: Record<string, unknown>;
   extensions?: Record<string, unknown>;
 }
diff --git a/src/handler.ts b/src/handler.ts
@@ -13,6 +13,7 @@ import {
   validate as graphqlValidate,
   execute as graphqlExecute,
   subscribe as graphqlSubscribe,
+  DocumentNode,
 } from 'graphql';
 import { isObject } from './utils';
 import {
@@ -605,31 +606,29 @@ export function createHandler<
       if (!schema) throw new Error('The GraphQL schema is not provided');
 
       const { operationName, variables } = params;
-      let { query } = params;
+      let query: DocumentNode;
 
-      if (typeof query === 'string') {
-        try {
-          query = parse(query);
-        } catch (err) {
-          return [
-            JSON.stringify({
-              errors: [
-                err instanceof Error
-                  ? {
-                      message: err.message,
-                      // TODO: stack might leak sensitive information
-                      // stack: err.stack,
-                    }
-                  : err,
-              ],
-            }),
-            {
-              status: 400,
-              statusText: 'Bad Request',
-              headers: { 'content-type': 'application/json; charset=utf-8' },
-            },
-          ];
-        }
+      try {
+        query = parse(params.query);
+      } catch (err) {
+        return [
+          JSON.stringify({
+            errors: [
+              err instanceof Error
+                ? {
+                    message: err.message,
+                    // TODO: stack might leak sensitive information
+                    // stack: err.stack,
+                  }
+                : err,
+            ],
+          }),
+          {
+            status: 400,
+            statusText: 'Bad Request',
+            headers: { 'content-type': 'application/json; charset=utf-8' },
+          },
+        ];
       }
 
       const argsWithoutSchema = {
