Commit fba10521 authored by Kassio Borges's avatar Kassio Borges

Use Gitlab::Http as the adapter for Graphql queries

To avoid security errors, use `Gitlab::Http` as the HTTP adapter on
`BulkImports::Clients::Graphql`.
parent 44983c3d
......@@ -3,6 +3,24 @@
module BulkImports
module Clients
class Graphql
class HTTP < Graphlient::Adapters::HTTP::Adapter
def execute(document:, operation_name: nil, variables: {}, context: {})
response = ::Gitlab::HTTP.post(
url,
headers: headers,
follow_redirects: false,
body: {
query: document.to_query_string,
operationName: operation_name,
variables: variables
}.to_json
)
::Gitlab::Json.parse(response.body)
end
end
private_constant :HTTP
attr_reader :client
delegate :query, :parse, :execute, to: :client
......@@ -12,19 +30,19 @@ module BulkImports
@token = token
@client = Graphlient::Client.new(
@url,
request_headers
options(http: HTTP)
)
end
def request_headers
return {} unless @token
def options(extra = {})
return extra unless @token
{
headers: {
'Content-Type' => 'application/json',
'Authorization' => "Bearer #{@token}"
}
}
}.merge(extra)
end
end
end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment