Commit fba10521 authored by Kassio Borges's avatar Kassio Borges

Use Gitlab::Http as the adapter for Graphql queries

To avoid security errors, use `Gitlab::Http` as the HTTP adapter on
`BulkImports::Clients::Graphql`.
parent 44983c3d
...@@ -3,6 +3,24 @@ ...@@ -3,6 +3,24 @@
module BulkImports module BulkImports
module Clients module Clients
class Graphql class Graphql
class HTTP < Graphlient::Adapters::HTTP::Adapter
def execute(document:, operation_name: nil, variables: {}, context: {})
response = ::Gitlab::HTTP.post(
url,
headers: headers,
follow_redirects: false,
body: {
query: document.to_query_string,
operationName: operation_name,
variables: variables
}.to_json
)
::Gitlab::Json.parse(response.body)
end
end
private_constant :HTTP
attr_reader :client attr_reader :client
delegate :query, :parse, :execute, to: :client delegate :query, :parse, :execute, to: :client
...@@ -12,19 +30,19 @@ module BulkImports ...@@ -12,19 +30,19 @@ module BulkImports
@token = token @token = token
@client = Graphlient::Client.new( @client = Graphlient::Client.new(
@url, @url,
request_headers options(http: HTTP)
) )
end end
def request_headers def options(extra = {})
return {} unless @token return extra unless @token
{ {
headers: { headers: {
'Content-Type' => 'application/json', 'Content-Type' => 'application/json',
'Authorization' => "Bearer #{@token}" 'Authorization' => "Bearer #{@token}"
} }
} }.merge(extra)
end end
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment