https://kotlinlang.org logo
Title
j

jmfayard

07/20/2022, 1:43 PM
Is there a way to add automatic validation to all parameters? Like there is no place where I would welcome to receive an input like
<script>alert('got you, LOL')</script>
a

Arnab

07/20/2022, 2:58 PM
d

Dariusz Kuc

07/20/2022, 3:28 PM
you could also use
javax.validation
to annotate your arguments and input objects -> example from spring https://github.com/ExpediaGroup/graphql-kotlin/blob/master/examples/server/spring-[…]diagroup/graphql/examples/server/spring/query/ValidatedQuery.kt
j

jmfayard

07/20/2022, 3:29 PM
I'm currently using javax.validation but I don't want to add it to all the fields
I will have a look at field validation instrumentation thanks!
d

Dariusz Kuc

07/20/2022, 3:30 PM
con of using
javax.validation
and instrumentations is that it hides this info from the user
you could also use directives to convey some of that validation info to the users and/or custom scalars
that being said -> introspection (as opposed to SDL) doesn't show the directives 😞 so tools like graphiql/playground won't show it there is an ongoing discussion on how to tackle this in the spec...
a

Arnab

07/21/2022, 10:01 AM
I think it’s important to mention that if you decide that a field is of type
String
and you never want strings containing a certain regex, then that is up to you as the developer to communicate that to the user. I don’t see GraphQL being opinionated about that.
d

Dariusz Kuc

07/21/2022, 2:57 PM
I think custom scalar would be better in that case as you can provide
@specifiedBy
information on it