Ability to add custom headers to the request
sebastianmacias opened this issue ยท 19 comments
Currently the only header being set is the content type:
/shurcooL/go/ctxhttp/ctxhttp.go:83
req.Header.Set("Content-Type", bodyType)
It would be helpful to allow setting custom headers in addition to the content-type since some graphql servers use headers for auth tokens and setting other variables.
Thanks
It is possible to do this by using a custom HTTP client (that sets custom request headers before delegating to the underlying HTTP client).
See https://github.com/shurcooL/githubv4#authentication for more information. Please let me know if you're satisfied with that solution or if you have any additional questions.
@dmitshur it's possible to do by creating your own HTTP Client, but it's a lot of work (just look at all the code in golang.org/x/oauth2
to set the Authorization header). This is what I do:
import "net/http"
type headerTransport struct {
base http.RoundTripper
headers map[string]string
}
func NewHTTPClientWithHeaders(baseRoundTripper http.RoundTripper, headers map[string]string) *http.Client {
if baseRoundTripper == nil {
baseRoundTripper = http.DefaultTransport
}
return &http.Client{
Transport: &headerTransport{
base: baseRoundTripper,
headers: headers,
},
}
}
func (h *headerTransport) RoundTrip(req *http.Request) (*http.Response, error) {
req2 := CloneRequest(req)
for key, val := range h.headers {
req2.Header.Set(key, val)
}
return h.base.RoundTrip(req2)
}
// CloneRequest and CloneHeader copied from https://github.com/kubernetes/apimachinery/blob/master/pkg/util/net/http.go#L424
// CloneRequest creates a shallow copy of the request along with a deep copy of the Headers.
func CloneRequest(req *http.Request) *http.Request {
r := new(http.Request)
// shallow clone
*r = *req
// deep copy headers
r.Header = CloneHeader(req.Header)
return r
}
// CloneHeader creates a deep copy of an http.Header.
func CloneHeader(in http.Header) http.Header {
out := make(http.Header, len(in))
for key, values := range in {
newValues := make([]string, len(values))
copy(newValues, values)
out[key] = newValues
}
return out
}
Perhaps Query
and Mutation
can be updated to accept either a header map, or some (variadic list of) interface that allows you to mutate the request etc?
The code in golang.org/x/oauth2
is more complex because it seeks to provide a general solution (rather than a very specific one) with a high degree of flexibility. E.g., it supports various token sources, including ones with a refresh token, etc.
The code you posted is a much more appropriately sized for a customized solution for your app's needs, and I recommend you continue to use that. It works with graphql
's existing API and enables you to customize behavior further as needed.
Perhaps
Query
andMutation
can be updated to accept either a header map,
This would be quite inflexible: not everyone needs this, and it'd stop working for people as soon as they need slightly custom behavior.
or some (variadic list of) interface that allows you to mutate the request etc?
This is more viable, but it needs to be thought out well before committing to it. If you'd like to think more about this, I suggest coming up with some drafts with mock APIs and user code that uses that API. I don't expect I'll have time to work on this soon.
It seems that since #5 is desired, adding more custom HTTP handling will be tricky without implementing the transport-agnostic interface layer. I'd be very happy to pick up work on #5 if others have no desire any more.
The code you posted is a much more appropriately sized for a customized solution for your app's needs, and I recommend you continue to use that. It works with
graphql
's existing API and enables you to customize behavior further as needed.
It's perhaps appropriately sized, but the complexity that it entails is a bit much. You need to care and know about roundtrippers, and that they aren't supposed to mutate the request, but that a shallow-copy of the request and a deep copy of the headers is fine.
How about the below signature?
func (c *Client) Query(ctx context.Context, q interface{}, variables map[string]interface{}, setHeaders func(*http.Request)) error
It is backwards incompatible. However, clients can pass nil
for setHeaders
argument to not add any custom headers.
Full diff is given below.
diff --git a/graphql.go b/graphql.go
index 8520956..9800623 100644
--- a/graphql.go
+++ b/graphql.go
@@ -33,19 +33,19 @@ func NewClient(url string, httpClient *http.Client) *Client {
// Query executes a single GraphQL query request,
// with a query derived from q, populating the response into it.
// q should be a pointer to struct that corresponds to the GraphQL schema.
-func (c *Client) Query(ctx context.Context, q interface{}, variables map[string]interface{}) error {
- return c.do(ctx, queryOperation, q, variables)
+func (c *Client) Query(ctx context.Context, q interface{}, variables map[string]interface{}, setHeaders func(*http.Request)) error {
+ return c.do(ctx, queryOperation, q, variables, setHeaders)
}
// Mutate executes a single GraphQL mutation request,
// with a mutation derived from m, populating the response into it.
// m should be a pointer to struct that corresponds to the GraphQL schema.
-func (c *Client) Mutate(ctx context.Context, m interface{}, variables map[string]interface{}) error {
- return c.do(ctx, mutationOperation, m, variables)
+func (c *Client) Mutate(ctx context.Context, m interface{}, variables map[string]interface{}, setHeaders func(*http.Request)) error {
+ return c.do(ctx, mutationOperation, m, variables, setHeaders)
}
// do executes a single GraphQL operation.
-func (c *Client) do(ctx context.Context, op operationType, v interface{}, variables map[string]interface{}) error {
+func (c *Client) do(ctx context.Context, op operationType, v interface{}, variables map[string]interface{}, setHeaders func(*http.Request)) error {
var query string
switch op {
case queryOperation:
@@ -65,7 +65,16 @@ func (c *Client) do(ctx context.Context, op operationType, v interface{}, variab
if err != nil {
return err
}
- resp, err := ctxhttp.Post(ctx, c.httpClient, c.url, "application/json", &buf)
+ req, err := http.NewRequest(http.MethodPost, c.url, &buf)
+ if err != nil {
+ return err
+ }
+ req.Header.Set("Content-Type", "application/json")
+ if setHeaders != nil {
+ setHeaders(req)
+ }
+
+ resp, err := ctxhttp.Do(ctx, c.httpClient, req)
if err != nil {
return err
}
This would be very useful for GitHub's Schema Previews, which need a custom media type in the Accept header.
you can try my fork https://github.com/Laisky/graphql , support custom headers & cookies, and fully compatible with shurcool/graphql.
With github deprecating the current authentication method [1] , its likely we would need to at least support the addition of Authorization: token my_access_token
to the library.
[1] https://developer.github.com/changes/2020-02-10-deprecating-auth-through-query-param/
@gurpreetz Thanks for pointing out that GitHub is deprecating authentication via query parameters, and recommending authentication via request headers.
However, I don't think that changes best practices for using this library. The golang.org/x/oauth2
package already provides authentication via headers, and can continue to be used for authentication. See https://github.com/shurcooL/githubv4#authentication and https://github.com/google/go-github#authentication.
I was already using those methods to authenticate when Github flagged it as soon to be deprecated - hence the request.
Can you please elaborate? Can I reproduce this somehow?
I've looked at https://docs.github.com/en/graphql/guides/forming-calls-with-graphql#authenticating-with-graphql and I'm not seeing any changes to the authentication on GitHub's side beyond what I've already mentioned in my last comment.
If you think there is an issue, please file a new issue in https://github.com/shurcooL/githubv4/issues with more information.
This is basically what I have...
src := oauth2.StaticTokenSource(
&oauth2.Token{
AccessToken: githubToken,
},
)
httpClient := oauth2.NewClient(context.Background(), src)
client := githubv4.NewClient(httpClient)
..
..
err := client.Query(.....)
I then got an email from github stating that :
your personal access token (dizzy2) using Go-http-client/1.1 was used as part of a query parameter
to access an endpoint through the GitHub API.
Please use the Authorization HTTP header instead, as using the `access_token` query parameter is
deprecated. If this token is being used by an app you don't have control over, be aware that it may
stop working as a result of this deprecation.
@gurpreetz Thanks. That should not be happening, I'll need to investigate. Can you please file a new issue at https://github.com/shurcooL/githubv4/issues and specify what version of golang.org/x/oauth2
you're using?
Hi, I needed to set the authorization in the header for my graphql request and I found a solution that works for me.
I need to provide a jwt token with my request for my backend:
This is what I added:
client = client.WithRequestModifier(setAuthHeader(token))
Full code:
`
client := graphql.NewClient("http://localhost:8080/query", nil)
client = client.WithRequestModifier(setAuthHeader(token))
variables := map[string]interface{}{
"review": graphql.String("review string"),
"date": graphql.String("2022-02-01 13:30:00"),
"likes": graphql.Int(0),
"comments": graphql.Int(0),
}
err := client.Mutate(context.Background(), &q_createreview, variables)
if err != nil {
fmt.Println(err)
}
fmt.Println(q_createreview.CreateReview)`
Source: #77
@VanCoppenolleWout what is setAuthHeader
there?
It is something like this
func setAuthHeader(token string) graphql.RequestModifier {
return func(h *http.Request) {
h.Header.Add("Authorization", token)
}
}
Ha, found this after crafting a similar approach. Used for connecting to AWS AppSync. I already have a package named
func setHeader(header string, token string) graphql.RequestModifier {
return func(h *http.Request) {
h.Header.Add(header, token)
}
}
var gqlClient *graphql.Client
gqlClient = graphql.NewClient(endpointURL, &http.Client{}).WithRequestModifier(setHeader("x-api-key", apiKey))