Fix issue that parsed query for persisted operations (#9523)

Author: michaelstaib

src/HotChocolate/AspNetCore/src/AspNetCore.Pipeline/ExecutorSession.cs

@@ -1,13 +1,15 @@
 #if !NET9_0_OR_GREATER
 using System.Diagnostics.CodeAnalysis;
 #endif
+using System.IO.Pipelines;
 using System.Net;
 using HotChocolate.AspNetCore.Formatters;
 using HotChocolate.AspNetCore.Instrumentation;
 using HotChocolate.AspNetCore.Parsers;
 using HotChocolate.AspNetCore.Utilities;
 using HotChocolate.Features;
 using HotChocolate.Language;
+using HotChocolate.PersistedOperations;
 using Microsoft.AspNetCore.Http;
 using Microsoft.Extensions.DependencyInjection;
 
@@ -25,6 +27,8 @@ public sealed class ExecutorSession
     private readonly IHttpRequestParser _requestParser;
     private readonly IHttpResponseFormatter _responseFormatter;
     private readonly IServerDiagnosticEvents _diagnosticEvents;
+    private readonly bool _skipDocumentBody;
+    private readonly IError? _operationNotAllowedError;
 
     public ExecutorSession(IRequestExecutor executor)
     {
@@ -37,14 +41,13 @@ public ExecutorSession(IRequestExecutor executor)
         _responseFormatter = executor.Schema.Services.GetRequiredService<IHttpResponseFormatter>();
         _requestParser = executor.Schema.Services.GetRequiredService<IHttpRequestParser>();
         _diagnosticEvents = executor.Schema.Services.GetRequiredService<IServerDiagnosticEvents>();
+        var persistedOps = executor.Schema.Services.GetService<PersistedOperationOptions>();
+        _skipDocumentBody = persistedOps is { OnlyAllowPersistedDocuments: true, AllowDocumentBody: false };
+        _operationNotAllowedError = persistedOps?.OperationNotAllowedError;
     }
 
     public ISocketSessionInterceptor SocketSessionInterceptor => _socketSessionInterceptor;
 
-    public IHttpResponseFormatter ResponseFormatter => _responseFormatter;
-
-    public IHttpRequestParser RequestParser => _requestParser;
-
     public IServerDiagnosticEvents DiagnosticEvents => _diagnosticEvents;
 
     public ulong Version => _executor.Version;
@@ -187,6 +190,63 @@ public async Task<IResponseStream> ExecuteBatchAsync(
             cancellationToken: context.RequestAborted);
     }
 
+    public async ValueTask<GraphQLRequest[]> ParseRequestAsync(
+        PipeReader requestBody,
+        CancellationToken cancellationToken)
+    {
+        var requests = await _requestParser.ParseRequestAsync(requestBody, _skipDocumentBody, cancellationToken);
+        ThrowIfDocumentBodyNotAllowed(requests);
+        return requests;
+    }
+
+    public async ValueTask<GraphQLRequest> ParsePersistedOperationRequestAsync(
+        string documentId,
+        string? operationName,
+        PipeReader requestBody,
+        CancellationToken cancellationToken)
+    {
+        var request = await _requestParser.ParsePersistedOperationRequestAsync(
+            documentId, operationName, requestBody, _skipDocumentBody, cancellationToken);
+        ThrowIfDocumentBodyNotAllowed(request);
+        return request;
+    }
+
+    public GraphQLRequest ParseRequestFromParams(IQueryCollection parameters)
+    {
+        var request = _requestParser.ParseRequestFromParams(parameters, _skipDocumentBody);
+        ThrowIfDocumentBodyNotAllowed(request);
+        return request;
+    }
+
+    public GraphQLRequest ParsePersistedOperationRequestFromParams(
+        string operationId,
+        string? operationName,
+        IQueryCollection parameters)
+        => _requestParser.ParsePersistedOperationRequestFromParams(operationId, operationName, parameters);
+
+    public GraphQLRequest[] ParseRequest(string sourceText)
+    {
+        var requests = _requestParser.ParseRequest(sourceText, _skipDocumentBody);
+        ThrowIfDocumentBodyNotAllowed(requests);
+        return requests;
+    }
+
+    private void ThrowIfDocumentBodyNotAllowed(GraphQLRequest request)
+    {
+        if (_skipDocumentBody && request.HasDocumentBody && request.DocumentId is null)
+        {
+            throw new GraphQLRequestException(_operationNotAllowedError!);
+        }
+    }
+
+    private void ThrowIfDocumentBodyNotAllowed(GraphQLRequest[] requests)
+    {
+        foreach (var request in requests)
+        {
+            ThrowIfDocumentBodyNotAllowed(request);
+        }
+    }
+
     public ValueTask WriteResultAsync(
         HttpContext context,
         IExecutionResult result,

src/HotChocolate/AspNetCore/src/AspNetCore.Pipeline/HotChocolate.AspNetCore.Pipeline.csproj

@@ -15,6 +15,7 @@
     <ProjectReference Include="..\Transport.Formatters\HotChocolate.Transport.Formatters.csproj" />
     <ProjectReference Include="..\Transport.Sockets\HotChocolate.Transport.Sockets.csproj" />
     <ProjectReference Include="..\..\..\Caching\src\Caching.Memory\HotChocolate.Caching.Memory.csproj" />
+    <ProjectReference Include="..\..\..\PersistedOperations\src\PersistedOperations.Abstractions\HotChocolate.PersistedOperations.Abstractions.csproj" />
   </ItemGroup>
 
   <ItemGroup>

src/HotChocolate/AspNetCore/src/AspNetCore.Pipeline/HttpMultipartMiddleware.cs

@@ -107,7 +107,7 @@ protected override async ValueTask<GraphQLRequest[]> ParseRequestsFromBodyAsync(
 
         // Parse the string values of interest from the IFormCollection
         var multipartRequest = ParseMultipartRequest(form);
-        var requests = session.RequestParser.ParseRequest(multipartRequest.Operations);
+        var requests = session.ParseRequest(multipartRequest.Operations);
 
         // we add the file lookup as a feature on the HttpContext and can grab it from
         // there and put it on the GraphQL request.

src/HotChocolate/AspNetCore/src/AspNetCore.Pipeline/HttpPostMiddlewareBase.cs

@@ -253,7 +253,7 @@ protected virtual async ValueTask<GraphQLRequest[]> ParseRequestsFromBodyAsync(
         ExecutorSession session)
     {
         var requests =
-            await session.RequestParser.ParseRequestAsync(
+            await session.ParseRequestAsync(
                 context.Request.BodyReader,
                 context.RequestAborted);
 

src/HotChocolate/AspNetCore/src/AspNetCore.Pipeline/Parsers/DefaultHttpRequestParser.cs

@@ -46,6 +46,7 @@ public DefaultHttpRequestParser(
 
     public async ValueTask<GraphQLRequest[]> ParseRequestAsync(
         PipeReader requestBody,
+        bool skipDocumentBody,
         CancellationToken cancellationToken)
     {
         try
@@ -78,7 +79,8 @@ public async ValueTask<GraphQLRequest[]> ParseRequestAsync(
             var requestParser = new Utf8GraphQLRequestParser(
                 _parserOptions,
                 _documentCache,
-                _documentHashProvider);
+                _documentHashProvider,
+                skipDocumentBody);
 
             var requests = requestParser.Parse(result.Buffer);
 
@@ -105,6 +107,7 @@ public async ValueTask<GraphQLRequest> ParsePersistedOperationRequestAsync(
         string documentId,
         string? operationName,
         PipeReader requestBody,
+        bool skipDocumentBody,
         CancellationToken cancellationToken)
     {
         if (!OperationDocumentId.TryParse(documentId, out var parsedDocumentId))
@@ -143,7 +146,8 @@ public async ValueTask<GraphQLRequest> ParsePersistedOperationRequestAsync(
             var requestParser = new Utf8GraphQLRequestParser(
                 _parserOptions,
                 _documentCache,
-                _documentHashProvider);
+                _documentHashProvider,
+                skipDocumentBody);
 
             var request = requestParser.ParsePersistedOperation(parsedDocumentId, operationName, result.Buffer);
 
@@ -166,10 +170,24 @@ public async ValueTask<GraphQLRequest> ParsePersistedOperationRequestAsync(
         }
     }
 
-    public GraphQLRequest ParseRequestFromParams(IQueryCollection parameters)
+    public GraphQLRequest ParseRequestFromParams(IQueryCollection parameters, bool skipDocumentBody = false)
     {
         // next, we deserialize the GET request with the query request builder ...
-        string? query = parameters[QueryKey];
+        var hasDocumentBody = false;
+        string? query = null;
+
+        if (skipDocumentBody)
+        {
+            if (!string.IsNullOrWhiteSpace((string?)parameters[QueryKey]))
+            {
+                hasDocumentBody = true;
+            }
+        }
+        else
+        {
+            query = parameters[QueryKey];
+        }
+
         string? queryId = parameters[QueryIdKey];
         string? operationName = parameters[OperationNameKey];
         string? onError = parameters[OnErrorKey];
@@ -189,9 +207,19 @@ public GraphQLRequest ParseRequestFromParams(IQueryCollection parameters)
             // we will use the request parser utils to extract the hash from the extensions.
             if (!TryExtractHash(extensions, _documentHashProvider, out var hash))
             {
-                // if we cannot find any query hash in the extensions, or if the extensions are
-                // null, we are unable to execute and will throw a request error.
-                throw DefaultHttpRequestParser_QueryAndIdMissing();
+                if (hasDocumentBody)
+                {
+                    // The request had a query parameter, but we skipped it because we are
+                    // in strict trusted documents mode. Let it through so the execution
+                    // pipeline can reject it with HC0067.
+                    hash = null;
+                }
+                else
+                {
+                    // if we cannot find any query hash in the extensions, or if the extensions are
+                    // null, we are unable to execute and will throw a request error.
+                    throw DefaultHttpRequestParser_QueryAndIdMissing();
+                }
             }
 
             // if we however found a query hash, we will use it as a query id and move on
@@ -237,7 +265,8 @@ public GraphQLRequest ParseRequestFromParams(IQueryCollection parameters)
                 operationName,
                 errorHandlingMode,
                 variableSet,
-                extensions);
+                extensions,
+                hasDocumentBody);
         }
         catch (SyntaxException ex)
         {
@@ -344,7 +373,7 @@ public GraphQLRequest ParsePersistedOperationRequestFromParams(
             $"Unknown 'onError' value '{onError}'. Allowed values are 'PROPAGATE' or 'NULL'.");
     }
 
-    public GraphQLRequest[] ParseRequest(string sourceText)
+    public GraphQLRequest[] ParseRequest(string sourceText, bool skipDocumentBody = false)
     {
         byte[]? rented = null;
         var maxLength = s_utf8.GetMaxByteCount(sourceText.Length);
@@ -353,7 +382,12 @@ public GraphQLRequest[] ParseRequest(string sourceText)
         try
         {
             s_utf8.GetBytes(sourceText, span);
-            return Parse(span, _parserOptions, _documentCache, _documentHashProvider);
+            var requestParser = new Utf8GraphQLRequestParser(
+                _parserOptions,
+                _documentCache,
+                _documentHashProvider,
+                skipDocumentBody);
+            return requestParser.Parse(span);
         }
         catch (InvalidGraphQLRequestException ex)
         {

src/HotChocolate/AspNetCore/src/AspNetCore.Pipeline/Parsers/IHttpRequestParser.cs

@@ -15,6 +15,9 @@ public interface IHttpRequestParser
     /// <param name="requestBody">
     /// A stream representing the HTTP request body.
     /// </param>
+    /// <param name="skipDocumentBody">
+    /// If <c>true</c>, the document body will be skipped during parsing.
+    /// </param>
     /// <param name="cancellationToken">
     /// The request cancellation token.
     /// </param>
@@ -23,6 +26,7 @@ public interface IHttpRequestParser
     /// </returns>
     ValueTask<GraphQLRequest[]> ParseRequestAsync(
         PipeReader requestBody,
+        bool skipDocumentBody,
         CancellationToken cancellationToken);
 
     /// <summary>
@@ -37,6 +41,9 @@ ValueTask<GraphQLRequest[]> ParseRequestAsync(
     /// <param name="requestBody">
     /// A stream representing the HTTP request body.
     /// </param>
+    /// <param name="skipDocumentBody">
+    /// If <c>true</c>, the document body will be skipped during parsing.
+    /// </param>
     /// <param name="cancellationToken">
     /// The request cancellation token.
     /// </param>
@@ -47,6 +54,7 @@ ValueTask<GraphQLRequest> ParsePersistedOperationRequestAsync(
         string documentId,
         string? operationName,
         PipeReader requestBody,
+        bool skipDocumentBody,
         CancellationToken cancellationToken);
 
     /// <summary>
@@ -55,21 +63,27 @@ ValueTask<GraphQLRequest> ParsePersistedOperationRequestAsync(
     /// <param name="sourceText">
     /// The operations string.
     /// </param>
+    /// <param name="skipDocumentBody">
+    /// If <c>true</c>, the document body will be skipped during parsing.
+    /// </param>
     /// <returns>
     /// Returns the parsed GraphQL request.
     /// </returns>
-    GraphQLRequest[] ParseRequest(string sourceText);
+    GraphQLRequest[] ParseRequest(string sourceText, bool skipDocumentBody = false);
 
     /// <summary>
     /// Parses a GraphQL HTTP GET request from the HTTP query parameters.
     /// </summary>
     /// <param name="parameters">
     /// The HTTP query parameter collection.
     /// </param>
+    /// <param name="skipDocumentBody">
+    /// If <c>true</c>, the document body will be skipped during parsing.
+    /// </param>
     /// <returns>
     /// Returns the parsed GraphQL request.
     /// </returns>
-    GraphQLRequest ParseRequestFromParams(IQueryCollection parameters);
+    GraphQLRequest ParseRequestFromParams(IQueryCollection parameters, bool skipDocumentBody = false);
 
     /// <summary>
     /// Parses the variables and extensions from the HTTP query parameters.

src/HotChocolate/AspNetCore/src/AspNetCore.Pipeline/Utilities/MiddlewareHelper.cs

@@ -27,7 +27,7 @@ public static ValidateAcceptContentTypeResult ValidateAcceptContentType(
                 HttpStatusCode.BadRequest);
         }
 
-        var requestFlags = executorSession.ResponseFormatter.CreateRequestFlags(headerResult.AcceptMediaTypes);
+        var requestFlags = executorSession.CreateRequestFlags(headerResult.AcceptMediaTypes);
 
         // if the request defines accept header values of which we cannot handle any provided
         // media type, then we will fail the request with 406 Not Acceptable.
@@ -55,7 +55,7 @@ public static ParseRequestResult ParseRequestFromParams(
         {
             try
             {
-                var request = executorSession.RequestParser.ParseRequestFromParams(context.Request.Query);
+                var request = executorSession.ParseRequestFromParams(context.Request.Query);
                 context.Response.RegisterForDispose(request);
                 return new ParseRequestResult(request);
             }
@@ -88,7 +88,7 @@ public static ParseRequestResult ParseVariablesAndExtensionsFromParams(
             try
             {
                 var request =
-                    executorSession.RequestParser.ParsePersistedOperationRequestFromParams(
+                    executorSession.ParsePersistedOperationRequestFromParams(
                         operationId,
                         operationName,
                         context.Request.Query);
@@ -125,7 +125,7 @@ public static async Task<ParseRequestResult> ParseSingleRequestFromBodyAsync(
             try
             {
                 request =
-                    await executorSession.RequestParser.ParsePersistedOperationRequestAsync(
+                    await executorSession.ParsePersistedOperationRequestAsync(
                         operationId,
                         operationName,
                         context.Request.BodyReader,
@@ -286,12 +286,7 @@ public static async Task WriteResultAsync(
                 formatScope = executorSession.DiagnosticEvents.FormatHttpResponse(context, queryResult);
             }
 
-            await executorSession.ResponseFormatter.FormatAsync(
-                context.Response,
-                result,
-                acceptMediaTypes,
-                statusCode,
-                context.RequestAborted);
+            await executorSession.WriteResultAsync(context, result, acceptMediaTypes, statusCode);
         }
         finally
         {

src/HotChocolate/AspNetCore/test/AspNetCore.Tests/PersistedOperationTests.cs

@@ -401,7 +401,11 @@ public async Task Standard_Query_Not_Allowed_Override_Per_Request()
         var server = CreateStarWarsServer(
             configureServices: s => s
                 .AddGraphQL("StarWars")
-                .ModifyRequestOptions(o => o.PersistedOperations.OnlyAllowPersistedDocuments = true)
+                .ModifyRequestOptions(o =>
+                {
+                    o.PersistedOperations.OnlyAllowPersistedDocuments = true;
+                    o.PersistedOperations.AllowDocumentBody = true;
+                })
                 .ConfigureSchemaServices(c => c.AddSingleton<IOperationDocumentStorage>(storage))
                 .UsePersistedOperationPipeline()
                 .AddHttpRequestInterceptor<AllowNonPersistedOperationInterceptor>());