From 4ee7f80433f209c897da87ec2383e5dc687bb7fb Mon Sep 17 00:00:00 2001
From: Jake Barnby <jakeb994@gmail.com>
Date: Thu, 14 Jul 2022 15:57:34 +1200
Subject: [PATCH] Add too many queries exception

---
 app/config/errors.php           | 7 ++++++-
 app/controllers/api/graphql.php | 9 +++++----
 2 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/app/config/errors.php b/app/config/errors.php
index 71638d1a3..8464d9b15 100644
--- a/app/config/errors.php
+++ b/app/config/errors.php
@@ -514,7 +514,12 @@ return [
     ],
     Exception::GRAPHQL_NO_QUERY => [
         'name' => Exception::GRAPHQL_NO_QUERY,
-        'description' => 'Query is required and can be provided via parameter or as the raw body if the content-type header is application/graphql.',
+        'description' => 'Query is required.',
+        'code' => 400,
+    ],
+    Exception::GRAPHQL_TOO_MANY_QUERIES => [
+        'name' => Exception::GRAPHQL_TOO_MANY_QUERIES,
+        'description' => 'Too many queries have been sent in the same request.',
         'code' => 400,
     ],
 ];
diff --git a/app/controllers/api/graphql.php b/app/controllers/api/graphql.php
index a8ba817a3..92545c655 100644
--- a/app/controllers/api/graphql.php
+++ b/app/controllers/api/graphql.php
@@ -79,21 +79,22 @@ function graphqlRequest(
     if (\str_starts_with($contentType, 'multipart/form-data')) {
         $query = parseMultipartRequest($query, $request);
     }
-    if (!\isset($query[0])) {
+    if (!empty($query) && !isset($query[0])) {
         $query = [$query];
     }
-    if (\empty($query)) {
+    if (empty($query)) {
         throw new Exception('No query supplied.', 400, Exception::GRAPHQL_NO_QUERY);
     }
     if (\count($query) > $maxBatchSize) {
-        throw new Exception('Too many queries in batch.', 400, Exception::GRAPHQL_TOO_MANY_QUERIES);
+        throw new Exception('Too many queries.', 400, Exception::GRAPHQL_TOO_MANY_QUERIES);
+    }
     }
 
     $debugFlags = DebugFlag::INCLUDE_DEBUG_MESSAGE | DebugFlag::INCLUDE_TRACE;
     $validations = GraphQL::getStandardValidationRules();
     $validations[] = new QueryComplexity($maxComplexity);
     $validations[] = new QueryDepth($maxDepth);
-    
+
     if (App::isProduction()) {
         $validations[] = new DisableIntrospection();
         $debugFlags = DebugFlag::NONE;