Proposal: case-insensitive APQ hash validation

[stnokott]

What happened?

The server returns an error provided APQ hash does not match query even when the queries in question are equal.

This happens because of this line:

gqlgen/graphql/handler/extension/apq.go

Line 85 in cc17785

if computeQueryHash(rawParams.Query) != extension.Sha256 {

Here, the internal hash, calculated in computeQueryHash is compared with the received hash from the client in extension.Sha256.

Here's the problem:
computeQueryHash uses hex.EncodeToString which always returns lowercase hex characters.
The hash from the client might not be lowercase though.

In my case, I use the C# client (https://github.com/graphql-dotnet/graphql-client#automatic-persisted-queries-apq) which always returns uppercase hashes.

The above-mentioned line in apq.go performs a simple string comparison and since 123abc != 123ABC, it returns an error even if these two hashes are idempotent.

What did you expect?

Hashes to be compared case-insensitively, e.g. by using strings.EqualFold.

I have a fork with this fix ready if feedback on this suggestion is positive (I created this issue first instead of directly raising a PR according to the contribution guidelines).

Minimal graphql.schema and models to reproduce

n/a

versions

• [email protected]
• go 1.23.0