Explicit error if query signing is invalid

We always return an error if misconfigured, even for non-GraphQL HTTP
requests, because we want to make the misconfiguration extremely visible
as soon as possible. Otherwise, the app might look like it is working
until we navigate to a page that does GraphQL queries.

Author: PowerKiKi

projects/natural/src/lib/classes/signing.spec.ts

@@ -19,11 +19,15 @@ const batchedGraphqlQuery = [
 
 const key = 'my-secret-1';
 
-function expectSigned(request: HttpRequest<unknown>, done: DoneFn): void {
-    const signer = graphqlQuerySigner(key);
-
+function createHandlerSpy(): jasmine.Spy<HttpHandlerFn> {
     const handler = jasmine.createSpy<HttpHandlerFn>('HttpHandlerFn');
     handler.and.callFake(() => of(new HttpResponse()));
+    return handler;
+}
+
+function expectSigned(request: HttpRequest<unknown>, done: DoneFn): void {
+    const signer = graphqlQuerySigner(key);
+    const handler = createHandlerSpy();
 
     signer(request, handler).subscribe(() => {
         expect(handler).toHaveBeenCalledTimes(1);
@@ -35,9 +39,7 @@ function expectSigned(request: HttpRequest<unknown>, done: DoneFn): void {
 
 function expectNotSigned(request: HttpRequest<unknown>, done: DoneFn): void {
     const signer = graphqlQuerySigner(key);
-
-    const handler = jasmine.createSpy<HttpHandlerFn>('HttpHandlerFn');
-    handler.and.callFake(() => of(new HttpResponse()));
+    const handler = createHandlerSpy();
 
     signer(request, handler).subscribe(() => {
         expect(handler).toHaveBeenCalledOnceWith(request);
@@ -84,4 +86,22 @@ describe('graphqlQuerySigner', () => {
 
         expectNotSigned(request, done);
     });
+
+    it('if mis-configured, will always error, even if query should not be signed', done => {
+        const request = new HttpRequest('GET', 'foo');
+        const signer = graphqlQuerySigner('');
+        const handler = createHandlerSpy();
+
+        signer(request, handler).subscribe({
+            error: error => {
+                expect(handler).not.toHaveBeenCalled();
+                expect(error).toBeInstanceOf(Error);
+                expect('message' in error).toBeTrue();
+                expect(error.message).toBe(
+                    'graphqlQuerySigner requires a non-empty key. Configure it in local.php under signedQueries.',
+                );
+                done();
+            },
+        });
+    });
 });

projects/natural/src/lib/classes/signing.ts

@@ -1,6 +1,6 @@
 import {HttpInterceptorFn, HttpRequest} from '@angular/common/http';
 import {hmacSha256} from './crypto';
-import {from, switchMap} from 'rxjs';
+import {from, switchMap, throwError} from 'rxjs';
 
 function getOperations(req: HttpRequest<unknown>): string {
     if (req.body instanceof FormData) {
@@ -22,6 +22,18 @@ function getOperations(req: HttpRequest<unknown>): string {
  * The server will validate the signature before executing the GraphQL query.
  */
 export function graphqlQuerySigner(key: string): HttpInterceptorFn {
+    // Validates the configuration exactly 1 time (not for
+    // every query), and if not reject **all** HTTP requests
+    if (!key) {
+        return () =>
+            throwError(
+                () =>
+                    new Error(
+                        'graphqlQuerySigner requires a non-empty key. Configure it in local.php under signedQueries.',
+                    ),
+            );
+    }
+
     return (req, next) => {
         const mustSign = req.method === 'POST' && /\/graphql(\?|$)/.exec(req.url);
         if (!mustSign) {