apollographql · abernix · Jan 30, 2020 · Dec 6, 2019 · Dec 6, 2019 · Dec 6, 2019
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -3,7 +3,7 @@
 ## Upcoming
 
 - `apollo`
-  - <First `apollo` related entry goes here>
+  - Support disabling literal stripping when extracting queries.  [1703](https://github.com/apollographql/apollo-tooling/pull/1703)
 - `apollo-codegen-flow`
   - <First `apollo-codegen-flow` related entry goes here>
 - `apollo-codegen-scala`

diff --git a/packages/apollo-graphql/src/__tests__/__snapshots__/operationId.test.ts.snap b/packages/apollo-graphql/src/__tests__/__snapshots__/operationId.test.ts.snap
@@ -28,6 +28,8 @@ exports[`defaultOperationRegistrySignature fragments in various order 1`] = `"fr
 
 exports[`defaultOperationRegistrySignature full test 1`] = `"fragment Bar on User{age@skip(if:$a)...Nested}fragment Nested on User{blah}query Foo($a:Boolean,$b:Int){user(age:0,name:\\"\\"){aliased:name tz...Bar...on User{bee hello}}}"`;
 
+exports[`defaultOperationRegistrySignature test with stripLiterals=false 1`] = `"query Foo($b:Int){user(age:5,name:\\"hello\\"){a@skip(if:true)b@include(if:false)c(value:4){d}...Bar...on User{hello@directive(arg:\\"Value!\\")}}}"`;
+
 exports[`defaultOperationRegistrySignature with various argument types 1`] = `"query OpName($a:[[Boolean!]!],$b:EnumType,$c:Int!){user{name(apple:$a,bag:$b,cat:$c)}}"`;
 
 exports[`defaultOperationRegistrySignature with various inline types 1`] = `"query OpName{user{name(apple:[[0]],bag:{input:\\"\\"},cat:ENUM_VALUE)}}"`;
diff --git a/packages/apollo-graphql/src/__tests__/operationId.test.ts b/packages/apollo-graphql/src/__tests__/operationId.test.ts
@@ -273,12 +273,32 @@ describe("defaultOperationRegistrySignature", () => {
           blah
         }
       `
+    },
+    {
+      name: "test with stripLiterals=false",
+      operationName: "Foo",
+      input: gql`
+        query Foo($b: Int) {
+          user(name: "hello", age: 5) {
+            ...Bar
+            a @skip(if: true)
+            b @include(if: false)
+            c(value: 4) {
+              d
+            }
+            ... on User {
+              hello @directive(arg: "Value!")
+            }
+          }
+        }
+      `,
+      options: { stripLiterals: false }
     }
   ];
-  cases.forEach(({ name, operationName, input }) => {
+  cases.forEach(({ name, operationName, input, options }) => {
     test(name, () => {
       expect(
-        defaultOperationRegistrySignature(input, operationName)
+        defaultOperationRegistrySignature(input, operationName, options)
       ).toMatchSnapshot();
     });
   });

diff --git a/packages/apollo-graphql/src/operationId.ts b/packages/apollo-graphql/src/operationId.ts
@@ -69,25 +69,19 @@ export function defaultEngineReportingSignature(
 }
 
 // The operation registry signature function consists of removing extra whitespace,
-// sorting the AST in a deterministic manner, hiding string and numeric literals,
-// and removing unused definitions. This is a less aggressive transform than its
-// engine reporting signature counterpart.
-//
-// XXX
-// The hiding of literals is currently being discussed. This behavior
-// should not be depended on in the future, as it's likely we will choose not
-// to hide them at all. The rationale being, if queries are being shipped to
-// a client bundle, exposing PII via this signature is a very small concern,
-// relatively speaking.
+// sorting the AST in a deterministic manner, potentially hiding string and numeric
+// literals, and removing unused definitions. This is a less aggressive transform
+// than its engine reporting signature counterpart.
 export function defaultOperationRegistrySignature(
   ast: DocumentNode,
-  operationName: string
+  operationName: string,
+  options: { stripLiterals: boolean } = { stripLiterals: true }
 ): string {
-  return printWithReducedWhitespace(
-    sortAST(
-      hideStringAndNumericLiterals(dropUnusedDefinitions(ast, operationName))
-    )
-  );
+  const withoutUnusedDefs = dropUnusedDefinitions(ast, operationName);
+  const maybeWithLiterals = options.stripLiterals
+    ? hideStringAndNumericLiterals(withoutUnusedDefs)
+    : withoutUnusedDefs;
+  return printWithReducedWhitespace(sortAST(maybeWithLiterals));
 }
 
 export function operationHash(operation: string): string {

diff --git a/packages/apollo/README.md b/packages/apollo/README.md
@@ -278,6 +278,8 @@ OPTIONS
 
   --queries=queries                      Deprecated in favor of the includes flag
 
+  --[no-]stripLiterals                   Whether to strip literals from extracted queries. DEFAULT: true
+
   --tagName=tagName                      Name of the template literal tag used to identify template literals containing
                                          GraphQL queries in Javascript/Typescript code
 ```

diff --git a/packages/apollo/src/commands/client/extract.ts b/packages/apollo/src/commands/client/extract.ts
@@ -1,3 +1,4 @@
+import { flags } from "@oclif/command";
 import { writeFileSync } from "fs";
 import { ClientCommand } from "../../Command";
 import {
@@ -9,7 +10,13 @@ import { ClientIdentity } from "apollo-language-server";
 export default class ClientExtract extends ClientCommand {
   static description = "Extract queries from a client";
   static flags = {
-    ...ClientCommand.flags
+    ...ClientCommand.flags,
+    stripLiterals: flags.boolean({
-    stripLiterals: flags.boolean({
+    preserveStringAndNumericLiterals: flags.boolean({
-    stripLiterals: flags.boolean({
+    preserveStringAndNumericLiterals: flags.boolean({
+      description:
+        "Whether to strip literals from extracted queries. DEFAULT: true",
-        "Whether to strip literals from extracted queries. DEFAULT: true",
+        "Disable redaction of string and numerical literals.  Without this flag, these values will be replaced with empty strings (`''`) and zeroes (`0`) respectively.  This redaction is intended to avoid inadvertently outputting potentially personally identifiable information (e.g. embedded passwords or API keys) into operation manifests.",
-        "Whether to strip literals from extracted queries. DEFAULT: true",
+        "Disable redaction of string and numerical literals.  Without this flag, these values will be replaced with empty strings (`''`) and zeroes (`0`) respectively.  This redaction is intended to avoid inadvertently outputting potentially personally identifiable information (e.g. embedded passwords or API keys) into operation manifests.",
+      default: true,
+      allowNo: true
-      allowNo: true
-      allowNo: true
+    })
   };
 
   static args = [
@@ -30,7 +37,9 @@ export default class ClientExtract extends ClientCommand {
       {
         title: "Extracting operations from project",
         task: async ctx => {
-          ctx.operations = getOperationManifestFromProject(this.project);
+          ctx.operations = getOperationManifestFromProject(this.project, {
+            stripLiterals: flags.stripLiterals
-            stripLiterals: flags.stripLiterals
+            preserveStringAndNumericLiterals: flags.preserveStringAndNumericLiterals
-            stripLiterals: flags.stripLiterals
+            preserveStringAndNumericLiterals: flags.preserveStringAndNumericLiterals
+          });
           ctx.clientIdentity = config.client;
         }
       },

diff --git a/packages/apollo/src/utils/getOperationManifestFromProject.ts b/packages/apollo/src/utils/getOperationManifestFromProject.ts
@@ -13,14 +13,16 @@ export interface ManifestEntry {
 }
 
 export function getOperationManifestFromProject(
-  project: GraphQLClientProject
+  project: GraphQLClientProject,
+  options: { stripLiterals: boolean } = { stripLiterals: true }
-  options: { stripLiterals: boolean } = { stripLiterals: true }
+  options: {
+    preserveStringAndNumericLiterals: boolean,
+  } = {
+    preserveStringAndNumericLiterals: true,
+  }
-  options: { stripLiterals: boolean } = { stripLiterals: true }
+  options: {
+    preserveStringAndNumericLiterals: boolean,
+  } = {
+    preserveStringAndNumericLiterals: true,
+  }
 ): ManifestEntry[] {
   const manifest = Object.entries(
     project.mergedOperationsAndFragmentsForService
   ).map(([operationName, operationAST]) => {
     const printed = defaultOperationRegistrySignature(
       operationAST,
-      operationName
+      operationName,
+      { stripLiterals: options.stripLiterals }
-      { stripLiterals: options.stripLiterals }
+      {
+        preserveStringAndNumericLiterals:
+          options.preserveStringAndNumericLiterals
+      }
-      { stripLiterals: options.stripLiterals }
+      {
+        preserveStringAndNumericLiterals:
+          options.preserveStringAndNumericLiterals
+      }
     );
 
     return {