Pro: operation store sync endpoint is not compatible for Rack 3's new `body` expectations

[agrobbin]

Describe the bug

When attempting to ugprade from Rack 2 to 3, we started getting errors from a test we have for our operation store setup, due to the HMACs not matching:

OperationStore: Failed to authorize body, header: "GraphQL::Pro test_client 9d9a68c24eacf66e4a358b21a1d56020a4dbacbc0a82169828fe81e3978c03d3" (Invalid HMAC digest, expected "d
5c41f3af7fec8eed2ff49eab74c54751bc596a20bac0b8b78a9945666feaa83")

After some further investigation into why the HMAC was different, we noticed that request.body.read had changed between Rack 2 and 3. In Rack 2, we get the actual contents, while in Rack 3, we get an empty string.

Turns out, Rack 3 does not do the rewinding for us, as mentioned here.

Patching GraphQL::Pro::OperationStore::Endpoint#call to do request.body.rewind before reading the body fixes the problem.

Versions

graphql version: v2.2.7 graphl-pro version: v1.25.2 in production (though I've tested this on v1.26.2 as well, and the same behavior occurs) rails (or other framework): v7.1.3

It's possible not everyone runs into this, as I think it would only be an issue if something else has read the request body before GraphQL Pro gets its hands on the Rack env.

[rmosolgo]

Hey, thanks for the heads up here and for sharing the work-around that worked for you. I'll work up a patch to make this "just work" and follow up here when it's released :+1:

[rmosolgo]

Thanks again for reporting this. I just released graphql-pro v1.26.3 which rewinds the body when it can be rewinded. Please let me know if you run into any more trouble with this after you update to that version!

[agrobbin]

Great @rmosolgo, thanks for the quick resolution. We'll upgrade things soon!