1 files changed, 39 insertions, 7 deletions

diff --git a/app/controllers/graphql_controller.rb b/app/controllers/graphql_controller.rb
index 7b5dc22815c..e8f38899647 100644
--- a/app/controllers/graphql_controller.rb
+++ b/app/controllers/graphql_controller.rb
@@ -16,13 +16,8 @@ class GraphqlController < ApplicationController
   before_action(only: [:execute]) { authenticate_sessionless_user!(:api) }
 
   def execute
-    variables = Gitlab::Graphql::Variables.new(params[:variables]).to_h
-    query = params[:query]
-    operation_name = params[:operationName]
-    context = {
-      current_user: current_user
-    }
-    result = GitlabSchema.execute(query, variables: variables, context: context, operation_name: operation_name)
+    result = multiplex? ? execute_multiplex : execute_query
+
     render json: result
   end
 
@@ -38,6 +33,43 @@ class GraphqlController < ApplicationController
 
   private
 
+  def execute_multiplex
+    GitlabSchema.multiplex(multiplex_queries, context: context)
+  end
+
+  def execute_query
+    variables = build_variables(params[:variables])
+    operation_name = params[:operationName]
+
+    GitlabSchema.execute(query, variables: variables, context: context, operation_name: operation_name)
+  end
+
+  def query
+    params[:query]
+  end
+
+  def multiplex_queries
+    params[:_json].map do |single_query_info|
+      {
+        query: single_query_info[:query],
+        variables: build_variables(single_query_info[:variables]),
+        operation_name: single_query_info[:operationName]
+      }
+    end
+  end
+
+  def context
+    @context ||= { current_user: current_user }
+  end
+
+  def build_variables(variable_info)
+    Gitlab::Graphql::Variables.new(variable_info).to_h
+  end
+
+  def multiplex?
+    params[:_json].present?
+  end
+
   def authorize_access_api!
     access_denied!("API not accessible for user.") unless can?(current_user, :access_api)
   end