Security issue - context should be copied for each request

[dpnova]

https://github.com/graphql-python/sanic-graphql/blob/master/sanic_graphql/graphqlview.py#L51

If you set context in the View ctor a class level attribute gets set. This is fine, except the first request is put into the object and never overwritten later. This ends up serving the first request object in the context of all subsequent requests.

I'm going to patch now. Just thought I'd drop this here to see if anyone has a good reason for request to not be overwritten in context every request. Or more appropriately, for the provided context to be copied each request.

[dpnova]

graphql-python/flask-graphql@d728f80

I suppose I should be using app.db to share my db connection... not a big fan of that style though.

[dpnova]

I'm pretty sure flask uses a bunch of thread locals for things like this, which highlights the importance of the approach taken here.

[dpnova]

Another suggested approach could be for context to be a callable that returns the default context, thus less mutable state hanging around.

[grazor]

@dpnova, thanks for pull request, it clearly was an issue.