diff options
author | Brett Walker <bwalker@gitlab.com> | 2019-03-27 23:02:25 +0300 |
---|---|---|
committer | Brett Walker <bwalker@gitlab.com> | 2019-04-04 16:39:30 +0300 |
commit | f458c561070d754cd546b07caf60dfa7ffb06293 (patch) | |
tree | ef4c65fb5b6767030c0c8b88223f415eabfe88be /app/graphql/gitlab_schema.rb | |
parent | 815901e322b60d28983f52a7ce5e98555285bef8 (diff) |
Initial field and query complexity limits
It makes all Types::BaseField default to a complexity of 1.
Queries themselves now have limited complexity, scaled
to the type of user: no user, authenticated user, or an
admin user.
Diffstat (limited to 'app/graphql/gitlab_schema.rb')
-rw-r--r-- | app/graphql/gitlab_schema.rb | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/app/graphql/gitlab_schema.rb b/app/graphql/gitlab_schema.rb index 06d26309b5b..ff4d0611da9 100644 --- a/app/graphql/gitlab_schema.rb +++ b/app/graphql/gitlab_schema.rb @@ -1,13 +1,43 @@ # frozen_string_literal: true class GitlabSchema < GraphQL::Schema + # Took our current most complicated query in use, issues.graphql, + # with a complexity of 19, and added a 20 point buffer to it. + # These values will evolve over time. + DEFAULT_MAX_COMPLEXITY = 40 + AUTHENTICATED_COMPLEXITY = 50 + ADMIN_COMPLEXITY = 60 + use BatchLoader::GraphQL use Gitlab::Graphql::Authorize use Gitlab::Graphql::Present use Gitlab::Graphql::Connections + query_analyzer Gitlab::Graphql::QueryAnalyzers::LogQueryComplexity.analyzer + query(Types::QueryType) default_max_page_size 100 + + max_complexity DEFAULT_MAX_COMPLEXITY + mutation(Types::MutationType) + + def self.execute(query_str = nil, **kwargs) + kwargs[:max_complexity] ||= max_query_complexity(kwargs[:context]) + + super(query_str, **kwargs) + end + + def self.max_query_complexity(ctx) + current_user = ctx&.fetch(:current_user) + + if current_user&.admin + ADMIN_COMPLEXITY + elsif current_user + AUTHENTICATED_COMPLEXITY + else + DEFAULT_MAX_COMPLEXITY + end + end end |