|
| 1 | +/* @flow */ |
| 2 | + |
| 3 | +// Read apollo-server docs |
| 4 | +// https://www.apollographql.com/docs/apollo-server/integrations/plugins/ |
| 5 | +// Read graphql-query-complexity docs |
| 6 | +// https://github.com/slicknode/graphql-query-complexity |
| 7 | + |
| 8 | +import type { ApolloServerPlugin } from 'apollo-server-plugin-base'; |
| 9 | +import { getComplexity, simpleEstimator, fieldExtensionsEstimator } from 'graphql-query-complexity'; |
| 10 | +import { separateOperations, type GraphQLSchema } from 'graphql'; |
| 11 | + |
| 12 | +export function initQueryComplexityPlugin(opts: { schema: GraphQLSchema, maxComplexity: number }) { |
| 13 | + return ({ |
| 14 | + requestDidStart: () => { |
| 15 | + let complexity = 0; |
| 16 | + const maxComplexity = opts.maxComplexity || 1000; |
| 17 | + return { |
| 18 | + didResolveOperation({ request, document }) { |
| 19 | + /** |
| 20 | + * This provides GraphQL query analysis to be able to react on complex queries to your GraphQL server. |
| 21 | + * This can be used to protect your GraphQL servers against resource exhaustion and DoS attacks. |
| 22 | + * More documentation can be found at https://github.com/ivome/graphql-query-complexity. |
| 23 | + */ |
| 24 | + complexity = getComplexity({ |
| 25 | + // Our built schema |
| 26 | + schema: opts.schema, |
| 27 | + // To calculate query complexity properly, |
| 28 | + // we have to check if the document contains multiple operations |
| 29 | + // and eventually extract it operation from the whole query document. |
| 30 | + query: request.operationName |
| 31 | + ? separateOperations(document)[request.operationName] |
| 32 | + : document, |
| 33 | + // The variables for our GraphQL query |
| 34 | + variables: request.variables, |
| 35 | + // Add any number of estimators. The estimators are invoked in order, the first |
| 36 | + // numeric value that is being returned by an estimator is used as the field complexity. |
| 37 | + // If no estimator returns a value, an exception is raised. |
| 38 | + estimators: [ |
| 39 | + fieldExtensionsEstimator(), |
| 40 | + // Add more estimators here... |
| 41 | + // This will assign each field a complexity of 1 |
| 42 | + // if no other estimator returned a value. |
| 43 | + simpleEstimator({ defaultComplexity: 1 }), |
| 44 | + ], |
| 45 | + }); |
| 46 | + // Here we can react to the calculated complexity, |
| 47 | + // like compare it with max and throw error when the threshold is reached. |
| 48 | + if (complexity >= maxComplexity) { |
| 49 | + throw new Error( |
| 50 | + `Sorry, too complicated query! ${complexity} is over ${maxComplexity} that is the max allowed complexity.` |
| 51 | + ); |
| 52 | + } |
| 53 | + // And here we can e.g. subtract the complexity point from hourly API calls limit. |
| 54 | + if (request.operationName !== 'IntrospectionQuery') { |
| 55 | + console.log( |
| 56 | + `Used query ${request.operationName || ''} complexity points: ${complexity}` |
| 57 | + ); |
| 58 | + } |
| 59 | + }, |
| 60 | + willSendResponse({ response }) { |
| 61 | + response.extensions = response.extensions || {}; |
| 62 | + response.extensions.complexity = complexity; |
| 63 | + response.extensions.maxComplexity = maxComplexity; |
| 64 | + }, |
| 65 | + }; |
| 66 | + }, |
| 67 | + }: ApolloServerPlugin); |
| 68 | +} |
0 commit comments