From 18db68a4305cd07b68476a7ca4f0346a70673c0f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alberto=20Miedes=20Garce=CC=81s?= Date: Mon, 29 May 2017 09:47:39 +0200 Subject: [PATCH] Force pagination, limit query depth and complexity --- app/controllers/graphql_controller.rb | 3 ++- lib/graph_ql/api_types_creator.rb | 2 +- lib/graph_ql/query_type_creator.rb | 2 +- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/app/controllers/graphql_controller.rb b/app/controllers/graphql_controller.rb index ce8f093db..762239dc8 100644 --- a/app/controllers/graphql_controller.rb +++ b/app/controllers/graphql_controller.rb @@ -29,7 +29,8 @@ class GraphqlController < ApplicationController GraphQL::Schema.define do query query_type - max_depth 12 + max_depth 8 + max_complexity 2500 end end diff --git a/lib/graph_ql/api_types_creator.rb b/lib/graph_ql/api_types_creator.rb index acf3e2d20..4e548748c 100644 --- a/lib/graph_ql/api_types_creator.rb +++ b/lib/graph_ql/api_types_creator.rb @@ -49,7 +49,7 @@ module GraphQL end when :multiple_association field_type = field_type.first - connection(field_name, -> { created_types[field_type].connection_type }) do + connection(field_name, -> { created_types[field_type].connection_type }, max_page_size: 50, complexity: 1000) do resolve -> (object, arguments, context) { field_type.public_for_api & object.send(field_name) } end end diff --git a/lib/graph_ql/query_type_creator.rb b/lib/graph_ql/query_type_creator.rb index 36e6626b9..71beb8033 100644 --- a/lib/graph_ql/query_type_creator.rb +++ b/lib/graph_ql/query_type_creator.rb @@ -18,7 +18,7 @@ module GraphQL end end - connection model.graphql_pluralized_field_name, created_type.connection_type do + connection(model.graphql_pluralized_field_name, created_type.connection_type, max_page_size: 50, complexity: 1000) do description model.graphql_pluralized_field_description resolve -> (object, arguments, context) { model.public_for_api } end