diff --git a/app/graphql/consul_schema.rb b/app/graphql/consul_schema.rb index 3bd1e9ba9..ecb40227f 100644 --- a/app/graphql/consul_schema.rb +++ b/app/graphql/consul_schema.rb @@ -1,4 +1,8 @@ class ConsulSchema < GraphQL::Schema mutation(Types::MutationType) query(Types::QueryType) + + default_max_page_size 25 + max_complexity 2500 + max_depth 8 end diff --git a/spec/graphql/consul_schema_spec.rb b/spec/graphql/consul_schema_spec.rb new file mode 100644 index 000000000..15c367c5c --- /dev/null +++ b/spec/graphql/consul_schema_spec.rb @@ -0,0 +1,76 @@ +require "rails_helper" + +describe ConsulSchema do + let(:user) { create(:user) } + + it "returns an error for queries exceeding max depth" do + query = <<~GRAPHQL + { + user(id: #{user.id}) { + public_proposals { + edges { + node { + public_author { + username + public_proposals { + edges { + node { + public_author { + username + } + } + } + } + } + } + } + } + } + } + GRAPHQL + + response = execute(query) + + expect(response["errors"]).not_to be nil + expect(response["errors"].first["message"]).to match(/exceeds max depth/) + end + + it "returns an error for queries requesting all records from more than 2 collections" do + query = <<~GRAPHQL + { + users { + edges { + node { + public_debates { + edges { + node { + title + } + } + } + public_proposals { + edges { + node { + title + } + } + } + public_comments { + edges { + node { + body + } + } + } + } + } + } + } + GRAPHQL + + response = execute(query) + + expect(response["errors"]).not_to be nil + expect(response["errors"].first["message"]).to match(/Query has complexity/) + end +end