GraphQL Complexity Limit
This policy allows you to add a limit for the depth and a limit for the complexity of a GraphQL query.
Configuration#
{
"name": "my-graphql-complexity-limit-inbound-policy",
"policyType": "graphql-complexity-limit-inbound",
"handler": {
"export": "GraphQLComplexityLimitInboundPolicy",
"module": "$import(@zuplo/runtime)",
"options": {
"useComplexityLimit": [
{}
],
"useDepthLimit": [
{
"ignore": []
}
]
}
}
}Options#
namethe name of your policy instance. This is used as a reference in your routes.policyTypethe identifier of the policy. This is used by the Zuplo UI. Value should begraphql-complexity-limit-inbound.handler/exportThe name of the exported type. Value should beGraphQLComplexityLimitInboundPolicy.handler/modulethe module containing the policy. Value should be$import(@zuplo/runtime).handler/optionsThe options for this policy:useComplexityLimitcomplexityLimitThe maximum complexity a query is allowed to have
endpointUrlThe endpoint URL to use for the complexity calculation
useDepthLimitdepthLimitThe maximum depth a query is allowed to have
ignoreThe fields to ignore when calculating the depth of a query
Depth Limit
Limit the depth a GraphQL query is allowed to query for.
- maxDepth - Number of levels a GraphQL query is allowed to query for.
This allows you to limit the depth of a GraphQL query. This is useful to prevent DoS attacks on your GraphQL server.
{
# Level 0
me {
# Level 1
name
friends {
# Level 2
name
friends {
# Level 3
name
# ...
}
}
}
}Complexity Limit
Example:
- maxComplexity - Maximum complexity allowed for a query.
{
me {
name # Complexity +1
age # Complexity +1
email # Complexity +1
friends {
name # Complexity +1
height # Complexity +1
}
}
}
# Total complexity = 5