diff options
| author | Rémy Coutable <remy@rymai.me> | 2019-04-04 15:39:51 +0000 |
|---|---|---|
| committer | Rémy Coutable <remy@rymai.me> | 2019-04-04 15:39:51 +0000 |
| commit | 520c120f7c96eb69e36878bd0865df3cefac98a3 (patch) | |
| tree | 401e90826a592782b2f590e0a5f015c99a3502bc /app/graphql | |
| parent | 94e6cc52bee1a67e830bc3f18aeb57930d0815a7 (diff) | |
| parent | f458c561070d754cd546b07caf60dfa7ffb06293 (diff) | |
| download | gitlab-ce-520c120f7c96eb69e36878bd0865df3cefac98a3.tar.gz | |
Merge branch '58405-basic-limiting-complexity-of-graphql-queries' into 'master'
Basic limiting complexity of GraphQL queries
Closes #58405
See merge request gitlab-org/gitlab-ce!26629
Diffstat (limited to 'app/graphql')
| -rw-r--r-- | app/graphql/gitlab_schema.rb | 30 | ||||
| -rw-r--r-- | app/graphql/types/base_field.rb | 9 |
2 files changed, 39 insertions, 0 deletions
diff --git a/app/graphql/gitlab_schema.rb b/app/graphql/gitlab_schema.rb index ecc34eacc7d..7e3c09440a2 100644 --- a/app/graphql/gitlab_schema.rb +++ b/app/graphql/gitlab_schema.rb @@ -1,14 +1,44 @@ # frozen_string_literal: true class GitlabSchema < GraphQL::Schema + # Took our current most complicated query in use, issues.graphql, + # with a complexity of 19, and added a 20 point buffer to it. + # These values will evolve over time. + DEFAULT_MAX_COMPLEXITY = 40 + AUTHENTICATED_COMPLEXITY = 50 + ADMIN_COMPLEXITY = 60 + use BatchLoader::GraphQL use Gitlab::Graphql::Authorize use Gitlab::Graphql::Present use Gitlab::Graphql::Connections use Gitlab::Graphql::Tracing + query_analyzer Gitlab::Graphql::QueryAnalyzers::LogQueryComplexity.analyzer + query(Types::QueryType) default_max_page_size 100 + + max_complexity DEFAULT_MAX_COMPLEXITY + mutation(Types::MutationType) + + def self.execute(query_str = nil, **kwargs) + kwargs[:max_complexity] ||= max_query_complexity(kwargs[:context]) + + super(query_str, **kwargs) + end + + def self.max_query_complexity(ctx) + current_user = ctx&.fetch(:current_user) + + if current_user&.admin + ADMIN_COMPLEXITY + elsif current_user + AUTHENTICATED_COMPLEXITY + else + DEFAULT_MAX_COMPLEXITY + end + end end diff --git a/app/graphql/types/base_field.rb b/app/graphql/types/base_field.rb index 2b2ea64c00b..8c8b8a82d3e 100644 --- a/app/graphql/types/base_field.rb +++ b/app/graphql/types/base_field.rb @@ -3,5 +3,14 @@ module Types class BaseField < GraphQL::Schema::Field prepend Gitlab::Graphql::Authorize + + DEFAULT_COMPLEXITY = 1 + + def initialize(*args, **kwargs, &block) + # complexity is already defaulted to 1, but let's make it explicit + kwargs[:complexity] ||= DEFAULT_COMPLEXITY + + super(*args, **kwargs, &block) + end end end |