juniper icon indicating copy to clipboard operation
juniper copied to clipboard

Published 20 hours ago verified publisher icon graphql-rust

Add a way to abort to complex queries

Open weiznich opened this issue 7 years ago • 3 comments

In grahpql it is possible to produce quite complicated queries that could be used to exhaust resources. The simplest example of such an query would be a query that recursively loads the friends of the friends (and so on) of some person. Juniper should include a way to measure the complexity of a query and then be able to abort the query at programmer defined threshold. This should be done without evaluating parts of the query (i.e try to load the thing and abort after a fixed time). See this morning paper and the linked underlying orginal paper for a detailed description of the problem and proposed algorithm to calculate the complexity of a query without evaluating the query.

weiznich avatar May 26 '18 21:05 weiznich

https://www.npmjs.com/package/graphql-cost-analysis

there's js libs for this which could be used for inspiration

ForsakenHarmony avatar May 30 '18 11:05 ForsakenHarmony

Another good source of inspiration for the API imo is absinthe (the elixir graphql library): https://hexdocs.pm/absinthe/complexity-analysis.html

tomhoule avatar Sep 02 '18 11:09 tomhoule

Thanks for all the references.

I'll look into implementing this. (Probably only after switching to graphql-parser).

theduke avatar May 16 '19 12:05 theduke