feat(graphql): make max query depth configurable with environment variable
allow setting `GRAPHQL_MAX_QUERY_DEPTH` via environment variable to provide flexibility in limiting query depth and preventing DoS attacks. Defaults to 13 if not set.
This commit is contained in:
parent
6d24ee0c92
commit
cffbaf66b3
1 changed files with 4 additions and 2 deletions
|
|
@ -1,3 +1,5 @@
|
|||
from os import getenv
|
||||
|
||||
from graphql import GraphQLError
|
||||
from graphql.language.ast import (
|
||||
FieldNode,
|
||||
|
|
@ -8,7 +10,7 @@ from graphql.language.ast import (
|
|||
)
|
||||
from graphql.validation import ValidationRule
|
||||
|
||||
MAX_QUERY_DEPTH = 8
|
||||
MAX_QUERY_DEPTH = getenv("GRAPHQL_MAX_QUERY_DEPTH", 13)
|
||||
|
||||
|
||||
def _max_field_depth(node, fragments, depth=0):
|
||||
|
|
@ -36,7 +38,7 @@ def _selection_depth(node, fragments, depth):
|
|||
|
||||
|
||||
class QueryDepthLimitRule(ValidationRule):
|
||||
"""Prevents DoS via deeply nested GraphQL queries (max depth: 8)."""
|
||||
"""Prevents DoS via deeply nested GraphQL queries (max depth: 13)."""
|
||||
|
||||
def enter_document(self, node, *_args):
|
||||
fragments = {
|
||||
|
|
|
|||
Loading…
Reference in a new issue