fureunoir/schon
fureunoir/schon
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

feat(graphql): make max query depth configurable with environment variable

Browse source 
allow setting `GRAPHQL_MAX_QUERY_DEPTH` via environment variable to provide flexibility in limiting query depth and preventing DoS attacks. Defaults to 13 if not set.
This commit is contained in:
Egor Pavlovich Gorbunov 2026-03-02 00:45:42 +03:00
parent 6d24ee0c92
commit cffbaf66b3
1 changed files with 4 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
schon/graphql_validators.py
View file

@ -1,3 +1,5 @@
from os import getenv
from graphql import GraphQLError from graphql import GraphQLError
from graphql.language.ast import ( from graphql.language.ast import (
FieldNode, FieldNode,
@ -8,7 +10,7 @@ from graphql.language.ast import (
) )
from graphql.validation import ValidationRule from graphql.validation import ValidationRule
MAX_QUERY_DEPTH = 8 MAX_QUERY_DEPTH = getenv("GRAPHQL_MAX_QUERY_DEPTH", 13)
def _max_field_depth(node, fragments, depth=0): def _max_field_depth(node, fragments, depth=0):
@ -36,7 +38,7 @@ def _selection_depth(node, fragments, depth):
class QueryDepthLimitRule(ValidationRule): class QueryDepthLimitRule(ValidationRule):
"""Prevents DoS via deeply nested GraphQL queries (max depth: 8).""" """Prevents DoS via deeply nested GraphQL queries (max depth: 13)."""
def enter_document(self, node, *_args): def enter_document(self, node, *_args):
fragments = { fragments = {