Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for Max Tokens protection #5

Closed
ldebruijn opened this issue Oct 19, 2023 · 1 comment · Fixed by #12
Closed

Support for Max Tokens protection #5

ldebruijn opened this issue Oct 19, 2023 · 1 comment · Fixed by #12
Assignees
@ldebruijn
Labels
enhancement New feature or request help wanted Extra attention is needed

Comments

@ldebruijn
Copy link
Owner

ldebruijn commented Oct 19, 2023
edited
Loading

Is your feature request related to a problem? Please describe.
A GraphQL operation is composed of many tokens. Parsing and validating an operation requires to check each token for validity. Therefore having a request with many many tokens may take extra long to validate, or might even cause server issues.

Having a max-tokens protection mechanism should help prevent such issues by disallowing requests that exceed a certain configurable token count.

Describe the solution you'd like
Build a new Rule that itilizes GraphQL ValidationRules feature to count the number of tokens in the AST.
Register the Rule with the GraphQL engine, and allow for configuration options to enable/disable the feature, as well as configure the token limit.
Provide sane defaults.
Include test cases to prove the feature works.
Update user documentation.

Additional context
This feature is inspired by GraphQL Armor so inspiration can be drawn from their known working implementation.
@ldebruijn ldebruijn added enhancement New feature or request help wanted Extra attention is needed labels Oct 19, 2023
@ldebruijn ldebruijn linked a pull request Dec 22, 2023 that will close this issue
feat(max-tokens): Implement max-tokens rule, add documentation & test… #12
Merged
@ldebruijn ldebruijn self-assigned this Dec 22, 2023
@ldebruijn
Copy link
Owner Author

Resolved via #12

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ldebruijn ldebruijn

Labels
enhancement New feature or request help wanted Extra attention is needed
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat(max-tokens): Implement max-tokens rule, add documentation & test… ldebruijn/graphql-protect
1 participant
@ldebruijn