Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(router): refactor complexity limits #1364

Merged
merged 7 commits into from
Nov 15, 2024
Merged

fix(router): refactor complexity limits #1364

merged 7 commits into from
Nov 15, 2024

Conversation

df-wg
Copy link
Contributor

@df-wg df-wg commented Nov 12, 2024

Motivation and Context

Previous work (#1153) added in the opportunity to limit allowed query depth, rejecting a query if it passes the acceptable limit. This PR moves that configuration into a newly created security.complexity_limitssection, while still maintaining the now deprecatedsecurity. depth_limit` section for the next 60 days

It will now be configured using:

security:
    block_mutations: false
    block_subscriptions: false
    block_non_persisted_operations: false
    complexity_calculation_cache: # This is for a local in-memory cache, to persist the calculation results
      enabled: true
      size: 1024
    complexity_limits:
        depth: # the equivalent of `security.depth_limit` prevoiusly
          enabled: false
          limit: 7
          ignore_persisted_operations: true
        total_fields:
          enabled: false
          limit: 128
          ignore_persisted_operations: true
        root_fields:
          enabled: false
          limit: 3
          ignore_persisted_operations: true
        root_field_aliases:
          enabled: false
          limit: 3
          ignore_persisted_operations: true

Checklist

  • I have discussed my proposed changes in an issue and have received approval to proceed.
  • I have followed the coding standards of the project.
  • Tests or benchmarks have been added or updated.
  • Documentation has been updated on https://github.com/wundergraph/cosmo-docs.
  • I have read the Contributors Guide.

@df-wg df-wg force-pushed the dave/eng-5663-refactor-improve-security-complexity-limits branch 2 times, most recently from 1fa616d to ee032c8 Compare November 12, 2024 14:41
jensneuse
jensneuse requested changes Nov 14, 2024
View reviewed changes
router/pkg/config/config.schema.json Outdated Show resolved Hide resolved
router/pkg/config/config.schema.json Show resolved Hide resolved
router/pkg/otel/attributes.go Outdated Show resolved Hide resolved
router/pkg/config/config.go Outdated Show resolved Hide resolved
router/core/operation_processor.go Outdated Show resolved Hide resolved
router/core/operation_processor.go Outdated Show resolved Hide resolved
StarpTech
StarpTech requested changes Nov 14, 2024
View reviewed changes
router/core/operation_processor.go Outdated Show resolved Hide resolved
router-tests/complexity_limits_test.go Outdated Show resolved Hide resolved
router/pkg/otel/attributes.go Outdated Show resolved Hide resolved
@df-wg df-wg force-pushed the dave/eng-5663-refactor-improve-security-complexity-limits branch from 19ed9ee to 46ceb0a Compare November 15, 2024 08:23
StarpTech
StarpTech approved these changes Nov 15, 2024
View reviewed changes
Copy link
Contributor

@StarpTech StarpTech left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@df-wg df-wg merged commit 9558ece into main Nov 15, 2024
9 checks passed
@df-wg df-wg deleted the dave/eng-5663-refactor-improve-security-complexity-limits branch November 15, 2024 09:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@devsergiy devsergiy devsergiy left review comments

@jensneuse jensneuse jensneuse approved these changes

@StarpTech StarpTech StarpTech approved these changes

Assignees
No one assigned
Labels
router
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@df-wg @devsergiy @StarpTech @jensneuse