Query Cost Limit

GraphQL has some unique characteristics which open services for various types of attacks. Common attack is to overwhelm the service with resource heavy queries. Common way to counter this type of attack is to limit the query cost based on complexity.

Query Cost Analysis

See the detailed explanation and schema configuration in Query Cost Analysis.

Usage with server

Add cost limiting validation rule to options

        [Fact]
        public void Configure_Rules()
        {
            /* Given */
            var schema = Substitute.For<ISchema>();
            var maxCost = CostAnalyzer.MaxCost(100);

            /* When */
            Services.AddTankaGraphQL()
                .ConfigureSchema(() => new ValueTask<ISchema>(schema))
                // rules factory function with the default rules as the parameter
                .ConfigureRules(rules => rules.Concat(new []
                {
                    // append max query cost validation rule
                    maxCost
                }).ToArray());

            /* Then */
            var provider = Services.BuildServiceProvider();
            var options = provider.GetService<IOptions<ServerOptions>>().Value;
            var actual = options.ValidationRules;
            Assert.Contains(actual, rule => rule == maxCost);
        }