graphql-go/graphql

Feature Request: Need API to limit query complexity / depth

yookoala opened this issue · 8 comments

As title suggest. Library user would want to have a way to evaluate a graphql query complexity and refuse queries that are too complex.

I believe https://www.npmjs.com/package/graphql-cost-analysis is the current JS library de jure. Potentially this doesn't go in the core go library?

Bump.

For bigger projects complexity is quiet an important feature. What are the plans to implement it?

My feeling is that there is not much new development at all on this library.

There is already an API to limit the query depth, but no API to limit the query complexity.
The system should be protected from attack by complex querys.
So there should be a API to limit query complexity.

FYI, if need, in JavaScript world, today graphql-query-complexity is better than graphql-cost-analysis now.

This looks like a port of graphql-cost-analysis into Go: https://github.com/koron-go/gqlcost

Any news on this? I would be very interesting to have, as mentioned, something like graphql-cost-analysis for JS

Bumping as this is a needed feature.

@sevenzhao wdym there's already a way to limit depth? I'm not sure what are you referring to, mind giving an example?