简体中文(ZH-CN) English(EN) 繁体中文(ZH-TW) 日本語(JA) 한국어(KO) Melayu(MS) Français(FR) Deutsch(DE)
How to check query depth and complexity in Laravel Lighthouse
P粉419164700
P粉419164700 2023-08-28 21:26:41
0
1
553

Before deploying lighthouse to a production server, I check security (https://www.howtographql.com/advanced/4-security/). So I decided to check query depth and query complexity.

In the lighthouse documentation, they mention config/lighthouse.php. 

/* |------------------------------------------------- ----------------------- | Security |------------------------------------------------- ----------------------- | | Control Lighthouse to handle security-related query verification. | Detailed reading: https://webonyx.github.io/graphql-php/security/ | */ 'security' => [ 'max_query_complexity' => \GraphQL\Validator\Rules\QueryComplexity::DISABLED, 'max_query_depth' => \GraphQL\Validator\Rules\QueryDepth::DISABLED, 'disable_introspection' => \GraphQL\Validator\Rules\DisableIntrospection::DISABLED, ],

And it is recommended to read https://webonyx.github.io/graphql-php/security/.

In this link they give some examples: 

use GraphQL\GraphQL; use GraphQL\Validator\Rules\QueryComplexity; use GraphQL\Validator\DocumentValidator; $rule = new QueryComplexity($maxQueryComplexity = 100); DocumentValidator::addRule($rule); GraphQL::executeQuery(/*...*/); 
use GraphQL\GraphQL; use GraphQL\Validator\Rules\QueryDepth; use GraphQL\Validator\DocumentValidator; $rule = new QueryDepth($maxDepth = 10); DocumentValidator::addRule($rule); GraphQL::executeQuery(/*...*/);

But how to apply these in lighthouse?

First, I wrote this code into ExampleQuery.php(php artisan lighthouse:query ExampleQuery). 

final class ExampleQuery { public function __invoke(_, array $args) { $rule = new QueryComplexity(2); DocumentValidator::addRule($rule); $rule2 = new QueryDepth(2); DocumentValidator::addRule($rule2); return [ ... ]; } }

But this won't catch any problems.

I think lighthouse is started in vendor/nuwave/.../GraphQLController.php so I cannot execute GraphQL::executeQuery(/*...*/ );

The

@complexity directive also does not work, @complexity(resolver: "App\\Security\\ComplexityAnalyzer@userPosts") will not be called userPosts function. 

class ComplexityAnalyzer { public function userPosts(int $childrenComplexity, array $args): int // not called { $postComplexity = $args['includeFullText'] ? 3 : 2; \Log::Debug($postComplexity); // not called return $childrenComplexity * $postComplexity; } }

What did I miss? Please help me sleep well.

P粉419164700
P粉419164700

reply all (1)
P粉717595985
P粉7175959852023-08-29 14:32:38 1 floor

It's already implemented, you just need to set the value.

'security' => [ 'max_query_complexity' => 100, 'max_query_depth' => 10, ],

Complexity score calculation can be modified for each field using the@complexitydirective.

Like+0
Add Reply
    Popular Topics
    More>
    Popular Articles
    Popular Tutorials
    More>
    Related Tutorials
    Popular Recommendations
    Latest courses
    Latest Downloads
    More>
    Web Effects
    Website Source Code
    Website Materials
    Front End Template
    About us Disclaimer Sitemap
    php.cn:Public welfare online PHP training,Help PHP learners grow quickly!