search

d-exclaimation / pioneer

GraphQL for Swift.
https://pioneer.dexclaimation.com
Apache License 2.0
40 stars 8 forks source link

Query Cost Analysis #27

Open Sherlouk opened 2 years ago

Sherlouk commented 2 years ago

For applications which seek the ability to charge for access to their GraphQL API, a cost analysis must be done to charge request based on their impact. As in, requesting a single model will cost less than multiple models with relationships and such.

It would be good if we could provide a way of intercepting requests before they're executed. This would allow us to throw an error (also helpful for auth), record usage, or even add support for a "dryRun" mode which simply returns the query cost without actually executing it.

Examples:

https://github.com/pa-bru/graphql-cost-analysis

https://github.com/slicknode/graphql-query-complexity

d-exclaimation commented 2 years ago

It seems like the capability needed to be implemented first is validation rules. I will see what I can do.

d-exclaimation commented 2 years ago

The validation rules is already in the GraphQLSwift/GraphQL package which should allow something like https://github.com/pa-bru/graphql-cost-analysis.

However, the capability to provide custom validation rules are not public outside the GraphQLSwift/GraphQL package. I am not sure if that was an intentional decision by the maintainer for GraphQLSwift/GraphQL. I have asked about this and once that feature is made public, I will immediately update this package as well.

GraphQLSwift/GraphQL#98

d-exclaimation commented 2 years ago

In the mean time, you can technically use the context builder to intercept request by throwing an error before it is executed by the resolver which was updated in v0.6.0.

Sherlouk commented 2 years ago

I'll be sure to take a look at that and see if it works for my use case. Thanks 😊

d-exclaimation commented 2 years ago

Sorry, this feature took a while, but validation rules are now in Pioneer since v0.9.0. You should be able to provide custom rules that intercept operation before any resolver is executed.

You should also be capable of computing the validation rules for a specific GraphQLRequest (this is used by Query Cost Analysis to grab the variables which not provided in the ValidationContext).

The only thing missing now is an implementation of Query Cost Analysis or Query Complexity.