search

mercurius-js / mercurius

Implement GraphQL servers and gateways with Fastify
https://mercurius.dev/
MIT License
2.33k stars 234 forks source link

feat: support passing options to graphql validate and parse #1050

Closed markrzen closed 8 months ago

markrzen commented 9 months ago

Support passing options to GraphQL's validate and parse functions.

Reasoning to allow configuration of these functions topics is fine tuning to prevent DDOS attacks.

This allows developers to set:

  1. validate's options of maxErrors to something more/less than the 100 default. This prevents an attacker from specifying 100 invalid fields, requiring CPU time generating validation errors.
  2. parse's options of maxTokens to a value. It has no default. This prevent an attacker from producing a overly high complexity query that requires a high amount of CPU time.
markrzen commented 8 months ago

@mcollina Can we get this on a reviewers queue? I wouldn't usually poke maintainers like this, but previous PRs seem to be getting reviewed within a few days. I wanted to make sure this didn't fall through the cracks.

markrzen commented 8 months ago

@simoneb Any chance this is something you can review?

markrzen commented 8 months ago

@simoneb @mcollina Thanks y'all. What sort of release schedule are y'all doing? Any expectations I should have?