Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add depth limit validator #1021

Merged
merged 22 commits into from
Aug 8, 2021
Merged

Add depth limit validator #1021

merged 22 commits into from
Aug 8, 2021

Conversation

jkimbo
Copy link
Member

@jkimbo jkimbo commented Jun 15, 2021

Description

Adds a python port of https://github.com/stems/graphql-depth-limit

Also allow passing custom validators to execute_sync and execute.

Types of Changes

  • Core
  • Bugfix
  • New feature
  • Enhancement/optimization
  • Documentation

Issues Fixed or Closed by This PR

Checklist

  • My code follows the code style of this project.
  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.
  • I have read the CONTRIBUTING document.
  • I have added tests to cover my changes.
  • I have tested the changes and verified that they work and don't break anything (as well as I can manage).

@jkimbo jkimbo requested review from patrick91 and BryceBeagle June 15, 2021 19:55
@botberry
Copy link
Member

botberry commented Jun 15, 2021
edited
Loading

Thanks for adding the RELEASE.md file!

Here's a preview of the changelog:

This release adds a query depth limit validation rule so that you can guard
against malicious queries:

import strawberry
from strawberry.schema import default_validation_rules
from strawberry.tools import depth_limit_validator


# Add the depth limit validator to the list of default validation rules
validation_rules = (
  default_validation_rules + [depth_limit_validator(3)]
)

result = schema.execute_sync(
    """
    query MyQuery {
      user {
        pets {
          owner {
            pets {
              name
            }
          }
        }
      }
    }
    """,
    validation_rules=validation_rules,
  )
)
assert len(result.errors) == 1
assert result.errors[0].message == "'MyQuery' exceeds maximum operation depth of 3"

Here's the preview release card for twitter:

Here's the tweet text:

Another great feature by @jonnykim! Now we are able to pass
custom validators when executing GraphQL queries. And we
already have one built-in validator to disable queries by depth!

Check it out here 👉 https://github.com/strawberry-graphql/strawberry/releases/tag/(next)

@codecov
Copy link

codecov bot commented Jun 15, 2021
edited
Loading

Codecov Report

Merging #1021 (19c6662) into main (776b98f) will increase coverage by 0.11%.
The diff coverage is 98.61%.

@@            Coverage Diff             @@
##             main    #1021      +/-   ##
==========================================
+ Coverage   97.43%   97.55%   +0.11%     
==========================================
  Files          81       82       +1     
  Lines        3044     3110      +66     
  Branches      420      440      +20     
==========================================
+ Hits         2966     3034      +68     
+ Misses         44       42       -2     
  Partials       34       34

@jkimbo jkimbo changed the title Allow passing validation rules to schema execute Add depth limit validator Jun 16, 2021
DoctorJohn
DoctorJohn reviewed Jun 17, 2021
View reviewed changes
Copy link
Member

@DoctorJohn DoctorJohn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice work, I'm very excited for this. I added a couple of small comments, just things that came to my mind :)

@jkimbo
Copy link
Member Author

jkimbo commented Jun 22, 2021

Thanks for the review @DoctorJohn , I'll get those changes in as soon as I can.

patrick91
patrick91 reviewed Jun 24, 2021
View reviewed changes
@jkimbo jkimbo requested review from DoctorJohn and patrick91 June 27, 2021 11:05
DoctorJohn
DoctorJohn approved these changes Jun 30, 2021
View reviewed changes
Copy link
Member

@DoctorJohn DoctorJohn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👍

patrick91
patrick91 approved these changes Jun 30, 2021
View reviewed changes
Copy link
Member

@patrick91 patrick91 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💯

BryceBeagle
BryceBeagle suggested changes Jul 6, 2021
View reviewed changes
@jkimbo jkimbo requested a review from BryceBeagle July 16, 2021 20:23
@jkimbo jkimbo requested a review from BryceBeagle August 6, 2021 07:51
@jkimbo jkimbo mentioned this pull request Aug 8, 2021
Closed
jkimbo and others added 22 commits August 8, 2021 22:26
@patrick91 patrick91 merged commit cf934e6 into main Aug 8, 2021
@patrick91 patrick91 deleted the add-depth-limit branch August 8, 2021 21:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@DoctorJohn DoctorJohn DoctorJohn approved these changes

@patrick91 patrick91 patrick91 approved these changes

@BryceBeagle BryceBeagle Awaiting requested review from BryceBeagle

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@jkimbo @botberry @patrick91 @BryceBeagle @DoctorJohn