tailcallhq · laststylebender14 · Sep 16, 2024 · Sep 16, 2024 · Sep 16, 2024 · Sep 16, 2024
diff --git a/generated/.tailcallrc.graphql b/generated/.tailcallrc.graphql
@@ -282,6 +282,18 @@ directive @server(
   """
   port: Int
   """
+  `queryComplexity` sets the maximum allowed complexity for a GraphQL query. It helps 
+  prevent resource-intensive queries by limiting their complexity. If set, queries 
+  exceeding this complexity will be rejected.
+  """
+  queryComplexity: Int
+  """
+  `queryDepth` sets the maximum allowed depth for a GraphQL query. It helps prevent 
+  deeply nested queries that could potentially overload the server. If set, queries 
+  exceeding this depth will be rejected.
+  """
+  queryDepth: Int
+  """
   `queryValidation` checks incoming GraphQL queries against the schema, preventing 
   errors from invalid queries. Can be disabled for performance. @default `false`.
   """

diff --git a/generated/.tailcallrc.schema.json b/generated/.tailcallrc.schema.json
@@ -1042,6 +1042,24 @@
           "format": "uint16",
           "minimum": 0.0
         },
+        "queryComplexity": {
+          "description": "`queryComplexity` sets the maximum allowed complexity for a GraphQL query. It helps prevent resource-intensive queries by limiting their complexity. If set, queries exceeding this complexity will be rejected.",
+          "type": [
+            "integer",
+            "null"
+          ],
+          "format": "uint",
+          "minimum": 0.0
+        },
+        "queryDepth": {
+          "description": "`queryDepth` sets the maximum allowed depth for a GraphQL query. It helps prevent deeply nested queries that could potentially overload the server. If set, queries exceeding this depth will be rejected.",
+          "type": [
+            "integer",
+            "null"
+          ],
+          "format": "uint",
+          "minimum": 0.0
+        },
         "queryValidation": {
           "description": "`queryValidation` checks incoming GraphQL queries against the schema, preventing errors from invalid queries. Can be disabled for performance. @default `false`.",
           "type": [

diff --git a/src/core/blueprint/index.rs b/src/core/blueprint/index.rs
@@ -1,7 +1,7 @@
 use indexmap::IndexMap;
 
 use crate::core::blueprint::{
-    Blueprint, Definition, FieldDefinition, InputFieldDefinition, SchemaDefinition,
+    Blueprint, Definition, FieldDefinition, InputFieldDefinition, SchemaDefinition, Server,
 };
 use crate::core::scalar;
 
@@ -13,6 +13,7 @@ use crate::core::scalar;
 pub struct Index {
     map: IndexMap<String, (Definition, IndexMap<String, QueryField>)>,
     schema: SchemaDefinition,
+    server: Server,
 }
 
 #[derive(Debug)]
@@ -78,6 +79,14 @@ impl Index {
             false
         }
     }
+
+    pub fn query_complexity(&self) -> Option<usize> {
+        self.server.query_complexity
+    }
+
+    pub fn query_depth(&self) -> Option<usize> {
+        self.server.query_depth
+    }
 }
 
 impl From<&Blueprint> for Index {
@@ -169,7 +178,11 @@ impl From<&Blueprint> for Index {
             }
         }
 
-        Self { map, schema: blueprint.schema.to_owned() }
+        Self {
+            map,
+            schema: blueprint.schema.to_owned(),
+            server: blueprint.server.to_owned(),
+        }
     }
 }
 
@@ -183,7 +196,11 @@ mod test {
     fn setup() -> Index {
         let config = include_config!("./fixture/all-constructs.graphql").unwrap();
         let cfg_module = ConfigModule::from(config);
-        let blueprint = Blueprint::try_from(&cfg_module).unwrap();
+        let mut blueprint = Blueprint::try_from(&cfg_module).unwrap();
+        // Set a fixed number of workers to ensure consistent snapshots across different
+        // environments This is necessary because the number of workers might
+        // vary on different CI systems
+        blueprint.server = blueprint.server.worker(4);
 
         Index::from(&blueprint)
     }

diff --git a/src/core/blueprint/server.rs b/src/core/blueprint/server.rs
@@ -38,6 +38,8 @@ pub struct Server {
     pub experimental_headers: HashSet<HeaderName>,
     pub auth: Option<Auth>,
     pub dedupe: bool,
+    pub query_complexity: Option<usize>,
+    pub query_depth: Option<usize>,
 }
 
 /// Mimic of mini_v8::Script that's wasm compatible
@@ -154,6 +156,8 @@ impl TryFrom<crate::core::config::ConfigModule> for Server {
                         cors,
                         auth,
                         dedupe: config_server.get_dedupe(),
+                        query_complexity: config_server.get_query_complexity(),
+                        query_depth: config_server.get_query_depth(),
                     }
                 },
             )

diff --git a/src/core/blueprint/snapshots/tailcall__core__blueprint__index__test__from_blueprint.snap b/src/core/blueprint/snapshots/tailcall__core__blueprint__index__test__from_blueprint.snap
@@ -1200,4 +1200,30 @@ Index {
             },
         ],
     },
+    server: Server {
+        enable_jit: true,
+        enable_apollo_tracing: false,
+        enable_cache_control_header: false,
+        enable_set_cookie_header: false,
+        enable_introspection: true,
+        enable_query_validation: false,
+        enable_response_validation: false,
+        enable_batch_requests: false,
+        enable_showcase: false,
+        global_response_timeout: 0,
+        worker: 4,
+        port: 8000,
+        hostname: 127.0.0.1,
+        vars: {},
+        response_headers: {},
+        http: HTTP1,
+        pipeline_flush: true,
+        script: None,
+        cors: None,
+        experimental_headers: {},
+        auth: None,
+        dedupe: false,
+        query_complexity: None,
+        query_depth: None,
+    },
 }
diff --git a/src/core/config/server.rs b/src/core/config/server.rs
@@ -120,6 +120,19 @@ pub struct Server {
     /// `workers` sets the number of worker threads. @default the number of
     /// system cores.
     pub workers: Option<usize>,
+
+    #[serde(default, skip_serializing_if = "is_default")]
+    /// `queryComplexity` sets the maximum allowed complexity for a GraphQL
+    /// query. It helps prevent resource-intensive queries by limiting their
+    /// complexity. If set, queries exceeding this complexity will be
+    /// rejected.
+    pub query_complexity: Option<usize>,
+
+    #[serde(default, skip_serializing_if = "is_default")]
+    /// `queryDepth` sets the maximum allowed depth for a GraphQL query.
+    /// It helps prevent deeply nested queries that could potentially overload
+    /// the server. If set, queries exceeding this depth will be rejected.
+    pub query_depth: Option<usize>,
 }
 
 fn merge_right_vars(mut left: Vec<KeyValue>, right: Vec<KeyValue>) -> Vec<KeyValue> {
@@ -231,6 +244,12 @@ impl Server {
     pub fn enable_jit(&self) -> bool {
         self.enable_jit.unwrap_or(true)
     }
+    pub fn get_query_complexity(&self) -> Option<usize> {
+        self.query_complexity
+    }
+    pub fn get_query_depth(&self) -> Option<usize> {
+        self.query_depth
+    }
 }
 
 #[cfg(test)]

diff --git a/src/core/jit/builder.rs b/src/core/jit/builder.rs
@@ -11,11 +11,13 @@ use async_graphql_value::{ConstValue, Value};
 
 use super::input_resolver::InputResolver;
 use super::model::{Directive as JitDirective, *};
+use super::rules::{ExecutionRule, QueryComplexity, QueryDepth, RuleOps, Rules};
 use super::BuildError;
 use crate::core::blueprint::{Blueprint, Index, QueryField};
 use crate::core::counter::{Count, Counter};
 use crate::core::jit::model::OperationPlan;
 use crate::core::merge_right::MergeRight;
+use crate::core::valid::Validator;
 use crate::core::Type;
 
 #[derive(PartialEq, strum_macros::Display)]
@@ -360,12 +362,26 @@ impl Builder {
             is_introspection_query,
         );
 
+        // perform the rule check.
+        Rules
+            .pipe(
+                QueryComplexity::new(self.index.query_complexity().unwrap_or_default())
+                    .when(self.index.query_complexity().is_some()),
+            )
+            .pipe(
+                QueryDepth::new(self.index.query_depth().unwrap_or_default())
+                    .when(self.index.query_depth().is_some()),
+            )
+            .validate(&plan)
+            .to_result()?;
+
         // TODO: operation from [ExecutableDocument] could contain definitions for
         // default values of arguments. That info should be passed to
         // [InputResolver] to resolve defaults properly
         let input_resolver = InputResolver::new(plan);
+        let plan = input_resolver.resolve_input(variables)?;
 
-        Ok(input_resolver.resolve_input(variables)?)
+        Ok(plan)
     }
 }
 

diff --git a/src/core/jit/error.rs b/src/core/jit/error.rs
@@ -2,7 +2,9 @@ use async_graphql::parser::types::OperationType;
 use async_graphql::{ErrorExtensions, ServerError};
 use thiserror::Error;
 
-#[derive(Error, Debug, Clone, PartialEq, Eq)]
+use crate::core::valid::ValidationError as CoreValidationError;
+
+#[derive(Error, Debug, Clone, PartialEq)]
 #[error("Error while building the plan")]
 pub enum BuildError {
     #[error("Root Operation type not defined for {operation}")]
@@ -13,6 +15,8 @@ pub enum BuildError {
     OperationNotFound(String),
     #[error("Operation name required in request")]
     OperationNameRequired,
+    #[error("{0}")]
+    ValidationError(#[from] CoreValidationError<String>),
 }
 
 #[derive(Error, Debug, Clone, PartialEq, Eq)]

diff --git a/src/core/jit/mod.rs b/src/core/jit/mod.rs
@@ -11,6 +11,7 @@ mod exec_const;
 mod input_resolver;
 mod request;
 mod response;
+mod rules;
 
 // NOTE: Only used in tests and benchmarks
 mod builder;

diff --git a/src/core/jit/model.rs b/src/core/jit/model.rs
@@ -345,7 +345,7 @@ impl Flat {
 /// Store field relationships in a nested structure like a tree where each field
 /// links to its children.
 #[derive(Clone, Debug)]
-pub struct Nested<Input>(Vec<Field<Nested<Input>, Input>>);
+pub struct Nested<Input>(pub Vec<Field<Nested<Input>, Input>>);
 
 #[derive(Clone)]
 pub struct OperationPlan<Input> {

diff --git a/src/core/jit/rules/mod.rs b/src/core/jit/rules/mod.rs
@@ -0,0 +1,59 @@
+use super::OperationPlan;
+use crate::core::valid::{Valid, Validator};
+
+mod query_complexity;
+mod query_depth;
+
+pub use query_complexity::QueryComplexity;
+pub use query_depth::QueryDepth;
+
+pub trait ExecutionRule {
+    fn validate<T: std::fmt::Debug>(&self, plan: &OperationPlan<T>) -> Valid<(), String>;
+}
+
+pub trait RuleOps: Sized + ExecutionRule {
+    fn pipe<Other: ExecutionRule>(self, other: Other) -> Pipe<Self, Other> {
+        Pipe(self, other)
+    }
+    fn when(self, cond: bool) -> When<Self> {
+        When(self, cond)
+    }
+}
+
+impl<T: ExecutionRule> RuleOps for T {}
+
+pub struct Pipe<A, B>(A, B);
+
+impl<A, B> ExecutionRule for Pipe<A, B>
+where
+    A: ExecutionRule,
+    B: ExecutionRule,
+{
+    fn validate<T: std::fmt::Debug>(&self, plan: &OperationPlan<T>) -> Valid<(), String> {
+        self.0.validate(plan).and_then(|_| self.1.validate(plan))
+    }
+}
+
+pub struct When<A>(A, bool);
+
+impl<A> ExecutionRule for When<A>
+where
+    A: ExecutionRule,
+{
+    fn validate<T: std::fmt::Debug>(&self, plan: &OperationPlan<T>) -> Valid<(), String> {
+        if self.1 {
+            self.0.validate(plan)
+        } else {
+            Valid::succeed(())
+        }
+    }
+}
+
+#[derive(Default)]
+pub struct Rules;
+
+impl ExecutionRule for Rules {
+    fn validate<T: std::fmt::Debug>(&self, _: &OperationPlan<T>) -> Valid<(), String> {
+        Valid::succeed(())
+    }
+}