Initial field and query complexity limits58405-basic-limiting-complexity-of-graphql-queries

It makes all Types::BaseField default to a complexity of 1. Queries themselves now have limited complexity, scaled to the type of user: no user, authenticated user, or an admin user.
author: Brett Walker <bwalker@gitlab.com> 2019-03-27 15:02:25 -0500
committer: Brett Walker <bwalker@gitlab.com> 2019-04-04 08:39:30 -0500
commit: f458c561070d754cd546b07caf60dfa7ffb06293 (patch)
tree: ef4c65fb5b6767030c0c8b88223f415eabfe88be /app/graphql/types/base_field.rb
parent: 815901e322b60d28983f52a7ce5e98555285bef8 (diff)
download: gitlab-ce-f458c561070d754cd546b07caf60dfa7ffb06293.tar.gz
1 files changed, 9 insertions, 0 deletions
diff --git a/app/graphql/types/base_field.rb b/app/graphql/types/base_field.rb
index 2b2ea64c00b..8c8b8a82d3e 100644
--- a/app/graphql/types/base_field.rb
+++ b/app/graphql/types/base_field.rb
@@ -3,5 +3,14 @@
 module Types
   class BaseField < GraphQL::Schema::Field
     prepend Gitlab::Graphql::Authorize
+
+    DEFAULT_COMPLEXITY = 1
+
+    def initialize(*args, **kwargs, &block)
+      # complexity is already defaulted to 1, but let's make it explicit
+      kwargs[:complexity] ||= DEFAULT_COMPLEXITY
+
+      super(*args, **kwargs, &block)
+    end
   end
 end
author	Brett Walker <bwalker@gitlab.com>	2019-03-27 15:02:25 -0500
committer	Brett Walker <bwalker@gitlab.com>	2019-04-04 08:39:30 -0500
commit	f458c561070d754cd546b07caf60dfa7ffb06293 (patch)
tree	ef4c65fb5b6767030c0c8b88223f415eabfe88be /app/graphql/types/base_field.rb
parent	815901e322b60d28983f52a7ce5e98555285bef8 (diff)
download	gitlab-ce-f458c561070d754cd546b07caf60dfa7ffb06293.tar.gz