diff options
Diffstat (limited to 'app/graphql/gitlab_schema.rb')
-rw-r--r-- | app/graphql/gitlab_schema.rb | 42 |
1 files changed, 30 insertions, 12 deletions
diff --git a/app/graphql/gitlab_schema.rb b/app/graphql/gitlab_schema.rb index a12568d5d31..897e12c1b56 100644 --- a/app/graphql/gitlab_schema.rb +++ b/app/graphql/gitlab_schema.rb @@ -7,6 +7,9 @@ class GitlabSchema < GraphQL::Schema AUTHENTICATED_COMPLEXITY = 250 ADMIN_COMPLEXITY = 300 + ANONYMOUS_MAX_DEPTH = 10 + AUTHENTICATED_MAX_DEPTH = 15 + use BatchLoader::GraphQL use Gitlab::Graphql::Authorize use Gitlab::Graphql::Present @@ -23,21 +26,36 @@ class GitlabSchema < GraphQL::Schema mutation(Types::MutationType) - def self.execute(query_str = nil, **kwargs) - kwargs[:max_complexity] ||= max_query_complexity(kwargs[:context]) + class << self + def execute(query_str = nil, **kwargs) + kwargs[:max_complexity] ||= max_query_complexity(kwargs[:context]) + kwargs[:max_depth] ||= max_query_depth(kwargs[:context]) - super(query_str, **kwargs) - end + super(query_str, **kwargs) + end + + private + + def max_query_complexity(ctx) + current_user = ctx&.fetch(:current_user, nil) + + if current_user&.admin + ADMIN_COMPLEXITY + elsif current_user + AUTHENTICATED_COMPLEXITY + else + DEFAULT_MAX_COMPLEXITY + end + end - def self.max_query_complexity(ctx) - current_user = ctx&.fetch(:current_user, nil) + def max_query_depth(ctx) + current_user = ctx&.fetch(:current_user, nil) - if current_user&.admin - ADMIN_COMPLEXITY - elsif current_user - AUTHENTICATED_COMPLEXITY - else - DEFAULT_MAX_COMPLEXITY + if current_user + AUTHENTICATED_MAX_DEPTH + else + ANONYMOUS_MAX_DEPTH + end end end end |