Add maximum query length schema option (graph-gophers#494)

pavelnikolov · KNiepok · commit 2a38a95f793d · 2023-02-28T17:19:55.000+01:00
diff --git a/graphql.go b/graphql.go
@@ -79,6 +79,7 @@ type Schema struct {
 	schema *types.Schema
 	res    *resolvable.Schema
 
+	maxQueryLength           int
 	maxDepth                 int
 	maxParallelism           int
 	rateLimiter              ratelimit.RateLimiter
@@ -137,6 +138,13 @@ func RateLimiter(r ratelimit.RateLimiter) SchemaOpt {
 	}
 }
 
+// MaxQueryLength specifies the maximum allowed query length in bytes. The default is 0 which disables max length checking.
+func MaxQueryLength(n int) SchemaOpt {
+	return func(s *Schema) {
+		s.maxQueryLength = n
+	}
+}
+
 // Tracer is used to trace queries and fields. It defaults to tracer.Noop.
 func Tracer(t tracer.Tracer) SchemaOpt {
 	return func(s *Schema) {
@@ -234,6 +242,9 @@ func (s *Schema) Exec(ctx context.Context, queryString string, operationName str
 }
 
 func (s *Schema) exec(ctx context.Context, queryString string, operationName string, variables map[string]interface{}, res *resolvable.Schema) *Response {
+	if s.maxQueryLength > 0 && len(queryString) > s.maxQueryLength {
+		return &Response{Errors: []*errors.QueryError{errors.Errorf("query length %d exceeds the maximum allowed query length of %d bytes", len(queryString), s.maxQueryLength)}}
+	}
 	doc, qErr := query.Parse(queryString)
 	if qErr != nil {
 		return &Response{Errors: []*errors.QueryError{qErr}}
diff --git a/graphql_test.go b/graphql_test.go
@@ -4565,6 +4565,37 @@ func TestCircularFragmentMaxDepth(t *testing.T) {
 	})
 }
 
+func TestMaxQueryLength(t *testing.T) {
+	withMaxQueryLen := graphql.MustParseSchema(starwars.Schema, &starwars.Resolver{}, graphql.MaxQueryLength(75))
+	gqltesting.RunTests(t, []*gqltesting.Test{
+		{
+			Schema: withMaxQueryLen,
+			// Query length is 69 bytes
+			Query: `
+				query {
+					hero(episode: EMPIRE) {
+						name
+					}
+				}
+			`,
+			ExpectedResult: `{"hero":{"name":"Luke Skywalker"}}`,
+		},
+		{
+			Schema: withMaxQueryLen,
+			Query: `
+				query HeroForEpisode {
+					hero(episode: WRATH_OF_KHAN) {
+						name
+					}
+				}
+			`,
+			ExpectedErrors: []*gqlerrors.QueryError{{
+				Message: `query length 91 exceeds the maximum allowed query length of 75 bytes`,
+			}},
+		},
+	})
+}
+
 func TestQueryService(t *testing.T) {
 	t.Parallel()
 
