GraphQL
The graphql
service type accepts GraphQL request and applies policies and validates against the schema.
The service settings
and available input
for the request are as follows:
The available service settings
are as follows:
Name |
Type |
Description |
mode |
setting |
mode 'a': validate request against GraphQL schema and maximum allowed query depth. mode 'b': Throttle requests based on server time |
limit |
setting |
Limit specified in the format maxLimit-fillLimit-fillRate in milli seconds. Example: 1000-200-2000 indicates - maximum server time is set to 1000ms and client gains 200ms of server time per 2000ms |
The available input
for the request are as follows:
Name |
Type |
Description |
query |
input |
GraphQL request string |
schemaFile |
input |
GraphQL schema file path |
maxQueryDepth |
input |
Maximum allowed GraphQL query depth |
token |
string |
Token for which rate limit has to be applied |
operation |
string |
An operation to perform: startconsume - start consuming the server time. stopconsume - stop consuming server time |
The available response outputs are as follows:
Name |
Type |
Description |
valid |
boolean |
true if the GraphQL query is valid |
error |
boolean |
true if any error occured while inspecting the GraphQL query |
errorMessage |
string |
The error message |
A sample service
definition is:
{
"name": "GraphQL",
"description": "GraphQL policies service",
"ref": "github.com/project-flogo/microgateway/activity/graphql"
}
An example step
that invokes JQL
service using a GraphQL request
from a HTTP trigger is:
{
"service": "GraphQL",
"input": {
"query": "=$.payload.content",
"schemaFile": "schema.graphql",
"maxQueryDepth": 2
}
}
Utilizing and extracting the response values can be seen in a conditional evaluation:
{
"if": "$.GraphQL.outputs.error == true",
"error": true,
"output": {
"code": 200,
"data": {
"error": "=$.GraphQL.outputs.errorMessage"
}
}
}
Maximum Query Depth (mode: a)
This mode allows to prevent clients from abusing deep query depth, Knowing your schema might give you an idea of how deep a legitimate query can go.
example bad query:
query badquery { #depth 0
author() { #depth 1
posts { #depth 2
author { #depth 3
posts { #depth 4
author { #depth 5
}
}
}
}
}
}
gateway configured with maxQueryDepth
to 3 would consider above query too deep and the query is invalid.
Throttle based on server time (mode: b)
This mode allows to set up a maximum server time a client can use over a certain time frame and how much server time is added to the client over time.
Example:
{
"name": "GraphQL",
"description": "GraphQL policies service",
"ref": "github.com/project-flogo/microgateway/activity/graphql",
"settings": {
"mode": "b",
"limit": "1000-200-2000"
}
}
In the above graphql service maximum server time is set to 1000ms and client gains 200ms of server time per 2000ms
TODO
- Policy based on GraphQL query complexity
- Throttling Based on Query Complexity