implement graphql-inspector

[Cold-A-Muse]

FIXES HAAS-445

[linear]

HAAS-445 GraphQL Auditor

Description

The GraphQL Inspector is a potential strong ally for use to keep a check on the resilience of our API (mostly its security). It would be good to investigate the Inspector, and see what types of data it can generate.

• What can we extract from this Auditor?
• Are there things we can do to add this to our CI process @JMitnik ?

[aws-amplify-eu-central-1]

This pull request is automatically being deployed by Amplify Hosting (learn more).

Access this pull request here: https://pr-478.d2j37lx5gsfgp1.amplifyapp.com

[aws-amplify-eu-central-1]

This pull request is automatically being deployed by Amplify Hosting (learn more).

Access this pull request here: https://pr-478.d36c61y3h9mqcx.amplifyapp.com

[JMitnik]

• Does this work for all GraphQL files in client / dashboard atm?
• Do you know what the numbers mean already?
• Any particular number we should use as "threshold"?

[Cold-A-Muse]

• Does this work for all GraphQL files in client / dashboard atm?

yes I use the blobs strings found in graphql-codegen files for both client and dashboard

• Do you know what the numbers mean already?

Depth: How many layers in your graphql query
Aliases: N/A
Directives: N/A
Token count: Amount of grouped characters in your request (https://www.envelop.dev/docs/guides/securing-your-graphql-api#reject-malicious-operation-documents)
Complexity Score: just some cost analysis algorithm that indicates how likely there will be resource overload. (think it is mentioned here https://github.com/Escape-Technologies/graphql-armor#cost-limit)

• Any particular number we should use as "threshold"?

Anything a little bit above our current largest query i suppose
Depth GetWorkspaceSessions: 13 so like 15? (unless we want to make this query simpler one way or another)
Token count GetDialogueStatistics: 212 so like 250?