Skip to content
/ graphql-utilities Public

Oneshot middleware, query cost analysis, depth limiting, etc for graphql-core>=3.0 (formerly, graphql-core-next)

graphql-utilities.readthedocs.io/

License

MIT license
21 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

melvinkcx/graphql-utilities

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

57 Commits
.github/workflows
.github/workflows
 
 
docs
docs
 
 
graphql_utilities
graphql_utilities
 
 
tests
tests
 
 
.flake8
.flake8
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
setup.py
setup.py
 
 

Repository files navigation

graphql-utilities

graphql-utilities tries to secure your GraphQL API from malicious queries and provides utilities to make using graphql-core easier.

  1. It comes with a custom configurable ExtendedExecutionContext class that is capable of performing:

    • query cost analysis: define the cost of your queries using the @cost() directive provided, graphql-utilities provides helper functions and custom execution context to protect you from overly complex queries.
    • depth limiting: limit the maximum depth of queries, it's especially useful with object types with recursive relationship

  2. It also ships decorators for:

    • resource-level/one-shot middleware: middleware in graphql-core is run at field-level, it is handly when you need your middleware to run only once, especially auth-related middleware.

Installation

pip install graphql-utilities

Alternatively, if you use pipenv:

pipenv install graphql-utilities

Examples

Operation-level middleware (One-shot middleware)

from graphql_utilities.decorators import run_only_once


class AuthMiddleware:
    @run_only_once
    def resolve(self, next_, root, info, *args, **kwargs):
        # middleware logic
        return next_(root, info, *args, **kwargs)

Limiting Query Depth

# import your schema
from graphql import execute, parse   # Requires `graphql-core>=3.0`
from graphql_utilities.execution import ExtendedExecutionContext


query = '{ field_1_str field_2_int field_3_obj { field_3_obj_sub_1 { xxx } } }'
graphql_sync(schema=schema, source=query,
               context_value={"depth_analysis": {
                   "max_depth": 2   # Maximum depth allowed
               }},
               execution_context_class=ExtendedExecutionContext     # Use the `ExtendedExecutionContext` provided in `graphql-utilities`
        )

Query Cost Analysis

See the documentation at https://graphql-utilities.readthedocs.io/en/latest/

Motivation

In recent projects, I ran into some problems with graphene and graphql-core including missing operation-level middleware (See issue here), etc. graphql-utilities is a compilation of utilities and custom execution context for depth analysis, etc targeting graphql-core>=3.0.

Contributing

Any form of contribution, feature requests, bug reports, pull requests are largely welcome.

Licenses

MIT Licensed. GraphQL logo is licensed under Facebook BSD.

About

Oneshot middleware, query cost analysis, depth limiting, etc for graphql-core>=3.0 (formerly, graphql-core-next)

graphql-utilities.readthedocs.io/

Resources

Readme

License

MIT license
Activity

Stars

21 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases 4

v0.4 With Query Cost Analysis Is Now Released! Latest
Feb 22, 2020
+ 3 releases

Packages

No packages published

Languages