Max Depth
Limit the depth of a GraphQL document.
It is used to prevent too large queries that could lead to overfetching or DOS attack.
Configuring for GraphQL Armor
GraphQLArmorConfig({
maxDepth: {
// Toogle the plugin | default: true
enabled?: boolean,
// Depth threshold | default: 6
n?: int,
// Ignore the depth of introspection queries | default: true
ignoreIntrospection?: boolean,
// Flatten frament spreads and inline framents for the depth count | default: false
flattenFragments?: boolean,
/*
If this is set to true, details about the configured limit are included in the GraphQLError message when errors occur.
When set to false errorMessage is used as the GraphQLError message.
default: true
*/
exposeLimits?: boolean,
// The error message used when exposeLimits is set to false | default: 'Query validation error.'
errorMessage?: string,
// Callbacks that are ran whenever a Query is accepted
onAccept?: GraphQLArmorAcceptCallback[],
// Callbacks that are ran whenever a Query is rejected
onReject?: GraphQLArmorRejectCallback[],
// Do you want to propagate the rejection to the client? | default: true
propagateOnRejection?: boolean,
}
})
Standalone usage
Installation
note
If you want to use the maxDepth plugin out of GraphQL Armor, you can install it from npm:
# npm
npm install @escape.tech/graphql-armor-max-depth
# yarn
yarn add @escape.tech/graphql-armor-max-depth
With @graphql/graphql-js
import { maxDepthRule } from '@escape.tech/graphql-armor-max-depth';
With @envelop/core from @the-guild-org
import { envelop } from '@envelop/core';
import { maxDepthPlugin } from '@escape.tech/graphql-armor-max-depth';
const getEnveloped = envelop({
plugins: [
// ... other plugins ...
maxDepthPlugin({
n: 6,
}),
]
});