From 8e48cd3b298ba68c9d7e6d4f90de75e4153ad109 Mon Sep 17 00:00:00 2001 From: raovishal Date: Mon, 5 Aug 2024 13:31:18 +0530 Subject: [PATCH 1/3] updated Introspection Signed-off-by: raovishal --- .../graphql/ReactiveGraphQLAutoConfiguration.java | 3 ++- .../reactive/graphql/http/GraphQLHandler.java | 13 +++++++++++++ 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/qudini-reactive-graphql/src/main/java/com/qudini/reactive/graphql/ReactiveGraphQLAutoConfiguration.java b/qudini-reactive-graphql/src/main/java/com/qudini/reactive/graphql/ReactiveGraphQLAutoConfiguration.java index 6124d97d..65a815bc 100644 --- a/qudini-reactive-graphql/src/main/java/com/qudini/reactive/graphql/ReactiveGraphQLAutoConfiguration.java +++ b/qudini-reactive-graphql/src/main/java/com/qudini/reactive/graphql/ReactiveGraphQLAutoConfiguration.java @@ -13,6 +13,7 @@ import graphql.schema.idl.SchemaParser; import graphql.schema.idl.TypeDefinitionRegistry; import graphql.schema.idl.TypeRuntimeWiring; +import graphql.schema.visibility.NoIntrospectionGraphqlFieldVisibility; import lombok.SneakyThrows; import org.springframework.beans.factory.ListableBeanFactory; import org.springframework.beans.factory.annotation.Value; @@ -68,7 +69,7 @@ public TypeDefinitionRegistry graphqlRegistry(@Value("classpath:schema.graphql") @Bean @ConditionalOnMissingBean public RuntimeWiring graphqlWiring(Gom gom, Collection> scalars, Collection wirings) { - var wiring = RuntimeWiring.newRuntimeWiring(); + var wiring = RuntimeWiring.newRuntimeWiring().fieldVisibility(NoIntrospectionGraphqlFieldVisibility.NO_INTROSPECTION_FIELD_VISIBILITY); scalars.stream().map(Scalar::build).forEach(wiring::scalar); wirings.forEach(wiring::type); gom.decorateRuntimeWiringBuilder(wiring); diff --git a/qudini-reactive-graphql/src/main/java/com/qudini/reactive/graphql/http/GraphQLHandler.java b/qudini-reactive-graphql/src/main/java/com/qudini/reactive/graphql/http/GraphQLHandler.java index f20e2308..3f075c88 100644 --- a/qudini-reactive-graphql/src/main/java/com/qudini/reactive/graphql/http/GraphQLHandler.java +++ b/qudini-reactive-graphql/src/main/java/com/qudini/reactive/graphql/http/GraphQLHandler.java @@ -4,8 +4,11 @@ import com.qudini.reactive.logging.Log; import graphql.ExecutionResult; import graphql.GraphQL; +import graphql.analysis.MaxQueryComplexityInstrumentation; import graphql.analysis.MaxQueryDepthInstrumentation; import graphql.execution.DataFetcherExceptionHandler; +import graphql.execution.instrumentation.ChainedInstrumentation; +import graphql.execution.instrumentation.Instrumentation; import graphql.schema.GraphQLSchema; import lombok.RequiredArgsConstructor; import org.dataloader.DataLoaderRegistry; @@ -16,6 +19,7 @@ import reactor.core.publisher.Mono; import reactor.util.context.ContextView; +import java.util.Arrays; import java.util.Map; import static com.qudini.utils.MoreTuples.onBoth; @@ -60,4 +64,13 @@ private Mono respond(Mono> body) { .body(body, ParameterizedTypeReference.forType(Map.class)); } + public Instrumentation instrumentation() { + return new ChainedInstrumentation( + Arrays.asList( + new MaxQueryDepthInstrumentation(maxDepth), // Limit query depth to maxDepth + new MaxQueryComplexityInstrumentation(maxDepth) // Limit query complexity to maxDepth + ) + ); + } + } From 3e65344accf6a0f1af23f5cade3420aa17d672cb Mon Sep 17 00:00:00 2001 From: raovishal Date: Mon, 5 Aug 2024 13:34:38 +0530 Subject: [PATCH 2/3] updated Introspection instrumentation Signed-off-by: raovishal --- .../java/com/qudini/reactive/graphql/http/GraphQLHandler.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/qudini-reactive-graphql/src/main/java/com/qudini/reactive/graphql/http/GraphQLHandler.java b/qudini-reactive-graphql/src/main/java/com/qudini/reactive/graphql/http/GraphQLHandler.java index 3f075c88..dabf5ead 100644 --- a/qudini-reactive-graphql/src/main/java/com/qudini/reactive/graphql/http/GraphQLHandler.java +++ b/qudini-reactive-graphql/src/main/java/com/qudini/reactive/graphql/http/GraphQLHandler.java @@ -50,7 +50,7 @@ private Mono> execute(ContextView context, GraphQLRequest re var input = request.toExecutionInput(context, registry); var graphql = GraphQL .newGraphQL(schema) - .instrumentation(new MaxQueryDepthInstrumentation(maxDepth)) + .instrumentation(instrumentation()) .defaultDataFetcherExceptionHandler(exceptionHandler) .build(); return Log From 42df2b4649bfa1b8fcece1b2b4f46005c23f5922 Mon Sep 17 00:00:00 2001 From: raovishal Date: Tue, 6 Aug 2024 14:19:43 +0530 Subject: [PATCH 3/3] updated Introspection taken care Signed-off-by: raovishal --- .../java/com/qudini/reactive/graphql/http/GraphQLHandler.java | 1 + 1 file changed, 1 insertion(+) diff --git a/qudini-reactive-graphql/src/main/java/com/qudini/reactive/graphql/http/GraphQLHandler.java b/qudini-reactive-graphql/src/main/java/com/qudini/reactive/graphql/http/GraphQLHandler.java index dabf5ead..31774c59 100644 --- a/qudini-reactive-graphql/src/main/java/com/qudini/reactive/graphql/http/GraphQLHandler.java +++ b/qudini-reactive-graphql/src/main/java/com/qudini/reactive/graphql/http/GraphQLHandler.java @@ -58,6 +58,7 @@ private Mono> execute(ContextView context, GraphQLRequest re .map(ExecutionResult::toSpecification); } + private Mono respond(Mono> body) { return ok() .contentType(APPLICATION_JSON)