From 5ea3d9a595a2c2fe249b746a6879ff2434d05288 Mon Sep 17 00:00:00 2001 From: Douglas Barbosa Alexandre Date: Mon, 8 Apr 2019 18:47:20 +0000 Subject: [PATCH] Merge branch '60123-graphql-complexity-limit-too-low-for-schema-load' into 'master' GraphQL complexity limit too low for Schema load / IntrospectionQuery Closes #60123 See merge request gitlab-org/gitlab-ce!27063 (cherry picked from commit b28d6d8ab886016e37ca0d9d51df25ffe1b7d3b6) e86a2e7e Increase GraphQL complexity --- app/graphql/gitlab_schema.rb | 9 +- .../api/graphql/introspection.graphql | 92 +++++++++++++++++++ .../api/graphql/gitlab_schema_spec.rb | 16 +++- 3 files changed, 109 insertions(+), 8 deletions(-) create mode 100644 spec/fixtures/api/graphql/introspection.graphql diff --git a/app/graphql/gitlab_schema.rb b/app/graphql/gitlab_schema.rb index 53efd9042b1..1afe000c5f8 100644 --- a/app/graphql/gitlab_schema.rb +++ b/app/graphql/gitlab_schema.rb @@ -1,12 +1,11 @@ # frozen_string_literal: true class GitlabSchema < GraphQL::Schema - # Took our current most complicated query in use, issues.graphql, - # with a complexity of 19, and added a 20 point buffer to it. + # Currently an IntrospectionQuery has a complexity of 179. # These values will evolve over time. - DEFAULT_MAX_COMPLEXITY = 40 - AUTHENTICATED_COMPLEXITY = 50 - ADMIN_COMPLEXITY = 60 + DEFAULT_MAX_COMPLEXITY = 200 + AUTHENTICATED_COMPLEXITY = 250 + ADMIN_COMPLEXITY = 300 use BatchLoader::GraphQL use Gitlab::Graphql::Authorize diff --git a/spec/fixtures/api/graphql/introspection.graphql b/spec/fixtures/api/graphql/introspection.graphql new file mode 100644 index 00000000000..7b712068fcd --- /dev/null +++ b/spec/fixtures/api/graphql/introspection.graphql @@ -0,0 +1,92 @@ +# pulled from GraphiQL query +query IntrospectionQuery { + __schema { + queryType { name } + mutationType { name } + subscriptionType { name } + types { + ...FullType + } + directives { + name + description + locations + args { + ...InputValue + } + } + } +} + +fragment FullType on __Type { + kind + name + description + fields(includeDeprecated: true) { + name + description + args { + ...InputValue + } + type { + ...TypeRef + } + isDeprecated + deprecationReason + } + inputFields { + ...InputValue + } + interfaces { + ...TypeRef + } + enumValues(includeDeprecated: true) { + name + description + isDeprecated + deprecationReason + } + possibleTypes { + ...TypeRef + } +} + +fragment InputValue on __InputValue { + name + description + type { ...TypeRef } + defaultValue +} + +fragment TypeRef on __Type { + kind + name + ofType { + kind + name + ofType { + kind + name + ofType { + kind + name + ofType { + kind + name + ofType { + kind + name + ofType { + kind + name + ofType { + kind + name + } + } + } + } + } + } + } +} diff --git a/spec/requests/api/graphql/gitlab_schema_spec.rb b/spec/requests/api/graphql/gitlab_schema_spec.rb index 708a000532b..f95f460fd14 100644 --- a/spec/requests/api/graphql/gitlab_schema_spec.rb +++ b/spec/requests/api/graphql/gitlab_schema_spec.rb @@ -3,14 +3,24 @@ require 'spec_helper' describe 'GitlabSchema configurations' do include GraphqlHelpers - let(:project) { create(:project, :repository) } - let!(:query) { graphql_query_for('project', 'fullPath' => project.full_path) } + it 'shows an error if complexity is too high' do + project = create(:project, :repository) + query = graphql_query_for('project', { 'fullPath' => project.full_path }, "id\nname\ndescription") - it 'shows an error if complexity it too high' do allow(GitlabSchema).to receive(:max_query_complexity).and_return 1 post_graphql(query, current_user: nil) expect(graphql_errors.first['message']).to include('which exceeds max complexity of 1') end + + context 'when IntrospectionQuery' do + it 'is not too complex' do + query = File.read(Rails.root.join('spec/fixtures/api/graphql/introspection.graphql')) + + post_graphql(query, current_user: nil) + + expect(graphql_errors).to be_nil + end + end end -- GitLab