add max query complexity instrumentation poc

andimarek · andimarek · commit e4d458574a9f · 2017-08-29T08:53:17.000+02:00
diff --git a/src/main/java/graphql/analysis/MaxQueryComplexityInstrumentation.java b/src/main/java/graphql/analysis/MaxQueryComplexityInstrumentation.java
@@ -0,0 +1,61 @@
+package graphql.analysis;
+
+import graphql.PublicApi;
+import graphql.execution.AbortExecutionException;
+import graphql.execution.instrumentation.InstrumentationContext;
+import graphql.execution.instrumentation.NoOpInstrumentation;
+import graphql.execution.instrumentation.parameters.InstrumentationValidationParameters;
+import graphql.language.NodeUtil;
+import graphql.validation.ValidationError;
+
+import java.util.ArrayList;
+import java.util.LinkedHashMap;
+import java.util.List;
+import java.util.Map;
+
+@PublicApi
+public class MaxQueryComplexityInstrumentation extends NoOpInstrumentation {
+
+
+    private int maxComplexity;
+
+    public MaxQueryComplexityInstrumentation(int maxComplexity) {
+        this.maxComplexity = maxComplexity;
+    }
+
+
+    @Override
+    public InstrumentationContext<List<ValidationError>> beginValidation(InstrumentationValidationParameters parameters) {
+        return (result, throwable) -> {
+            NodeUtil.GetOperationResult getOperationResult = NodeUtil.getOperation(parameters.getDocument(), parameters.getOperation());
+            QueryTraversal queryTraversal = new QueryTraversal(
+                    getOperationResult.operationDefinition,
+                    parameters.getSchema(),
+                    getOperationResult.fragmentsByName,
+                    parameters.getVariables()
+            );
+
+            Map<QueryPath, List<Integer>> valuesByParent = new LinkedHashMap<>();
+            queryTraversal.visitPostOrder(env -> {
+                int childsComplexity = 0;
+                QueryPath thisNodeAsParent = new QueryPath(env.getField(), env.getFieldDefinition(), env.getParentType(), env.getPath());
+                if (valuesByParent.containsKey(thisNodeAsParent)) {
+                    childsComplexity = valuesByParent.get(thisNodeAsParent).stream().mapToInt(Integer::intValue).sum();
+                }
+                int value = calculateComplexity(env, childsComplexity);
+                valuesByParent.putIfAbsent(env.getPath(), new ArrayList<>());
+                valuesByParent.get(env.getPath()).add(value);
+            });
+            int totalComplexity = valuesByParent.get(null).stream().mapToInt(Integer::intValue).sum();
+            if (totalComplexity > maxComplexity) {
+                throw new AbortExecutionException("maximum query complexity exceeded " + totalComplexity + " > " + maxComplexity);
+            }
+        };
+    }
+
+    private Integer calculateComplexity(QueryVisitorEnvironment environment, int childCount) {
+        // interface call here ...
+        return 1 + childCount;
+    }
+
+}
diff --git a/src/main/java/graphql/analysis/QueryPath.java b/src/main/java/graphql/analysis/QueryPath.java
@@ -34,4 +34,37 @@ public QueryPath getParentPath() {
     public GraphQLCompositeType getParentType() {
         return parentType;
     }
+
+    @Override
+    public String toString() {
+        return "QueryPath{" +
+                "field=" + field +
+                ", fieldDefinition=" + fieldDefinition +
+                ", parentType=" + parentType +
+                ", parentPath=" + parentPath +
+                '}';
+    }
+
+    @Override
+    public boolean equals(Object o) {
+        if (this == o) return true;
+        if (o == null || getClass() != o.getClass()) return false;
+
+        QueryPath queryPath = (QueryPath) o;
+
+        if (field != null ? !field.equals(queryPath.field) : queryPath.field != null) return false;
+        if (fieldDefinition != null ? !fieldDefinition.equals(queryPath.fieldDefinition) : queryPath.fieldDefinition != null)
+            return false;
+        if (parentType != null ? !parentType.equals(queryPath.parentType) : queryPath.parentType != null) return false;
+        return parentPath != null ? parentPath.equals(queryPath.parentPath) : queryPath.parentPath == null;
+    }
+
+    @Override
+    public int hashCode() {
+        int result = field != null ? field.hashCode() : 0;
+        result = 31 * result + (fieldDefinition != null ? fieldDefinition.hashCode() : 0);
+        result = 31 * result + (parentType != null ? parentType.hashCode() : 0);
+        result = 31 * result + (parentPath != null ? parentPath.hashCode() : 0);
+        return result;
+    }
 }
diff --git a/src/main/java/graphql/analysis/QueryVisitorEnvironment.java b/src/main/java/graphql/analysis/QueryVisitorEnvironment.java
@@ -35,7 +35,7 @@ public GraphQLFieldDefinition getFieldDefinition() {
         return fieldDefinition;
     }
 
-    public GraphQLCompositeType getParent() {
+    public GraphQLCompositeType getParentType() {
         return parent;
     }
 
diff --git a/src/test/groovy/graphql/analysis/MaxQueryComplexityInstrumentationTest.groovy b/src/test/groovy/graphql/analysis/MaxQueryComplexityInstrumentationTest.groovy
@@ -0,0 +1,47 @@
+package graphql.analysis
+
+import graphql.ExecutionInput
+import graphql.TestUtil
+import graphql.execution.AbortExecutionException
+import graphql.execution.instrumentation.InstrumentationContext
+import graphql.execution.instrumentation.parameters.InstrumentationValidationParameters
+import graphql.language.Document
+import graphql.parser.Parser
+import spock.lang.Specification
+
+class MaxQueryComplexityInstrumentationTest extends Specification {
+
+    Document createQuery(String query) {
+        Parser parser = new Parser()
+        parser.parseDocument(query)
+    }
+
+
+    def "throws exception"() {
+        given:
+        def schema = TestUtil.schema("""
+            type Query{
+                foo: Foo
+                bar: String
+            }
+            type Foo {
+                scalar: String  
+                foo: Foo
+            }
+        """)
+        def query = createQuery("""
+            {f2: foo {scalar foo{scalar}} f1: foo { foo {foo {foo {foo{foo{scalar}}}}}} }
+            """)
+        MaxQueryComplexityInstrumentation queryComplexityInstrumentation = new MaxQueryComplexityInstrumentation(10)
+        ExecutionInput executionInput = Mock(ExecutionInput)
+        InstrumentationValidationParameters validationParameters = new InstrumentationValidationParameters(executionInput, query, schema, null);
+        InstrumentationContext instrumentationContext = queryComplexityInstrumentation.beginValidation(validationParameters)
+        when:
+        instrumentationContext.onEnd(null, null)
+        then:
+        def e = thrown(AbortExecutionException)
+        e.message == "maximum query complexity exceeded 11 > 10"
+
+    }
+}
+
diff --git a/src/test/groovy/graphql/analysis/QueryTraversalTest.groovy b/src/test/groovy/graphql/analysis/QueryTraversalTest.groovy
@@ -47,15 +47,15 @@ class QueryTraversalTest extends Specification {
         queryTraversal.visitPreOrder(visitor)
 
         then:
-        1 * visitor.visitField({ QueryVisitorEnvironment it -> it.field.name == "foo" && it.fieldDefinition.type.name == "Foo" && it.parent.name == "Query" })
+        1 * visitor.visitField({ QueryVisitorEnvironment it -> it.field.name == "foo" && it.fieldDefinition.type.name == "Foo" && it.parentType.name == "Query" })
         then:
         1 * visitor.visitField({ QueryVisitorEnvironment it ->
             it.field.name == "subFoo" && it.fieldDefinition.type.name == "String" &&
-                    it.parent.name == "Foo" &&
+                    it.parentType.name == "Foo" &&
                     it.path.field.name == "foo" && it.path.fieldDefinition.type.name == "Foo"
         })
         then:
-        1 * visitor.visitField({ QueryVisitorEnvironment it -> it.field.name == "bar" && it.fieldDefinition.type.name == "String" && it.parent.name == "Query" })
+        1 * visitor.visitField({ QueryVisitorEnvironment it -> it.field.name == "bar" && it.fieldDefinition.type.name == "String" && it.parentType.name == "Query" })
 
     }
 
@@ -81,13 +81,13 @@ class QueryTraversalTest extends Specification {
         then:
         1 * visitor.visitField({ QueryVisitorEnvironment it ->
             it.field.name == "subFoo" && it.fieldDefinition.type.name == "String" &&
-                    it.parent.name == "Foo" &&
+                    it.parentType.name == "Foo" &&
                     it.path.field.name == "foo" && it.path.fieldDefinition.type.name == "Foo"
         })
         then:
-        1 * visitor.visitField({ QueryVisitorEnvironment it -> it.field.name == "foo" && it.fieldDefinition.type.name == "Foo" && it.parent.name == "Query" })
+        1 * visitor.visitField({ QueryVisitorEnvironment it -> it.field.name == "foo" && it.fieldDefinition.type.name == "Foo" && it.parentType.name == "Query" })
         then:
-        1 * visitor.visitField({ QueryVisitorEnvironment it -> it.field.name == "bar" && it.fieldDefinition.type.name == "String" && it.parent.name == "Query" })
+        1 * visitor.visitField({ QueryVisitorEnvironment it -> it.field.name == "bar" && it.fieldDefinition.type.name == "String" && it.parentType.name == "Query" })
 
     }
 
@@ -141,11 +141,11 @@ class QueryTraversalTest extends Specification {
         queryTraversal."$visitFn"(visitor)
 
         then:
-        1 * visitor.visitField({ QueryVisitorEnvironment it -> it.field.name == "foo" && it.fieldDefinition.type.name == "Foo" && it.parent.name == "Query" })
-        1 * visitor.visitField({ QueryVisitorEnvironment it -> it.field.name == "bar" && it.fieldDefinition.type.name == "String" && it.parent.name == "Query" })
+        1 * visitor.visitField({ QueryVisitorEnvironment it -> it.field.name == "foo" && it.fieldDefinition.type.name == "Foo" && it.parentType.name == "Query" })
+        1 * visitor.visitField({ QueryVisitorEnvironment it -> it.field.name == "bar" && it.fieldDefinition.type.name == "String" && it.parentType.name == "Query" })
         1 * visitor.visitField({ QueryVisitorEnvironment it ->
             it.field.name == "subFoo" && it.fieldDefinition.type.name == "String" &&
-                    it.parent.name == "Foo" &&
+                    it.parentType.name == "Foo" &&
                     it.path.field.name == "foo" && it.path.fieldDefinition.type.name == "Foo"
         })
 
@@ -183,11 +183,11 @@ class QueryTraversalTest extends Specification {
         queryTraversal."$visitFn"(visitor)
 
         then:
-        1 * visitor.visitField({ QueryVisitorEnvironment it -> it.field.name == "foo" && it.fieldDefinition.type.name == "Foo" && it.parent.name == "Query" })
-        1 * visitor.visitField({ QueryVisitorEnvironment it -> it.field.name == "bar" && it.fieldDefinition.type.name == "String" && it.parent.name == "Query" })
+        1 * visitor.visitField({ QueryVisitorEnvironment it -> it.field.name == "foo" && it.fieldDefinition.type.name == "Foo" && it.parentType.name == "Query" })
+        1 * visitor.visitField({ QueryVisitorEnvironment it -> it.field.name == "bar" && it.fieldDefinition.type.name == "String" && it.parentType.name == "Query" })
         1 * visitor.visitField({ QueryVisitorEnvironment it ->
             it.field.name == "subFoo" && it.fieldDefinition.type.name == "String" &&
-                    it.parent.name == "Foo" &&
+                    it.parentType.name == "Foo" &&
                     it.path.field.name == "foo" && it.path.fieldDefinition.type.name == "Foo"
         })
 
@@ -226,11 +226,11 @@ class QueryTraversalTest extends Specification {
         queryTraversal."$visitFn"(visitor)
 
         then:
-        1 * visitor.visitField({ QueryVisitorEnvironment it -> it.field.name == "foo" && it.fieldDefinition.type.name == "Foo" && it.parent.name == "Query" })
-        1 * visitor.visitField({ QueryVisitorEnvironment it -> it.field.name == "bar" && it.fieldDefinition.type.name == "String" && it.parent.name == "Query" })
+        1 * visitor.visitField({ QueryVisitorEnvironment it -> it.field.name == "foo" && it.fieldDefinition.type.name == "Foo" && it.parentType.name == "Query" })
+        1 * visitor.visitField({ QueryVisitorEnvironment it -> it.field.name == "bar" && it.fieldDefinition.type.name == "String" && it.parentType.name == "Query" })
         1 * visitor.visitField({ QueryVisitorEnvironment it ->
             it.field.name == "subFoo" && it.fieldDefinition.type.name == "String" &&
-                    it.parent.name == "Foo" &&
+                    it.parentType.name == "Foo" &&
                     it.path.field.name == "foo" && it.path.fieldDefinition.type.name == "Foo"
         })
 
@@ -271,11 +271,11 @@ class QueryTraversalTest extends Specification {
         queryTraversal."$visitFn"(visitor)
 
         then:
-        1 * visitor.visitField({ QueryVisitorEnvironment it -> it.field.name == "foo" && it.fieldDefinition.type.name == "Foo" && it.parent.name == "Query" })
-        1 * visitor.visitField({ QueryVisitorEnvironment it -> it.field.name == "bar" && it.fieldDefinition.type.name == "String" && it.parent.name == "Query" })
+        1 * visitor.visitField({ QueryVisitorEnvironment it -> it.field.name == "foo" && it.fieldDefinition.type.name == "Foo" && it.parentType.name == "Query" })
+        1 * visitor.visitField({ QueryVisitorEnvironment it -> it.field.name == "bar" && it.fieldDefinition.type.name == "String" && it.parentType.name == "Query" })
         1 * visitor.visitField({ QueryVisitorEnvironment it ->
             it.field.name == "subFoo" && it.fieldDefinition.type.name == "String" &&
-                    it.parent.name == "Foo" &&
+                    it.parentType.name == "Foo" &&
                     it.path.field.name == "foo" && it.path.fieldDefinition.type.name == "Foo"
         })
 
@@ -316,7 +316,7 @@ class QueryTraversalTest extends Specification {
         queryTraversal."$visitFn"(visitor)
 
         then:
-        1 * visitor.visitField({ QueryVisitorEnvironment it -> it.field.name == "bar" && it.fieldDefinition.type.name == "String" && it.parent.name == "Query" })
+        1 * visitor.visitField({ QueryVisitorEnvironment it -> it.field.name == "bar" && it.fieldDefinition.type.name == "String" && it.parentType.name == "Query" })
         0 * visitor.visitField(*_)
 
         where:
@@ -355,7 +355,7 @@ class QueryTraversalTest extends Specification {
         queryTraversal."$visitFn"(visitor)
 
         then:
-        1 * visitor.visitField({ QueryVisitorEnvironment it -> it.field.name == "bar" && it.fieldDefinition.type.name == "String" && it.parent.name == "Query" })
+        1 * visitor.visitField({ QueryVisitorEnvironment it -> it.field.name == "bar" && it.fieldDefinition.type.name == "String" && it.parentType.name == "Query" })
         0 * visitor.visitField(*_)
 
         where:
@@ -408,13 +408,13 @@ class QueryTraversalTest extends Specification {
         queryTraversal."$visitFn"(visitor)
 
         then:
-        2 * visitor.visitField({ QueryVisitorEnvironment it -> it.field.name == "bar" && it.fieldDefinition.type.name == "String" && it.parent.name == "Query" })
-        1 * visitor.visitField({ QueryVisitorEnvironment it -> it.field.name == "foo" && it.fieldDefinition.type.name == "Foo1" && it.parent.name == "Query" })
-        1 * visitor.visitField({ QueryVisitorEnvironment it -> it.field.name == "string" && it.fieldDefinition.type.name == "String" && it.parent.name == "Foo1" })
-        1 * visitor.visitField({ QueryVisitorEnvironment it -> it.field.name == "subFoo" && it.fieldDefinition.type.name == "Foo2" && it.parent.name == "Foo1" })
+        2 * visitor.visitField({ QueryVisitorEnvironment it -> it.field.name == "bar" && it.fieldDefinition.type.name == "String" && it.parentType.name == "Query" })
+        1 * visitor.visitField({ QueryVisitorEnvironment it -> it.field.name == "foo" && it.fieldDefinition.type.name == "Foo1" && it.parentType.name == "Query" })
+        1 * visitor.visitField({ QueryVisitorEnvironment it -> it.field.name == "string" && it.fieldDefinition.type.name == "String" && it.parentType.name == "Foo1" })
+        1 * visitor.visitField({ QueryVisitorEnvironment it -> it.field.name == "subFoo" && it.fieldDefinition.type.name == "Foo2" && it.parentType.name == "Foo1" })
         1 * visitor.visitField({ QueryVisitorEnvironment it ->
             QueryPath parentPath = it.path.parentPath
-            it.field.name == "otherString" && it.fieldDefinition.type.name == "String" && it.parent.name == "Foo2" &&
+            it.field.name == "otherString" && it.fieldDefinition.type.name == "String" && it.parentType.name == "Foo2" &&
                     it.path.field.name == "subFoo" && it.path.fieldDefinition.type.name == "Foo2" && it.path.parentType.name == "Foo1" &&
                     parentPath.field.name == "foo" && parentPath.fieldDefinition.type.name == "Foo1" && parentPath.parentType.name == "Query"
         })

Original file line number	Diff line number	Diff line change
`@@ -35,7 +35,7 @@ public GraphQLFieldDefinition getFieldDefinition() {`
`35`	`35`	`return fieldDefinition;`
`36`	`36`	`}`
`37`	`37`
`38`		`- public GraphQLCompositeType getParent() {`
	`38`	`+ public GraphQLCompositeType getParentType() {`
`39`	`39`	`return parent;`
`40`	`40`	`}`
`41`	`41`