Skip to content

giapnguyen74/nextql-limit

Repository files navigation

nextql-limit NPM version Build Status Dependency Status

NextQL plugin for protect against excessive calls. NextQL, GraphQL or any data query layer; vulnerable for exessive or abusive calls ( or denial of service attacks ) when used to provide service for third-parties.

There are some solutions:

  • Rate limiting: limit how many api calls per time could be deploy at transport layer for example HTTP calls.
  • Persisted query: only allow predefined queries.
  • Resource quotas: limit how many information could be return. The solution could be deploy at bussiness logic layer.
  • Limit request size: limit based on query shape.

The plugin implemented based on the last solution. The idea is very simple, it calculate query's metric: how many method calls and how many fields requested. If those metric out of limit, it stop execution and throw execptions. Nextql-limit iterate through javascript object properties, it should be very fast.

Installation

$ npm install --save nextql-limit

Usage

const  = require('nextql-limit');

const NextQL = require("../../nextql");
const nextql = new NextQL();
nextql.use(nextqlLimit, {
	calls: 2, // how many method calls allow
	fields: 20 // how many fields query allow (for the sake of performance [$params] not filtered )
});

License

MIT © Giap Nguyen Huu

About

NextQL plugin for protect against excessive calls

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published