0

Say I have the following:

type User {
  id: Int!
  name: String
  dob: String
  friends: [User]
}

Query {
  user(id: Int!): User
}

Looks to me like I just created the potential for infinite recursion:

query GetUser($userId: Int!) {
  user(id: $userId) {
    friends {
      name
      friends {
        name
        friends {
          name
          ...etc
        }
      }
    }

  }
}

How would I guard against this is in my user resolver?

Improve this question
2
  • It's not infinite recursion because your query only loads three nested levels, not an infinite number. Could you clarify what specifically are you concerned about? Commented Jun 15, 2021 at 16:43
  • usually max depth level/complexity cost is calculated/limited - not defined in type system at all - implementation related details Commented Jun 15, 2021 at 22:47

1 Answer 1

Reset to default
1

This could be a potential problem, but you can use custom validation to prevent those kind of requests, e.g. https://github.com/stems/graphql-depth-limit

import depthLimit from 'graphql-depth-limit'
import express from 'express'
import graphqlHTTP from 'express-graphql'
import schema from './schema'

const app = express()

app.use('/graphql', graphqlHTTP((req, res) => ({
  schema,
  validationRules: [ depthLimit(10) ]
})))
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.