0.0.1 • Published 7 years ago

nextql-limit v0.0.1

Weekly downloads
3
License
MIT
Repository
github
Last release
7 years ago

nextql-limit NPM version Build Status Dependency Status

NextQL plugin for protect against excessive calls. NextQL, GraphQL or any data query layer; vulnerable for exessive or abusive calls ( or denial of service attacks ) when used to provide service for third-parties.

There are some solutions:

  • Rate limiting: limit how many api calls per time could be deploy at transport layer for example HTTP calls.
  • Persisted query: only allow predefined queries.
  • Resource quotas: limit how many information could be return. The solution could be deploy at bussiness logic layer.
  • Limit request size: limit based on query shape.

The plugin implemented based on the last solution. The idea is very simple, it calculate query's metric: how many method calls and how many fields requested. If those metric out of limit, it stop execution and throw execptions.

Installation

$ npm install --save nextql-limit

Usage

const  = require('nextql-limit');

const NextQL = require("../../nextql");
const nextql = new NextQL();
nextql.use(nextqlLimit, {
	calls: 2, // how many method calls allow
	fields: 20 // how many fields query allow (for the sake of performance [$params] not filtered )
});

License

MIT © Giap Nguyen Huu

nextqlnextql-plugin
@everything-registry/sub-chunk-2270@infinitebrahmanuniverse/nolb-nextq@zalastax/nolb-nextq
0.0.1

7 years ago