Notes:
* Limiting query depth: https://github.com/stems/graphql-depth-limit
* Complexity analysis: https://github.com/4Catalyzer/graphql-validation-complexity OR https://github.com/ivome/graphql-query-complexity The first one looks much better. But we need to be able support this:
* * Provide sensible defaults for {{global costs}} as written in the readme
** Support {{@cost}} and {{@costFactor}} annotations in schema-level
* Limiting query length: Doesn't make too much sense according to research
* Disabling introspection queries: Normally introspection queries are used by clients to get what queries/mutations are available. In our case, users need to download a schema JSON which is the result of introspection query. However, it is ok to disable introspection queries on the data sync server because clients download this schema on the sync UI. Use https://github.com/helfer/graphql-disable-introspection |
|
