feat: add validationMaxErrors option

Author: mo4islona

packages/server/src/ApolloServer.ts

@@ -156,6 +156,7 @@ export interface ApolloServerInternals<TContext extends BaseContext> {
   state: ServerState;
   gatewayExecutor: GatewayExecutor | null;
   dangerouslyDisableValidation?: boolean;
+  validationMaxErrors?: number;
   formatError?: (
     formattedError: GraphQLFormattedError,
     error: unknown,
@@ -304,6 +305,7 @@ export class ApolloServer<in out TContext extends BaseContext = BaseContext> {
       hideSchemaDetailsFromClientErrors,
       dangerouslyDisableValidation:
         config.dangerouslyDisableValidation ?? false,
+      validationMaxErrors: config.validationMaxErrors,
       fieldResolver: config.fieldResolver,
       includeStacktraceInErrorResponses:
         config.includeStacktraceInErrorResponses ??

packages/server/src/__tests__/ApolloServer.test.ts

@@ -425,7 +425,9 @@ describe('ApolloServer start', () => {
   });
 });
 
-function singleResult(body: GraphQLResponseBody): FormattedExecutionResult {
+export function singleResult(
+  body: GraphQLResponseBody,
+): FormattedExecutionResult {
   if (body.kind === 'single') {
     return body.singleResult;
   }

packages/server/src/__tests__/runQuery.test.ts

@@ -25,6 +25,7 @@ import {
 } from '..';
 import { mockLogger } from './mockLogger';
 import { jest, describe, it, expect } from '@jest/globals';
+import { singleResult } from './ApolloServer.test';
 
 async function runQuery(
   config: ApolloServerOptions<BaseContext>,
@@ -1192,4 +1193,51 @@ describe('parsing and validation cache', () => {
     expect(parsingDidStart.mock.calls.length).toBe(6);
     expect(validationDidStart.mock.calls.length).toBe(6);
   });
+
+  describe('validationMaxErrors option', () => {
+    it('should be 100 by default', async () => {
+      const server = new ApolloServer({
+        schema,
+      });
+      await server.start();
+
+      const vars = new Array(1000).fill(`$a:a`).join(',');
+      const query = `query aaa (${vars}) { a }`;
+
+      const res = await server.executeOperation({ query });
+      expect(res.http.status).toBe(400);
+
+      const body = singleResult(res.body);
+
+      // 100 by default plus one "Too many validation errors" error
+      // https://github.com/graphql/graphql-js/blob/main/src/validation/validate.ts#L46
+      expect(body.errors).toHaveLength(101);
+      await server.stop();
+    });
+    it('aborts the validation if max errors more than expected', async () => {
+      const server = new ApolloServer({
+        schema,
+        validationMaxErrors: 1,
+      });
+      await server.start();
+
+      const vars = new Array(1000).fill(`$a:a`).join(',');
+      const query = `query aaa (${vars}) { a }`;
+
+      const res = await server.executeOperation({ query });
+      expect(res.http.status).toBe(400);
+
+      const body = singleResult(res.body);
+
+      expect(body.errors).toHaveLength(2);
+      expect(body.errors?.[0]).toMatchObject({
+        message: `There can be only one variable named "$a".`,
+      });
+      expect(body.errors?.[1]).toMatchObject({
+        message: `Too many validation errors, error limit reached. Validation aborted.`,
+      });
+
+      await server.stop();
+    });
+  });
 });

packages/server/src/externalTypes/constructor.ts

@@ -101,6 +101,7 @@ interface ApolloServerOptionsBase<TContext extends BaseContext> {
   nodeEnv?: string;
   documentStore?: DocumentStore | null;
   dangerouslyDisableValidation?: boolean;
+  validationMaxErrors?: number;
   csrfPrevention?: CSRFPreventionOptions | boolean;
 
   // Used for parsing operations; unlike in AS3, this is not also used for

packages/server/src/requestPipeline.ts

@@ -247,6 +247,7 @@ export async function processGraphQLRequest<TContext extends BaseContext>(
         schemaDerivedData.schema,
         requestContext.document,
         [...specifiedRules, ...internals.validationRules],
+        { maxErrors: internals.validationMaxErrors },
       );
 
       if (validationErrors.length === 0) {