Merge pull request #6903 from magento-honey-badgers/PWA-1700

sivaschenko · web-flow · commit df3203e3b2ca · 2021-05-30T11:03:12.000+01:00
[honey] PWA-1700: Limit Query Complexity in GQL implementation
diff --git a/dev/tests/api-functional/testsuite/Magento/GraphQl/Framework/QueryComplexityLimiterTest.php b/dev/tests/api-functional/testsuite/Magento/GraphQl/Framework/QueryComplexityLimiterTest.php
@@ -28,6 +28,16 @@ public function testQueryComplexityIsLimited()
     products {
       items {
         name
+        nameAlias: name
+        ...configurableFields
+        ... on BundleProduct {
+          items {
+            options {
+              uid
+              label
+            }
+          }
+        }
         categories {
           id
           position
@@ -308,18 +318,6 @@ public function testQueryComplexityIsLimited()
                                         percentage_value
                                         website_id
                                       }
-                                      tier_prices {
-                                        customer_group_id
-                                        qty
-                                        percentage_value
-                                        website_id
-                                      }
-                                      tier_prices {
-                                        customer_group_id
-                                        qty
-                                        percentage_value
-                                        website_id
-                                      }
                                       tier_price
                                       manufacturer
                                       sku
@@ -393,6 +391,16 @@ public function testQueryComplexityIsLimited()
     }
   }
 }
+
+fragment configurableFields on ConfigurableProduct {
+  variants {
+    attributes {
+      uid
+      code
+      label
+    }
+  }
+}
 QUERY;
 
         self::expectExceptionMessageMatches('/Max query complexity should be 300 but got 302/');
diff --git a/lib/internal/Magento/Framework/GraphQl/Query/QueryComplexityLimiter.php b/lib/internal/Magento/Framework/GraphQl/Query/QueryComplexityLimiter.php
@@ -7,10 +7,16 @@
 
 namespace Magento\Framework\GraphQl\Query;
 
+use GraphQL\Language\AST\Node;
+use GraphQL\Language\AST\NodeKind;
+use GraphQL\Language\Parser;
+use GraphQL\Language\Source;
+use GraphQL\Language\Visitor;
 use GraphQL\Validator\DocumentValidator;
 use GraphQL\Validator\Rules\DisableIntrospection;
 use GraphQL\Validator\Rules\QueryDepth;
 use GraphQL\Validator\Rules\QueryComplexity;
+use Magento\Framework\GraphQl\Exception\GraphQlInputException;
 
 /**
  * QueryComplexityLimiter
@@ -57,6 +63,7 @@ public function __construct(
      * Sets limits for query complexity
      *
      * @return void
+     * @throws GraphQlInputException
      */
     public function execute(): void
     {
@@ -66,4 +73,39 @@ public function execute(): void
         );
         DocumentValidator::addRule(new QueryDepth($this->queryDepth));
     }
+
+    /**
+     * Performs a preliminary field count check before performing more extensive query validation.
+     *
+     * This is necessary for performance optimization, as extremely large queries require a substantial
+     * amount of time to fully validate and can affect server performance.
+     *
+     * @param string $query
+     * @throws GraphQlInputException
+     */
+    public function validateFieldCount(string $query): void
+    {
+        if (!empty($query)) {
+            $totalFieldCount = 0;
+            $queryAst = Parser::parse(new Source($query ?: '', 'GraphQL'));
+            Visitor::visit(
+                $queryAst,
+                [
+                    'leave' => [
+                        NodeKind::FIELD => function (Node $node) use (&$totalFieldCount) {
+                            $totalFieldCount++;
+                        }
+                    ]
+                ]
+            );
+
+            if ($totalFieldCount > $this->queryComplexity) {
+                throw new GraphQlInputException(__(
+                    'Max query complexity should be %1 but got %2.',
+                    $this->queryComplexity,
+                    $totalFieldCount
+                ));
+            }
+        }
+    }
 }
diff --git a/lib/internal/Magento/Framework/GraphQl/Query/QueryProcessor.php b/lib/internal/Magento/Framework/GraphQl/Query/QueryProcessor.php
@@ -8,6 +8,7 @@
 namespace Magento\Framework\GraphQl\Query;
 
 use Magento\Framework\GraphQl\Exception\ExceptionFormatter;
+use Magento\Framework\GraphQl\Exception\GraphQlInputException;
 use Magento\Framework\GraphQl\Query\Resolver\ContextInterface;
 use Magento\Framework\GraphQl\Schema;
 
@@ -57,6 +58,7 @@ public function __construct(
      * @param array|null $variableValues
      * @param string|null $operationName
      * @return Promise|array
+     * @throws GraphQlInputException
      */
     public function process(
         Schema $schema,
@@ -66,6 +68,7 @@ public function process(
         string $operationName = null
     ) : array {
         if (!$this->exceptionFormatter->shouldShowDetail()) {
+            $this->queryComplexityLimiter->validateFieldCount($source);
             $this->queryComplexityLimiter->execute();
         }
 
