Query complexity #64
Description
A single GraphQL query can potentially generate a huge workload for a server, like thousands of database operations which can be used to cause DDoS attacks. In order to limit and keep track of what each GraphQL operation can do, TypeGraphQL provides the option of integrating with Query Complexity tools like graphql-query-complexity.
This cost analysis-based solution is very promising, since we can define a “cost” per field and then analyze the AST to estimate the total cost of the GraphQL query. Of course all the analysis is handled by graphql-query-complexity.
All we must do is define our complexity cost for the fields, mutations or subscriptions in TypeGraphQL and implement graphql-query-complexity in whatever GraphQL server that is being used.