Add docs for graphql policies

zuplo · Oct 31, 2023 · 7f56037 · 7f56037
1 parent 830aeb0
commit 7f56037
Show file tree

Hide file tree

Showing 7 changed files with 161 additions and 0 deletions.
diff --git a/docs/articles/graphql-security.md b/docs/articles/graphql-security.md
@@ -0,0 +1,7 @@
+---
+title: Securing your GraphQL API with Zuplo
+sidebar_label: GraphQL Security
+---
+
+Due to the nature of allowing to create 
+GraphQL API can be susceptible to DoS 
diff --git a/policies/graphql-complexity-limit-inbound/doc.md b/policies/graphql-complexity-limit-inbound/doc.md
@@ -0,0 +1,23 @@
+## GraphQL Complexity Limit
+
+This policy allows you to add a simple limit the complexity of a GraphQL query.
+
+- **maxComplexity** - Total complexity a GraphQL query is allowed to query for.
+- **endpointUrl** - The GraphQL endpoint to query, introspection must be allowed.
+
+Example:
+
+```
+{
+  me { 
+    name  # Complexity +1
+    age   # Complexity +1
+    email # Complexity +1
+    friends { 
+      name   # Complexity +1
+      height # Complexity +1
+    }
+  }
+}
+# Total complexity = 5
+```
diff --git a/policies/graphql-complexity-limit-inbound/icon.svg b/policies/graphql-complexity-limit-inbound/icon.svg
diff --git a/policies/graphql-complexity-limit-inbound/schema.json b/policies/graphql-complexity-limit-inbound/schema.json
@@ -0,0 +1,51 @@
+{
+  "$schema": "https://json-schema.org/draft-07/schema",
+  "$id": "http://zuplo.com/schemas/policies/graphql-complexity-limit-inbound.json",
+  "type": "object",
+  "title": "GraphQL Complexity Limit",
+  "isPreview": false,
+  "description": "Limits the complexity of a GraphQL query",
+  "required": ["handler"],
+  "properties": {
+    "handler": {
+      "type": "object",
+      "default": {},
+      "required": ["export", "module", "options"],
+      "properties": {
+        "export": {
+          "const": "GraphQLComplexityLimitInboundPolicy",
+          "description": "The name of the exported type"
+        },
+        "module": {
+          "const": "$import(@zuplo/runtime)",
+          "description": "The module containing the policy"
+        },
+        "options": {
+          "type": "object",
+          "description": "The options for this policy",
+          "required": [],
+          "properties": {
+            "maxComplexity": {
+              "type": "number",
+              "description": "The maximum depth a query is allowed to have"
+            },
+            "endpointUrl": {
+              "type": "number",
+              "description": "The URL of the GraphQL endpoint to query"
+            }
+          }
+        }
+      },
+      "examples": [
+        {
+          "_name": "basic",
+          "export": "GraphQLComplexityLimitInboundPolicy",
+          "module": "$import(@zuplo/runtime)",
+          "options": {
+            "depthLimit": 20
+          }
+        }
+      ]
+    }
+  }
+}
diff --git a/policies/graphql-depth-limit-inbound/doc.md b/policies/graphql-depth-limit-inbound/doc.md
@@ -0,0 +1,27 @@
+## GraphQL Depth Limit
+
+Limit the depth a GraphQL query is allowed to query for.
+
+- **depthLimit** - Number of levels a GraphQL query is allowed to query for.
+
+This allows you to limit the depth of a GraphQL query. This is useful to prevent
+DoS attacks on your GraphQL server.
+
+```
+{
+  # Level 0
+  me {
+    # Level 1
+    name
+    friends {
+      # Level 2
+      name
+      friends {
+        # Level 3
+        name
+        # ...
+      }
+    }
+  }
+}
+```
diff --git a/policies/graphql-depth-limit-inbound/icon.svg b/policies/graphql-depth-limit-inbound/icon.svg
diff --git a/policies/graphql-depth-limit-inbound/schema.json b/policies/graphql-depth-limit-inbound/schema.json
@@ -0,0 +1,47 @@
+{
+  "$schema": "https://json-schema.org/draft-07/schema",
+  "$id": "http://zuplo.com/schemas/policies/graphql-deph-limit-inbound.json",
+  "type": "object",
+  "title": "GraphQL Depth Limit",
+  "isPreview": false,
+  "description": "Limits incoming GraphQL queries to a maximum depth",
+  "required": ["handler"],
+  "properties": {
+    "handler": {
+      "type": "object",
+      "default": {},
+      "required": ["export", "module", "options"],
+      "properties": {
+        "export": {
+          "const": "GraphQLDepthLimitInboundPolicy",
+          "description": "The name of the exported type"
+        },
+        "module": {
+          "const": "$import(@zuplo/runtime)",
+          "description": "The module containing the policy"
+        },
+        "options": {
+          "type": "object",
+          "description": "The options for this policy",
+          "required": [],
+          "properties": {
+            "depthLimit": {
+              "type": "number",
+              "description": "The maximum depth a query is allowed to have"
+            }
+          }
+        }
+      },
+      "examples": [
+        {
+          "_name": "basic",
+          "export": "GraphQLDepthLimitInboundPolicy",
+          "module": "$import(@zuplo/runtime)",
+          "options": {
+            "depthLimit": 20
+          }
+        }
+      ]
+    }
+  }
+}