M api/server.go => api/server.go +12 -1
@@ 5,6 5,7 @@ import (
"log"
"net/http"
"os"
+ "strconv"
"git.sr.ht/~sircmpwn/getopt"
"git.sr.ht/~sircmpwn/gqlgen/handler"
@@ 75,9 76,19 @@ func main() {
}
graph.ApplyComplexity(&gqlConfig)
+ var complexity int
+ if limit, ok := config.Get("git.sr.ht::api", "max-complexity"); ok {
+ complexity, err = strconv.Atoi(limit)
+ if err != nil {
+ panic(err)
+ }
+ } else {
+ complexity = 200
+ }
+
srv := handler.GraphQL(
api.NewExecutableSchema(gqlConfig),
- handler.ComplexityLimit(100))
+ handler.ComplexityLimit(complexity))
router.Handle("/query", srv)
M config.example.ini => config.example.ini +14 -0
@@ 113,6 113,20 @@ repos=/var/lib/git/
s3-bucket=
s3-prefix=
+[git.sr.ht::api]
+#
+# Maximum complexity of GraphQL queries. The higher this number, the more work
+# that API clients can burden the API backend with. Complexity is equal to the
+# number of discrete fields which would be returned to the user. 200 is a good
+# default.
+max-complexity=200
+
+#
+# The maximum time the API backend will spend processing a single API request.
+#
+# See https://golang.org/pkg/time/#ParseDuration
+max-duration=3s
+
[git.sr.ht::dispatch]
#
# The authorized keys hook uses this to dispatch to various handlers