I’m turning on Secure Services and see rateLimit and circularQueryCheck as mentioned in:
Neither circularQueryCheck nor rateLimit can I find in the Redwood source
Where do I get these ?
I’m turning on Secure Services and see rateLimit and circularQueryCheck as mentioned in:
Neither circularQueryCheck nor rateLimit can I find in the Redwood source
Where do I get these ?
@ajoslin103 Circular query aka depth limit protection is best enabled in the new envelop/helix powered graphql-server package. I’d definitely suggest migrating to that if you have not already.
See: Using GraphQL Envelop+Helix in Redwood v0.35+
There is an option on the createGraphQLHandler to customize the depth limit but it defaults to 11 I think.
More docs about envelop are forthcoming.
As for rate limiting, you can use the envelop rate limit plug-in.
But you’ll need a persistent store to keep track of the request per IP address etc. For example, Redis and apparently there is a Postgres store option but that sort of defeats the purpose of limiting load on the database.
If you are in serverless and your Postgres database is using a pool with pg bouncer you should be ok for most situations but if you think you are likely to have people abuse your api you can definitely implement that to take precautions since it’s a certainly a good idea but maybe not a priority until you scaled up in production.